Avira prijavljuje trojanca

1

Avira prijavljuje trojanca

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Od 05 marta prilikom pokretanja windowsa XP32 sp2, avira mi prijavljuje:

Virus or unwanted program 'TR/Autoit.734273 [trojan]'
detected in file 'C:\WINDOWS\system32\csrcs.exe.
Action performed: Deny access

zatim:

Virus or unwanted program 'TR/Autoit.734273 [trojan]'
detected in file 'M:\zrqgqi.exe.
Action performed: Deny access

Pokušao sam da ga ubijem, ali avira kaže:

Error detected in AntiVir Guard.
Error message: Action failed for file: C:\WINDOWS\system32\csrcs.exe
Error code: [0x00000005 - Access is denied.].

Pa onda i :

Virus or unwanted program 'APPL/NirCmd.2 [program]'
detected in file 'C:\Documents and Settings\Darko\Local Settings\Temp\nircmd.exe.
Action performed: Move file to quarantine

To je prijavio ali i ponovo:

Virus or unwanted program 'APPL/NirCmd.2 [program]'
detected in file 'C:\Documents and Settings\Darko\Desktop\nircmd.exe.
Action performed: Deny access

I od tada mnogo puta:

Error detected in AntiVir Guard.
Error message: Action failed for file: C:\WINDOWS\system32\csrcs.exe
Error code: [0x00000005 - Access is denied.].

i onda:

Virus or unwanted program 'TR/Autoit.734273 [trojan]'
detected in file 'C:\WINDOWS\system32\csrcs.exe.
Action performed: Deny access

Dakle ne usuđujem se da ništa više pokušavam, već molim za pomoć.!


mycity.rs/must-login.png
014443-FC836D8A.LOG


DDS (Ver_09-12-01.01) - NTFSx86
Run by Darko at 3:01:19.43 on 09-Mar-10
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.498 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\kxmixer.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\WINDOWS\PixArt\PAP7501\PACTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darko\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darko\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe csrcs.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
uRun: [Google Update] "c:\documents and settings\darko\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [kX Mixer] kxmixer --startup
mRun: [USBFW] c:\program files\net studio\usb firewall\USB FireWall.exe
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [GUCI_AVS] c:\windows\pixart\pap7501\GUCI_AVS.exe
mRun: [PACTray] c:\windows\pixart\pap7501\PACTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe
StartupFolder: c:\docume~1\darko\startm~1\programs\startup\thoosj~1.lnk - c:\program files\thoosje vista sidebar\Thoosje Sidebar.exe
mPolicies-explorer: hx-1 = 1
mPolicies-explorer: hx-2 = 2
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-12 56816]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-1-12 1594944]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2004-2-16 571776]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2008-12-25 433792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-13 135664]
S2 xykkebzsl;Security Shell;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
S3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [2004-9-27 6146]
S3 DVcam;DVCam Capture;c:\windows\system32\drivers\DVcam.sys [2005-9-29 42511]
S3 G400RT2K;G400RT2K;c:\windows\system32\drivers\g400RT2Km.sys [2004-9-27 325627]
S3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\drivers\GUCI_AVS.sys [2010-2-26 581120]
S3 MtxVxd;MtxVxd;c:\windows\system32\drivers\MTXVXD.SYS [2005-3-27 5604]
S3 Ndisusb;GeneLink Network Driver;c:\windows\system32\drivers\genelan.sys --> c:\windows\system32\drivers\genelan.sys [?]
S3 RTPP2K;RTPP2K;c:\windows\system32\drivers\rtpp2k.sys [2001-4-29 87374]
S3 USBHSB;GeneLink USB Driver;c:\windows\system32\drivers\glkusb.sys [2005-10-31 10752]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2005-10-31 37616]
S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\vnic.sys --> c:\windows\system32\drivers\VNic.sys [?]
S4 Nerc2ibp;Nerc2ibp; [x]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]

=============== Created Last 30 ================

2010-03-06 20:46:22 421 --sha-r- c:\windows\system32\autorun.inf
2010-03-05 11:28:52 0 d-sha-r- C:\autorun.inf
2010-02-28 23:57:02 0 d-----w- c:\program files\common files\DivX Shared
2010-02-26 22:28:45 230436 ----a-w- C:\PAP7501.dat
2010-02-26 10:57:32 0 d-----w- c:\program files\Video Power
2010-02-26 10:49:28 7168 ----a-w- c:\windows\system32\COINST_080603.dll
2010-02-26 10:49:28 581120 ----a-w- c:\windows\system32\drivers\GUCI_AVS.sys
2010-02-26 10:49:23 2057 ----a-w- c:\windows\system32\GUCI_AVS.ini
2010-02-26 10:49:22 114688 ----a-w- c:\windows\system32\PixArt.ax
2010-02-26 10:49:19 0 d-----w- c:\windows\PixArt
2010-02-26 10:49:18 14336 ----a-w- c:\windows\system32\GUCI_AVS.dll
2010-02-26 10:49:17 165376 ----a-w- c:\windows\system32\GUCI_AVS.ax
2010-02-26 10:49:17 0 d-----w- c:\program files\common files\PAP7501
2010-02-26 10:48:50 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-26 10:48:50 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-02-26 10:43:32 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-02-26 10:43:32 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-02-26 10:43:26 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-26 10:43:26 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-14 09:43:58 612454 ----a-w- c:\windows\system32\XPRTV.exe
2010-02-12 10:21:37 0 --sha-r- C:\khq
2010-02-10 11:16:09 0 d--h--w- c:\windows\PIF
2010-02-09 21:24:42 0 d-----w- c:\program files\LEGO Island

==================== Find3M ====================

2010-01-15 01:59:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 10:32:57 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-13 20:07:26 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2004-11-26 14:21:58 8 -csh--r- c:\windows\system32\252C124488.sys
2005-02-07 12:11:19 152 -csh--r- c:\windows\system32\B415CD33AB.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2006-12-29 16:52:44 10434 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 3:01:48.79 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Zdravo,
uradio po uputstvu.


ComboFix 10-03-08.02 - Darko 09-Mar-10 11:32:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.705 [GMT 1:00]
Running from: c:\documents and settings\Darko\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Darko\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Darko\Local Settings\Temporary Internet Files\udRemove.exe
C:\khq
c:\windows\system32\AutoRun.inf
c:\windows\system32\Dvbpws.dll
c:\windows\system32\SIntf16.dll
F:\khq
G:\khq

.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-02-28 23:57 . 2010-02-28 23:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-26 22:28 . 2010-02-26 22:38 230436 ----a-w- C:\PAP7501.dat
2010-02-26 10:57 . 2010-02-26 10:57 -------- d-----w- c:\program files\Video Power
2010-02-26 10:49 . 2008-12-23 19:54 581120 ----a-w- c:\windows\system32\drivers\GUCI_AVS.sys
2010-02-26 10:49 . 2008-06-03 15:59 7168 ----a-w- c:\windows\system32\COINST_080603.dll
2010-02-26 10:49 . 2010-02-26 10:49 -------- d-----w- c:\windows\PixArt
2010-02-26 10:49 . 2006-10-12 10:57 14336 ----a-w- c:\windows\system32\GUCI_AVS.dll
2010-02-26 10:49 . 2010-02-26 10:49 -------- d-----w- c:\program files\Common Files\PAP7501
2010-02-26 10:48 . 2004-08-03 22:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-26 10:48 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-02-26 10:43 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-26 10:43 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-14 09:43 . 2010-02-14 09:43 612454 ----a-w- c:\windows\system32\XPRTV.exe
2010-02-10 11:16 . 2010-02-10 11:16 -------- d--h--w- c:\windows\PIF
2010-02-09 21:24 . 2010-02-09 21:25 -------- d-----w- c:\program files\LEGO Island

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 23:30 . 2010-01-15 02:00 -------- d-----w- c:\program files\JDownloader
2010-03-05 12:02 . 2010-01-13 09:30 -------- d-----w- c:\documents and settings\Darko\Application Data\Skype
2010-03-05 12:01 . 2010-01-13 09:36 -------- d-----w- c:\documents and settings\Darko\Application Data\skypePM
2010-03-05 02:19 . 2010-01-15 01:56 -------- d-----w- c:\documents and settings\Darko\Application Data\Azureus
2010-03-05 02:11 . 2010-01-15 01:55 -------- d-----w- c:\program files\Vuze
2010-02-28 23:57 . 2005-01-23 15:54 -------- d-----w- c:\program files\DivX
2010-02-26 10:49 . 2004-09-27 20:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 20:46 . 2010-01-22 10:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 10:10 . 2010-02-02 21:21 80896 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\LZMA.dll
2010-02-05 10:10 . 2010-02-02 21:21 5632 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Swap.dll
2010-02-05 10:10 . 2010-02-02 21:21 5120 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Copy.dll
2010-02-05 10:10 . 2010-02-02 21:21 32256 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Aes.dll
2010-02-05 10:10 . 2010-02-02 21:21 18944 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Branch.dll
2010-02-05 10:10 . 2010-02-02 21:21 13824 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\7zAes.dll
2010-02-05 10:10 . 2010-02-02 21:21 129024 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Formats\7z.dll
2010-02-02 21:21 . 2010-02-02 21:21 -------- d-----w- c:\documents and settings\Darko\Application Data\Seven Zip
2010-01-29 09:34 . 2010-01-13 00:08 -------- d-----w- c:\program files\Google
2010-01-29 01:36 . 2010-01-14 00:50 -------- d-----w- c:\program files\Thoosje Vista Sidebar
2010-01-25 23:10 . 2010-01-25 23:10 -------- d-----w- c:\program files\URUSoft
2010-01-25 12:32 . 2010-01-25 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-01-25 02:33 . 2010-01-25 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-01-25 02:24 . 2009-09-08 10:00 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 10:30 . 2004-09-29 21:23 -------- d-----w- c:\program files\InterVideo
2010-01-21 09:59 . 2005-09-13 10:42 -------- d-----w- c:\program files\Common Files\InterVideo
2010-01-20 18:48 . 2010-01-20 18:48 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-20 18:24 . 2010-01-20 18:24 -------- d-----w- c:\program files\eRightSoft
2010-01-18 17:39 . 2009-09-09 10:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 17:37 . 2010-01-18 17:37 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-18 00:35 . 2010-01-18 00:32 -------- d-----w- c:\program files\The KMPlayer
2010-01-15 01:59 . 2010-01-15 02:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 01:59 . 2010-01-15 01:59 -------- d-----w- c:\program files\Java
2010-01-15 01:58 . 2010-01-15 01:58 152576 ----a-w- c:\documents and settings\Darko\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-01-15 01:56 . 2010-01-15 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-15 01:55 . 2010-01-15 01:55 -------- d-----w- c:\program files\Common Files\i4j_jres
2010-01-14 17:28 . 2010-01-14 17:28 -------- d-----w- c:\documents and settings\Darko\Application Data\Wildlife Zoo - Marine World
2010-01-14 10:33 . 2010-01-14 10:32 -------- d-----w- c:\program files\Common Files\Real
2010-01-14 10:32 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-14 10:32 . 2010-01-14 10:32 -------- d-----w- c:\program files\Real
2010-01-13 22:04 . 2010-01-13 22:04 -------- d-----w- c:\program files\Common Files\DirectX
2010-01-13 22:04 . 2010-01-13 22:04 -------- d-----w- c:\documents and settings\Darko\Application Data\Wildlife Zoo
2010-01-13 20:07 . 2010-01-12 20:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-13 19:24 . 2010-01-13 19:24 -------- d-----w- c:\program files\DREAMCATCHER INTERACTIVE
2010-01-13 10:01 . 2010-01-13 10:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 09:36 . 2010-01-13 09:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-13 09:30 . 2010-01-13 09:30 -------- d-----r- c:\program files\Skype
2010-01-13 09:30 . 2010-01-13 09:30 -------- d-----w- c:\program files\Common Files\Skype
2010-01-13 09:30 . 2010-01-13 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-12 20:30 . 2010-01-08 14:19 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-01-12 20:05 . 2010-01-12 20:05 -------- d-----w- c:\program files\Avira
2010-01-12 20:05 . 2008-04-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-12 19:03 . 2010-01-12 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK
2010-01-12 17:46 . 2010-01-12 17:46 -------- d-----w- c:\program files\viewsonic
2010-01-11 19:49 . 2005-01-16 12:31 366320 -c--a-w- c:\documents and settings\Darko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 22:18 . 2010-01-10 22:18 -------- d-----w- c:\documents and settings\Darko\Application Data\GRETECH
2010-01-10 22:16 . 2010-01-10 22:16 -------- d-----w- c:\program files\GRETECH
2010-01-10 00:18 . 2010-01-10 00:17 -------- d-----w- c:\program files\WinFast
2010-01-10 00:17 . 2010-01-10 00:17 -------- d-----w- c:\program files\Windows Sidebar
2010-01-08 17:33 . 2010-01-08 14:20 -------- d-----w- c:\documents and settings\Darko\Application Data\ArcSoft
2010-01-08 14:20 . 2010-01-08 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-01-08 14:18 . 2010-01-08 14:18 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-01-07 15:07 . 2009-09-09 10:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-09-09 10:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-11-26 14:21 . 2004-11-26 14:21 8 -csh--r- c:\windows\system32\252C124488.sys
2005-02-07 12:11 . 2004-12-17 20:10 152 -csh--r- c:\windows\system32\B415CD33AB.sys
2006-05-03 10:06 . 2010-01-20 18:25 163328 --sh--r- c:\windows\system32\flvDX.dll
2006-12-29 16:52 . 2004-12-17 20:10 10434 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2010-01-20 18:25 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-20 18:25 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-02-23 203416]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"Google Update"="c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-13 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="kxmixer --startup" [X]
"USBFW"="c:\program files\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-14 198160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-11-14 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Darko\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\Program Files\\JDownloader\\JDownloader.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 52\\ACID.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:jdtjxoup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12-Jan-10 21:05 108289]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12-Jan-10 20:06 1594944]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [16-Feb-04 23:19 571776]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [25-Dec-08 8:56 433792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14-Mar-09 18:24 717296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-Jan-10 1:08 135664]
S2 xykkebzsl;Security Shell;c:\windows\system32\svchost.exe -k netsvcs [23-Aug-01 12:00 14336]
S3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [27-Sep-04 21:15 6146]
S3 DVcam;DVCam Capture;c:\windows\system32\drivers\DVcam.sys [29-Sep-05 23:15 42511]
S3 G400RT2K;G400RT2K;c:\windows\system32\drivers\g400RT2Km.sys [27-Sep-04 20:50 325627]
S3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\drivers\GUCI_AVS.sys [26-Feb-10 11:49 581120]
S3 MtxVxd;MtxVxd;c:\windows\system32\drivers\MTXVXD.SYS [27-Mar-05 16:50 5604]
S3 Ndisusb;GeneLink Network Driver;c:\windows\system32\DRIVERS\genelan.sys --> c:\windows\system32\DRIVERS\genelan.sys [?]
S3 RTPP2K;RTPP2K;c:\windows\system32\drivers\rtpp2k.sys [29-Apr-01 23:54 87374]
S3 USBHSB;GeneLink USB Driver;c:\windows\system32\drivers\glkusb.sys [31-Oct-05 17:34 10752]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [31-Oct-05 17:28 37616]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?]
S4 Nerc2ibp;Nerc2ibp; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xykkebzsl
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-682003330-1003Core.job
- c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-682003330-1003UA.job
- c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Half-Life - c:\sierra\Half-Life\Uninst.isu
AddRemove-MicrosoftCinemania97 - h:\cinemania\cinmania.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-03-09 11:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xykkebzsl]
"ServiceDll"="c:\windows\system32\fsyfv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-651377827-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="459544:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2453773:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{9616EE07-4AAF-494D-0789-CBC01BCBF7B6}\Version 1.1]
@DACL=
"dat"="806585365:{D518752D-0C5B-3B8A-43F0-199D3C970E8B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2453794:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{3A118380-006B-D9D7-2CA8-D0A784756F32}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516232500:{AA5E4DB0-32A9-5792-6C08-AC4B692DCFE1}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{9616EE07-4AAF-494D-0789-CBC01BCBF7B6}\Version 3.x]
@DACL=
"dat"="1767914624:{8E3D43F3-1ADB-A105-6F38-F1686A8DA622}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923714507:{6A539712-46C7-4E56-B112-C5268FCDD102}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{57E5ADC1-B6F2-E550-86DB-E6F1E0F8A300}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521119:{54115072-223B-3D3D-71C9-06759296E623}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="9:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-09 11:39:57
ComboFix-quarantined-files.txt 2010-03-09 10:39

Pre-Run: 2,716,639,232 bytes free
Post-Run: 5,349,212,160 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B9DF3A4DB9BAEF12670012B1A0BBA26C

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\XPRTV.exe
c:\windows\system32\fsyfv.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"=-

NetSvc::
xykkebzsl

Driver::
xykkebzsl
Nerc2ibp


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Evo i drugog log-a ComboFix-a:

ComboFix 10-03-08.02 - Darko 09-Mar-10 23:15:19.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.727 [GMT 1:00]
Running from: c:\documents and settings\Darko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Darko\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\fsyfv.dll"
"c:\windows\system32\XPRTV.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\XPRTV.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XYKKEBZSL
-------\Service_Nerc2ibp
-------\Service_xykkebzsl


((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-02-28 23:57 . 2010-02-28 23:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-26 22:28 . 2010-02-26 22:38 230436 ----a-w- C:\PAP7501.dat
2010-02-26 10:57 . 2010-02-26 10:57 -------- d-----w- c:\program files\Video Power
2010-02-26 10:49 . 2008-12-23 19:54 581120 ----a-w- c:\windows\system32\drivers\GUCI_AVS.sys
2010-02-26 10:49 . 2008-06-03 15:59 7168 ----a-w- c:\windows\system32\COINST_080603.dll
2010-02-26 10:49 . 2010-02-26 10:49 -------- d-----w- c:\windows\PixArt
2010-02-26 10:49 . 2006-10-12 10:57 14336 ----a-w- c:\windows\system32\GUCI_AVS.dll
2010-02-26 10:49 . 2010-02-26 10:49 -------- d-----w- c:\program files\Common Files\PAP7501
2010-02-26 10:48 . 2004-08-03 22:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-02-26 10:48 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-02-26 10:43 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-26 10:43 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-10 11:16 . 2010-02-10 11:16 -------- d--h--w- c:\windows\PIF
2010-02-09 21:24 . 2010-02-09 21:25 -------- d-----w- c:\program files\LEGO Island

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 22:05 . 2010-01-15 02:00 -------- d-----w- c:\program files\JDownloader
2010-03-05 12:02 . 2010-01-13 09:30 -------- d-----w- c:\documents and settings\Darko\Application Data\Skype
2010-03-05 12:01 . 2010-01-13 09:36 -------- d-----w- c:\documents and settings\Darko\Application Data\skypePM
2010-03-05 02:19 . 2010-01-15 01:56 -------- d-----w- c:\documents and settings\Darko\Application Data\Azureus
2010-03-05 02:11 . 2010-01-15 01:55 -------- d-----w- c:\program files\Vuze
2010-02-28 23:57 . 2005-01-23 15:54 -------- d-----w- c:\program files\DivX
2010-02-26 10:49 . 2004-09-27 20:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 20:46 . 2010-01-22 10:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 10:10 . 2010-02-02 21:21 80896 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\LZMA.dll
2010-02-05 10:10 . 2010-02-02 21:21 5632 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Swap.dll
2010-02-05 10:10 . 2010-02-02 21:21 5120 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Copy.dll
2010-02-05 10:10 . 2010-02-02 21:21 32256 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Aes.dll
2010-02-05 10:10 . 2010-02-02 21:21 18944 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\Branch.dll
2010-02-05 10:10 . 2010-02-02 21:21 13824 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Codecs\7zAes.dll
2010-02-05 10:10 . 2010-02-02 21:21 129024 ----a-w- c:\documents and settings\Darko\Application Data\Seven Zip\Formats\7z.dll
2010-02-02 21:21 . 2010-02-02 21:21 -------- d-----w- c:\documents and settings\Darko\Application Data\Seven Zip
2010-01-29 09:34 . 2010-01-13 00:08 -------- d-----w- c:\program files\Google
2010-01-29 01:36 . 2010-01-14 00:50 -------- d-----w- c:\program files\Thoosje Vista Sidebar
2010-01-25 23:10 . 2010-01-25 23:10 -------- d-----w- c:\program files\URUSoft
2010-01-25 12:32 . 2010-01-25 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-01-25 02:33 . 2010-01-25 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-01-25 02:24 . 2009-09-08 10:00 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 10:30 . 2004-09-29 21:23 -------- d-----w- c:\program files\InterVideo
2010-01-21 09:59 . 2005-09-13 10:42 -------- d-----w- c:\program files\Common Files\InterVideo
2010-01-20 18:48 . 2010-01-20 18:48 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-20 18:24 . 2010-01-20 18:24 -------- d-----w- c:\program files\eRightSoft
2010-01-18 17:39 . 2009-09-09 10:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 17:37 . 2010-01-18 17:37 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-18 00:35 . 2010-01-18 00:32 -------- d-----w- c:\program files\The KMPlayer
2010-01-15 01:59 . 2010-01-15 02:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 01:59 . 2010-01-15 01:59 -------- d-----w- c:\program files\Java
2010-01-15 01:58 . 2010-01-15 01:58 152576 ----a-w- c:\documents and settings\Darko\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-01-15 01:56 . 2010-01-15 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-15 01:55 . 2010-01-15 01:55 -------- d-----w- c:\program files\Common Files\i4j_jres
2010-01-14 17:28 . 2010-01-14 17:28 -------- d-----w- c:\documents and settings\Darko\Application Data\Wildlife Zoo - Marine World
2010-01-14 10:33 . 2010-01-14 10:32 -------- d-----w- c:\program files\Common Files\Real
2010-01-14 10:32 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-14 10:32 . 2010-01-14 10:32 -------- d-----w- c:\program files\Real
2010-01-13 22:04 . 2010-01-13 22:04 -------- d-----w- c:\program files\Common Files\DirectX
2010-01-13 22:04 . 2010-01-13 22:04 -------- d-----w- c:\documents and settings\Darko\Application Data\Wildlife Zoo
2010-01-13 20:07 . 2010-01-12 20:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-13 19:24 . 2010-01-13 19:24 -------- d-----w- c:\program files\DREAMCATCHER INTERACTIVE
2010-01-13 10:01 . 2010-01-13 10:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 09:36 . 2010-01-13 09:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-13 09:30 . 2010-01-13 09:30 -------- d-----r- c:\program files\Skype
2010-01-13 09:30 . 2010-01-13 09:30 -------- d-----w- c:\program files\Common Files\Skype
2010-01-13 09:30 . 2010-01-13 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-12 20:30 . 2010-01-08 14:19 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-01-12 20:05 . 2010-01-12 20:05 -------- d-----w- c:\program files\Avira
2010-01-12 20:05 . 2008-04-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-12 19:03 . 2010-01-12 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK
2010-01-12 17:46 . 2010-01-12 17:46 -------- d-----w- c:\program files\viewsonic
2010-01-11 19:49 . 2005-01-16 12:31 366320 -c--a-w- c:\documents and settings\Darko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 22:18 . 2010-01-10 22:18 -------- d-----w- c:\documents and settings\Darko\Application Data\GRETECH
2010-01-10 22:16 . 2010-01-10 22:16 -------- d-----w- c:\program files\GRETECH
2010-01-10 00:18 . 2010-01-10 00:17 -------- d-----w- c:\program files\WinFast
2010-01-10 00:17 . 2010-01-10 00:17 -------- d-----w- c:\program files\Windows Sidebar
2010-01-07 15:07 . 2009-09-09 10:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-09-09 10:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-11-26 14:21 . 2004-11-26 14:21 8 -csh--r- c:\windows\system32\252C124488.sys
2005-02-07 12:11 . 2004-12-17 20:10 152 -csh--r- c:\windows\system32\B415CD33AB.sys
2006-05-03 10:06 . 2010-01-20 18:25 163328 --sh--r- c:\windows\system32\flvDX.dll
2006-12-29 16:52 . 2004-12-17 20:10 10434 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 . 2010-01-20 18:25 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-20 18:25 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-09_10.37.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-09 22:24 . 2010-03-09 22:24 16384 c:\windows\Temp\Perflib_Perfdata_380.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-02-23 203416]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"Google Update"="c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-13 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="kxmixer --startup" [X]
"USBFW"="c:\program files\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-14 198160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2008-11-14 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Darko\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\Program Files\\JDownloader\\JDownloader.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 52\\ACID.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14-Mar-09 18:24 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12-Jan-10 21:05 108289]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12-Jan-10 20:06 1594944]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [16-Feb-04 23:19 571776]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [25-Dec-08 8:56 433792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-Jan-10 1:08 135664]
S3 DigiPnp;DigiPnp;c:\windows\system32\drivers\Digipnp.sys [27-Sep-04 21:15 6146]
S3 DVcam;DVCam Capture;c:\windows\system32\drivers\DVcam.sys [29-Sep-05 23:15 42511]
S3 G400RT2K;G400RT2K;c:\windows\system32\drivers\g400RT2Km.sys [27-Sep-04 20:50 325627]
S3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\drivers\GUCI_AVS.sys [26-Feb-10 11:49 581120]
S3 MtxVxd;MtxVxd;c:\windows\system32\drivers\MTXVXD.SYS [27-Mar-05 16:50 5604]
S3 Ndisusb;GeneLink Network Driver;c:\windows\system32\DRIVERS\genelan.sys --> c:\windows\system32\DRIVERS\genelan.sys [?]
S3 RTPP2K;RTPP2K;c:\windows\system32\drivers\rtpp2k.sys [29-Apr-01 23:54 87374]
S3 USBHSB;GeneLink USB Driver;c:\windows\system32\drivers\glkusb.sys [31-Oct-05 17:34 10752]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [31-Oct-05 17:28 37616]
S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-682003330-1003Core.job
- c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-682003330-1003UA.job
- c:\documents and settings\Darko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-13 00:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-03-09 23:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8736C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7617fc3
\Driver\ACPI -> ACPI.sys @ 0xf7422cb8
\Driver\atapi -> 0x8736c1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-651377827-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="459544:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2453773:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{9616EE07-4AAF-494D-0789-CBC01BCBF7B6}\Version 1.1]
@DACL=
"dat"="806585365:{D518752D-0C5B-3B8A-43F0-199D3C970E8B}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2453794:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{3A118380-006B-D9D7-2CA8-D0A784756F32}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516232500:{AA5E4DB0-32A9-5792-6C08-AC4B692DCFE1}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{9616EE07-4AAF-494D-0789-CBC01BCBF7B6}\Version 3.x]
@DACL=
"dat"="1767914624:{8E3D43F3-1ADB-A105-6F38-F1686A8DA622}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923714507:{6A539712-46C7-4E56-B112-C5268FCDD102}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{57E5ADC1-B6F2-E550-86DB-E6F1E0F8A300}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234521119:{54115072-223B-3D3D-71C9-06759296E623}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="9:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1152)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\kxmixer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-03-09 23:30:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 22:30
ComboFix2.txt 2010-03-09 10:39

Pre-Run: 5,364,940,800 bytes free
Post-Run: 5,240,074,240 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 728B78C445E19ADAE6F6DF37A375F2EC

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Deluje da je sve u redu. Ništa ne prijavljuje i sve radi... Jedino mi je language bar nestao sa taskbara, nije bitno, koristiću altshift...Koliko mogu za sad da primetim deluje zdravo.
Veliko HVALA doktore.!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Jos ovo:

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Deinstaliran ComboFix, restartovan WinXP... Sve izgleda OK, verovatno treba da obrišem Gmer i DDS logove...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

darksdam ::Deinstaliran ComboFix, restartovan WinXP... Sve izgleda OK, verovatno treba da obrišem Gmer i DDS logove...

Da, obrisi slobodno.

Ko je trenutno na forumu
 

Ukupno su 486 korisnika na forumu :: 16 registrovanih, 1 sakriven i 469 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, _Sale, Aleksandar Tomić, babaroga, Bloody, Djole, goxin, havoc995, hyla, ivan979, Mixelotti, sakota79, samsung, vathra, yrraf, 223223