MyCity » Ambulanta -> Arhiva Ambulante » HITNO POMOC!!!

HITNO POMOC!!!

Napisano na dan: 8.9.2010

Strana:
1
2

HITNO POMOC!!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

paskale Poslao: 08 Sep 2010 21:26 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Joj po ko zna koji put formatiram HDD i instaliram windows, prvo sam formatirao nekoliko puta quick format ali virusi odmah ostaju, pa evo i ful format ali opet 5 min nakon instaliranog svjezeg sistema 40-50 komada virusa, djaba sto malwarebytesom obrisem viruse oni se pojavljuju opet na novom sistemu, moram li odmah one logove postavljat? I nakon sto kliknem na obrisi na malwarebytes unaprijed znam da moram instalirat novi sistem. Molim vas sto manje zahtjevajte jer jedva mi radi komp, i jedva sta mogu skenirat . Cak 10 puta treba kliknut da mi temu objavi

Profil

dr_Bora Poslao: 08 Sep 2010 21:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskopiraj log skeniranja MBAM-om (tog koji si već odradio).

Profil

paskale Poslao: 08 Sep 2010 23:20 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 08 Sep 2010 23:18 Evo izvolite dr.Bora Dopuna: 08 Sep 2010 23:20 Evo izvolite dr.Bora Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Verzija baze podataka: 4573 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 8/9/2010 8:20:03 AM mbam-log-2010-08-09 (08-20-03).txt Vrsta skeniranja: Kompletno skeniranje (C:\ Skenirani objekti: 200415 Proteklo vrijeme: 12 minuta, 58 sekundi Zaraženi memorijski procesi: 2 Zaraženi memorijski moduli: 0 Zaraženi registracijski kljuèevi: 0 Zaražene registracijske vrijednosti: 6 Zaraženi registracijski podaci: 1 Zaraženi direktoriji: 1 Zaražene datoteke: 30 Zaraženi memorijski procesi: C:\WINDOWS\cfdrive32.exe (Trojan.VirTool) -> No action taken. C:\WINDOWS\system32\msvmiode.exe (Trojan.VirTool) -> No action taken. Zaraženi memorijski moduli: (Nisu pronaðene zlonamjerne stavke) Zaraženi registracijski kljuèevi: (Nisu pronaðene zlonamjerne stavke) Zaražene registracijske vrijednosti: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.VirTool) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.VirTool) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Trojan.VirTool) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Autorun.B) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken. Zaraženi registracijski podaci: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-5993897933-1245011833-970717550-9896\syscr.exe,explorer.exe,C:\Documents and Settings\User\Application Data\ltzqai.exe) Good: (Explorer.exe) -> No action taken. Zaraženi direktoriji: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken. Zaražene datoteke: C:\WINDOWS\cfdrive32.exe (Trojan.VirTool) -> No action taken. C:\WINDOWS\system32\msvmiode.exe (Trojan.VirTool) -> No action taken. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> No action taken. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5RG8MDSI\x[1].exe (Worm.Autorun) -> No action taken. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FDXVBD1L\oo[1].exe (Trojan.VirTool) -> No action taken. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q1W8ZZSU\jmiueu[1].gif (Extension.Mismatch) -> No action taken. C:\Documents and Settings\User\Application Data\ltzqai.exe (Worm.Autorun) -> No action taken. C:\Documents and Settings\User\Local Settings\Temp\307.exe (Worm.Autorun) -> No action taken. C:\Documents and Settings\User\Local Settings\Temp\441.exe (Worm.Autorun) -> No action taken. C:\Documents and Settings\User\Local Settings\Temp\4557.exe (Trojan.VirTool) -> No action taken. C:\Documents and Settings\User\Local Settings\Temp\497.exe (Trojan.VirTool) -> No action taken. C:\Documents and Settings\User\Local Settings\Temp\939407.exe (Trojan.VirTool) -> No action taken. C:\Documents and Settings\User\Local Settings\Temp\993211.exe (Trojan.VirTool) -> No action taken. C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\5RG8MDSI\lbf[1].exe (Worm.Autorun) -> No action taken. C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Q1W8ZZSU\c57[1].exe (Trojan.VirTool) -> No action taken. C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Q1W8ZZSU\lik[1].exe (Trojan.VirTool) -> No action taken. C:\RECYCLER\S-1-5-21-5993897933-1245011833-970717550-9896\syscr.exe (Worm.Autorun) -> No action taken. C:\RECYCLER\S-1-5-21-9780555229-3158336012-213057299-7764\syscr.exe (Worm.Autorun) -> No action taken. C:\WINDOWS\system32\12.scr (Trojan.VirTool) -> No action taken. C:\WINDOWS\system32\13.scr (Trojan.VirTool) -> No action taken. C:\WINDOWS\system32\20.exe (Worm.Autorun) -> No action taken. C:\WINDOWS\system32\43.exe (Worm.Autorun) -> No action taken. C:\WINDOWS\system32\53.scr (Trojan.VirTool) -> No action taken. C:\WINDOWS\system32\62.scr (Trojan.VirTool) -> No action taken. C:\WINDOWS\system32\63.exe (Worm.Autorun) -> No action taken. C:\WINDOWS\system32\64.scr (Trojan.VirTool) -> No action taken. C:\WINDOWS\system32\logonui.exe (Malware.Packer.Gen) -> No action taken. C:\WINDOWS\system32\Zsorm.exe (Trojan.VirTool) -> No action taken. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken. C:\WINDOWS\logfile32.txt (Malware.Trace) -> No action taken.

Profil

dr_Bora Poslao: 08 Sep 2010 23:28 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vidim da u logu ima nekih autorun crva - verovatno dođe do reinfekcije zato što su inficirane ostale particije na disku ili flash drive-ovi. Želiš da probamo čistiti? Ako da, trebaju mi logovi koji se pominju u uputstvu (inače ne znam šta sve tamo ima).

Profil

paskale Poslao: 09 Sep 2010 10:48 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 09 Sep 2010 9:26 DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 18:24:31.93 on Mon 08/09/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.674 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\cfdrive32.exe C:\WINDOWS\system32\msvmiode.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\User\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== mWinlogon: SfcDisable=-99 (0xffffff9d) mWinlogon: Taskman=c:\documents and settings\user\application data\ltzqai.exe uWinlogon: Shell=c:\recycler\s-1-5-21-5993897933-1245011833-970717550-9896\syscr.exe,explorer.exe,c:\documents and settings\user\application data\ltzqai.exe uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [Microsoft Driver Setup] c:\windows\cfdrive32.exe mRun: [MSODESNV7] c:\windows\system32\msvmiode.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N mExplorerRun: [Microsoft Driver Setup] c:\windows\cfdrive32.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\rocketdock\RocketDock.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\9ml93wk8.default\ FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll ============= SERVICES / DRIVERS =============== S2 tctajfy;Installer Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] =============== Created Last 30 ================ 2010-08-09 13:43:26 81920 ----a-w- c:\windows\system32\20.exe 2010-08-09 13:42:48 0 d-----w- c:\program files\common files\Windows Live 2010-08-09 13:15:16 245760 ----a-w- c:\windows\system32\12.scr 2010-08-09 12:59:40 245760 ----a-w- c:\windows\system32\13.scr 2010-08-09 12:55:14 245760 ----a-w- c:\windows\system32\53.scr 2010-08-09 12:49:58 81920 ----a-w- c:\windows\system32\63.exe 2010-08-09 12:49:03 145 ----a-w- c:\documents and settings\user\default.pls 2010-08-09 12:42:33 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes 2010-08-09 12:42:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-09 12:42:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-09 12:42:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-09 12:42:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-09 12:39:36 245760 ----a-w- c:\windows\system32\62.scr 2010-08-09 12:38:02 86016 --sh--r- c:\windows\cfdrive32.exe 2010-08-09 12:37:49 122880 ----a-w- c:\windows\system32\msvmiode.exe 2010-08-09 12:37:35 77824 --sh--r- c:\docume~1\user\applic~1\ltzqai.exe 2010-08-09 12:36:43 81920 ----a-w- c:\windows\system32\43.exe 2010-08-09 12:35:32 245760 --sh--r- c:\windows\system32\Zsorm.exe 2010-08-09 12:35:11 245760 ----a-w- c:\windows\system32\64.scr 2010-08-09 12:32:53 15360 ---ha-r- c:\windows\system32\drivers\NetMotCM.sys 2010-08-09 11:26:04 11628 ----a-w- C:\uniblue2.reg 2010-08-09 11:26:02 784 ----a-w- C:\uniblue.reg 2010-08-09 11:25:59 13244 ----a-w- C:\settings.reg 2010-08-09 11:25:58 0 d-----w- c:\program files\Uniblue 2010-08-09 11:25:56 36864 ----a-w- c:\windows\system32\wbsys.dll 2010-08-09 11:25:56 20480 ----a-w- c:\windows\system32\wbload.dll 2010-08-09 11:25:56 0 ----a-w- c:\windows\WB.ini 2010-08-09 11:22:07 0 d---a-w- c:\program files\Stardock 2010-08-09 05:14:24 69 ----a-w- c:\windows\NeroDigital.ini 2010-08-09 05:13:00 0 d-----w- c:\program files\Nero 2010-08-09 05:13:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero 2010-08-09 05:04:33 0 d-----w- c:\docume~1\user\applic~1\uTorrent 2010-08-09 05:03:46 0 d-s---w- c:\windows\system32\Microsoft 2010-08-09 05:03:41 8192 ----a-w- c:\windows\REGLOCS.OLD 2010-08-09 04:57:54 0 d-----w- c:\program files\Alky for Applications 2010-08-09 04:56:33 0 d-sh--w- c:\documents and settings\all users\DRM 2010-08-09 04:56:14 0 d--h--w- c:\program files\WindowsUpdate 2010-08-09 04:55:17 0 d-----w- c:\program files\common files\MSSoap 2010-08-09 04:54:00 0 d-----w- c:\program files\Online Services 2010-08-09 04:53:55 0 d-----w- c:\program files\uTorrent 2010-08-09 04:53:32 0 d-----w- c:\program files\VistaExperience.org 2010-08-09 04:51:33 0 d-----w- c:\program files\Windows Media Connect 2 2010-08-09 04:51:31 0 d-----w- c:\program files\Messenger 2010-08-09 04:51:27 0 d-----w- c:\program files\MSN Gaming Zone 2010-08-09 04:50:46 0 d-----w- c:\program files\Windows NT 2010-08-08 21:44:46 0 d-----w- c:\program files\common files\ODBC 2010-08-08 21:44:43 0 d-----w- c:\program files\common files\SpeechEngines 2010-08-08 21:44:17 0 d-----r- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2010-08-09 04:54:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2007-10-27 07:23:55 166425 --sha-r- c:\windows\system32\cfgnm.dll ============= FINISH: 18:24:46.96 =============== https://www.mycity.rs/must-login.png Dopuna: 09 Sep 2010 10:48 GAMER: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

dr_Bora Poslao: 09 Sep 2010 16:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Program se zove Gmer, ne Gamer (čisto da znaš ). 2. Imaš finu kolekciju malware-a ovde. 3. Ne koristi USB flash diskove dok ti ne kažem da je ok. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

paskale Poslao: 09 Sep 2010 17:21 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 09 Sep 2010 16:48 dr_Bora ::1. Program se zove Gmer, ne Gamer (čisto da znaš ). 2. Imaš finu kolekciju malware-a ovde. Ma nisam bas ni citao, oke sad sam zapamtio Cuj imam finu kolekciju malware-a Evo sad cu ja to odradit s CF. Dopuna: 09 Sep 2010 17:21 EVO Logo ComboFix-a: ComboFix 10-09-08.03 - User 08/10/2010 2:02.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.744 [GMT -7:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Application Data\ltzqai.exe c:\windows\cfdrive32.exe c:\windows\logfile32.txt c:\windows\system32\12.scr c:\windows\system32\13.scr c:\windows\system32\20.exe c:\windows\system32\43.exe c:\windows\system32\53.scr c:\windows\system32\62.scr c:\windows\system32\63.exe c:\windows\system32\64.scr c:\windows\system32\msvmiode.exe c:\windows\system32\Zsorm.exe . ((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 ))))))))))))))))))))))))))))))) . 2010-08-10 08:24 . 2004-08-03 21:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-08-09 13:42 . 2010-08-09 13:42 -------- d-----w- c:\program files\Common Files\Windows Live 2010-08-09 12:44 . 2010-08-09 12:44 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Ahead 2010-08-09 12:42 . 2010-08-09 12:42 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2010-08-09 12:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-09 12:42 . 2010-08-09 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-09 12:42 . 2010-08-09 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-09 12:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-09 12:32 . 2004-09-29 20:36 15360 ---ha-r- c:\windows\system32\drivers\NetMotCM.sys 2010-08-09 12:32 . 2010-08-09 12:32 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-09 11:30 . 2010-08-09 11:30 -------- d-----w- c:\documents and settings\User\Application Data\Talkback 2010-08-09 11:30 . 2010-08-09 11:30 0 ----a-w- c:\windows\nsreg.dat 2010-08-09 11:30 . 2010-08-09 11:30 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla 2010-08-09 11:27 . 2010-08-09 11:27 15184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-09 11:26 . 2007-10-28 00:03 11628 ----a-w- C:\uniblue2.reg 2010-08-09 11:26 . 2007-10-28 00:01 784 ----a-w- C:\uniblue.reg 2010-08-09 11:25 . 2007-11-13 18:56 13244 ----a-w- C:\settings.reg 2010-08-09 11:25 . 2010-08-09 11:25 -------- d-----w- c:\program files\Uniblue 2010-08-09 11:25 . 2005-01-23 02:05 20480 ----a-w- c:\windows\system32\wbload.dll 2010-08-09 11:25 . 2003-02-27 04:27 36864 ----a-w- c:\windows\system32\wbsys.dll 2010-08-09 11:25 . 2010-08-09 11:25 -------- d---a-w- c:\documents and settings\Server2003 2010-08-09 11:22 . 2007-01-26 05:31 -------- d---a-w- c:\program files\Stardock 2010-08-09 05:13 . 2010-08-09 05:13 -------- d-----w- c:\documents and settings\User\Application Data\Nero 2010-08-09 05:13 . 2010-08-09 05:13 -------- d-----w- c:\program files\Common Files\Nero 2010-08-09 05:13 . 2010-08-09 05:13 -------- d-----w- c:\program files\Nero 2010-08-09 05:13 . 2010-08-09 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-10 09:17 . 2010-08-10 09:17 1341561 ----a-w- C:\ComboFix.zip 2010-08-09 05:32 . 2010-08-09 04:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-08-09 04:57 . 2010-08-09 04:57 -------- d-----w- c:\program files\Alky for Applications 2010-08-09 04:57 . 2010-08-09 04:57 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-08-09 04:54 . 2010-08-09 04:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-08-09 04:53 . 2010-08-09 05:04 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2010-08-09 04:53 . 2010-08-09 04:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\uTorrent 2010-08-09 04:53 . 2010-08-09 04:53 -------- d-----w- c:\program files\uTorrent 2010-08-09 04:53 . 2010-08-09 04:53 -------- d-----w- c:\documents and settings\Default User\Application Data\uTorrent 2010-08-09 04:53 . 2010-08-09 04:53 -------- d-----w- c:\program files\VistaExperience.org 2010-08-09 04:53 . 2010-08-09 04:51 -------- d-----w- c:\program files\Windows Sidebar 2010-08-09 04:51 . 2010-08-09 04:51 -------- d-----w- c:\program files\Windows Media Connect 2 2007-10-09 05:33 . 2010-08-09 04:57 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-10-09 05:33 . 2010-08-09 04:57 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-10-09 05:33 . 2010-08-09 04:57 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-10-09 05:33 . 2010-08-09 04:57 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-10-09 05:33 . 2010-08-09 04:57 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2007-10-27 07:23 . 2007-10-27 07:23 166425 --sha-r- c:\windows\system32\cfgnm.dll . ------- Sigcheck ------- [-] 2007-10-27 . A11391BE25035570AE4B8970920F2C74 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-10-27 . 24FCD8FB0C6BD0E5F3B1203769948336 . 2346752 . . [5.1.2600.3181] . . c:\windows\system32\ntoskrnl.exe [-] 2007-10-27 . F487BC487C84BCE141789C65FF9CAC2C . 2223616 . . [5.1.2600.3181] . . c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432] "nwiz"="nwiz.exe" [2007-07-13 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-10-27 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2005-12-21 05:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2356:TCP"= 2356:TCP:ndhlbm S2 tctajfy;Installer Windows;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 2:00 PM 14336] --- Other Services/Drivers In Memory --- NewlyCreated - UPNPHOST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs tctajfy [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2007-10-27 07:26 124928 ----a-w- c:\windows\system32\advpack.dll . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9ml93wk8.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-10 02:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tctajfy] "ServiceDll"="c:\windows\system32\cfgnm.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(676) c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - - - - - - - > 'explorer.exe'(2224) c:\windows\system32\SHDOCVW.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Completion time: 2010-08-10 02:19:57 ComboFix-quarantined-files.txt 2010-08-10 09:19 Pre-Run: 149,975,482,368 bytes free Post-Run: 149,946,273,792 bytes free - - End Of File - - 920EF183607B445B3EECBDBE93480A32

Profil

dr_Bora Poslao: 09 Sep 2010 18:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\cfgnm.dll NetSvc:: tctajfy Driver:: tctajfy Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2356:TCP"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Instaliraj antivirus. Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

paskale Poslao: 10 Sep 2010 20:12 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 09 Sep 2010 19:18 ComboFix 10-09-08.03 - User 08/10/2010 4:07.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.695 [GMT -7:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt FILE :: "c:\windows\system32\cfgnm.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cfgnm.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TCTAJFY -------\Service_tctajfy ((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 ))))))))))))))))))))))))))))))) . 2010-08-10 10:19 . 2010-08-10 10:19 -------- d-----w- c:\windows\system32\wbem\snmp 2010-08-10 10:19 . 2010-08-10 10:19 -------- d-----w- c:\windows\system32\xircom 2010-08-10 10:19 . 2010-08-10 10:19 -------- d-----w- c:\program files\microsoft frontpage 2010-08-10 09:39 . 2010-08-10 09:39 -------- d-----w- c:\program files\CCleaner 2010-08-10 09:17 . 2010-08-10 09:17 1341561 ----a-w- C:\ComboFix.zip 2010-08-10 08:24 . 2004-08-03 21:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-08-09 13:42 . 2010-08-09 13:42 -------- d-----w- c:\program files\Common Files\Windows Live 2010-08-09 12:44 . 2010-08-09 12:44 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Ahead 2010-08-09 12:42 . 2010-08-09 12:42 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2010-08-09 12:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-09 12:42 . 2010-08-09 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-09 12:42 . 2010-08-09 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-09 12:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-09 12:32 . 2004-09-29 20:36 15360 ---ha-r- c:\windows\system32\drivers\NetMotCM.sys 2010-08-09 12:32 . 2010-08-09 12:32 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-09 11:30 . 2010-08-09 11:30 -------- d-----w- c:\documents and settings\User\Application Data\Talkback 2010-08-09 11:30 . 2010-08-09 11:30 0 ----a-w- c:\windows\nsreg.dat 2010-08-09 11:30 . 2010-08-09 11:30 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla 2010-08-09 11:27 . 2010-08-09 11:27 15184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-09 11:26 . 2007-10-28 00:03 11628 ----a-w- C:\uniblue2.reg 2010-08-09 11:26 . 2007-10-28 00:01 784 ----a-w- C:\uniblue.reg 2010-08-09 11:25 . 2007-11-13 18:56 13244 ----a-w- C:\settings.reg 2010-08-09 11:25 . 2010-08-09 11:25 -------- d-----w- c:\program files\Uniblue 2010-08-09 11:25 . 2005-01-23 02:05 20480 ----a-w- c:\windows\system32\wbload.dll 2010-08-09 11:25 . 2003-02-27 04:27 36864 ----a-w- c:\windows\system32\wbsys.dll 2010-08-09 11:25 . 2010-08-09 11:25 -------- d---a-w- c:\documents and settings\Server2003 2010-08-09 11:22 . 2007-01-26 05:31 -------- d---a-w- c:\program files\Stardock 2010-08-09 05:13 . 2010-08-09 05:13 -------- d-----w- c:\documents and settings\User\Application Data\Nero 2010-08-09 05:13 . 2010-08-09 05:13 -------- d-----w- c:\program files\Common Files\Nero 2010-08-09 05:13 . 2010-08-09 05:13 -------- d-----w- c:\program files\Nero 2010-08-09 05:13 . 2010-08-09 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-09 05:32 . 2010-08-09 04:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-08-09 04:57 . 2010-08-09 04:57 -------- d-----w- c:\program files\Alky for Applications 2010-08-09 04:57 . 2010-08-09 04:57 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-08-09 04:54 . 2010-08-09 04:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-08-09 04:53 . 2010-08-09 05:04 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2010-08-09 04:53 . 2010-08-09 04:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\uTorrent 2010-08-09 04:53 . 2010-08-09 04:53 -------- d-----w- c:\program files\uTorrent 2010-08-09 04:53 . 2010-08-09 04:53 -------- d-----w- c:\documents and settings\Default User\Application Data\uTorrent 2010-08-09 04:53 . 2010-08-09 04:53 -------- d-----w- c:\program files\VistaExperience.org 2010-08-09 04:53 . 2010-08-09 04:51 -------- d-----w- c:\program files\Windows Sidebar 2010-08-09 04:51 . 2010-08-09 04:51 -------- d-----w- c:\program files\Windows Media Connect 2 2007-10-09 05:33 . 2010-08-09 04:57 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-10-09 05:33 . 2010-08-09 04:57 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-10-09 05:33 . 2010-08-09 04:57 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-10-09 05:33 . 2010-08-09 04:57 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-10-09 05:33 . 2010-08-09 04:57 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] 2007-10-27 . A11391BE25035570AE4B8970920F2C74 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-10-27 . 24FCD8FB0C6BD0E5F3B1203769948336 . 2346752 . . [5.1.2600.3181] . . c:\windows\system32\ntoskrnl.exe [-] 2007-10-27 . CD3A85AFC4EBA46FC66E4D0F0BCDA1BB . 2223616 . . [5.1.2600.3181] . . c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432] "nwiz"="nwiz.exe" [2007-07-13 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-10-27 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2005-12-21 05:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2007-10-27 07:26 124928 ----a-w- c:\windows\system32\advpack.dll . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9ml93wk8.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-10 04:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(804) c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - - - - - - - > 'explorer.exe'(2856) c:\windows\system32\SHDOCVW.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . ************************************************************************ . Completion time: 2010-08-10 04:18:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-10 11:17 ComboFix2.txt 2010-08-10 09:19 Pre-Run: 149,924,110,336 bytes free Post-Run: 149,877,460,992 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 9257D24A45E039A1684C08F32A91DAEB Dopuna: 10 Sep 2010 20:12 Stvarno nema smisla, evo danas sam ugasio comp, pokusao ga upalit i necec prolaye one strelice ali nece da loguje, evo novi sistem i malwarebztes logo a tu je i virus logonui koji sam nedavno obrisao pomocu vaseg kolege s combo-fixom. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Verzija baze podataka: 4590 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 9/10/2010 8:12:17 PM mbam-log-2010-09-10 (20-12-17).txt Vrsta skeniranja: Kompletno skeniranje (C:\\|D:\ Skenirani objekti: 201298 Proteklo vrijeme: 12 minuta, 21 sekundi Zaraženi memorijski procesi: 0 Zaraženi memorijski moduli: 0 Zaraženi registracijski kljuèevi: 0 Zaražene registracijske vrijednosti: 0 Zaraženi registracijski podaci: 0 Zaraženi direktoriji: 0 Zaražene datoteke: 22 Zaraženi memorijski procesi: (Nisu pronaðene zlonamjerne stavke) Zaraženi memorijski moduli: (Nisu pronaðene zlonamjerne stavke) Zaraženi registracijski kljuèevi: (Nisu pronaðene zlonamjerne stavke) Zaražene registracijske vrijednosti: (Nisu pronaðene zlonamjerne stavke) Zaraženi registracijski podaci: (Nisu pronaðene zlonamjerne stavke) Zaraženi direktoriji: (Nisu pronaðene zlonamjerne stavke) Zaražene datoteke: C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000842.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000850.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000874.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000878.exe (RiskWare.Tool.CK) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000879.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000882.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000884.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000887.exe (Trojan.Agent.CK) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000890.exe (Malware.NSPack) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000904.exe (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000905.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000906.exe (RiskWare.Tool.CK) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000909.EXE (RiskWare.Tool.CK) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000922.exe (RiskWare.Tool.CK) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000923.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000926.exe (Trojan.KillAV) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000927.exe (Malware.Packer.Gen) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000929.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000932.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000945.exe (Trojan.Dropper.PGen) -> No action taken. C:\System Volume Information\_restore{09B2041D-EED9-4F47-A16A-00B6566D6557}\RP2\A0000867.exe (Trojan.Dropper.PGen) -> No action taken. C:\WINDOWS\system32\logonui.exe (Malware.Packer.Gen) -> No action taken.

Profil

dr_Bora Poslao: 10 Sep 2010 20:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	1Ovo se svidja korisniku: bobo 75 Registruj se da bi pohvalio/la poruku! Jesi li kojim slučajem pokušao da instaliraš antivirus? Mnogo je lakše nego da instaliraš Windows svaki dan. Uploaduj C:\WINDOWS\system32\logonui.exe preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » HITNO POMOC!!!

Ko je trenutno na forumu

Ukupno su 948 korisnika na forumu :: 49 registrovanih, 9 sakrivenih i 890 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., bestguarder, darkangel, dekan.m, delboy, Denaya, Dimitrije Paunovic, draggan, drimer, Excalibur13, FOX, goxin, Grah0, ivicasimo, JOntra, Karla, krkalon, Krvava Devetka, kybonacci, laurusri, Lord Nem, Magistar78, mercedesamg, Mercury, Mi lao shu, mile23, milenko crazy north, Milometer, mnn2, nemkea71, nikoladim, operniki, Recce, RJ, royst33, S2M, Shinobi, Sirius, Smiljke, Sokic, ss10, Steeeefan, stegonosa, vathra, vukdra, zillbg, Zimbabwe, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by