OKW trojan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo sta mi je nod32 nasao:
5.7.2009 21:46:23 Startup scanner file C:\WINDOWS\system32\Drivers\Cdaudio.sys a variant of Win32/PSW.OnLineGames.OKW trojan unable to clean

Evo log fajl od Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:38, on 6.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\fireserv\Apache\bin\Apache.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Megatec\RUPS 2000\Rupsw32.EXE
c:\fireserv\mysql\bin\mysqld-nt.exe
C:\fireserv\Apache\bin\Apache.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Megatec\RUPS 2000\Rupsd.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Guza\Desktop\RAZNO\skeniraj\tor5.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=070409 serial=xxxxxxxxxxxx lang=EN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Guza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: RUPS Daemon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {73FDD716-9BCE-42F7-8B13-DB4F7587B8D1} (WViewCtl Class) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Fireserv - Apache Software Foundation - C:\fireserv\Apache\bin\Apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - c:\fireserv\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Rupsd - Mega System Technologies, Inc. - C:\Program Files\Megatec\RUPS 2000\Rupsd.exe

--
End of file - 10228 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Iskljuci Nod prema uputstvu koje se nalazi na ovom linku

[Link mogu videti samo ulogovani korisnici]

Kada to uradis uploaduj mi sledeci fajl

C:\WINDOWS\system32\Drivers\Cdaudio.sys

preko ovg linka: [Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:Vas fajl je uspesno uploadovan.
Molimo Vas da u temi u kojoj je od Vas zahtevano da uploadujete fajl, obavestite lice koje Vam pomaze da ste to uspesno uradili.
Hvala Vam.

Eto ga.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ponovo iskljuci Nod..Pa

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-05.04 - Guza 06.07.2009 18:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1538 [GMT 2:00]
Running from: c:\documents and settings\Guza\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-01 00:36 . 2009-07-01 00:39 -------- d-----w- c:\documents and settings\Guza\Local Settings\Application Data\Temp
2009-06-25 18:10 . 2009-06-25 22:45 -------- d-----w- c:\documents and settings\Guza\Application Data\Winamp
2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Guza\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-21 17:09 . 2009-06-21 17:09 -------- d-----w- C:\eclipse
2009-06-19 14:06 . 2009-06-19 14:06 -------- d-----w- c:\program files\MSXML 6.0
2009-06-19 13:45 . 2008-04-14 13:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2009-06-19 13:41 . 2009-06-19 13:48 -------- d-----w- C:\Inetpub
2009-06-19 12:42 . 2009-06-19 12:42 -------- d-----w- c:\windows\SQLHotfix
2009-06-17 18:35 . 2009-06-17 18:35 -------- d-----w- c:\program files\Bonjour
2009-06-15 18:21 . 2009-06-15 18:21 7398 ----a-r- c:\documents and settings\Guza\Application Data\Microsoft\Installer\{FBDF32EF-931E-4ED7-A1EF-C05E2453C1A8}\_7E8597A10AE70F8D06B661.exe
2009-06-15 18:21 . 2009-06-15 18:21 -------- d-----w- c:\program files\SELECTOR TRADE
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-09 19:00 . 2009-06-19 14:19 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-09 16:34 . 2009-06-09 16:34 -------- d-----w- c:\windows\system32\IOSUBSYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 15:29 . 2008-11-22 10:15 -------- d-----w- c:\documents and settings\Guza\Application Data\Xfire
2009-07-06 15:29 . 2009-05-26 23:54 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-06 12:29 . 2009-05-26 23:55 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 08:36 . 2008-11-20 02:22 -------- d-----w- c:\documents and settings\Guza\Application Data\uTorrent
2009-06-25 18:11 . 2008-11-19 13:05 -------- d-----w- c:\program files\Winamp
2009-06-24 17:28 . 2008-11-19 14:47 85016 ----a-w- c:\documents and settings\Guza\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 14:17 . 2008-11-20 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-19 14:12 . 2008-11-20 19:06 -------- d-----w- c:\program files\Microsoft.NET
2009-06-17 18:34 . 2008-11-19 12:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 09:58 . 2008-11-21 20:38 -------- d-----w- c:\documents and settings\Guza\Application Data\LimeWire
2009-06-15 20:38 . 2009-02-06 11:46 -------- d-----w- c:\documents and settings\Guza\Application Data\mIRC
2009-06-15 20:26 . 2009-02-06 11:46 -------- d-----w- c:\program files\mIRC
2009-06-09 16:34 . 2008-11-19 19:38 -------- d-----w- c:\program files\Google
2009-06-09 09:20 . 2008-11-21 14:50 -------- d-----w- c:\program files\Java
2009-06-02 10:07 . 2009-05-01 20:53 -------- d-----w- c:\program files\Image-Line
2009-05-31 09:40 . 2009-05-31 09:40 -------- d-----w- c:\documents and settings\Guza\Application Data\YoudaGames
2009-05-27 21:21 . 2009-04-13 20:14 -------- d-----w- c:\program files\NetBeans 6.1
2009-05-26 23:54 . 2009-05-26 23:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-26 20:31 . 2009-05-20 11:52 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-26 20:21 . 2009-05-19 19:01 -------- d-----w- c:\program files\Zylom Games
2009-05-26 20:21 . 2008-12-09 08:55 -------- d-----w- c:\program files\Yahoo!
2009-05-26 20:15 . 2008-11-19 12:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 20:07 . 2009-05-26 20:07 -------- d-----w- c:\documents and settings\Guza\Application Data\Share-to-Web Upload Folder
2009-05-26 13:48 . 2009-05-26 13:48 63916 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-26 13:33 . 2009-05-26 13:31 -------- d-----w- c:\documents and settings\Guza\Application Data\MySQL-Front
2009-05-26 13:31 . 2009-05-26 13:31 -------- d-----w- c:\program files\MySQL-Front
2009-05-22 23:07 . 2009-04-17 20:02 -------- d-----w- c:\documents and settings\Guza\Application Data\Skype
2009-05-21 19:40 . 2009-05-21 19:40 -------- d-----w- c:\program files\EA SPORTS
2009-05-21 07:06 . 2009-03-17 23:39 -------- d-----w- c:\program files\Microsoft
2009-05-20 13:18 . 2009-05-20 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2009-05-20 13:10 . 2009-05-20 13:10 -------- d-----w- c:\documents and settings\Guza\Application Data\ABBYY
2009-05-20 12:59 . 2009-05-20 12:59 -------- d-----w- c:\program files\Common Files\ABBYY
2009-05-20 11:52 . 2009-05-20 11:52 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-20 11:14 . 2009-05-20 11:10 -------- d-----w- c:\documents and settings\Guza\Application Data\GetRightToGo
2009-05-19 19:02 . 2009-05-19 19:02 -------- d-----w- c:\documents and settings\Guza\Application Data\Zylom
2009-05-19 19:01 . 2009-05-19 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-05-19 15:55 . 2009-05-19 15:50 -------- d-----w- c:\program files\EsetOnlineScanner
2009-05-18 20:04 . 2009-05-18 20:04 -------- d-----w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab
2009-05-18 20:04 . 2009-05-18 20:04 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-18 20:04 . 2009-05-18 20:04 207872 ----a-w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-18 20:04 . 2009-05-18 20:04 207872 ----a-w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-18 20:04 . 2009-05-18 20:04 207872 ----a-w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-18 20:04 . 2009-05-18 20:04 207872 ----a-w- c:\documents and settings\Guza\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-05-12 12:55 . 2009-04-13 20:19 -------- d-----w- c:\program files\glassfish-v2ur2
2009-05-11 14:51 . 2009-04-07 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PowerDesigner 12
2009-05-11 14:49 . 2009-01-28 14:54 -------- d-----w- c:\program files\Corel
2009-05-11 14:49 . 2009-01-28 14:57 -------- d-----w- c:\documents and settings\Guza\Application Data\Corel
2009-05-04 13:07 . 2009-05-14 09:06 2298680 ----a-w- c:\documents and settings\Guza\Application Data\Mozilla\Firefox\Profiles\wivc4e1r.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-27 19:08 . 2009-01-29 10:15 2984 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-27 19:08 . 2009-01-29 10:15 2984 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-27 19:08 . 2009-01-29 10:15 88 --sh--r- c:\documents and settings\All Users\Application Data\76C55D0F83.sys
2009-04-27 19:08 . 2009-01-29 10:15 88 --sh--r- c:\documents and settings\All Users\Application Data\76C55D0F83.sys
2009-04-25 11:05 . 2009-04-25 11:05 5 ----a-w- C:\b.bat
2009-04-23 13:03 . 2009-04-23 13:03 216064 ----a-w- c:\windows\iun3405.exe
.

------- Sigcheck -------

[-] 2008-07-12 19:20 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SkinClock"="d:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2006-09-17 549376]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="d:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"Google Update"="c:\documents and settings\Guza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-19 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"DU Meter"="d:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RUPS Daemon.lnk - c:\program files\Megatec\RUPS 2000\Rupsw32.EXE [2008-11-19 32768]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ Autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^Guza^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Guza\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Guza^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk]
path=c:\documents and settings\Guza\Start Menu\Programs\Startup\Need for Speed™ Undercover Registration.lnk
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Guza^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Guza\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Guza\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Guza\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\BORGChat\\BORGChat.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\xfire.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 5:51 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 5:51 468224]
R2 Fireserv;Fireserv;c:\fireserv\Apache\bin\Apache.exe [7.5.2002 0:31 20480]
R2 UPS2501;UPS2501;c:\windows\system32\drivers\ups2501.sys [19.11.2008 19:46 9351]
R3 SNCP106;PC Camera (6009 CIF);c:\windows\system32\drivers\sncp106.sys [16.3.2009 23:13 243712]
S2 ups2501_xp;ups2501_xp;c:\windows\system32\drivers\ups2501_XP.sys [19.11.2008 15:55 5344]
S3 cpuz130;cpuz130;\??\c:\docume~1\Guza\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Guza\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;d:\program files\Hotspot Shield\bin\HssTrayService.EXE --> d:\program files\Hotspot Shield\bin\HssTrayService.EXE [?]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [30.1.2009 17:10 654848]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [12.1.2009 21:04 50048]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PNKBSTRB
*Deregistered* - aujasnkj
*Deregistered* - PnkBstrK
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-796845957-1003Core.job
- c:\documents and settings\Guza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 18:25]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-796845957-1003UA.job
- c:\documents and settings\Guza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 18:25]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {73FDD716-9BCE-42F7-8B13-DB4F7587B8D1} - [Link mogu videti samo ulogovani korisnici]
FF - ProfilePath - c:\documents and settings\Guza\Application Data\Mozilla\Firefox\Profiles\wivc4e1r.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Guza\Application Data\Mozilla\Firefox\Profiles\wivc4e1r.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Guza\Application Data\Mozilla\Firefox\Profiles\wivc4e1r.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Guza\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Guza\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-06 18:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7244)
d:\program files\Atomic Alarm Clock\Clock.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-07-06 18:55
ComboFix-quarantined-files.txt 2009-07-06 16:54

Pre-Run: 1.178.451.968 bytes free
Post-Run: 1.158.025.216 bytes free

285

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Takodje bilo bi pozeljno da uslikas quarantine ili da kopiras izvestaj ovde..

Karantin se nalazi... :



samo ti nemoj da ih brises kao sto je na slici prikazano.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jel jos uvek imas probleme?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 08 Jul 2009 15:32

hmmm, pa jos uvjek ovaj sdaudio.sys nije uklonjen ne znam kako da ga sklonim (opet ga je nod nasao tamo u system32/drivers) ... da li da ga sklonim iz quarantina? Kako ga unistiti?

Dopuna: 08 Jul 2009 15:34

btw, evo i slika

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\Drivers\Cdaudio.sys


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.