Možda tražite i:
pada sistem.
sistem pada gasi se
Stalno pada sistem
Stalno "pada" sistem i posle formatiranja!

MyCity » Ambulanta -> Arhiva Ambulante » Sistem pada

Sistem pada

Napisano na dan: 13.12.2010

Sistem pada

Sledeća strana

Pagination

Odgovori

kuciste Poslao: 13 Dec 2010 19:43 Idi na vrh
offline kuciste Građanin Pridružio: 07 Mar 2009 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 13 Dec 2010 19:35 na koji način se ispoljava problem oko koga tražite pomoć; pri dizanju sistema odjednom se racunar restartuje ili čak u sred rada na računaru kada se taj problem počeo ispoljavati; već neko vrijeme ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku; poslije tačkica je naziv napadača C:/Documents and Settings/Davorin/application data/sun/java/deployment/cache/6.0/33/43b641a1-24115dab ............. Win32:Unruy-J(Drp) C:/System volume information/mycrosoft/services.exe ..................................Win32:Cycler - P(Trj) C:/System volume information/mycrosoft/mss.exe..................................Win32:Cycler - P(Trj) na koji način ste pokušali rešiti problem; nisam ništa , jednom sam uradio restore i to je sve, ne znam da li smijem brisati zaražene fajlove kakvom internet konekcijom raspolažete (tip i brzina konekcije); ADSL; 768/64 bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru. nisam ga formatirao već dugo vremena jer ne smijem, imam nekakav program za racunovodstvo koji ne smijem da brisem jer nemam instalacije ...................................................................................................... mycity.rs/must-login.png Dopuna: 13 Dec 2010 19:41 na koji način se ispoljava problem oko koga tražite pomoć; pri dizanju sistema odjednom se racunar restartuje ili čak u sred rada na računaru kada se taj problem počeo ispoljavati; već neko vrijeme ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku; poslije tačkica je naziv napadača C:/Documents and Settings/Davorin/application data/sun/java/deployment/cache/6.0/33/43b641a1-24115dab ............. Win32:Unruy-J(Drp) C:/System volume information/mycrosoft/services.exe ..................................Win32:Cycler - P(Trj) C:/System volume information/mycrosoft/mss.exe..................................Win32:Cycler - P(Trj) na koji način ste pokušali rešiti problem; nisam ništa , jednom sam uradio restore i to je sve, ne znam da li smijem brisati zaražene fajlove kakvom internet konekcijom raspolažete (tip i brzina konekcije); ADSL; 768/64 bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru. nisam ga formatirao već dugo vremena jer ne smijem, imam nekakav program za racunovodstvo koji ne smijem da brisem jer nemam instalacije ...................................................................................................... DDS (Ver_10-12-12.02) - NTFSx86 Run by EC at 19:40:42,64 on 13/12/10 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.265 [GMT 1:00] AV: avast! Antivirus Enabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe svchost.exe 4 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe svchost.exe 4 C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Install\NitroPDFDriverService.exe C:\WINDOWS\system32\NLSSRV32.EXE C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Common Files\Protexis\License Service\PSIService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\BitTorrent\BitTorrent.exe C:\Program Files\USB TV\EM28XX\BDARemote.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\EC\Desktop\RootRepeal.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\EC\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://start.facemoods.com/?a=nikos mSearchAssistant = hxxp://start.facemoods.com/?a=nikos&s={searchTerms}&f=4 uURLSearchHooks: H - No File uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_7 uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" uRun: [Google Update] "c:\documents and settings\ec\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [SMSERIAL] sm56hlpr.exe mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe" /md I mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: Crawler Search - tbr:iemenu IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ec\applic~1\mozilla\firefox\profiles\r68pz6te.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=nikos FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\documents and settings\ec\application data\mozilla\firefox\profiles\r68pz6te.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\ec\application data\mozilla\firefox\profiles\r68pz6te.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\ec\application data\mozilla\firefox\profiles\r68pz6te.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\ec\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\innova-engineering gmbh\3d-viewer-innoplus\npIno3DViewer.dll FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npbittorrent.dll FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npwachk.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-15 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-15 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;d:\install\NitroPDFDriverService.exe [2010-6-24 196928] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-1 67904] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-7-14 33792] R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [2008-4-2 48928] R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [2010-9-19 5376] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-6 133104] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-24 16512] S3 cpuz132;cpuz132;\??\c:\docume~1\davorin\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\davorin\locals~1\temp\cpuz132\cpuz132_x32.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-9-29 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-9-29 8320] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== File Associations =============== .scr=AutoCADScriptFile =============== Created Last 30 ================ 2010-12-11 12:00:46 49152 ----a-r- c:\docume~1\ec\applic~1\microsoft\installer\{d2fcc1ae-6311-47c5-8130-c6c66d77dd71}\ARPPRODUCTICON.exe 2010-12-11 12:00:01 335872 ----a-r- c:\docume~1\ec\applic~1\microsoft\installer\{237cd223-1b9d-47e8-a76c-e478b83ccea2}\ARPPRODUCTICON.exe 2010-12-11 11:59:16 57344 ----a-r- c:\docume~1\ec\applic~1\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe 2010-12-11 11:56:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Home 2010-12-11 11:54:44 -------- d-----w- c:\program files\common files\muvee Technologies 2010-12-11 11:53:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Gems 2010-12-11 11:48:53 -------- d-----w- c:\program files\common files\Nikon 2010-12-08 09:51:16 -------- d-----w- c:\docume~1\ec\applic~1\facemoods.com 2010-12-07 20:32:13 -------- d-----w- c:\program files\facemoods.com 2010-12-07 20:32:12 -------- d-----w- c:\program files\Find_Subtitles_10 2010-12-04 23:32:55 -------- d-----w- c:\program files\MSECache 2010-12-02 13:05:46 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\Opera 2010-11-28 14:51:55 -------- d-----w- c:\docume~1\ec\applic~1\MSNInstaller 2010-11-21 17:43:30 -------- d-----w- c:\docume~1\ec\applic~1\PriceGong 2010-11-21 17:43:15 -------- d-----w- c:\program files\Conduit 2010-11-21 17:43:15 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\Conduit 2010-11-21 17:43:14 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\BitTorrentBar 2010-11-21 17:43:13 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\ConduitEngine 2010-11-21 17:43:12 -------- d-----w- c:\program files\ConduitEngine 2010-11-21 17:43:10 -------- d-----w- c:\program files\BitTorrentBar 2010-11-21 17:43:10 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\temp ==================== Find3M ==================== 2010-12-11 11:53:36 106496 ----a-w- c:\windows\system32\ATL71.DLL 2010-12-09 12:33:38 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-11-04 08:15:02 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-04 08:15:02 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-10-01 00:52:50 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE 2010-09-18 10:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net Windows 5.1.2600 CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys sptd.sys >>UNKNOWN [0x871807AC]<< c:\windows\system32\drivers\prosync1.sys Protection Technology StarForce Protection System c:\windows\system32\drivers\sptd.sys _asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff936ef27; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x871C9AB8] 3 CLASSPNP[0xF759CFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000081[0x87137F18] 5 ACPI[0xF7344620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x871C8940] kernel: MBR read successfully _asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; } user != kernel MBR !!! ============= FINISH: 19:40:57,21 =============== mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 13 Dec 2010 19:43 Onaj gornji dio je suvišan jer nisam uspio da postavim DDS - ove fajlove. Izvinjavam se ako je konfuzno sada.

Profil

1l padr1n0 Poslao: 14 Dec 2010 00:45 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, @kuciste! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

kuciste Poslao: 14 Dec 2010 20:05 Idi na vrh
offline kuciste Građanin Pridružio: 07 Mar 2009 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-12-14.01 - EC 14/12/10 19:46:01.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.527 [GMT 1:00] Running from: c:\documents and settings\EC\Desktop\ComboFix.exe AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\EC\Application Data\facemoods.com c:\documents and settings\EC\Application Data\PriceGong c:\documents and settings\EC\Application Data\PriceGong\Data\1.xml c:\documents and settings\EC\Application Data\PriceGong\Data\a.xml c:\documents and settings\EC\Application Data\PriceGong\Data\b.xml c:\documents and settings\EC\Application Data\PriceGong\Data\c.xml c:\documents and settings\EC\Application Data\PriceGong\Data\d.xml c:\documents and settings\EC\Application Data\PriceGong\Data\e.xml c:\documents and settings\EC\Application Data\PriceGong\Data\f.xml c:\documents and settings\EC\Application Data\PriceGong\Data\g.xml c:\documents and settings\EC\Application Data\PriceGong\Data\h.xml c:\documents and settings\EC\Application Data\PriceGong\Data\i.xml c:\documents and settings\EC\Application Data\PriceGong\Data\J.xml c:\documents and settings\EC\Application Data\PriceGong\Data\k.xml c:\documents and settings\EC\Application Data\PriceGong\Data\l.xml c:\documents and settings\EC\Application Data\PriceGong\Data\m.xml c:\documents and settings\EC\Application Data\PriceGong\Data\mru.xml c:\documents and settings\EC\Application Data\PriceGong\Data\n.xml c:\documents and settings\EC\Application Data\PriceGong\Data\o.xml c:\documents and settings\EC\Application Data\PriceGong\Data\p.xml c:\documents and settings\EC\Application Data\PriceGong\Data\q.xml c:\documents and settings\EC\Application Data\PriceGong\Data\r.xml c:\documents and settings\EC\Application Data\PriceGong\Data\s.xml c:\documents and settings\EC\Application Data\PriceGong\Data\t.xml c:\documents and settings\EC\Application Data\PriceGong\Data\u.xml c:\documents and settings\EC\Application Data\PriceGong\Data\v.xml c:\documents and settings\EC\Application Data\PriceGong\Data\w.xml c:\documents and settings\EC\Application Data\PriceGong\Data\x.xml c:\documents and settings\EC\Application Data\PriceGong\Data\y.xml c:\documents and settings\EC\Application Data\PriceGong\Data\z.xml c:\documents and settings\LocalService\Application Data\facemoods.com c:\documents and settings\LocalService\Application Data\PriceGong c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\mru.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml c:\documents and settings\NetworkService\Application Data\facemoods.com c:\documents and settings\NetworkService\Application Data\PriceGong c:\documents and settings\NetworkService\Application Data\PriceGong\Data\mru.xml c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.crx c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.png c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsApp.dll c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsEng.dll c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe c:\program files\facemoods.com\sqlite3.dll c:\system volume information\Microsoft c:\system volume information\Microsoft\services.exe c:\system volume information\Microsoft\smss.exe C:\VDMA4.tmp C:\VDMA5.tmp c:\windows\system32\config\systemprofile\Application Data\PriceGong c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\mru.xml . \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected . \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_JHYUIOPEWFJESWEDAD ((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 ))))))))))))))))))))))))))))))) . 2010-12-11 12:25 . 2010-12-11 12:40 -------- d-----w- c:\documents and settings\EC\Application Data\Nikon 2010-12-11 12:17 . 2010-12-11 12:17 -------- d-----w- c:\documents and settings\EC\Application Data\ArcSoft 2010-12-11 12:00 . 2010-12-11 12:00 49152 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2010-12-11 12:00 . 2010-12-11 12:00 335872 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2010-12-11 11:59 . 2010-12-11 11:59 57344 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2010-12-11 11:56 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Home 2010-12-11 11:54 . 2010-12-11 11:54 -------- d-----w- c:\program files\Common Files\muvee Technologies 2010-12-11 11:54 . 2010-12-11 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon 2010-12-11 11:53 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15 2010-12-11 11:53 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp 2010-12-11 11:53 . 2010-12-11 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Gems 2010-12-11 11:48 . 2010-12-11 12:00 -------- d-----w- c:\program files\Common Files\Nikon 2010-12-07 20:32 . 2010-12-07 20:32 -------- d-----w- c:\program files\Find_Subtitles_10 2010-12-06 17:01 . 2010-12-07 21:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-12-04 23:32 . 2010-12-04 23:32 -------- d-----w- c:\program files\MSECache 2010-12-02 13:05 . 2010-12-02 13:05 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\Opera 2010-12-02 13:05 . 2010-12-02 13:34 -------- d-----w- c:\program files\Opera 2010-11-28 14:51 . 2010-11-28 14:51 -------- d-----w- c:\documents and settings\EC\Application Data\MSNInstaller 2010-11-22 13:27 . 2010-11-22 13:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit 2010-11-22 13:27 . 2010-11-25 14:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BitTorrentBar 2010-11-21 20:13 . 2010-11-21 20:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit 2010-11-21 20:13 . 2010-11-22 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BitTorrentBar 2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\Conduit 2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\program files\Conduit 2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\BitTorrentBar 2010-11-21 17:43 . 2010-12-03 23:39 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\temp 2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\program files\BitTorrentBar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-11 11:53 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL 2010-12-07 20:46 . 2010-09-19 13:24 196608 ----a-w- c:\windows\system32\drivers\aAsmedia.bin 2010-11-04 08:15 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-04 08:15 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-10-05 19:58 . 2010-09-19 13:24 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin 2010-10-01 00:52 . 2010-10-01 00:52 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE 2010-09-18 10:23 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2001-08-23 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2001-08-23 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 22:05 . 2009-06-19 14:17 639224 ----a-w- c:\windows\system32\drivers\sptd.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-10-18 11:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-11-21 4765040] "Google Update"="c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-15 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "SMSERIAL"="sm56hlpr.exe" [2000-11-22 462848] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-04 274608] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-7-10 81997] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0PGUNNT c:\smclpav\SMCLpav.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/06/09 15:17 639224] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15/03/09 22:41 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/03/09 22:41 17744] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/10 13:16 130384] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;d:\install\NitroPDFDriverService.exe [24/06/10 11:08 196928] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [01/10/10 01:52 67904] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [14/07/09 19:25 33792] R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [02/04/08 21:43 48928] R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [19/09/10 14:24 5376] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/10/09 20:44 133104] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [24/09/09 11:34 16512] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29/09/10 17:50 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29/09/10 17:50 8320] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/10 13:16 753504] . Contents of the 'Scheduled Tasks' folder 2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-12-13 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15] 2010-12-13 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15] 2010-12-14 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15] 2010-12-14 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15] 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44] 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44] 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003Core.job - c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-02 13:09] 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003UA.job - c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-02 13:09] 2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-11-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=nikos IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: Crawler Search - tbr:iemenu IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\ FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=nikos FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . . ------- File Associations ------- . .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - - BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe AddRemove-504244733D18C8F63FF584AEB290E3904E791693 - c:\progra~1\DIFX\B4723E9A0713E5B1\dpinst.exe AddRemove-69083DC58646DE46A09847A522A1CC487F918039 - c:\progra~1\DIFX\270581355A767BF1\dpinst32.exe AddRemove-9722CA1E8F72F362E93CBEC75A707FDABFC8D880 - c:\progra~1\DIFX\270581355A767BF1\dpinst32.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} AddRemove-{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 - c:\program files\Uniblue\DriverScanner\unins000.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-12-14 19:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848-) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1416) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\ATKKBService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Common Files\Protexis\License Service\PSIService.exe c:\windows\system32\wdfmgr.exe c:\windows\RTHDCPL.EXE c:\windows\sm56hlpr.exe c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\Skype\Phone\Skype.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\rundll32.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************ . Completion time: 2010-12-14 20:03:49 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-14 19:03 Pre-Run: 2.271.453.184 bytes free Post-Run: 4.239.781.888 bytes free - - End Of File - - FC49B9526EF26543DA6FFA36D7056A50

Profil

1l padr1n0 Poslao: 15 Dec 2010 17:53 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `DDS:: uStart Page = hxxp://start.facemoods.com/?a=nikos Firefox:: FF - ProfilePath - c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\ FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=nikos FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com Folder:: c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Kakvo je sada stanje racunara? goran9888 (AMF Tim)

Profil

kuciste Poslao: 16 Dec 2010 17:43 Idi na vrh
offline kuciste Građanin Pridružio: 07 Mar 2009 Poruke: 33	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Dec 2010 22:26 ComboFix 10-12-14.01 - EC 15/12/10 22:12:17.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.481 [GMT 1:00] Running from: c:\documents and settings\EC\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\EC\Desktop\CFScript.txt AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\chrome.manifest c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.css c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.png c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But.png c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But2.png c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbhome.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbmsgs.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbphotos.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbprofile.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbsettings.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbshare.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbuploads.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\home.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\ibario_ball.png c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\logo.png c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\instlgc.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\JSonButtons.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\Loader.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\PPCB.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\prefman.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\utils.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\vssver.scc c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\install.rdf c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\vssver.scc . ((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 ))))))))))))))))))))))))))))))) . 2010-12-15 08:36 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 08:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2010-12-11 12:25 . 2010-12-11 12:40 -------- d-----w- c:\documents and settings\EC\Application Data\Nikon 2010-12-11 12:17 . 2010-12-11 12:17 -------- d-----w- c:\documents and settings\EC\Application Data\ArcSoft 2010-12-11 12:00 . 2010-12-11 12:00 49152 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2010-12-11 12:00 . 2010-12-11 12:00 335872 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2010-12-11 11:59 . 2010-12-11 11:59 57344 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2010-12-11 11:56 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Home 2010-12-11 11:54 . 2010-12-11 11:54 -------- d-----w- c:\program files\Common Files\muvee Technologies 2010-12-11 11:54 . 2010-12-11 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon 2010-12-11 11:53 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15 2010-12-11 11:53 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp 2010-12-11 11:53 . 2010-12-11 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Gems 2010-12-11 11:48 . 2010-12-11 12:00 -------- d-----w- c:\program files\Common Files\Nikon 2010-12-07 20:32 . 2010-12-07 20:32 -------- d-----w- c:\program files\Find_Subtitles_10 2010-12-06 17:01 . 2010-12-07 21:33 -------- d-----w- c:\program files\Microsoft Silverlight 2010-12-04 23:32 . 2010-12-04 23:32 -------- d-----w- c:\program files\MSECache 2010-12-02 13:05 . 2010-12-02 13:05 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\Opera 2010-12-02 13:05 . 2010-12-02 13:34 -------- d-----w- c:\program files\Opera 2010-11-28 14:51 . 2010-11-28 14:51 -------- d-----w- c:\documents and settings\EC\Application Data\MSNInstaller 2010-11-22 13:27 . 2010-11-22 13:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit 2010-11-22 13:27 . 2010-11-25 14:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BitTorrentBar 2010-11-21 20:13 . 2010-11-21 20:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit 2010-11-21 20:13 . 2010-11-22 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BitTorrentBar 2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\Conduit 2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\program files\Conduit 2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\BitTorrentBar 2010-11-21 17:43 . 2010-12-03 23:39 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\temp 2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\program files\BitTorrentBar 2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-11 11:53 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL 2010-12-07 20:46 . 2010-09-19 13:24 196608 ----a-w- c:\windows\system32\drivers\aAsmedia.bin 2010-11-18 18:12 . 2007-08-25 10:13 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:34 . 2004-08-03 21:56 832512 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:34 . 2004-08-03 21:56 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:34 . 2004-08-03 21:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-11-06 00:34 . 2004-08-03 21:56 17408 ----a-w- c:\windows\system32\corpol.dll 2010-11-04 08:15 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-04 08:15 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-03 12:25 . 2004-08-03 19:59 389120 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2001-08-23 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-03 21:56 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2004-08-03 20:17 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-05 19:58 . 2010-09-19 13:24 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin 2010-10-01 00:52 . 2010-10-01 00:52 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE 2010-09-18 10:23 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2001-08-23 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2001-08-23 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-10-18 11:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-11-21 4765040] "Google Update"="c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-15 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "SMSERIAL"="sm56hlpr.exe" [2000-11-22 462848] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-04 274608] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-7-10 81997] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0PGUNNT c:\smclpav\SMCLpav.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/06/09 15:17 639224] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15/03/09 22:41 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/03/09 22:41 17744] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/10 13:16 130384] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;d:\install\NitroPDFDriverService.exe [24/06/10 11:08 196928] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [01/10/10 01:52 67904] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [14/07/09 19:25 33792] R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [02/04/08 21:43 48928] R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [19/09/10 14:24 5376] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/10/09 20:44 133104] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [24/09/09 11:34 16512] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29/09/10 17:50 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29/09/10 17:50 8320] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/10 13:16 753504] . Contents of the 'Scheduled Tasks' folder 2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-12-15 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15] 2010-12-14 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15] 2010-12-14 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15] 2010-12-14 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15] 2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44] 2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44] 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003Core.job - c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-02 13:09] 2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003UA.job - c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-02 13:09] 2010-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-12-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] 2010-11-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32] . . ------- Supplementary Scan ------- . IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: Crawler Search - tbr:iemenu IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-12-15 22:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(832) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-12-15 22:22:46 ComboFix-quarantined-files.txt 2010-12-15 21:22 ComboFix2.txt 2010-12-14 19:03 Pre-Run: 3.884.670.976 bytes free Post-Run: 3.848.966.144 bytes free - - End Of File - - C26B77D225EC6F51A79CA8BDE332B9A0 Javicu se sutra sa eventualnim simptomima. Dopuna: 16 Dec 2010 17:43 Za sada je sve u redu. Ako bude nesto u narednom periodu, javicu. Cekam dalja uputstva...

Profil

1l padr1n0 Poslao: 16 Dec 2010 18:23 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log-ovi su cisti, sto znaci da vise nemas malware na racunaru. Korak 1 Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Korak 2 Za svaki slucaj, resetuj System Restore (iskljuci/ukljuci) prateci Uputstvo sa ovog linka: http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html ------------------------------------------------------ Predlozi: - Predlazem ti da ukljucis Windows-ov Firewall ili pak da instaliras neki besplatni tipa Online Armor, Comodo, Zone Alarm, itd; - Predlazem ti da deinstaliras Toolbar-ove ukoliko ih ne koristis; - Ukoliko imas problema sa Windows-om svrati u Windows potforum MyCity foruma: http://www.mycity.rs/Windows/ Mozemo pokusati zajedno da optimizujemo tvoj operativni sistem; - Za zastitu USB memorijskih uredjaja, predlazem ti da koristis program MCShield Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/ Hvala sto verujes AMF Timu Pozdrav, goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Sistem pada

Ko je trenutno na forumu

Ukupno su 939 korisnika na forumu :: 61 registrovanih, 8 sakrivenih i 870 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ajo baba, Alibaba1981, babaroga, Bubimir, cavatina, ccoogg123, cetka, chichabg, commando nord, darios, Dorcolac, dukajov, Fog of War, FOX, Gall, Georgius, hyla, Joja, Jovan Nenad, Još malo pa deda, Komentator, Kristian_KG, krlebgd77, laurusri, Litostroton, ljuba, Lucije Kvint, maiden6657, mcgunner, mercedesamg, Milan A. Nikolic, Mugy, nightwish, Outis, pceklic, PEGIN, pericanet, procesor, rikirubio, RobinHood12, rodoljub, ruso, sabros, savaskytec, slonic_tonic, Sr.Stat., srbijaiznadsvega, Steeeefan, stegonosa, taz1cl, TheBeastOfMG, Toni, Vlad000, VladaNS1978, Voja1978, vsn111, Webb, wizzardone, wolf431, zillbg, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by