Sistem pada

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 13 Dec 2010 19:35

na koji način se ispoljava problem oko koga tražite pomoć;

pri dizanju sistema odjednom se racunar restartuje ili čak u sred rada na računaru

kada se taj problem počeo ispoljavati;
već neko vrijeme

ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku; poslije tačkica je naziv napadača
C:/Documents and Settings/Davorin/application data/sun/java/deployment/cache/6.0/33/43b641a1-24115dab ............. Win32:Unruy-J(Drp)
C:/System volume information/mycrosoft/services.exe ..................................Win32:Cycler - P(Trj)
C:/System volume information/mycrosoft/mss.exe..................................Win32:Cycler - P(Trj)

na koji način ste pokušali rešiti problem; nisam ništa , jednom sam uradio restore i to je sve, ne znam da li smijem brisati zaražene fajlove

kakvom internet konekcijom raspolažete (tip i brzina konekcije);
ADSL; 768/64

bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru.
nisam ga formatirao već dugo vremena jer ne smijem, imam nekakav program za racunovodstvo koji ne smijem da brisem jer nemam instalacije
......................................................................................................

mycity.rs/must-login.png

Dopuna: 13 Dec 2010 19:41

na koji način se ispoljava problem oko koga tražite pomoć;

pri dizanju sistema odjednom se racunar restartuje ili čak u sred rada na računaru

kada se taj problem počeo ispoljavati;
već neko vrijeme

ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku; poslije tačkica je naziv napadača
C:/Documents and Settings/Davorin/application data/sun/java/deployment/cache/6.0/33/43b641a1-24115dab ............. Win32:Unruy-J(Drp)
C:/System volume information/mycrosoft/services.exe ..................................Win32:Cycler - P(Trj)
C:/System volume information/mycrosoft/mss.exe..................................Win32:Cycler - P(Trj)

na koji način ste pokušali rešiti problem; nisam ništa , jednom sam uradio restore i to je sve, ne znam da li smijem brisati zaražene fajlove

kakvom internet konekcijom raspolažete (tip i brzina konekcije);
ADSL; 768/64

bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru.
nisam ga formatirao već dugo vremena jer ne smijem, imam nekakav program za racunovodstvo koji ne smijem da brisem jer nemam instalacije
......................................................................................................

DDS (Ver_10-12-12.02) - NTFSx86
Run by EC at 19:40:42,64 on 13/12/10
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.265 [GMT 1:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
svchost.exe 4
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Install\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EC\Desktop\RootRepeal.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\EC\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.facemoods.com/?a=nikos
mSearchAssistant = hxxp://start.facemoods.com/?a=nikos&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_7
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
uRun: [Google Update] "c:\documents and settings\ec\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe" /md I
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ec\applic~1\mozilla\firefox\profiles\r68pz6te.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=nikos
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\ec\application data\mozilla\firefox\profiles\r68pz6te.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\ec\application data\mozilla\firefox\profiles\r68pz6te.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\ec\application data\mozilla\firefox\profiles\r68pz6te.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\ec\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\innova-engineering gmbh\3d-viewer-innoplus\npIno3DViewer.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.1 beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-15 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;d:\install\NitroPDFDriverService.exe [2010-6-24 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-1 67904]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 40384]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-7-14 33792]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [2008-4-2 48928]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [2010-9-19 5376]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-6 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-24 16512]
S3 cpuz132;cpuz132;\??\c:\docume~1\davorin\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\davorin\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-9-29 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-9-29 8320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-12-11 12:00:46 49152 ----a-r- c:\docume~1\ec\applic~1\microsoft\installer\{d2fcc1ae-6311-47c5-8130-c6c66d77dd71}\ARPPRODUCTICON.exe
2010-12-11 12:00:01 335872 ----a-r- c:\docume~1\ec\applic~1\microsoft\installer\{237cd223-1b9d-47e8-a76c-e478b83ccea2}\ARPPRODUCTICON.exe
2010-12-11 11:59:16 57344 ----a-r- c:\docume~1\ec\applic~1\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
2010-12-11 11:56:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Home
2010-12-11 11:54:44 -------- d-----w- c:\program files\common files\muvee Technologies
2010-12-11 11:53:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Gems
2010-12-11 11:48:53 -------- d-----w- c:\program files\common files\Nikon
2010-12-08 09:51:16 -------- d-----w- c:\docume~1\ec\applic~1\facemoods.com
2010-12-07 20:32:13 -------- d-----w- c:\program files\facemoods.com
2010-12-07 20:32:12 -------- d-----w- c:\program files\Find_Subtitles_10
2010-12-04 23:32:55 -------- d-----w- c:\program files\MSECache
2010-12-02 13:05:46 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\Opera
2010-11-28 14:51:55 -------- d-----w- c:\docume~1\ec\applic~1\MSNInstaller
2010-11-21 17:43:30 -------- d-----w- c:\docume~1\ec\applic~1\PriceGong
2010-11-21 17:43:15 -------- d-----w- c:\program files\Conduit
2010-11-21 17:43:15 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\Conduit
2010-11-21 17:43:14 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\BitTorrentBar
2010-11-21 17:43:13 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\ConduitEngine
2010-11-21 17:43:12 -------- d-----w- c:\program files\ConduitEngine
2010-11-21 17:43:10 -------- d-----w- c:\program files\BitTorrentBar
2010-11-21 17:43:10 -------- d-----w- c:\docume~1\ec\locals~1\applic~1\temp

==================== Find3M ====================

2010-12-11 11:53:36 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-12-09 12:33:38 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-04 08:15:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-04 08:15:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-01 00:52:50 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-09-18 10:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys sptd.sys >>UNKNOWN [0x871807AC]<<
c:\windows\system32\drivers\prosync1.sys Protection Technology StarForce Protection System
c:\windows\system32\drivers\sptd.sys
_asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff936ef27; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x871C9AB8]
3 CLASSPNP[0xF759CFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000081[0x87137F18]
5 ACPI[0xF7344620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x871C8940]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; }
user != kernel MBR !!!

============= FINISH: 19:40:57,21 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 13 Dec 2010 19:43

Onaj gornji dio je suvišan jer nisam uspio da postavim DDS - ove fajlove. Izvinjavam se ako je konfuzno sada.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav, @kuciste!





U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.




goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-12-14.01 - EC 14/12/10 19:46:01.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.527 [GMT 1:00]
Running from: c:\documents and settings\EC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\EC\Application Data\facemoods.com
c:\documents and settings\EC\Application Data\PriceGong
c:\documents and settings\EC\Application Data\PriceGong\Data\1.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\a.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\b.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\c.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\d.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\e.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\f.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\g.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\h.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\i.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\J.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\k.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\l.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\m.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\n.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\o.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\p.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\q.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\r.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\s.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\t.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\u.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\v.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\w.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\x.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\y.xml
c:\documents and settings\EC\Application Data\PriceGong\Data\z.xml
c:\documents and settings\LocalService\Application Data\facemoods.com
c:\documents and settings\LocalService\Application Data\PriceGong
c:\documents and settings\LocalService\Application Data\PriceGong\Data\1.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\a.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\b.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\c.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\d.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\e.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\f.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\g.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\h.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\i.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\J.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\k.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\l.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\m.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\n.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\o.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\p.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\q.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\r.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\s.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\t.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\u.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\v.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\w.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\x.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\y.xml
c:\documents and settings\LocalService\Application Data\PriceGong\Data\z.xml
c:\documents and settings\NetworkService\Application Data\facemoods.com
c:\documents and settings\NetworkService\Application Data\PriceGong
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\mru.xml
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\system volume information\Microsoft
c:\system volume information\Microsoft\services.exe
c:\system volume information\Microsoft\smss.exe
C:\VDMA4.tmp
C:\VDMA5.tmp
c:\windows\system32\config\systemprofile\Application Data\PriceGong
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\mru.xml

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JHYUIOPEWFJESWEDAD


((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-11 12:25 . 2010-12-11 12:40 -------- d-----w- c:\documents and settings\EC\Application Data\Nikon
2010-12-11 12:17 . 2010-12-11 12:17 -------- d-----w- c:\documents and settings\EC\Application Data\ArcSoft
2010-12-11 12:00 . 2010-12-11 12:00 49152 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-12-11 12:00 . 2010-12-11 12:00 335872 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-12-11 11:59 . 2010-12-11 11:59 57344 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-12-11 11:56 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Home
2010-12-11 11:54 . 2010-12-11 11:54 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-12-11 11:54 . 2010-12-11 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-12-11 11:53 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-12-11 11:53 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-12-11 11:53 . 2010-12-11 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Gems
2010-12-11 11:48 . 2010-12-11 12:00 -------- d-----w- c:\program files\Common Files\Nikon
2010-12-07 20:32 . 2010-12-07 20:32 -------- d-----w- c:\program files\Find_Subtitles_10
2010-12-06 17:01 . 2010-12-07 21:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-04 23:32 . 2010-12-04 23:32 -------- d-----w- c:\program files\MSECache
2010-12-02 13:05 . 2010-12-02 13:05 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\Opera
2010-12-02 13:05 . 2010-12-02 13:34 -------- d-----w- c:\program files\Opera
2010-11-28 14:51 . 2010-11-28 14:51 -------- d-----w- c:\documents and settings\EC\Application Data\MSNInstaller
2010-11-22 13:27 . 2010-11-22 13:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit
2010-11-22 13:27 . 2010-11-25 14:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BitTorrentBar
2010-11-21 20:13 . 2010-11-21 20:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-11-21 20:13 . 2010-11-22 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BitTorrentBar
2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\Conduit
2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\program files\Conduit
2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\BitTorrentBar
2010-11-21 17:43 . 2010-12-03 23:39 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\temp
2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\program files\BitTorrentBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 11:53 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-12-07 20:46 . 2010-09-19 13:24 196608 ----a-w- c:\windows\system32\drivers\aAsmedia.bin
2010-11-04 08:15 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-04 08:15 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-05 19:58 . 2010-09-19 13:24 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2010-10-01 00:52 . 2010-10-01 00:52 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-09-18 10:23 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 22:05 . 2009-06-19 14:17 639224 ----a-w- c:\windows\system32\drivers\sptd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-11-21 4765040]
"Google Update"="c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"SMSERIAL"="sm56hlpr.exe" [2000-11-22 462848]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-04 274608]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-7-10 81997]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PGUNNT c:\smclpav\SMCLpav.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/06/09 15:17 639224]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15/03/09 22:41 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/03/09 22:41 17744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/10 13:16 130384]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;d:\install\NitroPDFDriverService.exe [24/06/10 11:08 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [01/10/10 01:52 67904]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [14/07/09 19:25 33792]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [02/04/08 21:43 48928]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [19/09/10 14:24 5376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/10/09 20:44 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [24/09/09 11:34 16512]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29/09/10 17:50 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29/09/10 17:50 8320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/10 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-12-13 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15]

2010-12-13 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15]

2010-12-14 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15]

2010-12-14 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003Core.job
- c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-02 13:09]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003UA.job
- c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-02 13:09]

2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-11-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=nikos
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=nikos
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
AddRemove-504244733D18C8F63FF584AEB290E3904E791693 - c:\progra~1\DIFX\B4723E9A0713E5B1\dpinst.exe
AddRemove-69083DC58646DE46A09847A522A1CC487F918039 - c:\progra~1\DIFX\270581355A767BF1\dpinst32.exe
AddRemove-9722CA1E8F72F362E93CBEC75A707FDABFC8D880 - c:\progra~1\DIFX\270581355A767BF1\dpinst32.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}
AddRemove-{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 - c:\program files\Uniblue\DriverScanner\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-12-14 19:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848-)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1416)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\sm56hlpr.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2010-12-14 20:03:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-14 19:03

Pre-Run: 2.271.453.184 bytes free
Post-Run: 4.239.781.888 bytes free

- - End Of File - - FC49B9526EF26543DA6FFA36D7056A50

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

DDS::
uStart Page = hxxp://start.facemoods.com/?a=nikos

Firefox::
FF - ProfilePath - c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=nikos
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com


Folder::
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.








Kakvo je sada stanje racunara?







goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 15 Dec 2010 22:26

ComboFix 10-12-14.01 - EC 15/12/10 22:12:17.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.481 [GMT 1:00]
Running from: c:\documents and settings\EC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\EC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\chrome.manifest
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But.png
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\facebook_But2.png
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbhome.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbmsgs.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbphotos.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbprofile.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbsettings.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbshare.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\fbuploads.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\ibario_ball.png
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\JSonButtons.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\Loader.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\PPCB.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\prefman.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\utils.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\install.rdf
c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\extensions\ffxtlbr@Facemoods.com\vssver.scc

.
((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 08:36 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 08:32 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-11 12:25 . 2010-12-11 12:40 -------- d-----w- c:\documents and settings\EC\Application Data\Nikon
2010-12-11 12:17 . 2010-12-11 12:17 -------- d-----w- c:\documents and settings\EC\Application Data\ArcSoft
2010-12-11 12:00 . 2010-12-11 12:00 49152 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-12-11 12:00 . 2010-12-11 12:00 335872 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-12-11 11:59 . 2010-12-11 11:59 57344 ----a-r- c:\documents and settings\EC\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-12-11 11:56 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Home
2010-12-11 11:54 . 2010-12-11 11:54 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-12-11 11:54 . 2010-12-11 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-12-11 11:53 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-12-11 11:53 . 2010-12-11 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-12-11 11:53 . 2010-12-11 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Gems
2010-12-11 11:48 . 2010-12-11 12:00 -------- d-----w- c:\program files\Common Files\Nikon
2010-12-07 20:32 . 2010-12-07 20:32 -------- d-----w- c:\program files\Find_Subtitles_10
2010-12-06 17:01 . 2010-12-07 21:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-04 23:32 . 2010-12-04 23:32 -------- d-----w- c:\program files\MSECache
2010-12-02 13:05 . 2010-12-02 13:05 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\Opera
2010-12-02 13:05 . 2010-12-02 13:34 -------- d-----w- c:\program files\Opera
2010-11-28 14:51 . 2010-11-28 14:51 -------- d-----w- c:\documents and settings\EC\Application Data\MSNInstaller
2010-11-22 13:27 . 2010-11-22 13:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit
2010-11-22 13:27 . 2010-11-25 14:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BitTorrentBar
2010-11-21 20:13 . 2010-11-21 20:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-11-21 20:13 . 2010-11-22 21:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BitTorrentBar
2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\Conduit
2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\program files\Conduit
2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\BitTorrentBar
2010-11-21 17:43 . 2010-12-03 23:39 -------- d-----w- c:\documents and settings\EC\Local Settings\Application Data\temp
2010-11-21 17:43 . 2010-11-21 17:43 -------- d-----w- c:\program files\BitTorrentBar
2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 11:53 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-12-07 20:46 . 2010-09-19 13:24 196608 ----a-w- c:\windows\system32\drivers\aAsmedia.bin
2010-11-18 18:12 . 2007-08-25 10:13 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2004-08-03 21:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-03 21:56 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-03 21:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-03 21:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-04 08:15 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-04 08:15 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-03 12:25 . 2004-08-03 19:59 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-08-23 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-03 21:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-03 20:17 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-05 19:58 . 2010-09-19 13:24 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2010-10-01 00:52 . 2010-10-01 00:52 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-09-18 10:23 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-03 21:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-23 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-23 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-11-21 4765040]
"Google Update"="c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"SMSERIAL"="sm56hlpr.exe" [2000-11-22 462848]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-04 274608]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-7-10 81997]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PGUNNT c:\smclpav\SMCLpav.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/06/09 15:17 639224]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15/03/09 22:41 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/03/09 22:41 17744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/10 13:16 130384]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;d:\install\NitroPDFDriverService.exe [24/06/10 11:08 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [01/10/10 01:52 67904]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [14/07/09 19:25 33792]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [02/04/08 21:43 48928]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [19/09/10 14:24 5376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/10/09 20:44 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [24/09/09 11:34 16512]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [29/09/10 17:50 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [29/09/10 17:50 8320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/10 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-12-15 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15]

2010-12-14 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15]

2010-12-14 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15]

2010-12-14 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-02-02 09:15]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003Core.job
- c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-02 13:09]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003UA.job
- c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-02 13:09]

2010-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-484763869-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-12-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2010-11-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-484763869-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-12-15 22:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-15 22:22:46
ComboFix-quarantined-files.txt 2010-12-15 21:22
ComboFix2.txt 2010-12-14 19:03

Pre-Run: 3.884.670.976 bytes free
Post-Run: 3.848.966.144 bytes free

- - End Of File - - C26B77D225EC6F51A79CA8BDE332B9A0





Javicu se sutra sa eventualnim simptomima.

Dopuna: 16 Dec 2010 17:43

Za sada je sve u redu. Ako bude nesto u narednom periodu, javicu.
Cekam dalja uputstva...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Log-ovi su cisti, sto znaci da vise nemas malware na racunaru.



Korak 1

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



Korak 2

Za svaki slucaj, resetuj System Restore (iskljuci/ukljuci) prateci Uputstvo sa ovog linka:
http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


------------------------------------------------------

Predlozi:

- Predlazem ti da ukljucis Windows-ov Firewall ili pak da instaliras neki besplatni tipa Online Armor, Comodo, Zone Alarm, itd;

- Predlazem ti da deinstaliras Toolbar-ove ukoliko ih ne koristis;

- Ukoliko imas problema sa Windows-om svrati u Windows potforum MyCity foruma: http://www.mycity.rs/Windows/
Mozemo pokusati zajedno da optimizujemo tvoj operativni sistem;

- Za zastitu USB memorijskih uredjaja, predlazem ti da koristis program MCShield

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html
Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/




Hvala sto verujes AMF Timu



Pozdrav,
goran9888 (AMF Tim)