MyCity » Ambulanta -> Arhiva Ambulante » Trojan.Win32.FakeAV.LVT

Trojan.Win32.FakeAV.LVT

Napisano na dan: 23.8.2011

Trojan.Win32.FakeAV.LVT

Sledeća strana

Pagination

Odgovori

Sam633 Poslao: 23 Avg 2011 18:45 Idi na vrh
offline Sam633 Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nadam se da ću uz Vašu pomoć, probati da "zalečim" jedan laptop, koji nije moj. Reč je o već sada čuvenom "FB virusu". Koliko sam video fajl "Flash-player.exe" skinut je pre oko dva dana, oko 9 uveče. Pretpostavljam da je i u isto vreme pokrenut, samim tim i zaražen PC. Primećujem da nod32 bio "narodske" verzije. Uglavnom antivirusa nema, njega je zamenio virus koji se ponaša kao antivirus. Kad se prključi internet, prikazuje poruku da je "ažuriran", nekoliko puta izbaci (crvene boje sa naslovom antivirusa koji je korišćen) obaveštenje da se kao nalazi u enhanced protection mode-u. Tu su još i folderi koji se nalaze u %windir%, update.* gde je znak * predstavlja broj, tekstualni fajlovi sa IP adresama, service32.exe, hosts fajl koji je prepun adresa, itd. Sve se ovo videlo u Puppy-ju (Linux). Uostalom, najbolje je opisano na ovoj lokaciji, xylibox.blogspot.com/2011/07/trojanfakeavlvt.html Nikakve akcije još uvek nisam preduzeo. Mislim da je internet bežični, Wi-Fi ili 3G, ne znam. Nažalost, Gmer1 log nije moguće dostaviti, jer uvek "pukne" prilikom scan-a Device/Harddisk/VolumeShadowCopy. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_26 Run by Dolores at 14:53:20 on 2011-08-23 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.1950 [GMT 2:00] . SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskeng.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Alice Mobile Olicard 100\ConnMonitor.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe "C:\Windows\update.tray-15-0\svchost.exe" "C:\Windows\update.tray-2-0\svchost.exe" C:\Windows\systemup.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Dolores\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\update.5.0\svchost.exe srv C:\Windows\update.2\svchost.exe srv "C:\Windows\update.5.0\svchost.exe" stand C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\update.1\svchost.exe srv C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "C:\Windows\update.2\svchost.exe" stand C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe C:\Windows\system32\wuauclt.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\conime.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=24f7afd4000000000000001e65975820&tlver=1.4.19.19&affID=17160 uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0210&m=aspire_5738 uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0210&m=aspire_5738 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=24f7afd4000000000000001e65975820&tlver=1.4.19.19&affID=17160 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Interest recogniser for Freecompressor (powered by Spointer): {a83c3565-302c-4bf8-b000-6b6f1811d892} - c:\program files\freecompressor\spointer\extensions\freecompressor_air_ie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe" mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [PLFSetI] c:\windows\PLFSetI.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [LManager] c:\program files\launch manager\LManager.exe mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe" mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe" mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [ConnMonitor] c:\program files\alice mobile olicard 100\ConnMonitor.exe start mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe mRun: [<NO NAME>] mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [wxpdrv] c:\windows\services32.exe mRun: [tray_ico] mRun: [tray_ico0] c:\windows\update.tray-15-0\svchost.exe mRun: [tray_ico1] c:\windows\update.tray-2-0\svchost.exe mRun: [tray_ico2] mRun: [tray_ico3] mRun: [tray_ico4] mRun: [1411139.exe] "c:\windows\temp\1411139.exe" mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [systemup] "c:\windows\systemup.exe" stand StartupFolder: c:\users\dolores\appdata\roaming\micros~1\windows\startm~1\programs\startup\gamera~1.lnk - c:\users\dolores\appdata\roaming\gameranger\gameranger\GameRanger.exe StartupFolder: c:\users\dolores\appdata\roaming\micros~1\windows\startm~1\programs\startup\needfo~1.lnk - c:\program files\ea games\need for speed undercover\support\EAregister.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableSecureUIAPaths = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Invia immagine alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Invia pagina alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856} : NameServer = 192.168.1.20 TCP: Interfaces\{C8529090-2CFC-4598-B252-93B53E5ED5EC} : DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{F6115CBF-9708-4440-AF73-0CB71FCC62B0} : DhcpNameServer = 217.200.200.42 213.230.129.10 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\dolores\appdata\roaming\mozilla\firefox\profiles\rgj9muib.default\ FF - prefs.js: browser.search.selectedEngine - Surf Canyon FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\freecompressor\spointer\extensions\freecompressor@spointer.com\components\freecompressor_air_ff.dll FF - component: c:\users\dolores\appdata\roaming\mozilla\firefox\profiles\rgj9muib.default\extensions\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\dolores\appdata\roaming\mozilla\firefox\profiles\rgj9muib.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\dolores\appdata\roaming\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\users\dolores\appdata\roaming\facebook\npfbplugin_1_0_3.dll . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792] R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-12-4 19504] R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-12-4 16432] R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-12-4 59952] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-13 176128] R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-2-25 75048] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896] R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2010-5-1 707104] R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-5-14 305448] R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632] R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?] R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?] R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?] R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-2-13 3666432] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?] S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-22 136176] S2 r_server;Remote Administrator Service;c:\windows\pif\smss.exe [2010-12-27 245760] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-5-1 30192] S3 gupdatem;Servizio Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-22 136176] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-6-21 103040] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424] S3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\drivers\pmx3gmdm.sys [2010-6-9 103552] S3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\drivers\pmx3gnet.sys [2010-6-9 116736] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-08-23 12:49:45 -------- d-----w- c:\users\dolores\appdata\local\{31C2C900-2CB7-4649-8200-19B05D01EE5F} 2011-08-23 09:42:06 -------- d-----w- c:\users\dolores\appdata\local\{BBF7328B-6821-430C-903B-BF6292560D59} 2011-08-23 09:29:26 -------- d-----w- c:\users\dolores\appdata\local\{ED291484-D10B-438E-AF89-0F68B6988250} 2011-08-23 09:29:11 -------- d-----w- c:\users\dolores\appdata\local\{78C7F16C-FF42-424E-8CDF-8C9687622551} 2011-08-23 06:28:40 -------- d-----w- c:\users\dolores\appdata\local\{DA66B9FA-711C-42B4-B887-516C48955119} 2011-08-23 06:28:27 -------- d-----w- c:\users\dolores\appdata\local\{BD02BF4C-66BD-4818-A43F-BB17DC727B37} 2011-08-22 19:11:24 -------- d-----w- c:\users\dolores\appdata\local\{10BF844D-C56A-43B2-B394-AC26117F4904} 2011-08-22 19:11:13 -------- d-----w- c:\users\dolores\appdata\local\{CD54EE85-BF3B-4AF8-8CFF-311DDE75B818} 2011-08-22 19:05:32 -------- d-----w- c:\users\dolores\appdata\local\{9E33D805-A2A1-4867-8176-DA9DFE576E32} 2011-08-22 19:05:20 -------- d-----w- c:\users\dolores\appdata\local\{4CA7CE08-8C12-4975-98EB-7E7F3F5DA981} 2011-08-22 18:57:46 -------- d-----w- c:\users\dolores\appdata\local\{B6477500-52D2-4B79-8AD1-15561A18B844} 2011-08-22 18:57:28 -------- d-----w- c:\users\dolores\appdata\local\{367E9A15-1013-4D80-AF89-FD20A4A5D825} 2011-08-22 18:38:58 -------- d-----w- c:\users\dolores\appdata\local\{BBDC743F-D84D-432D-8BD9-35FC2C9FEB84} 2011-08-22 18:35:22 -------- d-----w- c:\users\dolores\appdata\local\{E62892BA-EFA4-4386-A168-D7CFEE35666A} 2011-08-22 17:05:24 -------- d-----w- c:\users\dolores\appdata\local\{1961742C-12E9-4281-B6A5-729031BB3F93} 2011-08-22 17:05:07 -------- d-----w- c:\users\dolores\appdata\local\{99E6EE68-7ABD-471B-93B6-D87F8835EB90} 2011-08-22 17:00:53 -------- d-----w- c:\users\dolores\appdata\local\{B0EFF968-02B5-4EFE-8DCC-AD3FB0F0CF52} 2011-08-22 17:00:41 -------- d-----w- c:\users\dolores\appdata\local\{B0F4F8D3-7D43-40BE-BD56-198EEF5E2C10} 2011-08-22 16:47:30 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-22 08:44:55 -------- d-----w- c:\users\dolores\appdata\local\{5C3F446F-6744-4A1C-8605-B3B9E56A7A26} 2011-08-22 08:44:43 137728 ----a-w- c:\windows\systemup.exe 2011-08-22 08:44:36 -------- d-----w- c:\users\dolores\appdata\local\{5B4E6300-766E-4CD2-A106-09CE205675A3} 2011-08-21 20:19:00 -------- d-----w- c:\users\dolores\appdata\local\{5CF84580-CB09-4E4B-B931-CF9011254A3C} 2011-08-21 20:18:47 -------- d-----w- c:\users\dolores\appdata\local\{9E97F59E-CDE7-4E0E-8F23-BB1C2D2B7A40} 2011-08-21 20:12:26 -------- d-----w- c:\users\dolores\appdata\local\{7279DDD8-A3C4-4E6F-BBBB-93888824547C} 2011-08-21 20:11:51 -------- d-----w- c:\users\dolores\appdata\local\{429E19FD-FF72-488F-9249-6B2B34B25D6D} 2011-08-21 20:07:39 -------- d-----w- c:\users\dolores\appdata\local\{A352327E-5164-47F6-8462-3434A265521B} 2011-08-21 20:07:28 -------- d-----w- c:\users\dolores\appdata\local\{48799710-D8D8-414D-9192-98A0AC3E735E} 2011-08-21 19:44:03 -------- d-----w- c:\users\dolores\appdata\local\{6BC269C4-4B30-489D-915F-85C62F95B005} 2011-08-21 19:43:52 -------- d-----w- c:\users\dolores\appdata\local\{9969612B-FB98-433A-AADE-1976054C3B88} 2011-08-21 19:38:59 -------- d-----w- c:\users\dolores\appdata\local\{A8474D7A-17E4-4875-95CF-BC9C87DC5B39} 2011-08-21 19:38:48 -------- d-----w- c:\users\dolores\appdata\local\{360A4998-1232-417C-A5E4-B4626447DF51} 2011-08-21 19:31:27 -------- d-----w- c:\users\dolores\appdata\local\{95A6303F-5D65-430F-81FB-CD25C8FF8E6D} 2011-08-21 19:31:16 -------- d-----w- c:\users\dolores\appdata\local\{5A84B3C6-200E-4786-92A1-8A313390CF83} 2011-08-21 19:24:21 -------- d-----w- c:\users\dolores\appdata\local\{3C995DDD-04DB-48A8-BFAF-50D3784D1680} 2011-08-21 19:24:05 -------- d-----w- c:\users\dolores\appdata\local\{49F07D1E-489F-40A9-8C92-71C983EB528D} 2011-08-21 19:21:23 -------- d--h--w- c:\windows\update.tray-15-0-lnk 2011-08-21 19:21:23 -------- d--h--w- c:\windows\update.tray-15-0 2011-08-21 19:14:58 -------- d-----w- c:\windows\ufa 2011-08-21 19:14:58 -------- d-----w- c:\windows\rpcminer 2011-08-21 19:14:58 -------- d-----w- c:\windows\phoenix 2011-08-21 19:05:06 -------- d--h--w- c:\windows\update.7.1 2011-08-21 19:04:46 -------- d--h--w- c:\windows\update.2 2011-08-21 19:04:09 246272 ----a-w- c:\windows\unrar.exe 2011-08-21 19:03:52 -------- d--h--w- c:\windows\update.5.0 2011-08-21 19:03:05 -------- d-----w- c:\users\dolores\appdata\local\{2AD3D21C-FD57-4055-AEE7-3D215269E525} 2011-08-21 19:02:08 -------- d-----w- c:\windows\av_ico 2011-08-21 19:00:04 -------- d--h--w- c:\windows\update.1 2011-08-21 19:00:00 -------- d--h--w- c:\windows\update.tray-2-0-lnk 2011-08-21 19:00:00 -------- d--h--w- c:\windows\update.tray-2-0 2011-08-21 18:48:23 1213440 ----a-w- c:\windows\services32.exe 2011-08-20 21:59:14 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-08-20 21:59:14 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-20 21:59:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-08-20 21:59:01 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-20 21:59:01 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll 2011-08-20 21:59:01 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll 2011-08-20 16:58:06 -------- d-----w- c:\users\dolores\appdata\local\{32A5C7F9-4A62-4616-8D32-C8C82CCA86E4} 2011-08-20 16:13:23 -------- d-----w- c:\users\dolores\appdata\local\{606EBD24-8E3D-4F99-99DD-560BDC94FB9C} 2011-08-18 08:46:36 -------- d-----w- c:\users\dolores\appdata\local\{1853B3C9-AA9D-4B9D-A84C-70A83DAF8F79} 2011-08-10 16:22:22 -------- d-----w- c:\users\dolores\appdata\local\{162636F6-7D6A-4E17-9A6D-E1D303105D3D} 2011-08-10 16:15:46 -------- d-----w- c:\program files\common files\PCSuite 2011-08-10 16:15:43 -------- d-----w- c:\program files\common files\Nokia 2011-08-10 16:15:24 -------- d-----w- c:\program files\PC Connectivity Solution 2011-08-10 16:11:23 -------- d-----w- c:\program files\Nokia 2011-08-10 08:02:31 -------- d-----w- c:\users\dolores\appdata\local\{6E1BACC4-F1C2-47FD-84A7-2D1D943151C8} 2011-08-09 07:38:06 -------- d-----w- c:\users\dolores\appdata\local\{3D0FD06D-CD64-4554-9B92-90DC67D395B4} 2011-07-31 08:16:28 -------- d-----w- c:\users\dolores\appdata\local\{8790DF4A-1DAA-4C92-9582-E81E80B954B5} 2011-07-25 10:27:48 -------- d-----w- c:\users\dolores\appdata\local\{FE0189F3-61B1-4D26-B503-15B99E1C8F40} . ==================== Find3M ==================== . 2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-01 18:40:23 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-07-01 18:40:16 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-17 20:13:55 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 14:54:16.58 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 23 Avg 2011 18:50 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Sam633! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

Sam633 Poslao: 23 Avg 2011 20:14 Idi na vrh
offline Sam633 Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vista je na italijanskom, i ja se jedva snalazim. Evo ComboFix loga. ComboFix 11-08-23.03 - Dolores 08/23/2011 19:38:15.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.2068 [GMT 2:00] Eseguito da: c:\users\Dolores\Desktop\ComboFix.exe SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\OfferBox c:\program files\OfferBox\OfferBox.exe c:\program files\OfferBox\OfferBoxBHO.dll c:\program files\OfferBox\OfferBoxChromeExtension.crx c:\program files\OfferBox\OfferBoxEngine.dll c:\program files\OfferBox\offerboxffx@offerbox(3).com\chrome\content\overlay.xul c:\program files\OfferBox\offerboxffx@offerbox(3).com\components\OfferBoxXpCom.xpt c:\program files\OfferBox\offerboxffx@offerbox(3).com\install.rdf c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll c:\program files\OfferBox\OfferBoxLauncher.exe c:\program files\OfferBox\res\Language.xml c:\program files\OfferBox\res\loader.gif c:\programdata\ntuser.dat c:\users\Dolores\AppData\Roaming\.# c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione(2).url c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione(3).url c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione(4).url c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione(5).url c:\users\Dolores\AppData\Roaming\OfferBox c:\users\Dolores\AppData\Roaming\OfferBox\config.dat c:\users\Dolores\AppData\Roaming\OfferBox\config.xml c:\windows\btc_client_iplist.txt c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\PIF\cmd.vbe c:\windows\PIF\firewall.vbe c:\windows\PIF\reg.reg c:\windows\PIF\reg1.reg c:\windows\PIF\smss.exe c:\windows\proc_list1.log c:\windows\rpcminer c:\windows\rpcminer.rar c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\services32.exe c:\windows\system32\drivers\etc\HSTS~1 c:\windows\systemup.exe c:\windows\Temp\log.txt c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.1\svchost.exe c:\windows\update.2 c:\windows\update.2\svchost.exe c:\windows\update.5.0 c:\windows\update.5.0\svchost.exe c:\windows\update.7.1 c:\windows\update.tray-15-0\svchost.exe c:\windows\update.tray-2-0\svchost.exe c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt c:\windows\winsetupapi.log . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_srvbtcclient -------\Service_srviecheck -------\Service_wxpdrivers -------\Service_r_server . . ((((((((((((((((((((((((( Files Creati Da 2011-07-23 al 2011-08-23 ))))))))))))))))))))))))))))))))))) . . 2011-08-23 17:45 . 2011-08-23 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-23 15:36 . 2011-08-23 15:36 -------- d-----w- c:\users\Dolores\AppData\Roaming\HD Tune Pro 2011-08-23 14:41 . 2011-08-23 14:41 -------- d-----w- C:\found.000 2011-08-22 16:47 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-21 19:21 . 2011-08-23 17:45 -------- d--h--w- c:\windows\update.tray-15-0 2011-08-21 19:21 . 2011-08-21 19:21 -------- d--h--w- c:\windows\update.tray-15-0-lnk 2011-08-21 19:14 . 2011-08-21 19:14 -------- d-----w- c:\windows\ufa 2011-08-21 19:04 . 2011-08-21 19:14 246272 ----a-w- c:\windows\unrar.exe 2011-08-21 19:02 . 2011-08-21 19:23 -------- d-----w- c:\windows\av_ico 2011-08-21 19:00 . 2011-08-23 17:45 -------- d--h--w- c:\windows\update.tray-2-0 2011-08-21 19:00 . 2011-08-21 19:00 -------- d--h--w- c:\windows\update.tray-2-0-lnk 2011-08-20 21:59 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-20 21:59 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-08-20 21:59 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-08-20 21:59 . 2011-07-23 11:04 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-20 21:59 . 2011-07-23 11:04 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-08-20 21:59 . 2011-07-23 10:59 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\Common Files\PCSuite 2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\Common Files\Nokia 2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\PC Connectivity Solution 2011-08-10 16:11 . 2011-08-10 16:15 -------- d-----w- c:\program files\Nokia 2011-07-31 08:35 . 2011-07-31 08:35 -------- d-----w- c:\program files\7-Zip . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-01 18:40 . 2010-06-07 16:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-07-01 18:40 . 2010-06-07 16:28 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-06-02 13:34 . 2011-07-13 15:54 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 19:08 . 2011-05-11 15:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-07-28 19:15 . 2010-05-01 21:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}] 2010-07-12 09:30 135840 ----a-w- c:\program files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "ConnMonitor"="c:\program files\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GameRanger.lnk - c:\users\Dolores\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-4-28 1449696] Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 136176] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192] R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 136176] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] R3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\pmx3gmdm.sys [2009-03-26 103552] R3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\DRIVERS\pmx3gnet.sys [2009-03-26 116736] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-03 176128] S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104] S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contenuto della cartella 'Scheduled Tasks' . 2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 21:56] . 2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 21:56] . 2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{716FFCB4-E4A0-494E-B4EE-4A0127191E8C}.job - c:\windows\system32\msfeedssync.exe [2011-08-20 09:26] . . ------- Scansione supplementare ------- . uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=24f7afd4000000000000001e65975820&tlver=1.4.19.19&affID=17160 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0210&m=aspire_5738 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 192.168.1.20 FF - ProfilePath - c:\users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\rgj9muib.default\ FF - prefs.js: browser.search.selectedEngine - Surf Canyon FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 . - - - - CHIAVI ORFANE RIMOSSE - - - - . HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe HKLM-Run-wxpdrv - c:\windows\services32.exe HKLM-Run-tray_ico - (no file) HKLM-Run-tray_ico0 - c:\windows\update.tray-15-0\svchost.exe HKLM-Run-tray_ico1 - c:\windows\update.tray-2-0\svchost.exe HKLM-Run-tray_ico2 - (no file) HKLM-Run-tray_ico3 - (no file) HKLM-Run-tray_ico4 - (no file) HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe HKLM-Run-systemup - c:\windows\systemup.exe . . . ************************************************************************ scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: . ********************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000059 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'Explorer.exe'(5240) c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\Motive\McciCMService.exe c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe c:\windows\system32\conime.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe c:\windows\ehome\ehmsas.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\users\Dolores\AppData\Local\Temp\RtkBtMnt.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************ . Ora fine scansione: 2011-08-23 19:54:11 - Il pc č stato riavviato ComboFix-quarantined-files.txt 2011-08-23 17:54 . Pre-Run: 160,303,149,056 byte disponibili Post-Run: 185,579,294,720 byte disponibili . - - End Of File - - 77DEC82C0F5E92077BA2203D2072844C

Profil

1l padr1n0 Poslao: 23 Avg 2011 20:24 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je da deinstaliras NOD32 Anti-Virus sa sistema. Takodje, nakon deinstalacije potrebno je da ispratis uputstvo sa ovog link-a i uklonis ostatke NOD32 AV-a: http://kb.eset.com/esetkb/index?page=content&id=SOLN2289 Skines doticni alat, pokrenes racunar u Safe mode i tamo ga pokrenes. Tek nakon toga predji na sledeci korak ... Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\unrar.exe Folder:: c:\windows\update.tray-15-0 c:\windows\update.tray-15-0-lnk c:\windows\ufa c:\windows\av_ico c:\windows\update.tray-2-0 c:\windows\update.tray-2-0-lnk DDS:: uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=24f7afd4000000000000001e65975820&tlver=1.4.19.19&affID=17160 RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000059 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). goran9888 (AMF Tim)

Profil

Sam633 Poslao: 23 Avg 2011 20:39 Idi na vrh
offline Sam633 Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Radim ovo prvo za NOD32, ali je mali previd je u pitanju. To sa ComboFix-om odraditi u "normalnom" modu ili Safe modu?

Profil

1l padr1n0 Poslao: 23 Avg 2011 21:08 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sam633 ::Radim ovo prvo za NOD32, ali je mali previd je u pitanju. To sa ComboFix-om odraditi u "normalnom" modu ili Safe modu? -Deinstalacija NOD32 iz Normal mode-a (Start -> Control Panel -> Programs and Features; ukoliko ne postoji u listi predji na sledeci korak); -Pokretanje alata za uklanjanje ostataka NOD32 AV-a iz Safe mode Windows-a; -Pokretanje skripte ComboFix-a iz Normal mode-a Windows-a. goran9888 (AMF Tim)

Profil

Sam633 Poslao: 24 Avg 2011 02:36 Idi na vrh
offline Sam633 Novi MyCity građanin Pridružio: 23 Avg 2011 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nod32 Uninstaller odradio posao u Safe modu i prilažem drugi ComboFix log. ComboFix 11-08-23.03 - Dolores 08/23/2011 21:11:58.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.2036 [GMT 2:00] Eseguito da: c:\users\Dolores\Desktop\ComboFix.exe Opzioni usate :: c:\users\Dolores\Desktop\CFScript.txt SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\av_ico c:\windows\av_ico\ico_defender_start.ico c:\windows\av_ico\ico_NOD_AV_START.ico c:\windows\av_ico\ico_NOD_SYSINSP.ico c:\windows\av_ico\ico_NOD_SYSRESC.ico c:\windows\av_ico\ico_NOD_TXT.ico c:\windows\av_ico\ico_NOD_UNINSTALL.ico c:\windows\ufa c:\windows\ufa\ufa.exe c:\windows\unrar.exe c:\windows\update.tray-15-0-lnk c:\windows\update.tray-15-0-lnk\svchost.exe c:\windows\update.tray-15-0 c:\windows\update.tray-2-0-lnk c:\windows\update.tray-2-0-lnk\svchost.exe c:\windows\update.tray-2-0 . . ((((((((((((((((((((((((( Files Creati Da 2011-07-23 al 2011-08-23 ))))))))))))))))))))))))))))))))))) . . 2011-08-23 19:16 . 2011-08-23 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-23 15:36 . 2011-08-23 15:36 -------- d-----w- c:\users\Dolores\AppData\Roaming\HD Tune Pro 2011-08-23 14:41 . 2011-08-23 14:41 -------- d-----w- C:\found.000 2011-08-22 16:47 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-20 21:59 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-20 21:59 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-08-20 21:59 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-08-20 21:59 . 2011-07-23 11:04 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-20 21:59 . 2011-07-23 11:04 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-08-20 21:59 . 2011-07-23 10:59 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\Common Files\PCSuite 2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\Common Files\Nokia 2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\PC Connectivity Solution 2011-08-10 16:11 . 2011-08-10 16:15 -------- d-----w- c:\program files\Nokia 2011-07-31 08:35 . 2011-07-31 08:35 -------- d-----w- c:\program files\7-Zip . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-01 18:40 . 2010-06-07 16:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-07-01 18:40 . 2010-06-07 16:28 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-06-02 13:34 . 2011-07-13 15:54 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 19:08 . 2011-05-11 15:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-07-28 19:15 . 2010-05-01 21:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}] 2010-07-12 09:30 135840 ----a-w- c:\program files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464] "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "ConnMonitor"="c:\program files\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GameRanger.lnk - c:\users\Dolores\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-4-28 1449696] Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 136176] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192] R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 136176] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] R3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\pmx3gmdm.sys [2009-03-26 103552] R3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\DRIVERS\pmx3gnet.sys [2009-03-26 116736] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-03 176128] S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104] S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contenuto della cartella 'Scheduled Tasks' . 2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 21:56] . 2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 21:56] . 2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{716FFCB4-E4A0-494E-B4EE-4A0127191E8C}.job - c:\windows\system32\msfeedssync.exe [2011-08-20 09:26] . . ------- Scansione supplementare ------- . mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0210&m=aspire_5738 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 192.168.1.20 FF - ProfilePath - c:\users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\rgj9muib.default\ FF - prefs.js: browser.search.selectedEngine - Surf Canyon FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-08-23 21:16 Windows 6.0.6002 Service Pack 2 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************ . Ora fine scansione: 2011-08-23 21:17:52 ComboFix-quarantined-files.txt 2011-08-23 19:17 ComboFix2.txt 2011-08-23 17:54 . Pre-Run: 185,327,230,976 byte disponibili Post-Run: 185,286,729,728 byte disponibili . - - End Of File - - FE3C6ADCBE1CA1A0E698C8E40865DA84 Quick Scan of Malwarebytes: Malwarebytes' Anti-Malware 1.51.1.1800 malwarebytes.org Database version: 7547 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19120 8/24/2011 12:43:02 AM mbam-log-2011-08-24 (00-43-02).txt Scan type: Quick scan Objects scanned: 168290 Time elapsed: 2 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Nadam se da nećete zameriti, odradio sam i Full Scan of Malwarebytes: Malwarebytes' Anti-Malware 1.51.1.1800 malwarebytes.org Database version: 7547 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19120 8/24/2011 1:31:15 AM mbam-log-2011-08-24 (01-31-15).txt Scan type: Full scan (C:\ Objects scanned: 308887 Time elapsed: 43 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Qoobox\quarantine\C\Windows\services32.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\Windows\PIF\smss.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\Windows\update.1\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\Windows\update.tray-15-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\Windows\update.tray-15-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\Windows\update.tray-2-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\Windows\update.tray-2-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. Koliko sam shvatio, Malwarebytes zapravo izbrisao ono što se nalazilo u karantinu Combofix-a. Valjda nisam pogrešio u poslednjem postupku? Uglavnom, nakon svega ovoga laptop se boot-uje znatno brže, rekao bih čak i do 30%. Kombinacija tastera Win+E se otvara gotovo trenutno, ranije je trebalo i do pet sekundi. Pretpostavljam da na kraju treba da deinstaliram ComboFix i stavim neki antivirus poput Avast-a ili Avire. Mogu da kažem već sada u ime vlasnice laptopa, hvala Vam najlepše! A s moje strane svaka čast!

Profil

1l padr1n0 Poslao: 24 Avg 2011 14:27 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Taj sistem je cist sto se malware-a tice. Potrebno je odraditi sledece .... Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Ostale koriscene programe u slucaju mozes obrisati. Potrebno je da instaliras Anti-Virus na sistem. Moj predlog ti je da koristis besplatan Anti-Virus ukoliko nemas licencu za komercijalnu verziju AV-a. Besplatni Anti-Virusi su: Avast, Avira, AVG, Panda Cloud, MSE, itd ... Odluci se za jedan. Tema koja ti moze biti od pomoci je: Izbor besplatnog antivirusa Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu. ---------------------------------------------------------- - Sredi Startup: Pritisni dugme i R. Pojaviće se sledeći prozor: Potrebno je upisati msconfig i pritisnuti OK. Otvoriće se novi prozor u kom je potrebno preći na karticu Startup Destrikliraj sve aplikacije koje nisu potrebne da se startuju sa sistemom; pozeljno je da ostanu samo Anti-Malware programi (AV i FW); sve ostalo destrikliraj - Preporucujem ti da instaliras Service Pack 3 za Windows XP tj. update-ujes svoj Operativni Sistem. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na MS-ovom sajtu. Uglavnom, MS je 13.jula 2010 prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru. Sta to znaci? Pogledaj link: http://windows.microsoft.com/en-US/windows/help/what-does-end-of-support-mean; **** Ukoliko se odlucis na ovaj korak (instaliranje SP3), preporucujem ti da prethodno uradis backup svih bitnih podataka. - Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan. Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/ Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html - Start -> Control Panel -> Add or Remove Programs - deinstaliraj sve aplikacije koje su visak, tj. ne trebaju ti. Takodje preporucio bih ti i deinstaliranje toolbar-ova ako ih ne koristis: Ask Toolbar, Facebook Plug-In, YouTube Downloader Toolbar v4.3. Time ces znato ubrzati rad sistema. - Poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Bilo koji dodatak da je stare verzije, bilo bi pozeljno nadograditi ga na najnoviju verziju (time ces dodatno osigurati pretrazivac). Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan.Win32.FakeAV.LVT

Ko je trenutno na forumu

Ukupno su 1103 korisnika na forumu :: 40 registrovanih, 8 sakrivenih i 1055 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Bobrock1, bokisha253, Boris BM, cavatina, Denaya, dmdr, dushan, Još malo pa deda, Kibice, Kubovac, Mi lao shu, milanovic, Millennium, milutin134, Miškić, moldway, muaddib, Nemanja.M, Nikolaa11, ObelixSRB, panzerwaffe, pein, pera bager, Petarvu, procesor, RJ, Sale.S, Srki94, Srle993, stankolich, stegonosa, Toper, Tvrtko I, vathra, virked, Vlada78, x9, ZetaMan, zillbg

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by