problem sa virusima

problem sa virusima

offline
  • Pridružio: 22 Mar 2009
  • Poruke: 2

po startovanju racunara sistem mi prijavljuje razne greske i racunar mi uspori...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:21, on 22.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MSI\Desktop\New Folder\TR3.exe.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\system.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{386EC6AE-B61C-4364-8575-6A3FB313EED6}: NameServer = 195.66.160.1,195.66.160.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCBD630E-DBC0-4719-8B47-8F90FAE20EAC}: NameServer = 195.66.160.1 195.66.160.2
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - izaberipartizan.com/img/bg.gif

--
End of file - 4506 bytes

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 22 Mar 2009
  • Poruke: 2

ComboFix 09-03-23.01 - MSI 2009-03-24 15:12:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.664 [GMT 1:00]
Running from: c:\documents and settings\MSI\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-22 20:19 . 2009-03-22 20:21 <DIR> d-------- c:\program files\uTorrent
2009-03-22 20:19 . 2009-03-22 22:31 <DIR> d-------- c:\documents and settings\MSI\Application Data\uTorrent
2009-03-18 09:34 . 2009-03-18 09:34 501 --a------ C:\niz.exe
2009-03-17 14:36 . 2009-03-17 14:36 114,688 -rahs---- c:\windows\system32\mxvrcu.dll
2009-02-26 14:59 . 2009-02-26 14:59 <DIR> d-------- c:\documents and settings\MSI\Application Data\Desktopicon
2009-02-26 14:58 . 2009-02-26 15:00 <DIR> d-------- c:\program files\Unlocker
2009-02-26 13:26 . 2009-02-26 13:26 <DIR> d-------- c:\program files\Enigma Software Group
2009-02-25 17:48 . 2009-02-27 20:29 7,451 --a------ C:\pe.exe
2009-02-25 10:17 . 2009-02-25 15:20 398 --a------ C:\pes.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 18:00 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-13 10:16 449 ----a-w c:\program files\highscores.txt
2009-03-13 10:16 4,813 ----a-w c:\program files\debug.txt
2009-03-10 11:35 45,056 ----a-w c:\windows\NCUNINST.EXE
2009-02-25 18:18 --------- d-----w c:\program files\ESET
2009-02-01 17:57 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-01 17:57 --------- d-----w c:\program files\Lavasoft
2009-02-01 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-01 17:55 --------- d-----w c:\program files\IObit
2009-02-01 17:55 --------- d-----w c:\documents and settings\MSI\Application Data\IObit
2009-02-01 17:54 --------- d-----w c:\program files\CCleaner
2009-02-01 12:07 352,256 ----a-w c:\windows\eSellerateEngine.dll
2009-02-01 12:07 --------- d-----w c:\program files\Raptisoft
2009-02-01 11:19 9,821 ----a-w c:\program files\Uninst.isu
2009-02-01 11:19 --------- d-----w c:\program files\Internet
2009-01-26 21:19 --------- d-----w c:\program files\Common Files\SWF Studio
2009-01-26 21:00 --------- d-----w c:\program files\KeyOPS
2009-01-26 20:32 --------- d-----w c:\program files\Phenomedia AG
2009-01-25 17:22 --------- d-----w c:\documents and settings\MSI\Application Data\Nokia Multimedia Player
2009-01-18 21:35 15,688 ----a-w c:\windows\system32\lsdelete.exe
2008-01-03 16:27 920 ---ha-w c:\documents and settings\MSI\setup.bin
2007-01-26 20:17 16,752 ----a-w c:\documents and settings\MSI\Application Data\GDIPFONTCACHEV1.DAT
2001-03-12 16:04 335,872 ------w c:\program files\MoorhuhnWinter.exe
2001-03-12 15:52 14,290,436 ------w c:\program files\moorhuhnwinter.dat
2001-03-08 13:05 674 ----a-w c:\program files\LiesMich.html
2001-03-08 13:00 610 ----a-w c:\program files\LiesMich.txt
2001-03-07 12:15 10,509 ----a-w c:\program files\FAQ.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-01 949376]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-15 515416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-03 77824]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2005-10-10 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2006-06-28 15:50 851456 c:\progra~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-05-18 10:29 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-03 20:29 77824 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 21:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-01 64160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-04-01 15424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S2 zvczls;zvczls;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
S3 doojt;doojt;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zvczls

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29f79d1b-e124-11dc-90f1-9773b73be2fe}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2af7bfe0-3170-11dc-9bf2-a1fe62189e1c}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fafb2ca-e0c0-11dc-90f0-d994d8eba476}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1db0643-e624-11dc-9107-eb9e4f3a9047}]
\Shell\AutoRun\command - G:\usdeiect.com
\Shell\explore\Command - G:\usdeiect.com
\Shell\open\Command - G:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac5a392c-04d3-11dd-9185-9c9c8d20f0c2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL batexe\progstart.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d16c1c21-5bf8-11dc-9ca6-c0b6b4a886dd}]
\Shell\Auto\command - G:\Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-15 18:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?hl=sr&lr=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {386EC6AE-B61C-4364-8575-6A3FB313EED6} = 195.66.160.1,195.66.160.2
TCP: {DCBD630E-DBC0-4719-8B47-8F90FAE20EAC} = 195.66.160.1 195.66.160.2
DPF: {33331111-1111-1111-1111-615111193427}
DPF: {E cellSpacing=5 cellPadding=3 width=400}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-24 15:19:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 20 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\doojt]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-03-24 15:22:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 14:22:30
ComboFix2.txt 2009-03-23 14:47:32
ComboFix3.txt 2009-03-22 21:40:11

Pre-Run: 23.193.616.384 bytes free
Post-Run: 23,263,268,864 bytes free

185

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Iskljuci privremeno antivirus program

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\mxvrcu.dll
C:\pe.exe
C:\pes.exe
C:\niz.exe
c:\windows\system32\01.tmp

Driver::
zvczls
doojt

NetSvc::
zvczls

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29f79d1b-e124-11dc-90f1-9773b73be2fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2af7bfe0-3170-11dc-9bf2-a1fe62189e1c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fafb2ca-e0c0-11dc-90f0-d994d8eba476}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1db0643-e624-11dc-9107-eb9e4f3a9047}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac5a392c-04d3-11dd-9185-9c9c8d20f0c2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d16c1c21-5bf8-11dc-9ca6-c0b6b4a886dd}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 796 korisnika na forumu :: 30 registrovanih, 6 sakrivenih i 760 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, babaroga, Bane san, Boris90, Chainsaw, darkangel, dragon986, goflja76, HDMI, JOntra, kos milorad, KUZMAR, Lieutenant, Marko Marković, mcgunner, mercedesamg, Mercury, Milan A. Nikolic, nebkv, ObelixSRB, oddsock, pein, Petar35, repac, stegonosa, voja64, Wisdomseeker, Yellow Pinky, Živković, Čivi