MyCity » Ambulanta -> Arhiva Ambulante » Antichrist!!!! Help..........

Antichrist!!!! Help..........

Napisano na dan: 10.7.2008

Strana:
1
2

Antichrist!!!! Help..........

Sledeća strana

Pagination

Odgovori

Strana:
1
2

keleraba1 Poslao: 10 Jul 2008 22:01 Idi na vrh
offline keleraba1 Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 23:13:08, on 9.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\sys.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\Sys32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Outlook Express\msimn.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Mia Vujosevic\Desktop\ja\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer [Day of judgment] F2 - REG:system.ini: Shell=Explorer.exe shell.exe F3 - REG:win.ini: load=C:\WINDOWS\media\wma.exe F2 - REG:system.ini: UserInit=userinit.exe,sys.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\ O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [blank] C:\WINDOWS\system32\blank.htm O4 - HKLM\..\Run: [vxds] C:\WINDOWS\vxds.exe O4 - HKLM\..\Run: [Sys32] c:\WINDOWS\Sys32.exe O4 - HKLM\..\Run: [HService] c:\WINDOWS\msservice.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: I&zvezi u program Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: adobe.com O15 - Trusted Zone: facebook.com O15 - Trusted Zone: google.rs O15 - Trusted Zone: hattrick.org O15 - Trusted Zone: www83.hattrick.org O15 - Trusted Zone: www87.hattrick.org O15 - Trusted Zone: www89.hattrick.org O15 - Trusted Zone: java.com O17 - HKLM\System\CCS\Services\Tcpip\..\{09DB7DCE-A2A5-4907-A22A-05393D8F98CB}: NameServer = 194.106.162.2 194.106.162.3 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Antichrist je lociran u Windows/system32/blank.htm Ne prepoznaje ga ni jedan antivirus program

Profil

helen1 Poslao: 10 Jul 2008 22:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozzz, koristis dva antivirusa, odluci se za jedan drugi uninstaliraj i onda cemo nastaviti sa ciscenjem.

Profil

keleraba1 Poslao: 10 Jul 2008 22:19 Idi na vrh
offline keleraba1 Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 22:18:02, on 10.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\sys.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\Sys32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Outlook Express\msimn.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Mia Vujosevic\Desktop\ja\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer [Day of judgment] F2 - REG:system.ini: Shell=Explorer.exe shell.exe F3 - REG:win.ini: load=C:\WINDOWS\media\wma.exe F2 - REG:system.ini: UserInit=userinit.exe,sys.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\ O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [blank] C:\WINDOWS\system32\blank.htm O4 - HKLM\..\Run: [vxds] C:\WINDOWS\vxds.exe O4 - HKLM\..\Run: [Sys32] c:\WINDOWS\Sys32.exe O4 - HKLM\..\Run: [HService] c:\WINDOWS\msservice.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: I&zvezi u program Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: adobe.com O15 - Trusted Zone: facebook.com O15 - Trusted Zone: google.rs O15 - Trusted Zone: hattrick.org O15 - Trusted Zone: www83.hattrick.org O15 - Trusted Zone: www87.hattrick.org O15 - Trusted Zone: www89.hattrick.org O15 - Trusted Zone: java.com O17 - HKLM\System\CCS\Services\Tcpip\..\{09DB7DCE-A2A5-4907-A22A-05393D8F98CB}: NameServer = 194.106.162.2 194.106.162.3 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Profil

helen1 Poslao: 10 Jul 2008 22:22 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

keleraba1 Poslao: 10 Jul 2008 22:49 Idi na vrh
offline keleraba1 Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-09.5 - Mia Vujosevic 2008-07-10 22:45:18.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.88 [GMT 2:00] Running from: C:\Documents and Settings\Mia Vujosevic\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\DOCUME~1\MIAVUJ~1\LOCALS~1\Temp\Ofb1.exe C:\Program Files\Ofb1 C:\Program Files\Ofb1\Ofb1.dll C:\Program Files\Ofb1\Uninstall.exe C:\WINDOWS\AutoUpdateWin31.dll C:\WINDOWS\shell.exe C:\WINDOWS\sys32.exe C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\oeminfo.ini C:\WINDOWS\system32\sys.exe C:\WINDOWS\windowsupdates.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))) . 2008-06-23 08:30 . 2008-01-24 20:29 572,928 --ah----- C:\WINDOWS\backup.dll 2008-06-23 08:30 . 2008-01-15 20:04 296,960 --ah----- C:\WINDOWS\msservice.exe 2008-06-23 08:30 . 2008-06-23 08:30 294 --ahs---- C:\WINDOWS\itsme.ini 2008-06-21 10:33 . 2008-06-21 10:33 139,331 --a------ C:\WINDOWS\system32\nvsvc32m.exe 2008-06-21 00:20 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-21 00:20 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-17 08:54 . 2008-06-17 08:54 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} 2008-06-16 20:12 . 2008-05-13 20:30 74,240 --ahs---- C:\WINDOWS\vxds.exe 2008-06-16 20:12 . 2008-07-10 21:34 4,190 --ahs---- C:\WINDOWS\system32\OEMLOGO.BMP 2008-06-16 20:12 . 2008-07-10 21:34 917 --ahs---- C:\WINDOWS\system32\blank.htm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-07-08 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-21 08:31 --------- d-----w C:\Program Files\ESET 2008-06-20 22:09 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-06-20 22:09 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-01 13:58 --------- d-----w C:\Documents and Settings\Mia Vujosevic\Application Data\Corel 2008-05-31 15:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 15:57 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-31 15:57 --------- d-----w C:\Program Files\Common Files\Corel 2008-05-31 15:56 --------- d-----w C:\Program Files\Corel 2008-05-31 15:33 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-05-31 15:32 --------- d-----w C:\Program Files\Autodesk 2008-05-13 18:30 74,240 --sha-w C:\WINDOWS\Media\wma.exe 2008-05-13 18:30 74,240 --sha-w C:\WINDOWS\Help\hlps.exe 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-01 06:05 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-01-06 11:36 47,664 ----a-w C:\Documents and Settings\Mia Vujosevic\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 20:43 90112] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 14:44 68856] "blank"="C:\WINDOWS\system32\blank.htm" [2008-07-10 21:34 917] "hlps"="C:\WINDOWS\Help\hlps.exe" [2008-05-13 20:30 74240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 06:01 5513216] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-12-15 06:01 86016] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 21:10 35328] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-21 00:09 921600] "D_V_T"="C:\\dvt.exe" [2007-12-04 14:33 3584] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704] "blank"="C:\WINDOWS\system32\blank.htm" [2008-07-10 21:34 917] "vxds"="C:\WINDOWS\vxds.exe" [2008-05-13 20:30 74240] "HService"="c:\WINDOWS\msservice.exe" [2008-01-15 20:04 296960] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-12-15 06:01 1490944 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520] ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2007-12-13 20:43:09 2117632] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "LegalNoticeCaption"="[Antichrist]" "LegalNoticeText"="[Day of judgment]" "LogonPrompt"="[Day of judgment]" "Welcome"="[Antichrist]" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00] R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2004-04-06 12:30] R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2004-04-06 12:31] S3 MSSQL$PSIT;MSSQL$PSIT;C:\Program Files\Microsoft SQL Server\MSSQL$PSIT\Binn\sqlservr.exe [2002-12-17 18:26] S3 SQLAgent$PSIT;SQLAgent$PSIT;C:\Program Files\Microsoft SQL Server\MSSQL$PSIT\Binn\sqlagent.EXE [2002-12-17 18:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8924d4-b535-11dc-a880-0015f243fec5}] \Shell\Auto\command - Autorun.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17e1512e-d010-11dc-a8c4-0015f243fec5}] \Shell\Auto\command - G:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b28d37-a261-11dc-9e93-806d6172696f}] \Shell\AutoRun\command - E:\ASUSACPI.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fd4adca-0f5c-11dd-a92f-0015f243fec5}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1cdb2dc-a4e7-11dc-a84b-0015f243fec5}] \Shell\Auto\command - Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1528f90-a560-11dc-a84d-0015f243fec5}] \Shell\Auto\command - F:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe Newly Created Service - CATCHME . - - - - ORPHANS REMOVED - - - - HKLM-Run-Sys32 - c:\WINDOWS\Sys32.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-10 22:46:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-10 22:48:12 ComboFix-quarantined-files.txt 2008-07-10 20:48:05 Pre-Run: 10,197,372,928 bytes free Post-Run: 10,754,539,520 bytes free 155 --- E O F --- 2008-07-09 22:10:57

Profil

helen1 Poslao: 11 Jul 2008 12:23 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HijackThis, klikni Do a system scan only i štikliraj sledeće linije: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer [Day of judgment] F2 - REG:system.ini: Shell=Explorer.exe shell.exe F2 - REG:system.ini: UserInit=userinit.exe,sys.exe F3 - REG:win.ini: load=C:\WINDOWS\media\wma.exe O4 - HKLM\..\Run: [blank] C:\WINDOWS\system32\blank.htm O4 - HKLM\..\Run: [vxds] C:\WINDOWS\vxds.exe O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe Zatvori Internet Explorer i klikni Fix checked. Potom mi postavi novi HJT i ComboFix log.

Profil

keleraba1 Poslao: 11 Jul 2008 16:26 Idi na vrh
offline keleraba1 Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 15:42:08, on 11.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\sys.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\Sys32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Mia Vujosevic\Desktop\ja\TR3.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\ O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [HService] c:\WINDOWS\msservice.exe O4 - HKLM\..\Run: [Sys32] c:\WINDOWS\Sys32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: I&zvezi u program Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: adobe.com O15 - Trusted Zone: facebook.com O15 - Trusted Zone: google.rs O15 - Trusted Zone: hattrick.org O15 - Trusted Zone: www83.hattrick.org O15 - Trusted Zone: www87.hattrick.org O15 - Trusted Zone: www89.hattrick.org O15 - Trusted Zone: java.com O17 - HKLM\System\CCS\Services\Tcpip\..\{09DB7DCE-A2A5-4907-A22A-05393D8F98CB}: NameServer = 194.106.162.2 194.106.162.3 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Dopuna: 11 Jul 2008 15:48 ComboFix 08-07-09.5 - Mia Vujosevic 2008-07-11 15:45:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.176 [GMT 2:00] Running from: C:\Documents and Settings\Mia Vujosevic\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\shell.exe C:\WINDOWS\sys32.exe C:\WINDOWS\system32\oeminfo.ini C:\windows\system32\sys.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 ))))))))))))))))))))))))))))))) . 2008-06-23 08:30 . 2008-01-24 20:29 572,928 --ah----- C:\WINDOWS\backup.dll 2008-06-23 08:30 . 2008-01-15 20:04 296,960 --ah----- C:\WINDOWS\msservice.exe 2008-06-23 08:30 . 2008-06-23 08:30 294 --ahs---- C:\WINDOWS\itsme.ini 2008-06-21 10:33 . 2008-06-21 10:33 139,331 --a------ C:\WINDOWS\system32\nvsvc32m.exe 2008-06-21 00:20 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-21 00:20 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-17 08:54 . 2008-06-17 08:54 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} 2008-06-16 20:12 . 2008-05-13 20:30 74,240 --ahs---- C:\WINDOWS\vxds.exe 2008-06-16 20:12 . 2008-07-11 15:27 4,190 --ahs---- C:\WINDOWS\system32\OEMLOGO.BMP 2008-06-16 20:12 . 2008-07-11 15:27 917 --ahs---- C:\WINDOWS\system32\blank.htm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-11 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-07-08 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-21 08:31 --------- d-----w C:\Program Files\ESET 2008-06-20 22:09 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-06-20 22:09 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-01 13:58 --------- d-----w C:\Documents and Settings\Mia Vujosevic\Application Data\Corel 2008-05-31 15:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 15:57 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-31 15:57 --------- d-----w C:\Program Files\Common Files\Corel 2008-05-31 15:56 --------- d-----w C:\Program Files\Corel 2008-05-31 15:33 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-05-31 15:32 --------- d-----w C:\Program Files\Autodesk 2008-05-13 18:30 74,240 --sha-w C:\WINDOWS\Media\wma.exe 2008-05-13 18:30 74,240 --sha-w C:\WINDOWS\Help\hlps.exe 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-01 06:05 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-01-06 11:36 47,664 ----a-w C:\Documents and Settings\Mia Vujosevic\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-07-10_22.47.52,21 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-10 19:20:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-11 13:27:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 20:43 90112] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 14:44 68856] "blank"="C:\WINDOWS\system32\blank.htm" [2008-07-11 15:27 917] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 06:01 5513216] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-12-15 06:01 86016] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 21:10 35328] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-21 00:09 921600] "D_V_T"="C:\\dvt.exe" [2007-12-04 14:33 3584] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704] "HService"="c:\WINDOWS\msservice.exe" [2008-01-15 20:04 296960] "Sys32"="c:\WINDOWS\Sys32.exe" [BU] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-12-15 06:01 1490944 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520] ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2007-12-13 20:43:09 2117632] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "LegalNoticeCaption"="[Antichrist]" "LegalNoticeText"="[Day of judgment]" "LogonPrompt"="[Day of judgment]" "Welcome"="[Antichrist]" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00] R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2004-04-06 12:30] R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2004-04-06 12:31] S3 MSSQL$PSIT;MSSQL$PSIT;C:\Program Files\Microsoft SQL Server\MSSQL$PSIT\Binn\sqlservr.exe [2002-12-17 18:26] S3 SQLAgent$PSIT;SQLAgent$PSIT;C:\Program Files\Microsoft SQL Server\MSSQL$PSIT\Binn\sqlagent.EXE [2002-12-17 18:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8924d4-b535-11dc-a880-0015f243fec5}] \Shell\Auto\command - Autorun.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17e1512e-d010-11dc-a8c4-0015f243fec5}] \Shell\Auto\command - G:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b28d37-a261-11dc-9e93-806d6172696f}] \Shell\AutoRun\command - E:\ASUSACPI.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fd4adca-0f5c-11dd-a92f-0015f243fec5}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1cdb2dc-a4e7-11dc-a84b-0015f243fec5}] \Shell\Auto\command - Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1528f90-a560-11dc-a84d-0015f243fec5}] \Shell\Auto\command - F:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-11 15:46:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-11 15:47:28 ComboFix-quarantined-files.txt 2008-07-11 13:47:24 ComboFix2.txt 2008-07-10 20:48:13 Pre-Run: 10,801,631,232 bytes free Post-Run: 10,790,064,128 bytes free 149 --- E O F --- 2008-07-09 22:10:57 Dopuna: 11 Jul 2008 16:26 Helen izvini za jucerasnje smaranje ja sam totalni duduk sto se tice ovoga....

Profil

helen1 Poslao: 11 Jul 2008 20:01 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\Media\wma.exe C:\WINDOWS\Help\hlps.exe C:\WINDOWS\backup.dll C:\WINDOWS\msservice.exe C:\WINDOWS\itsme.ini C:\WINDOWS\system32\nvsvc32m.exe C:\WINDOWS\system32\OEMLOGO.BMP C:\WINDOWS\system32\blank.htm C:\WINDOWS\vxds.exe C:\WINDOWS\system32\Cn911.exe C:\WINDOWS\system32\Autorun.exe Folder:: C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "blank"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "blank"=- "vxds"=- "HService"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon] "LegalNoticeCaption"=- "LegalNoticeText"=- "LogonPrompt"=- "Welcome"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17e1512e-d010-11dc-a8c4-0015f243fec5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8924d4-b535-11dc-a880-0015f243fec5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fd4adca-0f5c-11dd-a92f-0015f243fec5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1cdb2dc-a4e7-11dc-a84b-0015f243fec5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1528f90-a560-11dc-a84d-0015f243fec5}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

keleraba1 Poslao: 12 Jul 2008 14:03 Idi na vrh
offline keleraba1 Novi MyCity građanin Pridružio: 09 Jul 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-09.5 - Mia Vujosevic 2008-07-12 13:58:15.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.135 [GMT 2:00] Running from: C:\Documents and Settings\Mia Vujosevic\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Mia Vujosevic\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\backup.dll C:\WINDOWS\Help\hlps.exe C:\WINDOWS\itsme.ini C:\WINDOWS\Media\wma.exe C:\WINDOWS\msservice.exe C:\WINDOWS\system32\Autorun.exe C:\WINDOWS\system32\blank.htm C:\WINDOWS\system32\Cn911.exe C:\WINDOWS\system32\nvsvc32m.exe C:\WINDOWS\system32\OEMLOGO.BMP C:\WINDOWS\vxds.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\sys.exe C:\WINDOWS\backup.dll C:\WINDOWS\Help\hlps.exe C:\WINDOWS\itsme.ini C:\WINDOWS\Media\wma.exe C:\WINDOWS\msservice.exe C:\WINDOWS\sys32.exe C:\WINDOWS\system32\blank.htm C:\WINDOWS\system32\nvsvc32m.exe C:\WINDOWS\system32\OEMLOGO.BMP C:\WINDOWS\vxds.exe . ((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))) . 2008-06-21 00:20 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-21 00:20 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-11 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-07-08 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-21 08:31 --------- d-----w C:\Program Files\ESET 2008-06-20 22:09 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-06-20 22:09 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-01 13:58 --------- d-----w C:\Documents and Settings\Mia Vujosevic\Application Data\Corel 2008-05-31 15:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 15:57 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-31 15:57 --------- d-----w C:\Program Files\Common Files\Corel 2008-05-31 15:56 --------- d-----w C:\Program Files\Corel 2008-05-31 15:33 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-05-31 15:32 --------- d-----w C:\Program Files\Autodesk 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-01 06:05 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-01-06 11:36 47,664 ----a-w C:\Documents and Settings\Mia Vujosevic\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-07-10_22.47.52,21 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-10 19:20:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-12 11:52:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 20:43 90112] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-21 14:44 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 06:01 5513216] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-12-15 06:01 86016] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 21:10 35328] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-21 00:09 921600] "D_V_T"="C:\\dvt.exe" [2007-12-04 14:33 3584] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704] "Sys32"="c:\WINDOWS\Sys32.exe" [BU] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 12:36 77824 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-12-15 06:01 1490944 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520] ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2007-12-13 20:43:09 2117632] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "LegalNoticeCaption"="[Antichrist]" "LegalNoticeText"="[Day of judgment]" "LogonPrompt"="[Day of judgment]" "Welcome"="[Antichrist]" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00] R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2004-04-06 12:30] R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2004-04-06 12:31] S3 MSSQL$PSIT;MSSQL$PSIT;C:\Program Files\Microsoft SQL Server\MSSQL$PSIT\Binn\sqlservr.exe [2002-12-17 18:26] S3 SQLAgent$PSIT;SQLAgent$PSIT;C:\Program Files\Microsoft SQL Server\MSSQL$PSIT\Binn\sqlagent.EXE [2002-12-17 18:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b28d37-a261-11dc-9e93-806d6172696f}] \Shell\AutoRun\command - E:\ASUSACPI.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-12 13:59:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-12 14:00:53 ComboFix-quarantined-files.txt 2008-07-12 12:00:38 ComboFix2.txt 2008-07-11 13:47:30 ComboFix3.txt 2008-07-10 20:48:13 Pre-Run: 10,774,171,648 bytes free Post-Run: 10,760,613,888 bytes free 142 --- E O F --- 2008-07-09 22:10:57

Profil

helen1 Poslao: 12 Jul 2008 14:17 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Ima li promena?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Antichrist!!!! Help..........

Ko je trenutno na forumu

Ukupno su 1188 korisnika na forumu :: 36 registrovanih, 6 sakrivenih i 1146 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 8u47, ajo baba, aleksandarbl, babaroga, bojanM84, Brana01, Bubimir, dejoglina, Denaya, Dimitrise93, djboj, doktor123, Dorcolac, dragoljub11987, frenki1986, Istman, Karla, kikisp, Krvava Devetka, kunktator, Lieutenant, Marko Marković, Mi lao shu, Mr. Majevica, nemkea71, novator, opt1, pein, procesor, slonic_tonic, Srle993, suton, Trpe Grozni, Vladko, wizzardone, zillbg

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by