MyCity » Ambulanta -> Arhiva Ambulante » Problem sa antihristom

Problem sa antihristom

Napisano na dan: 6.5.2008

Problem sa antihristom

Sledeća strana

Pagination

Odgovori

ERIC M Poslao: 06 Maj 2008 16:22 Idi na vrh
offline ERIC M Novi MyCity građanin Pridružio: 23 Apr 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kada ukljucim komp prvo mi se pojavi poruka "day of judgment" a zatim se otvara Firefox sa tekstom In the name of Allah... Pronasao sam u arhivi da je neko imao isti problem. Pokusao sam na isti nacin da ga resim i prilikom prvog restartovanja bilo je ok ali prilikom drugog opet po starom! Evo HijackThis i ComboFix loga pa pomagajte!!! Logfile of HijackThis v1.99.1 Scan saved at 3:07:05 PM, on 5/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\sys.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\sistray.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\nastavnik\Desktop\milan\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\system32\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer [Day of judgment] F2 - REG:system.ini: Shell=Explorer.exe shell.exe F3 - REG:win.ini: load=C:\WINDOWS\media\wma.exe F2 - REG:system.ini: UserInit=userinit.exe,sys.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [vxds] C:\WINDOWS\vxds.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [E06AXLRD_742296] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe ComboFix 08-05-01.3 - nastavnik 2008-05-06 15:45:43.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.192 [GMT 2:00] Running from: C:\Documents and Settings\nastavnik\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\shell.exe C:\windows\system32\sys.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))) . 2008-04-23 14:18 . 2008-05-06 15:44 4,190 --ahs---- C:\WINDOWS\system32\OEMLOGO.BMP 2008-04-23 14:18 . 2008-05-06 15:44 917 --ahs---- C:\WINDOWS\system32\blank.htm 2008-04-23 14:18 . 2008-05-06 15:44 392 --ahs---- C:\WINDOWS\system32\OEMINFO.INI 2008-04-23 14:00 . 2008-04-23 14:00 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-23 14:00 . 2008-04-23 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-23 13:40 . 2008-04-23 13:40 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-04-23 13:31 . 2008-04-23 13:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-21 13:44 . 2008-05-06 10:03 <DIR> d-------- C:\Documents and Settings\nastavnik\Application Data\AVG7 2008-04-21 13:44 . 2008-04-21 13:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-21 13:43 . 2008-04-21 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-21 13:43 . 2008-04-21 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-16 13:22 . 2008-04-16 13:22 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} 2008-04-16 12:01 . 2008-03-02 20:40 73,216 --ahs---- C:\WINDOWS\vxds.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-01 08:37 --------- d-----w C:\Program Files\Microsoft Student 2008-04-01 08:36 --------- d-----w C:\Program Files\Learning Essentials 2008-03-02 18:40 73,216 --sha-w C:\WINDOWS\Media\wma.exe 2008-03-02 18:40 73,216 --sha-w C:\WINDOWS\Help\hlps.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "E06AXLRD_742296"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [ ] "blank"="C:\WINDOWS\system32\blank.htm" [2008-05-06 15:44 917] "hlps"="C:\WINDOWS\Help\hlps.exe" [2008-03-02 20:40 73216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2007-04-13 11:54 53248 C:\WINDOWS\system32\SiSPower.dll] "vxds"="C:\WINDOWS\vxds.exe" [2008-03-02 20:40 73216] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-21 13:43 579584] "blank"="C:\WINDOWS\system32\blank.htm" [2008-05-06 15:44 917] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-21 13:43 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-09-17 15:10:34 262144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "LogonPrompt"="[Day of judgment]" "Welcome"="[Antichrist]" "LegalNoticeCaption"="[Antichrist]" "LegalNoticeText"="[Day of judgment]" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\nastavnik\\Desktop\\wsc-v3\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"= "C:\\Documents and Settings\\nastavnik\\Desktop\\wsc-v3\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-06 15:46:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-06 15:47:31 ComboFix-quarantined-files.txt 2008-05-06 13:47:29 Pre-Run: 33,551,265,792 bytes free Post-Run: 33,543,340,032 bytes free 85

Profil

dr_Bora Poslao: 06 Maj 2008 23:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\OEMLOGO.BMP C:\WINDOWS\system32\blank.htm C:\WINDOWS\system32\OEMINFO.INI C:\WINDOWS\vxds.exe C:\WINDOWS\Media\wma.exe C:\WINDOWS\Help\hlps.exe DirLook:: C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "blank"=- "hlps"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vxds"=- "blank"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "LogonPrompt"=- "Welcome"=- "LegalNoticeCaption"=- "LegalNoticeText"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

ERIC M Poslao: 07 Maj 2008 15:11 Idi na vrh
offline ERIC M Novi MyCity građanin Pridružio: 23 Apr 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam i nema ga vise!!! Jedino sto je ostalo od njega je ovo uokvireno na slici, ne znam da li moze da pravi neki problem? Evo i novog loga: ComboFix 08-05-01.3 - nastavnik 2008-05-07 13:57:13.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.178 [GMT 2:00] Running from: C:\Documents and Settings\nastavnik\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\nastavnik\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\Help\hlps.exe C:\WINDOWS\Media\wma.exe C:\WINDOWS\system32\blank.htm C:\WINDOWS\system32\OEMINFO.INI C:\WINDOWS\system32\OEMLOGO.BMP C:\WINDOWS\vxds.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\Help\hlps.exe C:\WINDOWS\Media\wma.exe C:\WINDOWS\shell.exe C:\WINDOWS\system32\blank.htm C:\WINDOWS\system32\OEMINFO.INI C:\WINDOWS\system32\OEMLOGO.BMP C:\WINDOWS\system32\sys.exe C:\WINDOWS\vxds.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))) . 2008-05-07 09:40 . 2008-05-07 09:40 <DIR> d-------- C:\Program Files\Alwil Software 2008-04-23 14:00 . 2008-04-23 14:00 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-23 14:00 . 2008-04-23 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-23 13:40 . 2008-04-23 13:40 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-04-23 13:31 . 2008-04-23 13:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-21 13:44 . 2008-05-07 08:00 <DIR> d-------- C:\Documents and Settings\nastavnik\Application Data\AVG7 2008-04-21 13:44 . 2008-04-21 13:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-21 13:43 . 2008-04-21 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-21 13:43 . 2008-04-21 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-16 13:22 . 2008-04-16 13:22 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-01 08:37 --------- d-----w C:\Program Files\Microsoft Student 2008-04-01 08:36 --------- d-----w C:\Program Files\Learning Essentials . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} ---- 2008-03-02 20:40 73216 --ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\C.exe ((((((((((((((((((((((((((((( snapshot@2008-05-06_15.47.20.35 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-06 13:01:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-07 11:54:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2007-09-06 10:09:49 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe + 2007-09-06 10:00:07 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr + 2007-09-06 10:00:53 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys + 2007-09-06 10:05:25 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys + 2007-09-06 10:05:10 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys + 2007-09-06 10:03:02 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys + 2007-09-06 10:02:20 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys - 2008-04-02 09:26:12 268,600 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-05-07 06:03:02 270,192 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-05-07 11:11:31 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_444.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "E06AXLRD_742296"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2007-04-13 11:54 53248 C:\WINDOWS\system32\SiSPower.dll] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-21 13:43 579584] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-21 13:43 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-09-17 15:10:34 262144] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\nastavnik\\Desktop\\wsc-v3\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"= "C:\\Documents and Settings\\nastavnik\\Desktop\\wsc-v3\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-07 13:58:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-07 13:59:45 ComboFix-quarantined-files.txt 2008-05-07 11:59:34 ComboFix2.txt 2008-05-06 13:47:32 Pre-Run: 33,627,054,080 bytes free Post-Run: 33,619,443,712 bytes free 105 I ne znam sta da kazem osim HVALA!

Profil

dr_Bora Poslao: 07 Maj 2008 16:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imamo još nešto da uklonimo... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\C.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Takođe, napiši i šta želiš da bude ispisano na tom ekranu gde sada piše Antichrist (tvoje ime ili bilo šta drugo) pa ćemo srediti...

Profil

ERIC M Poslao: 07 Maj 2008 17:11 Idi na vrh
offline ERIC M Novi MyCity građanin Pridružio: 23 Apr 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam ali i dalje je isto. Ne mora nista da pise, to je komp koji se nalazi u skoli gde sam u vojsci-civilno i ne koristim ga. Evo loga: ComboFix 08-05-01.3 - nastavnik 2008-05-07 16:49:58.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.171 [GMT 2:00] Running from: C:\Documents and Settings\nastavnik\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\nastavnik\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\C.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\C.exe . ((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))) . 2008-05-07 09:40 . 2008-05-07 09:40 <DIR> d-------- C:\Program Files\Alwil Software 2008-04-23 14:00 . 2008-04-23 14:00 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-23 14:00 . 2008-04-23 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-23 13:40 . 2008-04-23 13:40 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-04-23 13:31 . 2008-04-23 13:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-21 13:44 . 2008-05-07 08:00 <DIR> d-------- C:\Documents and Settings\nastavnik\Application Data\AVG7 2008-04-21 13:44 . 2008-04-21 13:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-21 13:43 . 2008-04-21 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-21 13:43 . 2008-04-21 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-16 13:22 . 2008-05-07 16:50 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-01 08:37 --------- d-----w C:\Program Files\Microsoft Student 2008-04-01 08:36 --------- d-----w C:\Program Files\Learning Essentials . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "E06AXLRD_742296"="C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2007-04-13 11:54 53248 C:\WINDOWS\system32\SiSPower.dll] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-21 13:43 579584] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-21 13:43 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-09-17 15:10:34 262144] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\nastavnik\\Desktop\\wsc-v3\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"= "C:\\Documents and Settings\\nastavnik\\Desktop\\wsc-v3\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-07 16:51:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-07 16:52:02 ComboFix-quarantined-files.txt 2008-05-07 14:51:57 Pre-Run: 33,602,523,136 bytes free Post-Run: 33,597,259,776 bytes free 71

Profil

dr_Bora Poslao: 07 Maj 2008 17:57 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

ERIC M Poslao: 08 Maj 2008 14:53 Idi na vrh
offline ERIC M Novi MyCity građanin Pridružio: 23 Apr 2008 Poruke: 5	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno, sada je dobro! Interesuje me sta je ovo uopste bilo, nije imao nikakvu zastitu, ja sam probao sa AVG-om i Avastom ali nije bilo efekta. Postoji li neka zastita, inace komp nema vezu sa internetom, ovo je uletelo preko nekog cd-a. HVALA!!!

Profil

dr_Bora Poslao: 08 Maj 2008 16:41 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim. U pitanju je infekcija (crv) koja se širi i putem prenosivih diskova tako da je izvor infekcije verovatno neki USB flash drive (obzirom na metod infekcije prenosivog diska, teško da je CD/DVD u pitanju). Zaštita? Pa, antivirusi treba da pomognu. E, sad... Ovo je relativno nova i ne preterano česta infekcija tako da nije čudno da mnogi AV programi još ne prepoznaju ovaj malware. Zato smo mi tu... Poz...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa antihristom

Ko je trenutno na forumu

Ukupno su 797 korisnika na forumu :: 43 registrovanih, 7 sakrivenih i 747 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Alibaba1981, Atomski čoban, bokisha253, botta, CikaKURE, darkangel, Dimitrise93, Džordžino, FOX, Georgius, HrcAk47, ikan, ILGromovnik, janbo, Karla, Kibice, kihot, kjkszpj, Krvava Devetka, laurusri, Leonov, maiden6657, Marko Marković, Mcdado, Mi lao shu, MiroslavD, Mixelotti, moldway, mrav pesadinac, panzerwaffe, pein, pristinski korpus, rasok, slonic_tonic, Srle993, stalja, stankolich, styg, uruk, Vlajman1957, wizzardone, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by