[ antichrist ]

2

[ antichrist ]

offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

OK nije nikakav problem. Hvala i kuckamo se.

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

izvini sto se ovako oduzilo.

uradi sledece:

Otvoriti Notepad i iskopirati sledeci tekst:


File::
C:\WINDOWS\system32\blank.htm
C:\WINDOWS\system32\OEMLOGO.BMP
C:\WINDOWS\system32\OEMINFO.INI

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hlps"=-
"blank"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blank"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeCaption"=-
"LegalNoticeText"=-
"LogonPrompt"=-
"Welcome"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blank]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

ComboFix 08-02-15.2 - mafioso 2008-02-17 3:45:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.637 [GMT 1:00]
Running from: C:\Documents and Settings\mafioso\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\mafioso\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\blank.htm
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\blank.htm
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 03:44 . 2008-02-17 03:46 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-17 03:15 . 2008-02-17 03:39 <DIR> d-------- C:\Program Files\Cool YouTube Downloader
2008-02-16 16:29 . 2008-02-16 16:29 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-16 16:29 . 2003-03-13 12:51 51,200 --a------ C:\WINDOWS\system32\camcodec.dll
2008-02-16 16:29 . 2003-03-13 12:51 1,461 --a------ C:\WINDOWS\system32\drivers\camcodec.inf
2008-02-16 16:25 . 2008-02-17 01:12 <DIR> d-------- C:\Program Files\CamStudio
2008-02-15 06:29 . 2008-02-15 06:31 <DIR> d-------- C:\Program Files\totalcmd
2008-02-15 06:29 . 2008-02-15 06:58 1,407 --a------ C:\WINDOWS\wincmd.ini
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-14 21:27 . 2008-02-14 21:27 <DIR> d-------- C:\Program Files\Your Freedom
2008-02-14 20:54 . 2008-02-14 21:09 <DIR> d-------- C:\Program Files\Etlin HTTP Proxy
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\PlayFirst
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-12 01:48 . 2008-02-12 01:48 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\iWin
2008-02-12 01:47 . 2008-02-12 01:47 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 23:41 . 2008-02-11 23:41 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\Wireshark
2008-02-11 23:24 . 2008-02-11 23:24 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\gtk-2.0
2008-02-10 22:06 . 2007-12-07 03:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 22:06 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 22:06 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 22:06 . 2007-12-07 03:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 22:06 . 2007-12-07 03:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 22:06 . 2007-12-07 03:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 22:06 . 2007-12-07 03:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 22:06 . 2007-12-07 03:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 22:06 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 16:44 . 2008-02-10 16:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 04:24 . 2008-02-10 04:24 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\vlc
2008-02-10 04:14 . 2008-02-10 04:14 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\ViStart
2008-02-10 04:11 . 2008-02-16 15:09 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\WinFlip
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\VisualTooltip
2008-02-10 04:11 . 2008-02-16 15:10 <DIR> d-------- C:\Program Files\ViStart
2008-02-10 04:11 . 2008-02-10 04:14 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\ViOrb
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\TrueTransparency
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\Styler
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\LClock
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\Styler
2008-02-10 04:11 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
2008-02-10 04:11 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
2008-02-10 04:11 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-02-10 04:11 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-02-10 04:07 . 2008-02-10 04:11 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-02-10 04:07 . 2008-02-10 04:11 <DIR> d-------- C:\VTPFiles
2008-02-10 04:07 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-02-10 04:07 . 2008-02-10 04:07 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-02-10 04:07 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-02-10 04:07 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-02-10 03:50 . 2008-02-12 18:33 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-02-10 03:44 . 2008-02-10 03:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-10 03:44 . 2008-02-10 03:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-10 01:21 . 2008-02-10 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-10 01:08 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-10 01:06 . 2008-02-10 01:06 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-10 01:05 . 2008-02-10 01:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-10 01:03 . 2008-02-10 01:03 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-10 01:02 . 2008-02-10 01:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-10 01:01 . 2008-02-10 01:01 <DIR> dr-h----- C:\MSOCache
2008-02-10 01:01 . 2008-02-14 03:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-09 22:48 . 2008-02-09 22:48 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-09 22:46 . 2008-02-09 22:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:45 . 2008-02-13 03:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-09 22:08 . 2008-02-10 01:06 <DIR> d-------- C:\Program Files\MSBuild
2008-02-09 22:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-09 22:04 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-09 19:10 . 2008-02-09 19:10 <DIR> d-------- C:\Documents and Settings\mafioso\WINDOWS
2008-02-09 19:10 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-02-09 18:57 . 2007-02-28 10:55 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-02-09 18:57 . 2007-02-28 10:53 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-02-09 18:57 . 2007-02-28 10:15 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-02-09 16:59 . 2008-02-09 17:02 <DIR> d-------- C:\Program Files\BitComet
2008-02-09 16:59 . 2008-02-09 16:59 <DIR> d-------- C:\Downloads
2008-02-09 16:59 . 2008-02-09 16:59 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-09 16:15 . 2008-02-09 16:15 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\AntiVir PersonalEdition Premium
2008-02-09 15:30 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-09 15:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-09 15:30 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-09 15:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-09 15:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-09 15:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-09 04:08 . 2008-02-09 04:08 <DIR> d-------- C:\Program Files\Wireshark
2008-02-09 04:08 . 2008-02-09 04:08 <DIR> d-------- C:\Program Files\WinPcap
2008-02-09 04:06 . 2008-02-09 04:07 <DIR> d-------- C:\Program Files\Packet Tracer 4.1
2008-02-09 04:02 . 2008-02-09 04:05 <DIR> d-------- C:\CISCO_CCNA
2008-02-09 03:58 . 2008-02-09 03:58 <DIR> d-------- C:\Program Files\Ligos
2008-02-09 03:58 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-02-09 03:58 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-02-09 03:57 . 1998-10-29 19:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-09 03:55 . 2008-02-09 03:55 <DIR> d-------- C:\WINDOWS\speech
2008-02-09 03:55 . 2008-02-09 03:55 <DIR> d-------- C:\WINDOWS\Lhsp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 02:46 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-09 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 00:34 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-02-09 00:34 --------- d-----w C:\Program Files\Realtek AC97
2008-02-09 00:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-09 00:34 --------- d-----w C:\Program Files\AvRack
2008-02-09 00:30 --------- d-----w C:\Program Files\ATI Technologies
2008-02-09 00:24 --------- d-----w C:\Program Files\Intel
2008-02-09 00:08 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 13:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 05:56 329029]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-09 02:43 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\mafioso\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-09 02:18:41 155648]
K-Meleon Loader.lnk - C:\Program Files\K-Meleon\loader.exe [2007-04-16 02:41:00 32768]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Vypress Chat StartUp.lnk - C:\WINDOWS\Installer\{32230531-F971-468F-9BD4-7C3369F3468B}\iconVCAdvertised.exe [2008-02-09 03:14:14 12390]

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-02-09 02:43]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-09 02:43]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 01:01]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-17 03:46:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 3:47:00
ComboFix-quarantined-files.txt 2008-02-17 02:46:51
ComboFix2.txt 2008-02-15 18:49:24
.
2008-02-14 02:47:09 --- E O F ---

Dopuna: 17 Feb 2008 3:53

Nije nikakva frka... imam strpljenja na pretek. Smile))

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

skeniraj ponovo sa HijackThis-om i postavi log.

offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

Logfile of HijackThis v1.99.1
Scan saved at 16:37:14, on 17.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608-)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\K-Meleon\loader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Vypress Chat\VyChat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mafioso\Desktop\New Folder\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: K-Meleon Loader.lnk = C:\Program Files\K-Meleon\loader.exe
O4 - Global Startup: Vypress Chat StartUp.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1259E270-DA18-479D-9CBF-5AFFE3158448}: NameServer = 192.168.250.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Dopuna: 17 Feb 2008 16:41

evo loga, again...

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

jel se nesto promenilo ili se jos uvek pojavljuje ono sto si postavio na prvim slikama?

offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

E sorry, ja nisam ni obratio paznju sad kad sam ukljucio komp.
NEMA VISE ANTICHRISTA!!!!!!!
PROBLEM JE RESEN!!!!!!!!

VELIKO HVALA!!!!

Ako postoji neki nacin da ti se oduzim slobodno reci.

P.S. Da li ovaj file "CFScript" mogu da iskoristim i kod drugara ili mora da se uradi novi (za svaki komp posebno) ?

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

bilo bi dobro da i kod njega startujes hj i ComboFix jer je moguce da fajlovi nemaju ista imena pa nece moci da ih izbrise.

offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

OK, probacu. HVALA jos jednom.

P.S. Forum je super ( moze dosta da se nauci ). Samo nastavite tako super ste.

PozZ

Ko je trenutno na forumu
 

Ukupno su 1387 korisnika na forumu :: 27 registrovanih, 3 sakrivenih i 1357 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Alibaba1981, bestguarder, Bobrock1, croato, Dimitrise93, GandorCC, Georgius, jackreacher011011, janbo, Koca Popovic, laki_bb, loon123, Luka Blažević, M1los, Mi lao shu, milimoj, Milometer, mrav pesadinac, Trpe Grozni, Tvrtko I, Vatreni Zmaj, VJ, Vlada1389, Volkhov-M, W123, zlaya011, zzapNDjuric99