MyCity » Ambulanta -> Arhiva Ambulante » posle trojanca...

posle trojanca...

Napisano na dan: 5.11.2007

Strana:
1
2
3

posle trojanca...

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Delete Poslao: 05 Nov 2007 18:00 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jedva se resih nekog trojanca kojeg mi je nakacio mali komsija, a sad me zadesilo opet nesto. Niti mogu da menjam pozadinu na desktopu, povremeno ni taskbar ne radi, racunar nece da se iskljuci odgovarajucom procedurom, nego moram da ga iskljucim drzanjem dugmeta na kucistu, isto vazi i za restart. Skenirala sam pa ako moze neko da pogleda... Logfile of HijackThis v1.99.1 Scan saved at 5:57:18 PM, on 11/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\zerocool\Desktop\New Folder\TR3.exe.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKCU\..\Run: [noskrnl] C:\WINDOWS\noskrnl.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ati2paag - C:\WINDOWS\SYSTEM32\ati2paag.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe

Profil

bobby Poslao: 05 Nov 2007 18:24 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

Delete Poslao: 06 Nov 2007 01:38 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Tokom rada se aktivirao Norton i izbacivao je ovo: A kad smo taj problemcic "resili" usledio je ovaj log: ComboFix 07-11-01.1** - zerocool 2007-11-06 1:16:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.265 [GMT 1:00] Running from: C:\Documents and Settings\zerocool\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\7_exception.nls C:\WINDOWS\system32\ati2paag.dll C:\WINDOWS\system32\ati2psag.sys C:\WINDOWS\system32\center.exe C:\WINDOWS\system32\hrpdcf.bin C:\WINDOWS\system32\kl80.bin C:\WINDOWS\Temp\2130192234.exe C:\WINDOWS\Temp\31751823.exe C:\WINDOWS\Temp\323215653.exe C:\WINDOWS\Temp\416893350.exe C:\WINDOWS\Temp\817982033.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ATI2PSAG -------\LEGACY_DRIVER -------\LEGACY_FCI -------\LEGACY_PROTECT -------\LEGACY_RUNTIME -------\LEGACY_SYSLIBRARY -------\ati2psag -------\Driver -------\FCI -------\SysLibrary ((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 ))))))))))))))))))))))))))))))) . 2007-11-06 01:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-03 09:37 <DIR> d--h----- C:\WINDOWS\PIF 2007-11-03 09:30 <DIR> d-------- C:\Program Files\Xilisoft 2007-11-01 13:36 437,528 --a------ C:\WINDOWS\system32\401COMUPD.EXE 2007-11-01 13:35 144,384 --a------ C:\WINDOWS\system32\DCCMSP32.DLL 2007-11-01 13:35 104,960 --a------ C:\WINDOWS\system32\DCCEXT32.DLL 2007-11-01 13:35 37,888 --a------ C:\WINDOWS\system32\DCCWFP32.DLL 2007-11-01 13:34 <DIR> d-------- C:\Program Files\Common Files\Novell Shared 2007-11-01 13:34 5,350,912 --a------ C:\WINDOWS\system32\Crpe32.dll 2007-11-01 13:34 229,888 --a------ C:\WINDOWS\system32\Crpaig32.dll 2007-11-01 13:34 159,744 --a------ C:\WINDOWS\system32\MFCANS32.DLL 2007-11-01 13:34 132,608 --a------ C:\WINDOWS\system32\WFXMNTHQ.DLL 2007-11-01 13:34 131,072 --a------ C:\WINDOWS\system32\WFXMNT40.DLL 2007-11-01 13:34 129,536 --a------ C:\WINDOWS\system32\WFXSVC.EXE 2007-11-01 13:34 43,520 -ra------ C:\WINDOWS\system32\WFXSNT40.EXE 2007-11-01 13:34 17,920 --a------ C:\WINDOWS\system32\IMPLODE.DLL 2007-11-01 13:34 51 --a------ C:\WINDOWS\WFXDEL.BAT 2007-11-01 13:21 34,354 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS 2007-11-01 13:20 31,744 --a------ C:\WINDOWS\system32\S32STAT.DLL 2007-11-01 13:19 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll 2007-11-01 13:19 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-11-01 13:19 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll 2007-11-01 13:19 182,784 --a------ C:\WINDOWS\system32\ddao35.dll 2007-11-01 13:19 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll 2007-11-01 13:19 94,208 --a------ C:\WINDOWS\system32\qdcsinet.dll 2007-11-01 13:19 86,016 --a------ C:\WINDOWS\system32\apitrap.dll 2007-11-01 13:19 24,848 --a------ C:\WINDOWS\system32\msjter35.dll 2007-11-01 13:19 13,792 --a------ C:\WINDOWS\system32\drivers\qdfsdrv.sys 2007-11-01 13:17 <DIR> d-------- C:\Program Files\Symantec 2007-11-01 13:17 <DIR> d-------- C:\Program Files\Norton SystemWorks 2007-11-01 13:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-11-01 13:17 <DIR> d-------- C:\Documents and Settings\zerocool\Application Data\Symantec 2007-11-01 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-01 13:17 57,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-01 13:17 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-01 13:17 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL 2007-11-01 12:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator 2007-11-01 12:16 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll 2007-11-01 12:16 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-11-01 12:16 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-11-01 11:33 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-11-01 11:33 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-01 11:33 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-01 11:33 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-10-31 18:21 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-10-31 14:51 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-10-31 14:51 <DIR> d-------- C:\Documents and Settings\zerocool\Application Data\PC Tools 2007-10-31 14:51 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-31 14:51 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-31 14:51 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-31 14:51 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-31 14:51 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-31 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-31 12:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-10-31 12:04 63,600 --a------ C:\WINDOWS\system32\seccent.exe 2007-10-31 12:04 26,736 --a------ C:\WINDOWS\system32\errorcheg.exe 2007-10-31 12:02 17,936 --a------ C:\WINDOWS\system32\frmwrk.exe 2007-10-30 22:56 7 --a------ C:\WINDOWS\system32\ngxt.bin 2007-10-30 22:53 4,608 --a------ C:\WINDOWS\system32\drivers\ntoss.sys 2007-10-30 22:53 2,464 --a------ C:\WINDOWS\system32\drivers\ntosnh.sys 2007-10-28 23:18 <DIR> d-------- C:\Documents and Settings\zerocool\Application Data\Media Player Classic 2007-10-28 21:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-10-28 20:41 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-10-28 18:20 <DIR> d-------- C:\Program Files\MatroskaProp 2007-10-28 18:19 <DIR> d-------- C:\Program Files\Matroska Pack 2007-10-26 15:48 <DIR> d-------- C:\Program Files\MobiK 2007-10-26 13:34 129,784 --a------ C:\WINDOWS\system32\pxafs.dll 2007-10-23 15:33 <DIR> d-------- C:\Documents and Settings\zerocool\Shared 2007-10-23 15:33 <DIR> d-------- C:\Documents and Settings\zerocool\Incomplete 2007-10-23 15:33 <DIR> d-------- C:\Documents and Settings\zerocool\Application Data\LimeWire 2007-10-22 14:40 <DIR> d-------- C:\WINDOWS\Sun 2007-10-20 12:05 <DIR> d-------- C:\Program Files\GameHouse 2007-10-18 17:39 332 --a------ C:\WINDOWS\desctemp.dat 2007-10-18 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth 2007-10-18 17:35 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-10-18 17:35 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-10-18 17:35 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-10-18 17:34 <DIR> d-------- C:\Program Files\IVT Corporation 2007-10-17 23:42 <DIR> d-------- C:\Program Files\Winamp 2007-10-16 22:42 <DIR> d-------- C:\Program Files\dellete 2007-10-16 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-10-16 11:28 <DIR> d-------- C:\Documents and Settings\zerocool\Application Data\uTorrent 2007-10-15 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-10-15 22:03 <DIR> d-------- C:\Program Files\Yahoo! 2007-10-15 21:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-10-15 21:57 <DIR> d-------- C:\Program Files\MSN Messenger 2007-10-15 21:57 <DIR> d-------- C:\Documents and Settings\zerocool\Contacts 2007-10-15 21:54 <DIR> d-------- C:\Program Files\Java 2007-10-15 21:38 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-15 21:37 <DIR> d-------- C:\Program Files\LimeWire 2007-10-15 21:05 <DIR> d-------- C:\Program Files\Opera 2007-10-15 21:03 <DIR> d-------- C:\Program Files\uTorrent 2007-10-15 21:01 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-10-15 20:45 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-15 20:40 <DIR> d-------- C:\Program Files\Lavasoft 2007-10-15 20:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-15 20:40 <DIR> d-------- C:\Documents and Settings\zerocool\Application Data\Lavasoft 2007-10-15 20:12 <DIR> d-------- C:\Documents and Settings\zerocool\Application Data\Ahead 2007-10-15 20:10 <DIR> d-------- C:\Program Files\Nero 2007-10-15 20:10 <DIR> d-------- C:\Program Files\Common Files\Ahead . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-18 16:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-15 18:49 --------- d-----w C:\Program Files\ATI Technologies 2007-10-15 18:47 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-15 18:42 --------- d-----w C:\Program Files\Crystal Player 2007-10-15 18:37 --------- d-----w C:\Program Files\XviD 2007-10-15 18:37 --------- d-----w C:\Program Files\The Playa 2007-10-15 18:37 --------- d-----w C:\Program Files\DivXCodec 2007-10-15 18:37 --------- d-----w C:\Program Files\DivX 2007-10-15 18:20 --------- d-----w C:\Program Files\SiS7012 2007-10-15 18:13 --------- d-----w C:\Program Files\PowerQuest 2007-10-15 17:21 --------- d-----w C:\Program Files\microsoft frontpage 2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-09-04 17:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NWEReboot"="" [] "NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 09:09] "WFXSwtch"="C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe" [2001-07-19 08:04] "WinFaxAppPortStarter"="wfxsnt40.exe" [2001-07-19 08:04 C:\WINDOWS\system32\WFXSNT40.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "noskrnl"="C:\WINDOWS\noskrnl.exe" [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS R3 QDFSDRV;QDFSDRV;\??\C:\WINDOWS\system32\drivers\qdfsdrv.sys R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys S3 ntosnh.sys;ntosnh.sys;\??\C:\WINDOWS\system32\drivers\ntosnh.sys S3 ntoss.sys;ntoss.sys;\??\C:\WINDOWS\system32\drivers\ntoss.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\NCDSTART.EXE . Contents of the 'Scheduled Tasks' folder "2007-11-02 21:47:24 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" "2007-11-02 16:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job" "2007-11-06 00:20:54 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************ catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2007-11-06 01:20:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\temp scan completed successfully hidden files: 1 ************************************************************************ . Completion time: 2007-11-06 1:33:56 - machine was rebooted . --- E O F ---

Profil

bobby Poslao: 06 Nov 2007 17:39 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skinuti SDFix na Desktop. Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakovanju. Restartovati kompjuter u Safe Mode Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat Stisnuti Y da bi se zapocelo skeniranje Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan Pritisnuti bilo koji taster da bi se kompjuter restartovao Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan Iskopirati izvestaj u poruku na forumu, i postaviti i nov log programa HijackThis

Profil

Delete Poslao: 06 Nov 2007 19:30 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SDFix: Version 1.113 Run by Administrator on Tue 11/06/2007 at 07:19 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: noskrnl ntosnh.sys ntoss.sys ImagePath: \??\C:\WINDOWS\system32\noskrnl.sys \??\C:\WINDOWS\system32\drivers\ntosnh.sys \??\C:\WINDOWS\system32\drivers\ntoss.sys noskrnl - Deleted ntosnh.sys - Deleted ntoss.sys - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\alert_icon.gif - Deleted C:\WINDOWS\system32\b.gif - Deleted C:\WINDOWS\system32\backtomsn.gif - Deleted C:\WINDOWS\system32\backtomsn.jpg - Deleted C:\WINDOWS\system32\classifields.gif - Deleted C:\WINDOWS\system32\close_icon.gif - Deleted C:\WINDOWS\system32\down_arrow.gif - Deleted C:\WINDOWS\system32\errorcheg.exe - Deleted C:\WINDOWS\system32\frmwrk.exe - Deleted C:\WINDOWS\system32\google.htm - Deleted C:\WINDOWS\system32\header_bg.gif - Deleted C:\WINDOWS\system32\hf_en-US.js - Deleted C:\WINDOWS\system32\home.htm - Deleted C:\WINDOWS\system32\icon_warning.gif - Deleted C:\WINDOWS\system32\images.gif - Deleted C:\WINDOWS\system32\jewel.png - Deleted C:\WINDOWS\system32\l_sb.css - Deleted C:\WINDOWS\system32\l_sb_c.js - Deleted C:\WINDOWS\system32\ma_search_1.gif - Deleted C:\WINDOWS\system32\maps.gif - Deleted C:\WINDOWS\system32\more.gif - Deleted C:\WINDOWS\system32\msn.htm - Deleted C:\WINDOWS\system32\news.gif - Deleted C:\WINDOWS\system32\passport.gif - Deleted C:\WINDOWS\system32\remove_spyware_button.gif - Deleted C:\WINDOWS\system32\search.css - Deleted C:\WINDOWS\system32\sec.htm - Deleted C:\WINDOWS\system32\seccent.exe - Deleted C:\WINDOWS\system32\secuity_center_logo.gif - Deleted C:\WINDOWS\system32\SrchBtn.gif - Deleted C:\WINDOWS\system32\toolbar_bg.gif - Deleted C:\WINDOWS\system32\toolbar_corner_left.gif - Deleted C:\WINDOWS\system32\toolbar_corner_right.gif - Deleted C:\WINDOWS\system32\warn.htm - Deleted C:\WINDOWS\system32\web.gif - Deleted C:\WINDOWS\system32\yahoo.htm - Deleted C:\WINDOWS\system32\ysch_srp_gsp2_20070621.js - Deleted C:\WINDOWS\system32\yschx_20070405.css - Deleted C:\WINDOWS\system32\drivers\ntosnh.sys - Deleted C:\WINDOWS\system32\drivers\ntoss.sys - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2007-11-06 19:25:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Thu 23 Aug 2001 24,448 A.SHR --- "C:\NTBOOTDD.SYS" Finished! Dopuna: 06 Nov 2007 19:30 Logfile of HijackThis v1.99.1 Scan saved at 7:29:30 PM, on 11/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\3wPlayer\wakeservice.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\zerocool\Desktop\New Folder\TR3.exe.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [Inter bib audio army] C:\Documents and Settings\All Users\Application Data\setup film inter bib\Window Burn.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [3wPlayer Service] C:\Program Files\3wPlayer\wakeservice.exe O4 - HKCU\..\Run: [BoneAmen] C:\DOCUME~1\zerocool\APPLIC~1\IdolFork\Book knob.exe O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe

Profil

bobby Poslao: 06 Nov 2007 19:39 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa dobro, muko moja, sto instalira 3wPlayer? Pricali smo vec par puta da je taj program pun malwarea k'o pas buva. 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

Profil

Delete Poslao: 06 Nov 2007 22:41 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SmitFraudFix v2.250 Scan done at 22:31:22.20, Tue 11/06/2007 Run from C:\Documents and Settings\zerocool\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D1FA88-C3B4-4A4B-8B96-E9F6841725D3}: DhcpNameServer=77.239.64.19 77.239.64.20 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D1FA88-C3B4-4A4B-8B96-E9F6841725D3}: DhcpNameServer=77.239.64.19 77.239.64.20 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E2D1FA88-C3B4-4A4B-8B96-E9F6841725D3}: DhcpNameServer=77.239.64.19 77.239.64.20 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=77.239.64.19 77.239.64.20 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=77.239.64.19 77.239.64.20 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=77.239.64.19 77.239.64.20 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Dopuna: 06 Nov 2007 22:41 Logfile of HijackThis v1.99.1 Scan saved at 10:39:37 PM, on 11/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\3wPlayer\wakeservice.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\zerocool\Desktop\New Folder\TR3.exe.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [Inter bib audio army] C:\Documents and Settings\All Users\Application Data\setup film inter bib\Window Burn.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [3wPlayer Service] C:\Program Files\3wPlayer\wakeservice.exe O4 - HKCU\..\Run: [BoneAmen] C:\DOCUME~1\zerocool\APPLIC~1\IdolFork\Book knob.exe O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe

Profil

bobby Poslao: 09 Nov 2007 08:17 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restartuj komp u Safe Mode prema ldledecem uputstvu: [Link mogu videti samo ulogovani korisnici] Obrisi sledeci folder: C:\Program Files\3wPlayer\ Restartuj u normalan mod. Preuzmi program No Lop. [Link mogu videti samo ulogovani korisnici] 1.) Ugasi sve ostale programe koji su pokrenuti u "pozadini" 2.) Dupli klik na NoLop.exe 3.) Klikni na Search and Destroy 4.) Kada je skeniranje završeno, u slučaju da si zaražen, tražiće da restartuješ računar 4.) Klikni na REBOOT Trebalo bi da se pojavi NoLop pop-up poruka, ako ne-ponovo dupli klik na NoLop.exe da bi čišćenje bilo završeno Nakon toga, postuj nam sadržaj C:\NoLop.log i svež HijackThis log Napomena: Ako se pojavi greška, da mscomctl.ocx ili neki od fajlova nisu tačno registrovani, downloaduj ovaj fajl u svoj system32 folder i onda pokreni program: [Link mogu videti samo ulogovani korisnici]

Profil

Delete Poslao: 09 Nov 2007 15:10 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\zerocool\Desktop [11/9/2007] [3:03:25 PM] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\A9A5C2BE918E7A06.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... Fix Complete! ---Listing AppData sub directories--- C:\Documents and Settings\Administrator\Application Data\Lavasoft C:\Documents and Settings\Administrator\Application Data\Microsoft C:\Documents and Settings\Administrator\Application Data\Mozilla C:\Documents and Settings\Administrator\Application Data\Spyware Terminator C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Bluetooth C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Setup Film Inter Bib C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Winzip C:\Documents and Settings\All Users\Application Data\Yahoo! C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Zerocool\Application Data\Adobe C:\Documents and Settings\Zerocool\Application Data\Ahead C:\Documents and Settings\Zerocool\Application Data\Identities C:\Documents and Settings\Zerocool\Application Data\Idolfork C:\Documents and Settings\Zerocool\Application Data\Lavasoft C:\Documents and Settings\Zerocool\Application Data\Limewire C:\Documents and Settings\Zerocool\Application Data\Macromedia C:\Documents and Settings\Zerocool\Application Data\Media Player Classic C:\Documents and Settings\Zerocool\Application Data\Microsoft C:\Documents and Settings\Zerocool\Application Data\Mozilla C:\Documents and Settings\Zerocool\Application Data\Pc Tools C:\Documents and Settings\Zerocool\Application Data\Sun C:\Documents and Settings\Zerocool\Application Data\Symantec C:\Documents and Settings\Zerocool\Application Data\Utorrent Dopuna: 09 Nov 2007 15:10 Logfile of HijackThis v1.99.1 Scan saved at 3:07:40 PM, on 11/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\zerocool\Desktop\New Folder\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [Inter bib audio army] C:\Documents and Settings\All Users\Application Data\setup film inter bib\find meal.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BoneAmen] C:\DOCUME~1\zerocool\APPLIC~1\IdolFork\Book knob.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe

Profil

bobby Poslao: 09 Nov 2007 15:30 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Spakuj mi u jedan ZIP kompletan sadrzaj sledeceg foldera: C:\Documents and Settings\Zerocool\Application Data\Idolfork Folder nije vidljiv, tako da je potrebno ukljuciti prikaz skrivenih fajlova: [Link mogu videti samo ulogovani korisnici] Uploaduj mi taj ZIP preko sledece forme: [Link mogu videti samo ulogovani korisnici]

Profil

MyCity » Ambulanta -> Arhiva Ambulante » posle trojanca...

Ko je trenutno na forumu

Ukupno su 1461 korisnika na forumu :: 18 registrovanih, 2 sakrivenih i 1441 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: BB, Borkanović, comi, crnirocko, havoc995, ILGromovnik, kaskadija, koom0001, Koridor, MikeHammer, N.e.m.a.nj.a., pein, Polifon, PrincipL, sekretar, Slavian, sova72, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by