MyCity » Ambulanta -> Arhiva Ambulante » [ antichrist ]

[ antichrist ]

Napisano na dan: 15.2.2008
1

[ antichrist ]
Sledeća strana Pagination

Idi na vrh

Poslao: 15 Feb 2008 04:31
Idi na vrh
offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

Pomoc!!! Ludim vec vise dana zbog ovog. Ovaj problem ima jos nekoliko mojih prijatelja, a pri tom nismo razmenjivali nikakve file-ove. Na kompu od zastite imam samo AVIRU, a oni koriste NOD32. Ako neko zna kako da uklonimo ovo neka javi. I ako bi trebalo instalirati jos nesto pored AVIRE/NOD32 dajte neki predlog. U napred HVALA!!!




Poslao: 15 Feb 2008 05:17
Idi na vrh
offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

procitaj ovu temu i postavi hj log

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 15 Feb 2008 05:35
Idi na vrh
offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

Logfile of HijackThis v1.99.1
Scan saved at 5:26:46, on 15.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608-)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Di recnik\Di.exe
C:\Documents and Settings\mafioso\Desktop\New Folder\TR3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer [Day of judgment]
F2 - REG:system.ini: Shell=Explorer.exe shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\media\wma.exe
F2 - REG:system.ini: UserInit=userinit.exe,sys.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [blank] C:\WINDOWS\system32\blank.htm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: K-Meleon Loader.lnk = C:\Program Files\K-Meleon\loader.exe
O4 - Global Startup: Vypress Chat StartUp.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1259E270-DA18-479D-9CBF-5AFFE3158448}: NameServer = 192.168.250.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Dopuna: 15 Feb 2008 5:35

Evo, pogledao sam temu i uradio sve kako je tamo napisano. Ako postoji neko resenje, pomozi. Hvala jos jednom.

Poslao: 15 Feb 2008 05:49
Idi na vrh
offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

Zamolio bih te da mi spakuješ sledeće fajlove u jedan ZIP:

O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm

Uploaduj mi te fajlove preko sledeće forme:
http://www.mycity.rs/ambulanta-upload.php

Poslao: 15 Feb 2008 06:03
Idi na vrh
offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

uspeo sam da izvucem samo ovaj file C:\WINDOWS\system32\viwc.exe
ova druga dva ne mogu, jer su verovatno hidden file, a ja sam kao neki debil instalirao onaj vista transformation pack 8.0.1 i ne znam kako da dodjem do onih folder options-a da bi chekirao ono show hiden files and folders. ako znas kao reci Sad(



Poslao: 15 Feb 2008 06:13
Idi na vrh
offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

nisam ga koristio pa nisam siguran kako tu menjas hiden.

ako imas Total Commander ides na configuration pa options izaberes display odmah prva opcija ti je show hidden/system files

Poslao: 15 Feb 2008 06:55
Idi na vrh
offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

Evo ova dva
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [blank] C:\WINDOWS\system32\blank.htm - ovaj je hidden
ovog nema O4 - HKCU\..\Run: [hlps] C:\WINDOWS\Help\hlps.exe - u folderu C:\WINDOWS\Help\ nemam ni jedan exe file. Sorry sto si cekao ovoliko. Ako imas predlog kako da nadjem ovaj exe file, reci.

Poslao: 15 Feb 2008 16:55
Idi na vrh
offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 15 Feb 2008 20:05
Idi na vrh
offline
  • Pridružio: 15 Feb 2008
  • Poruke: 12
  • Gde živiš: Beograd

ComboFix 08-02-15.2 - mafioso 2008-02-15 19:47:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.672 [GMT 1:00]
Running from: C:\Documents and Settings\mafioso\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
C:\WINDOWS\system32\pskill.exe
D:\Autorun.inf
G:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-15 06:41 . 2008-02-12 11:38 917 --ahs---- C:\WINDOWS\system32\blank.htm
2008-02-15 06:29 . 2008-02-15 06:31 <DIR> d-------- C:\Program Files\totalcmd
2008-02-15 06:29 . 2008-02-15 06:58 1,407 --a------ C:\WINDOWS\wincmd.ini
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-14 21:27 . 2008-02-14 21:27 <DIR> d-------- C:\Program Files\Your Freedom
2008-02-14 20:54 . 2008-02-14 21:09 <DIR> d-------- C:\Program Files\Etlin HTTP Proxy
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\PlayFirst
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-12 01:48 . 2008-02-12 01:48 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\iWin
2008-02-12 01:47 . 2008-02-12 01:47 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 23:41 . 2008-02-11 23:41 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\Wireshark
2008-02-11 23:24 . 2008-02-11 23:24 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\gtk-2.0
2008-02-10 22:06 . 2007-12-07 03:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 22:06 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 22:06 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 22:06 . 2007-12-07 03:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 22:06 . 2007-12-07 03:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 22:06 . 2007-12-07 03:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 22:06 . 2007-12-07 03:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 22:06 . 2007-12-07 03:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 22:06 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 16:44 . 2008-02-10 16:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 04:24 . 2008-02-10 04:24 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\vlc
2008-02-10 04:14 . 2008-02-10 04:14 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\ViStart
2008-02-10 04:11 . 2008-02-15 19:44 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\WinFlip
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\VisualTooltip
2008-02-10 04:11 . 2008-02-15 19:44 <DIR> d-------- C:\Program Files\ViStart
2008-02-10 04:11 . 2008-02-10 04:14 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\ViOrb
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\TrueTransparency
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\Styler
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\LClock
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\Styler
2008-02-10 04:11 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
2008-02-10 04:11 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
2008-02-10 04:11 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-02-10 04:11 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-02-10 04:07 . 2008-02-10 04:11 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-02-10 04:07 . 2008-02-10 04:11 <DIR> d-------- C:\VTPFiles
2008-02-10 04:07 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-02-10 04:07 . 2008-02-10 04:07 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-02-10 04:07 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-02-10 04:07 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-02-10 03:50 . 2008-02-12 18:33 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-02-10 03:44 . 2008-02-10 03:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-10 03:44 . 2008-02-10 03:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-10 02:55 . 2008-02-12 11:38 4,190 --ahs---- C:\WINDOWS\system32\OEMLOGO.BMP
2008-02-10 02:55 . 2008-02-12 11:38 392 --ahs---- C:\WINDOWS\system32\OEMINFO.INI
2008-02-10 01:21 . 2008-02-10 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-10 01:08 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-10 01:06 . 2008-02-10 01:06 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-10 01:05 . 2008-02-10 01:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-10 01:03 . 2008-02-10 01:03 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-10 01:02 . 2008-02-10 01:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-10 01:01 . 2008-02-10 01:01 <DIR> dr-h----- C:\MSOCache
2008-02-10 01:01 . 2008-02-14 03:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-09 22:48 . 2008-02-09 22:48 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-09 22:46 . 2008-02-09 22:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:45 . 2008-02-13 03:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-09 22:08 . 2008-02-10 01:06 <DIR> d-------- C:\Program Files\MSBuild
2008-02-09 22:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-09 22:04 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-09 19:10 . 2008-02-09 19:10 <DIR> d-------- C:\Documents and Settings\mafioso\WINDOWS
2008-02-09 19:10 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-02-09 18:57 . 2007-02-28 10:55 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-02-09 18:57 . 2007-02-28 10:53 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-02-09 18:57 . 2007-02-28 10:15 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-02-09 16:59 . 2008-02-09 17:02 <DIR> d-------- C:\Program Files\BitComet
2008-02-09 16:59 . 2008-02-09 16:59 <DIR> d-------- C:\Downloads
2008-02-09 16:59 . 2008-02-09 16:59 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-09 16:15 . 2008-02-09 16:15 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\AntiVir PersonalEdition Premium
2008-02-09 15:30 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-09 15:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-09 15:30 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-09 15:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-09 15:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-09 15:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-09 04:08 . 2008-02-09 04:08 <DIR> d-------- C:\Program Files\Wireshark
2008-02-09 04:08 . 2008-02-09 04:08 <DIR> d-------- C:\Program Files\WinPcap
2008-02-09 04:06 . 2008-02-09 04:07 <DIR> d-------- C:\Program Files\Packet Tracer 4.1
2008-02-09 04:02 . 2008-02-09 04:05 <DIR> d-------- C:\CISCO_CCNA
2008-02-09 03:58 . 2008-02-09 03:58 <DIR> d-------- C:\Program Files\Ligos
2008-02-09 03:58 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-02-09 03:58 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-02-09 03:57 . 1998-10-29 19:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-09 03:55 . 2008-02-09 03:55 <DIR> d-------- C:\WINDOWS\speech
2008-02-09 03:55 . 2008-02-09 03:55 <DIR> d-------- C:\WINDOWS\Lhsp
2008-02-09 03:55 . 2008-02-15 05:59 <DIR> d-------- C:\Program Files\Di recnik
2008-02-09 03:55 . 2002-02-01 19:00 1,497,088 --a------ C:\WINDOWS\system32\cc3260mt.dll
2008-02-09 03:55 . 2003-01-30 05:04 1,412,608 --a------ C:\WINDOWS\system32\cc3260.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 02:46 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-09 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 00:34 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-02-09 00:34 --------- d-----w C:\Program Files\Realtek AC97
2008-02-09 00:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-09 00:34 --------- d-----w C:\Program Files\AvRack
2008-02-09 00:30 --------- d-----w C:\Program Files\ATI Technologies
2008-02-09 00:24 --------- d-----w C:\Program Files\Intel
2008-02-09 00:08 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 13:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"hlps"="C:\WINDOWS\Help\hlps.exe" [ ]
"viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 05:56 329029]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"blank"="C:\WINDOWS\system32\blank.htm" [2008-02-12 11:38 917]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-09 02:43 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"blank"="C:\WINDOWS\system32\blank.htm" [2008-02-12 11:38 917]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\mafioso\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-09 02:18:41 155648]
K-Meleon Loader.lnk - C:\Program Files\K-Meleon\loader.exe [2007-04-16 02:41:00 32768]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Vypress Chat StartUp.lnk - C:\WINDOWS\Installer\{32230531-F971-468F-9BD4-7C3369F3468B}\iconVCAdvertised.exe [2008-02-09 03:14:14 12390]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeCaption"="[Antichrist]"
"LegalNoticeText"="[Day of judgment]"
"LogonPrompt"="[Day of judgment]"
"Welcome"="[Antichrist]"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blank]
--ahs---- 2008-02-12 11:38 917 C:\WINDOWS\system32\blank.htm

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-02-09 02:43]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-09 02:43]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 01:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\automenu.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-15 19:48:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\ViStart\MainHook.Dll
-> C:\Program Files\LClock\LC.dll
.
Completion time: 2008-02-15 19:49:23
ComboFix-quarantined-files.txt 2008-02-15 18:49:14
.
2008-02-14 02:47:09 --- E O F ---

Dopuna: 15 Feb 2008 19:58

evo log-a. PozZ

Dopuna: 15 Feb 2008 20:05

I naravno hvala sto ulazes napor da resis ovaj problem. Verujem da ima jos mnogo ljudi koji imaju ovakav problem. Najgore od svega je sto neznam ni kako sam navukao ovo, sta li sam to skinuo, znam da su ovi moji prijatelji to navukli preko nekog diska ali ne znaju sta su to prebaivali.

Poslao: 15 Feb 2008 20:07
Idi na vrh
offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

DeXteritY ja necu biti tu veceras imam nekih obaveza, pa cu pregledati log tek kad se vratim. Da te obavestim da ne bi cekao.

MyCity » Ambulanta -> Arhiva Ambulante » [ antichrist ]

Ko je trenutno na forumu
 

Ukupno su 920 korisnika na forumu :: 4 registrovanih, 1 sakriven i 915 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, JanaH, Marko Marković, zlaya011