Problem sa ucitavanjem klipova...

Problem sa ucitavanjem klipova...

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 26

Klipovi sa youtube-a mi se ne ucitavaju celi, vec posle nekog vremena se prekine ucitavanje a prikazuje se kao da je ceo klip ucitan...
Evo log-a:

Logfile of HijackThis v1.99.1
Scan saved at 1:12:54, on 19.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Program Files\Opera\Opera.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\dmitko\My Documents\Programi\tr3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = live.com/
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {E72CFC93-BAE3-8D60-85D1-129993AAC8B9} (UImageUploader Class) - perfspot.com/u/UImageUploaderXP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91D0F68B-125D-4145-9850-71ECD1B2E4B1}: NameServer = 85.255.115.116,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3301FAB-13A8-4A7E-BE39-C39FA43B0B1C}: NameServer = 85.255.115.116,85.255.112.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.116 85.255.112.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...




Preuzmi FixWareOut.
Dvoklikom pokreni Fixwareout.exe
U prozoru koji se otvori, klikni Next >, a nakon toga Install
Kada instalacija bude gotova, klikni Finish
Otvoriće se prozor - pritisni bilo koji taster za nastavak
Kada se pojavi upit o restartovanju kompjutera, klikni OK
Kompjuter će se restartovati, nakon čega će biti nastavljen proces čišćenja
Kada se pojavi obaveštenje o započinjanju čišćenja, klikni OK
Kada proces bude završen, pojaviće se obaveštenje koje treba zatvoriti klikom na OK i otvoriće se logfile (D:\fixwareout\report.txt) u Notepad-u koji je potrebno iskopirati u temu na forumu




-------------------------------------------------------------------------------------




Zatim skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.

Sledi uputstva na ekranu. Kada zavrsi pojavice se log (D:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 26

Evo rezultata scana sa fixwareout-om:

Username "dmitko" - 19.03.2008 23:55:59 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdzta.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.116 85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{91D0F68B-125D-4145-9850-71ECD1B2E4B1}
"nameserver"="85.255.115.116,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A3301FAB-13A8-4A7E-BE39-C39FA43B0B1C}
"nameserver"="85.255.115.116,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{91D0F68B-125D-4145-9850-71ECD1B2E4B1}
"DhcpNameServer"="85.255.115.116,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{98E91F12-EFE5-427B-A55A-E07479150317}
"DhcpNameServer"="85.255.115.116,85.255.112.222" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
D:\WINDOWS\TEMP\kdzta.ren 73773 13.06.2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"egui"="\"D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice"
"QuickTime Task"="\"D:\\WINDOWS\\system32\\qttask.exe\" -atboottime"
"Adobe Reader Speed Launcher"="\"D:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="D:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"SpybotSD TeaTimer"="D:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"msnmsgr"="\"D:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Dopuna: 20 Mar 2008 0:46

Evo i loga iz combo-fixa:

ComboFix 08-03-18.1 - dmitko 2008-03-20 0:24:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.92 [GMT 1:00]
Running from: D:\Documents and Settings\dmitko\My Documents\Programi\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\dmitko\Start Menu\Programs\ChristmasPorn
D:\Documents and Settings\dmitko\Start Menu\Programs\ChristmasPorn\Uninstall.lnk
D:\Program Files\ChristmasPorn
D:\Program Files\ChristmasPorn\Uninstall.exe
D:\WINDOWS\SW_Win2146X32.DLL
D:\WINDOWS\system32\windows

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-19 23:55 . 2008-03-20 00:01 <DIR> d-------- D:\fixwareout
2008-03-16 18:47 . 2008-03-16 18:47 <DIR> d-------- D:\Program Files\Motherboard Monitor 5
2008-03-16 18:47 . 2004-04-10 09:42 2,944 --a------ D:\WINDOWS\system32\mbmiodrvr.sys
2008-03-04 03:09 . 2008-03-04 03:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\InterAction studios
2008-03-04 03:07 . 2008-03-04 03:07 <DIR> d-------- D:\Program Files\ReflexiveArcade
2008-03-04 03:07 . 2008-03-04 03:08 <DIR> d-------- D:\Program Files\Chicken Invaders 3
2008-03-02 13:43 . 2008-03-16 23:08 <DIR> d-------- D:\Documents and Settings\dmitko\.scribus
2008-03-02 13:40 . 2008-03-02 13:41 <DIR> d-------- D:\Program Files\Scribus 1.3.3.11
2008-02-28 00:52 . 2008-02-28 00:52 <DIR> d-------- D:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 23:22 --------- d-----w D:\Program Files\Counter-Strike 1.6
2008-03-12 17:03 --------- d-----w D:\Program Files\MicroDVD
2008-03-02 18:43 --------- d-----w D:\Program Files\FrostWire
2008-03-02 13:38 --------- d-----w D:\Documents and Settings\dmitko\Application Data\FrostWire
2008-02-17 17:07 --------- d-----w D:\Program Files\Google
2008-02-16 16:16 45,056 ----a-w D:\WINDOWS\NCUNINST.EXE
2008-02-11 23:41 --------- d-----w D:\Documents and Settings\dmitko\Application Data\Soldat
2008-02-11 23:29 --------- d-----w D:\Program Files\Common Files\Adobe
2008-02-08 01:24 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-02-08 01:23 --------- d-----w D:\Program Files\Windows Live Favorites
2008-02-08 01:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-02-08 01:17 --------- d-----w D:\Program Files\MSN Messenger
2008-02-03 19:32 --------- d-----w D:\Program Files\AskSBar
2008-01-30 17:24 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-01-30 17:24 --------- d-----w D:\Program Files\Genius
2008-01-30 17:23 --------- d-----w D:\Program Files\Joystick driver
2008-01-30 14:13 --------- d-----w D:\Program Files\Cheating-Death
2008-01-30 01:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-30 00:33 --------- d-----w D:\Documents and Settings\dmitko\Application Data\fltk.org
2008-01-30 00:13 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-01-24 01:04 --------- d-----w D:\Program Files\Softinterface, Inc
2008-01-21 03:22 27,136 ----a-w D:\WINDOWS\~GLH0001.TMP
2008-01-21 03:22 27,136 ----a-w D:\WINDOWS\~GLH0000.TMP
2001-11-23 04:08 712,704 ----a-w D:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-02-03 20:32 66912 --a------ D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-03 20:32 267592 --a------ D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-02-03 20:32 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-02-03 20:32 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 00:54 68856]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-05 12:05 1410304]
"QuickTime Task"="D:\WINDOWS\system32\qttask.exe" [2007-12-18 00:20 98304]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\FrostWire\\FrostWire.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c971e0-a422-11dc-99ca-0018027c2248}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:46:08 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-19 23:09:08 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-20 00:31:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-20 0:41:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-19 23:41:47
ComboFix2.txt 2007-12-22 11:44:31
.
2007-12-22 02:03:37 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Upload-uj file: D:\WINDOWS\~GLH0000.TMP

preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 26

File uploadovan...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
D:\Program Files\AskSBar
D:\Program Files\MessengerDiscovery

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 26

ComboFix 08-03-18.1 - dmitko 2008-03-21 2:52:25.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.92 [GMT 1:00]Running from: D:\Documents and Settings\dmitko\My Documents\Programi\ComboFix.exe
Command switches used :: D:\Documents and Settings\dmitko\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\AskSBar
D:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
D:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
D:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
D:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
D:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
D:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
D:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
D:\Program Files\AskSBar\bar\Cache\011B6805.bin
D:\Program Files\AskSBar\bar\Cache\011B6AEA.bin
D:\Program Files\AskSBar\bar\Cache\011B6D2E.bin
D:\Program Files\AskSBar\bar\Cache\0122842D
D:\Program Files\AskSBar\bar\Cache\files.ini
D:\Program Files\AskSBar\bar\History\search2
D:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
D:\Program Files\MessengerDiscovery
D:\Program Files\MessengerDiscovery\dmitarredz@hotmail.com.nkh
D:\Program Files\MessengerDiscovery\dmitarredz@hotmail.com.psh
D:\Program Files\MessengerDiscovery\dmitarredz@hotmail.com\AlwaysAllow.mdl
D:\Program Files\MessengerDiscovery\dmitarredz@hotmail.com\AlwaysBlock.mdl
D:\Program Files\MessengerDiscovery\dmitarredz@hotmail.com\AutoReply.mdl
D:\Program Files\MessengerDiscovery\dmitarredz@hotmail.com\ContactBlocks.mdl
D:\Program Files\MessengerDiscovery\dmitarredz@hotmail.com\ContactManager.mdl
D:\Program Files\MessengerDiscovery\dmitarredz@hotmail.com\NoAlert.mdl
D:\Program Files\MessengerDiscovery\Languages\Albanian.ini
D:\Program Files\MessengerDiscovery\Languages\Deutsch.ini
D:\Program Files\MessengerDiscovery\Languages\Dutch.ini
D:\Program Files\MessengerDiscovery\Languages\Eesti.ini
D:\Program Files\MessengerDiscovery\Languages\English.ini
D:\Program Files\MessengerDiscovery\Languages\Español (Latino).ini
D:\Program Files\MessengerDiscovery\Languages\Francais.ini
D:\Program Files\MessengerDiscovery\Languages\Italiano.ini
D:\Program Files\MessengerDiscovery\Languages\Norsk.ini
D:\Program Files\MessengerDiscovery\Languages\Portugues (Brasil).ini
D:\Program Files\MessengerDiscovery\Languages\Portuguese (Portugal).ini
D:\Program Files\MessengerDiscovery\Languages\Turkish.ini
D:\Program Files\MessengerDiscovery\Loader.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe.manifest
D:\Program Files\MessengerDiscovery\MessengerDiscovery.dll
D:\Program Files\MessengerDiscovery\MessengerDiscoveryToday.exe
D:\Program Files\MessengerDiscovery\Resources\SettingsMenu_0.png
D:\Program Files\MessengerDiscovery\Resources\SettingsMenu_1.png
D:\Program Files\MessengerDiscovery\Resources\SettingsMenu_2.png
D:\Program Files\MessengerDiscovery\Resources\SettingsMenu_3.png
D:\Program Files\MessengerDiscovery\Resources\SettingsMenu_4.png
D:\Program Files\MessengerDiscovery\Resources\SettingsMenu_5.png
D:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_0.png
D:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_1.png
D:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_2.png
D:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_Left.ico
D:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_Right.ico
D:\Program Files\MessengerDiscovery\Sounds\Alert.wav
D:\Program Files\MessengerDiscovery\Sounds\Sounds Copyright.txt
D:\Program Files\MessengerDiscovery\SpellCHK.exe
D:\Program Files\MessengerDiscovery\thequince@hotmail.com.nkh
D:\Program Files\MessengerDiscovery\thequince@hotmail.com.psh
D:\Program Files\MessengerDiscovery\thequince@hotmail.com\AlwaysAllow.mdl
D:\Program Files\MessengerDiscovery\thequince@hotmail.com\ContactManager.mdl
D:\Program Files\MessengerDiscovery\unins000.dat
D:\Program Files\MessengerDiscovery\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-19 23:55 . 2008-03-20 00:01 <DIR> d-------- D:\fixwareout
2008-03-16 18:47 . 2008-03-16 18:47 <DIR> d-------- D:\Program Files\Motherboard Monitor 5
2008-03-16 18:47 . 2004-04-10 09:42 2,944 --a------ D:\WINDOWS\system32\mbmiodrvr.sys
2008-03-04 03:09 . 2008-03-04 03:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\InterAction studios
2008-03-04 03:07 . 2008-03-04 03:07 <DIR> d-------- D:\Program Files\ReflexiveArcade
2008-03-04 03:07 . 2008-03-04 03:08 <DIR> d-------- D:\Program Files\Chicken Invaders 3
2008-03-02 13:43 . 2008-03-16 23:08 <DIR> d-------- D:\Documents and Settings\dmitko\.scribus
2008-03-02 13:40 . 2008-03-02 13:41 <DIR> d-------- D:\Program Files\Scribus 1.3.3.11
2008-02-28 00:52 . 2008-02-28 00:52 <DIR> d-------- D:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 23:22 --------- d-----w D:\Program Files\Counter-Strike 1.6
2008-03-12 17:03 --------- d-----w D:\Program Files\MicroDVD
2008-03-02 18:43 --------- d-----w D:\Program Files\FrostWire
2008-03-02 13:38 --------- d-----w D:\Documents and Settings\dmitko\Application Data\FrostWire
2008-02-17 17:07 --------- d-----w D:\Program Files\Google
2008-02-16 16:16 45,056 ----a-w D:\WINDOWS\NCUNINST.EXE
2008-02-11 23:41 --------- d-----w D:\Documents and Settings\dmitko\Application Data\Soldat
2008-02-11 23:29 --------- d-----w D:\Program Files\Common Files\Adobe
2008-02-08 01:24 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-02-08 01:23 --------- d-----w D:\Program Files\Windows Live Favorites
2008-02-08 01:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-02-08 01:17 --------- d-----w D:\Program Files\MSN Messenger
2008-01-30 17:24 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-01-30 17:24 --------- d-----w D:\Program Files\Genius
2008-01-30 17:23 --------- d-----w D:\Program Files\Joystick driver
2008-01-30 14:13 --------- d-----w D:\Program Files\Cheating-Death
2008-01-30 01:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-30 00:33 --------- d-----w D:\Documents and Settings\dmitko\Application Data\fltk.org
2008-01-30 00:13 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-01-24 01:04 --------- d-----w D:\Program Files\Softinterface, Inc
2008-01-21 03:22 27,136 ----a-w D:\WINDOWS\~GLH0001.TMP
2008-01-21 03:22 27,136 ----a-w D:\WINDOWS\~GLH0000.TMP
2001-11-23 04:08 712,704 ----a-w D:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 00:54 68856]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-05 12:05 1410304]
"QuickTime Task"="D:\WINDOWS\system32\qttask.exe" [2007-12-18 00:20 98304]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\FrostWire\\FrostWire.exe"=

R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-05 12:06]
R3 iadusb;MT882;D:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"D:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);D:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 20:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-11-25 12:29]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-11-25 12:29]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-11-25 12:29]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-11-25 12:29]
S3 NtApm;NT Apm/Legacy Interface Driver;D:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 14:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35c971e0-a422-11dc-99ca-0018027c2248}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:46:08 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 01:10:35 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-21 02:56:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-21 2:57:50
ComboFix-quarantined-files.txt 2008-03-21 01:57:28
ComboFix2.txt 2008-03-19 23:41:54
ComboFix3.txt 2007-12-22 11:44:31
.
2007-12-22 02:03:37 --- E O F ---

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 26

Hvala puno...Problem je resen.

Ko je trenutno na forumu
 

Ukupno su 1247 korisnika na forumu :: 39 registrovanih, 4 sakrivenih i 1204 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, amaterSRB, Asparagus, Battlehammer, bladesu, Bobrock1, bojank, bokisha253, Botovac, Brana01, cenejac111, Centauro, DeerHunter, dencorr, dragoljub11987, Fabius, FileFinder, Griffon vulture, ILGromovnik, Ivica1102, Još malo pa deda, kunktator, kuntalo, Marko Marković, Mcdado, mnn2, opt1, procesor, rodoljub, sasa87, Srle993, stegonosa, Tvrtko I, vaso1, vladaa012, vladulns, voja64, vukovi, YU-UKI