hijacker koji "radi preko pretrazivaca"

1

hijacker koji "radi preko pretrazivaca"

offline
  • Pridružio: 13 Avg 2005
  • Poruke: 164
  • Gde živiš: Banja Luka

problem se javlja pri korištenju pretrazivaca (google, yahoo, ...)
kada ukucam neki pojam za pretragu izbaci mi rezultate normalno, ali kada kliknem na taj rezultate pretrage dobijem preusmjeravanje na neke lijeve stranice ( NPR 64.28.180.203/click.php?PHPSESSID=29D219A7B.....amp;qnaes={29D219A7-B2AC-4AF9-B6AE-743BC13077B7}&alg=0 ).
(u stvari preusmjeravanje se dešava samo na prva dva rezultata, kada kliknem na treći rezultat sve funkcioniše normalno)
Pošto koristim Firefox, pomocu No Script extenzije sam blokirao preusmjeravanje, ali to liječi samo simptom ali ne i uzrok problema.
Skenirao sam komp u safe modu sa AOL antivirusom, S&D, Ewido-om, Adaware-om -sve svjeze abdejtovano ali nista se ne pronalazi.
evo i ostalih logova
hijack this ::Logfile of HijackThis v1.99.1
Scan saved at 16:21:46, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\mladen\Desktop\H.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CRA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\SECURITY\ANTISP~1\SPYBOT~1\SPYBOT~1.4IN\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



SmitFraudFix ::
SmitFraudFix v2.124

Scan done at 14:43:13.31, Sat 08/18/2007
Run from G:\SECURITY\anti spy\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mimo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mimo\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


gmer ::
GMER 1.0.12.12011 - gmer.net
Rootkit scan 2007-08-18 05:30:29
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT Vax347b.sys ZwSetSystemPowerState
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KiDispatchInterrupt + BA 804DB92E 7 Bytes JMP F3821120 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP F381E2A0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP F381DE10 \??\C:\WINDOWS\system32\drivers\klif.sys

---- User code sections - GMER 1.0.12 ----

.text G:\SECURITY\rootkit-gmer\gmer.exe[272] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 003D59E9
.text G:\SECURITY\rootkit-gmer\gmer.exe[272] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 003D5C01
.text G:\SECURITY\rootkit-gmer\gmer.exe[272] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003D5D1E
.text G:\SECURITY\rootkit-gmer\gmer.exe[272] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 003D5B03
.text C:\WINDOWS\system32\winlogon.exe[704] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 017E59E9
.text C:\WINDOWS\system32\winlogon.exe[704] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 017E5C01
.text C:\WINDOWS\system32\winlogon.exe[704] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 017E5D1E
.text C:\WINDOWS\system32\winlogon.exe[704] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 017E5B03
.text C:\PROGRA~1\GENIUS~1\gnetmous.exe[876] ntdll.dll!NtCreateThread 7C90D7D2 3 Bytes JMP 009159E9
.text C:\PROGRA~1\GENIUS~1\gnetmous.exe[876] ntdll.dll!NtCreateThread + 4 7C90D7D6 1 Byte [ 84 ]
.text C:\PROGRA~1\GENIUS~1\gnetmous.exe[876] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes JMP 00915C01
.text C:\PROGRA~1\GENIUS~1\gnetmous.exe[876] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 1 Byte [ 84 ]
.text C:\PROGRA~1\GENIUS~1\gnetmous.exe[876] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 00915D1E
.text C:\PROGRA~1\GENIUS~1\gnetmous.exe[876] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [ 84 ]
.text C:\PROGRA~1\GENIUS~1\gnetmous.exe[876] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes JMP 00915B03
.text C:\PROGRA~1\GENIUS~1\gnetmous.exe[876] ntdll.dll!NtSetValueKey + 4 7C90E7C0 1 Byte [ 84 ]
.text C:\Program Files\AOL\Active Virus Shield\avp.exe[928] ntdll.dll!NtCreateThread 7C90D7D2 3 Bytes JMP 009159E9
.text C:\Program Files\AOL\Active Virus Shield\avp.exe[928] ntdll.dll!NtCreateThread + 4 7C90D7D6 1 Byte [ 84 ]
.text C:\Program Files\AOL\Active Virus Shield\avp.exe[928] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes JMP 00915C01
.text C:\Program Files\AOL\Active Virus Shield\avp.exe[928] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 1 Byte [ 84 ]
.text C:\Program Files\AOL\Active Virus Shield\avp.exe[928] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 00915D1E
.text C:\Program Files\AOL\Active Virus Shield\avp.exe[928] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [ 84 ]
.text C:\Program Files\AOL\Active Virus Shield\avp.exe[928] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes JMP 00915B03
.text C:\Program Files\AOL\Active Virus Shield\avp.exe[928] ntdll.dll!NtSetValueKey + 4 7C90E7C0 1 Byte [ 84 ]
.text C:\Program Files\Soft4Ever\looknstop\looknstop.exe[1116] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009F59E9
.text C:\Program Files\Soft4Ever\looknstop\looknstop.exe[1116] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 009F5C01
.text C:\Program Files\Soft4Ever\looknstop\looknstop.exe[1116] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009F5D1E
.text C:\Program Files\Soft4Ever\looknstop\looknstop.exe[1116] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 009F5B03
.text C:\WINDOWS\system32\ctfmon.exe[1148] ntdll.dll!NtCreateThread 7C90D7D2 3 Bytes JMP 009159E9
.text C:\WINDOWS\system32\ctfmon.exe[1148] ntdll.dll!NtCreateThread + 4 7C90D7D6 1 Byte [ 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[1148] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes JMP 00915C01
.text C:\WINDOWS\system32\ctfmon.exe[1148] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 1 Byte [ 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[1148] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 00915D1E
.text C:\WINDOWS\system32\ctfmon.exe[1148] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [ 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[1148] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes JMP 00915B03
.text C:\WINDOWS\system32\ctfmon.exe[1148] ntdll.dll!NtSetValueKey + 4 7C90E7C0 1 Byte [ 84 ]
.text C:\WINDOWS\explorer.exe[1380] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00B759E9
.text C:\WINDOWS\explorer.exe[1380] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00B75C01
.text C:\WINDOWS\explorer.exe[1380] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B75D1E
.text C:\WINDOWS\explorer.exe[1380] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00B75B03

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82315308
Device \Driver\nvatabus \Device\0000008f IRP_MJ_CREATE 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_CREATE_NAMED_PIPE 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_CLOSE 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_READ 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_WRITE 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_QUERY_INFORMATION 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_SET_INFORMATION 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_QUERY_EA 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_SET_EA 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_FLUSH_BUFFERS 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_QUERY_VOLUME_INFORMATION 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_SET_VOLUME_INFORMATION 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_DIRECTORY_CONTROL 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_FILE_SYSTEM_CONTROL 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_DEVICE_CONTROL 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_INTERNAL_DEVICE_CONTROL 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_SHUTDOWN 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_LOCK_CONTROL 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_CLEANUP 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_CREATE_MAILSLOT 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_QUERY_SECURITY 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_SET_SECURITY 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_POWER 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_SYSTEM_CONTROL 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_DEVICE_CHANGE 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_QUERY_QUOTA 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_SET_QUOTA 823516F8
Device \Driver\nvatabus \Device\0000008f IRP_MJ_PNP 823516F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81DEF3C8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81D695C0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81DEF3C8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81DEF3C8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_CREATE 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_CREATE_NAMED_PIPE 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_CLOSE 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_READ 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_WRITE 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_QUERY_INFORMATION 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_SET_INFORMATION 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_QUERY_EA 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_SET_EA 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_FLUSH_BUFFERS 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_QUERY_VOLUME_INFORMATION 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_SET_VOLUME_INFORMATION 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_DIRECTORY_CONTROL 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_FILE_SYSTEM_CONTROL 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_DEVICE_CONTROL 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_INTERNAL_DEVICE_CONTROL 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_SHUTDOWN 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_LOCK_CONTROL 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_CLEANUP 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_CREATE_MAILSLOT 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_QUERY_SECURITY 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_SET_SECURITY 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_POWER 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_SYSTEM_CONTROL 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_DEVICE_CHANGE 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_QUERY_QUOTA 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_SET_QUOTA 823516F8
Device \Driver\nvatabus \Device\00000090 IRP_MJ_PNP 823516F8
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 815ED1D0
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CLOSE 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_READ 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_WRITE 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_INFORMATION 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_EA 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_EA 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SHUTDOWN 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_LOCK_CONTROL 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CLEANUP 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_SECURITY 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_SECURITY 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_POWER 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_QUOTA 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_QUOTA 823516F8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_PNP 823516F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81D69540
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81D69540
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81D6C358
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81E0A740
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSE 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_READ 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 81DFBBF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL

offline
  • Pridružio: 13 Avg 2005
  • Poruke: 164
  • Gde živiš: Banja Luka

Catchme je pronašao skriveni fajl, na jottiju ga Antivir smatra za malware - TR/Crypt.XPACK.Gen, sophos za Mal/EncPk-AQ
evo i fajla ovdje
mycity.rs/must-login.png

Dopuna: 18 Avg 2007 19:54

izgleda da je Fixwareout riješio problem

Username "mladen" - 2007-08-18 19:45:31 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdpzf.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C15225C6-D293-4A7B-8B50-E948C628F48D}
"DhcpNameServer"="85.255.115.30,85.255.112.182" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DCD2DC9D-3755-4F4F-B2A3-1923AF8ED0C7}
"DhcpNameServer"="85.255.115.30,85.255.112.182" <Value cleared.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdpzf.ren 71232 04/07/2005

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mouseElf"="C:\\PROGRA~1\\GENIUS~1\\GNETMOUS.EXE"
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Look 'n' Stop"="\"C:\\Program Files\\Soft4Ever\\looknstop\\looknstop.exe\" -auto"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BtcMaestro]
"ModelName"="819X/93C"
"Version"="2.2.1-126A6 MUL"
"Language"=dword:00000000
"KeyboardID"=dword:00000000
"MouseID"=dword:00000000
"KeyboardSID"=dword:00000000
"MouseSID"=dword:00000000
"RxSecret"=dword:00000000
"RMenuSel"=dword:00000000
"AddMouse"=dword:00000001
"JumpPickLevel"=dword:00000000
"KeyboardBat"=dword:00000000
"MouseBat"=dword:00000000
"KeyboardCh"=dword:00000000
"MouseCh"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BtcMaestro\Config]
"DisplayLabel"=dword:00000001
"TaskbarIcon"=dword:00000001
"Autoplay"=dword:00000000
"F091"="0Q;my music"
"L091"="My Music"
"F090"="0P;my pictures"
"L090"="My Pictures"
"F089"="0J;joystick on"
"L089"="Joy Stick ON"
"F088"="0J;joystick off"
"L088"="Joy Stick OFF"
"F087"="F;next track"
"L087"="Next Track"
"F086"="G;previous track"
"L086"="Previous Track"
"F085"="E;stop"
"L085"="Stop"
"F084"="0H;mouse fifth button"
"L084"="Mouse 5th Button"
"F083"="C;volume down"
"L083"="Volume Down"
"F082"="B;volume up"
"L082"="Volume Up"
"F081"="D;play"
"L081"="Play/Pause"
"F080"="0G;mouse fourth button"
"L080"="Mouse 4th Button"
"F079"="0F;scroll right"
"L079"="Middle + Wheel Down"
"F078"="0E;scroll left"
"L078"="Middle + Wheel Up"
"F077"="J;www(AC)"
"L077"="www"
"F076"="0I;quick jump"
"L076"="Mouse Middle Button"
"F075"="0F;scroll right"
"L075"="Middle + Right"
"F074"="0E;scroll left"
"L074"="Middle + Left"
"F073"="m;scroll down"
"L073"="Scroll Down"
"F072"="l;scroll up"
"L072"="Scroll Up"
"F071"="0I;quick jump"
"L071"="Quick Jump"
"F070"="0F;scroll right"
"L070"="Scroll Right"
"F069"="0E;scroll left"
"L069"="Scroll Left"
"F068"="0D:set SID final"
"L068"="Set SID Final"
"F067"="0C:paint"
"L067"="Paint"
"F066"="0B;mouse middle button"
"L066"="Mouse Middle Button"
"F065"="0A;europe dollar(OF)"
"L065"="Europe Dollar"
"F064"="0-;reply all(OF)"
"L064"="Reply All"
"F063"="09;eject 2"
"L063"="Eject/Close 2"
"F062"="08:help(OF)"
"L062"="Help"
"F061"="07;redo(OF)"
"L061"="Redo"
"F060"="06;undo(OF)"
"L060"="Undo"
"F059"="05;task pane(OF)"
"L059"="Task pane"
"F058"="04;send(OF)"
"L058"="Send"
"F057"="03;f'ward(OF)"
"L057"="F'ward"
"F056"="02;reply(OF)"
"L056"="Reply"
"F055"="01;bullets(OF)"
"L055"="Bullets"
"F054"="00;spell(OF)"
"L054"="Spell"
"F053"="z;bold(OF)"
"L053"="Bold"
"F052"="y;replace(OF)"
"L052"="Replace"
"F051"="x;save(OF)"
"L051"="Save"
"F050"="w;open(OF)"
"L050"="Open"
"F049"="v;new(OF)"
"L049"="New"
"F048"="u;copy(OF)"
"L048"="Copy"
"F047"="t;cut(OF)"
"L047"="Cut"
"F046"="s;mark(OF)"
"L046"="Mark"
"F045"="r;paste(OF)"
"L045"="Paste"
"F044"="q;calendar(OF)"
"L044"="Calendar"
"F043"="p;power point(OF)"
"L043"="Power Point"
"F042"="o;excel(OF)"
"L042"="Excel"
"F041"="n;word(OF)"
"L041"="Word"
"F040"="m;scroll down"
"L040"="Scroll Down"
"F039"="l;scroll up"
"L039"="Scroll Up"
"F038"="k;Configure"
"L038"="Configure"
"F037"="j;keyboard and mouse battery low"
"L037"="Keyboard and Mouse Battery Low"
"F036"="i;mouse battery low"
"L036"="Mouse Battery Low"
"F035"="h;keyboard battery low"
"L035"="Keyboard Battery Low"
"F034"="g;keyboard and mouse battery OK"
"L034"=""
"F033"="f:wake up"
"L033"="Wake Up"
"F032"="e:sleep"
"L032"="Sleep"
"F031"="d;power off"
"L031"="Power Off"
"F030"="c;mf"
"L030"="F-Lock"
"F029"="b;app. close"
"L029"="App. Close"
"F028"="a;app. switch"
"L028"="App. Switch"
"F027"="Z;log off"
"L027"="Log Off"
"F026"="Y;my computer"
"L026"="My Computer"
"F025"="X;refresh(AC)"
"L025"="www Refresh"
"F024"="W;print(OF)"
"L024"="Print"
"F023"="V;notepad"
"L023"="Notepad"
"F022"="U;explorer"
"L022"="Explorer"
"F021"="T;mediaplayer"
"L021"="Mediaplayer"
"F020"="S;my documents"
"L020"="My Documents"
"F019"="R;calculator"
"L019"="Calculator"
"F018"="Q;help(manual)"
"L018"="KeyMaestro Help"
"F017"="P;help(OS)"
"L017"="OS Help"
"F016"="O;favorite(AC)"
"L016"="www Favorite"
"F015"="N;search(AC)"
"L015"="www Search"
"F014"="M;forward(AC)"
"L014"="www Forward"
"F013"="L;back(AC)"
"L013"="www Back"
"F012"="K;stop(AC)"
"L012"="www Stop"
"F011"="J;www(AC)"
"L011"="www"
"F010"="I;email(AL)"
"L010"="Email"
"F009"="H;eject"
"L009"="Eject/Close"
"F008"="G;previous track"
"L008"="Previous Track"
"F007"="F;next track"
"L007"="Next Track"
"F006"="E;stop"
"L006"="Stop"
"F005"="D;play"
"L005"="Play/Pause"
"F004"="C;volume down"
"L004"="Volume Down"
"F003"="B;volume up"
"L003"="Volume Up"
"F002"="A;mute"
"L002"="Mute"
"F001"="-;none"
"L001"="None"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Citam temu i razmisljam "Wareout", kada vidim - resio si sam Smile
Moje cestitke na uspesno resenom problemu.

offline
  • Pridružio: 13 Avg 2005
  • Poruke: 164
  • Gde živiš: Banja Luka

prvo sam pokušao sa HT, i on je pronasao promjene u tcpip parametrima i fiksirao ih(što nije riješilo problem) , Wareout je vidjeo i neke tcpip vrijednosti koje HT nije primjetio.
nego!

S&D mi sada pronalazi Zlob.DNSchanger-a, ali ne može da ga riješi, tj, poslije "uklanjanja" ga ponovo pronalazi( ne uspijeva ni u safe modu)
"DhcpNameServer"="208.67.220.220,208.67.222.222"

sve funcioniše OK, nema vidljivih simptoma zaraze ali, hm?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

To su ti najverovatnije alternativni (drugi i treci) DNS serveri, koji nece biti upotrebljeni sve dok radi DNS server koji ti je primarni.

Probaj regedit.exe, pronadji te kljuceve i postavi screenshot.

offline
  • Pridružio: 13 Avg 2005
  • Poruke: 164
  • Gde živiš: Banja Luka

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pregledaj ostale stvake pod Interfaces (stablo na levoj strani), i ukoliko ima i drugih koji sadrze stavku DhcpNameServer, onda ovu problematicnu granu obrisi celu (7DFE... itd).

Ukoliko se pojavi ponovo nakon restarta, onda javi, pa da smislimo nesto.

offline
  • Pridružio: 13 Avg 2005
  • Poruke: 164
  • Gde živiš: Banja Luka

evo šta sadrze ostale grančice
mycity.rs/must-login.png

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Idi na Network Connections, pa desno dugme na konekciju koju koristis, pa odaberi Properties.
Tu nadji (tab General ili Networking) stavku koja se zove Internet Protocol (TCP/IP), klikni na nju duplo i pogledaj da bude obelezena sledeca stavka:
Obtain DNS servers automatically

Nakon toga ce ti komp zatraziti restart, ili restartuj i sam ukoliko ne zatrazei.

Posle restarta idi na Start>Run i ukucaj ipconfig /flushdns

Vidi da li se nakon toga jos pojavljuje taj IP 208.67.220.220 u reg. bazi.

offline
  • Pridružio: 13 Avg 2005
  • Poruke: 164
  • Gde živiš: Banja Luka

izbrisao sam ručno onaj reg. unos, poslije restarta se više ne pojavljuje.
takođe sam obrisao sve ostale unose gdje se pojavljuje IP 208.67...

Ko je trenutno na forumu
 

Ukupno su 1317 korisnika na forumu :: 34 registrovanih, 11 sakrivenih i 1272 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, amaterSRB, bojank, BORUTUS, Botovac, Brana01, cikadeda, CikaKURE, DeerHunter, DPera, dragoljub11987, Fog of War, Georgius, ILGromovnik, Ivica1102, janbo, JOntra, Još malo pa deda, Kubovac, ladro, Leonov, lord sir giga, Lucije Kvint, Mcdado, mercedesamg, Milos ZA, raptorsi, ruma, Srle993, Trpe Grozni, vathra, voja64, Volkhov-M, Zandar