|
Poslao: 24 Dec 2008 12:46
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
bobby, maločas ste mi na forumu dali uputstva za combo fix, posle donjeg teksta. kada sam vam hteo javiti izveštaj na forumu je piso da je diskusija obrisana zašto? pa nije stara. nije stara ni 1h? šta da radim? .. ja krenuo novu temu ako sam pogodio način..? pojma nemam…
Postovani dr. Boro i ostali dr, NOD32 je pronašao variant of Win32/Kryptik.CV trojan, i win32/autorun.ABH worm piše da ih je izbrisao. u karantinu vidim datum i vreme i piše obrisano.
bez obzira na to laptop mi svako malo prvo "zaledi" otvoreni "prozor" a nekolko trenutaka kasnije ni strelica miša se više ne može pokrenuti. tada mi samo restart preostaje.posle prvog takvoga slučaja sam nekolika puta pokušao skenirati comp sa NOD-om. I tada kao i pre skeniranja u nekom trenu se sve "zaledi" na opisan nacin... od Noda nema učinka ni izveštaja, restart jedino preostaje... šta mi je činiti?
ps. instalirao sam potom Malwarebytes' Anti-Malware 1.31, koji pronašao još virusa i po izveštaju ih sve uklonio :
Malwarebytes' Anti-Malware 1.31
Verzija baze podataka: 1456
Windows 5.1.2600 Service Pack 2
21-Dec-08 16:42:36
mbam-log-2008-12-21 (16-42-36).txt
Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 50071
Proteklo vreme: 7 minute(s), 2 second(s)
Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 1
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 22
Inficirane fascikle: 9
Inficirane datoteke: 16
Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani kljuèevi u registru:
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)
Inficirani podaci u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kddhr.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully.
Inficirane fascikle:
D:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044 (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Inficirane datoteke:
D:\WINDOWS\system32\kddhr.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
D:\Program Files\Instant Access\Center\NoCreditCard.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\DesktopIcons\NoCreditCard.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\instant access.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Instant Access\Multi\20071004221044\medias\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\drazen\Start Menu\NoCreditCard.lnk (Dialer) -> Quarantined and deleted successfully.
D:\Documents and Settings\drazen\DesktopKax5Eo_cfdg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\tempo-6B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\tempo-973.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
ali i posle ovoga situacija je ista, zaledjivanje svako malo, bilo da sam na netu ili da NOD-om krećem proverit situaciju. izveštaj iz NOD-a ne vidim a iz karantina ne umem kopirati. neće da nudi copy. pozdrav
Dopuna: 24 Dec 2008 12:46
ha! kanda mi za sada uspelo da krenem iz početka. .. pa evo nastavka :
skinuo sam combo fix, startovao ga. radio je i radio, pa se resetovao sam. pa je opet radio i dao mi preko celoga ekrana analizu. kada cam je kopirao nisam je mogao paste... .. jer kada sam minimizirao prozor sa notpadom na desktopu nije bilo ni jedne ikone, kao ni lanč menija. vratio sam se u notpad, upamtio dokument, ugasio izveštaj i resetovao komp. pošto se resetovao, pored sata u donjem uglu crveni se simbol štita sa belim x u sredini i daje balon sa nekim upozerenjem. NOD je zelen ali i on nudi svako malo balon sa upozorenjem. i dok ovo kucam to se javlja. ps. šaljem copiju izveštaja combo fix-a :
ComboFix 08-12-23.01 - drazen 2008-12-24 11:50:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223.38 [GMT 1:00]
Running from: d:\documents and settings\drazen\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\resycled
D:\Autorun.inf
d:\program files\videoplugin
d:\program files\videoplugin\Uninstall.exe
d:\windows\dialerexe.ini
d:\windows\IE4 Error Log.txt
d:\windows\system32\drivers\msqpdxklrcqaqg.sys
d:\windows\system32\drivers\msqpdxmhxtofxh.sys
d:\windows\system32\lnaccess.exe
d:\windows\system32\lsprst7.dll
d:\windows\system32\msqpdxkcpamitb.dll
d:\windows\system32\ssprs.dll
d:\windows\system32\svchot.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSQPDXSERV.SYS
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\documents and settings\drazen\Application Data\Malwarebytes
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 16:32 . 2008-12-03 19:52 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 16:32 . 2008-12-03 19:52 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-12-17 12:06 . 2008-12-17 12:07 <DIR> d-------- d:\program files\Common Files\Nokia
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> d-------- d:\program files\Makayama Software
2008-12-16 18:52 . 2004-09-07 12:16 626,688 --------- d:\windows\system32\DGPDVDRipperStudio.ocx
2008-12-15 16:27 . 2008-12-15 16:27 <DIR> d-------- d:\documents and settings\drazen\Application Data\ImTOO Software Studio
2008-12-15 01:58 . 2008-12-15 01:58 <DIR> d-------- d:\program files\CoreAAC
2008-12-05 08:33 . 2008-12-05 08:37 <DIR> d-------- d:\program files\PDFCreator
2008-12-05 08:33 . 2004-03-09 00:00 662,288 --a------ d:\windows\system32\MSCOMCT2.OCX
2008-12-05 08:33 . 2005-10-15 12:32 196,608 --a------ d:\windows\system32\pdfcmnnt.dll
2008-12-05 08:33 . 1998-06-24 00:00 137,000 --a------ d:\windows\system32\MSMAPI32.OCX
2008-12-05 08:33 . 1998-07-06 00:00 23,552 --a------ d:\windows\system32\MSMPIDE.DLL
2008-12-01 17:50 . 2008-12-01 17:49 410,976 --a------ d:\windows\system32\deploytk.dll
2008-11-29 10:23 . 2008-11-29 10:23 <DIR> d--hs---- d:\windows\system32\RECYCLER
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 09:45 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-12-24 09:37 --------- d-----w d:\documents and settings\drazen\Application Data\Skype
2008-12-24 08:07 --------- d-----w d:\documents and settings\drazen\Application Data\skypePM
2008-12-17 12:37 --------- d-----w d:\documents and settings\drazen\Application Data\Nokia
2008-12-17 11:07 --------- d-----w d:\program files\Common Files\PCSuite
2008-12-17 11:06 --------- d-----w d:\program files\Nokia
2008-12-16 08:10 --------- d-----w d:\program files\ImTOO
2008-12-15 00:58 --------- d-----w d:\program files\GRETECH
2008-12-05 07:35 14,290 -c--a-w d:\program files\settings.dat
2008-12-01 16:49 --------- d-----w d:\program files\Java
2008-11-26 21:27 --------- d-----w d:\program files\Common Files\Adobe
2008-11-25 23:14 --------- d-----w d:\program files\Opera
2008-11-04 07:59 --------- d-----w d:\documents and settings\All Users\Application Data\Installations
2008-03-01 23:39 32 -c--a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-24 09:47 251,392 ----a-w d:\program files\opera\program\plugins\dapop.dll
2008-08-07 15:26 56 -csh--r d:\windows\system32\DCF64F123F.sys
2008-08-07 15:26 10,022 -csha-w d:\windows\system32\KGyGaAvL.sys
2004-08-04 05:56 36,864 --sha-w d:\windows\system32\serhost.exe
2004-08-04 05:56 3,352 -cshatw d:\windows\system32\dllcache\mkllb.dll
2004-08-04 05:56 98,304 -csha-w d:\windows\system32\dllcache\ntisapi.dll
2004-08-04 05:56 0 -csha-w d:\windows\system32\dllcache\ntoist.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "d:\progra~1\DAP\SBSearch.dll" [2008-08-24 32768]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"LogitechSoftwareUpdate"="d:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DownloadAccelerator"="d:\program files\DAP\DAP.EXE" [2008-08-24 3053056]
"JFSW2Launch"="d:\documents and settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2008-04-02 45056]
"Transparent Icon Labels"="d:\program files\Transparent Icon Labels\Transparent Icon Labels.exe" [2008-09-20 126976]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="d:\windows\system32\sistray.EXE" [2001-12-24 327680]
"SiS KHooker"="d:\windows\system32\khooker.exe" [2002-01-25 290816]
"SiSUSBRG"="d:\windows\sisUSBrg.exe" [2002-02-21 28675]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2007-04-25 949376]
"LVCOMSX"="d:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\mshhfhh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"vidc.XVID"= xvid.dll
"msacm.enc"= ITIG726.acm
"vidc.I263"= i263_32.drv
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=d:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-08-24 10:47 3053056 d:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:06 1667584 d:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 d:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 d:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [2007-04-25 15424]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);d:\windows\system32\drivers\sis7012.sys [2007-04-25 174848]
S2 Nod 32;Nod 32;d:\windows\system32\serhost.exe [2007-04-25 36864]
S3 Dhcssp;Dhcssp; []
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-28 d:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2007-05-26 d:\windows\Tasks\Uniblue SpeedUpMyPC.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PcSync - d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKLM-Run-Make A Voozie - d:\documents and settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe
MSConfigStartUp-QuickTime Task - d:\program files\QuickTime\qttask.exe
MSConfigStartUp-swg - d:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - d:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - d:\program files\DAP\dapextie.htm
IE: Download &all with DAP - d:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
FF - ProfilePath - d:\documents and settings\drazen\Application Data\Mozilla\Firefox\Profiles\91rv9iys.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: d:\documents and settings\drazen\Application Data\Mozilla\Firefox\Profiles\91rv9iys.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: d:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-24 11:56:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxklrcqaqg.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(684)
d:\windows\system32\imon.dll
.
Completion time: 2008-12-24 11:58:58
ComboFix-quarantined-files.txt 2008-12-24 10:58:04
Pre-Run: 1,483,145,216 bytes free
Post-Run: 1,727,856,640 bytes free
186
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 13:00
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
1. Ne smes postaviti svoj problem u tudjoj temi. Izdvojio sam tvoju poruku u posebnu temu ovde:
http://www.mycity.rs/Ambulanta/Izdvojeno-iz-druge-teme-3.html
2. Ne smes traziti pomoc preko privatnih poruka. Onaj ko ima vremena (iz AMF tima), on ce preuzeti tvoj slucaj.
3. U forumu Ambulanta imas temu obelezenu crvenom bojom, i pise "Vazno". Tamo je objasnjeno kako se otvara tema u Ambulanti.
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 13:15
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
bobbo, razumem da nisam pravilno otvori moj problem. ali zasto ste mi na tzv. izdvojeno iz druge teme 3, odgovorili da skinem i pustim combo fix a sada govorite da sam to ucinio samostalno? i posle pola sata kada sam se vratio na tu temu, više je nije bilo.
Dopuna: 24 Dec 2008 13:15
u novoj poruci kažete da ste zaključali staru kada sam otvorio novu... a ja staroj nisam mogao pristupiti jer mi je ispisao na ekran da je tema zatvorena.. a tek po tom sa otvori novu temo istoga sadržaja. i molim Vas sta ja sada da radim?
|
|
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 15:24
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
posle prevlacenja CFScripta u Comco Fix, nastao je ovaj dokument-izveštaj :
ComboFix 08-12-23.01 - drazen 2008-12-24 13:51:03.2 - NTFSx86
Running from: d:\documents and settings\drazen\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\drazen\Desktop\CFScript.txt
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 32A
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\documents and settings\drazen\Application Data\Malwarebytes
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 16:32 . 2008-12-03 19:52 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 16:32 . 2008-12-03 19:52 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-12-17 12:06 . 2008-12-17 12:07 <DIR> d-------- d:\program files\Common Files\Nokia
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> d-------- d:\program files\Makayama Software
2008-12-16 18:52 . 2004-09-07 12:16 626,688 --------- d:\windows\system32\DGPDVDRipperStudio.ocx
2008-12-15 16:27 . 2008-12-15 16:27 <DIR> d-------- d:\documents and settings\drazen\Application Data\ImTOO Software Studio
2008-12-15 01:58 . 2008-12-15 01:58 <DIR> d-------- d:\program files\CoreAAC
2008-12-05 08:33 . 2008-12-05 08:37 <DIR> d-------- d:\program files\PDFCreator
2008-12-05 08:33 . 2004-03-09 00:00 662,288 --a------ d:\windows\system32\MSCOMCT2.OCX
2008-12-05 08:33 . 2005-10-15 12:32 196,608 --a------ d:\windows\system32\pdfcmnnt.dll
2008-12-05 08:33 . 1998-06-24 00:00 137,000 --a------ d:\windows\system32\MSMAPI32.OCX
2008-12-05 08:33 . 1998-07-06 00:00 23,552 --a------ d:\windows\system32\MSMPIDE.DLL
2008-12-01 17:50 . 2008-12-01 17:49 410,976 --a------ d:\windows\system32\deploytk.dll
2008-11-29 10:23 . 2008-11-29 10:23 <DIR> d--hs---- d:\windows\system32\RECYCLER
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 13:01 --------- d-----w d:\documents and settings\drazen\Application Data\Skype
2008-12-24 11:04 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-12-24 08:07 --------- d-----w d:\documents and settings\drazen\Application Data\skypePM
2008-12-17 12:37 --------- d-----w d:\documents and settings\drazen\Application Data\Nokia
2008-12-17 11:07 --------- d-----w d:\program files\Common Files\PCSuite
2008-12-17 11:06 --------- d-----w d:\program files\Nokia
2008-12-16 08:10 --------- d-----w d:\program files\ImTOO
2008-12-15 00:58 --------- d-----w d:\program files\GRETECH
2008-12-05 07:35 14,290 -c--a-w d:\program files\settings.dat
2008-12-01 16:49 --------- d-----w d:\program files\Java
2008-11-26 21:27 --------- d-----w d:\program files\Common Files\Adobe
2008-11-25 23:14 --------- d-----w d:\program files\Opera
2008-11-04 07:59 --------- d-----w d:\documents and settings\All Users\Application Data\Installations
2008-03-01 23:39 32 -c--a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-07 15:26 56 -csh--r d:\windows\system32\DCF64F123F.sys
2008-08-07 15:26 10,022 -csha-w d:\windows\system32\KGyGaAvL.sys
2004-08-04 05:56 36,864 --sha-w d:\windows\system32\serhost.exe
2004-08-04 05:56 3,352 -cshatw d:\windows\system32\dllcache\mkllb.dll
2004-08-04 05:56 98,304 -csha-w d:\windows\system32\dllcache\ntisapi.dll
2004-08-04 05:56 0 -csha-w d:\windows\system32\dllcache\ntoist.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-24_11.57.18.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-24 10:49:17 16,384 -c--a-w d:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-24 11:03:05 16,384 -c--a-w d:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-24 10:49:17 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-24 11:03:05 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-24 10:49:17 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-24 11:03:05 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-24 11:03:05 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_774.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "d:\progra~1\DAP\SBSearch.dll" [2008-08-24 32768]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"LogitechSoftwareUpdate"="d:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DownloadAccelerator"="d:\program files\DAP\DAP.EXE" [2008-08-24 3053056]
"JFSW2Launch"="d:\documents and settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2008-04-02 45056]
"Transparent Icon Labels"="d:\program files\Transparent Icon Labels\Transparent Icon Labels.exe" [2008-09-20 126976]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="d:\windows\system32\sistray.EXE" [2001-12-24 327680]
"SiS KHooker"="d:\windows\system32\khooker.exe" [2002-01-25 290816]
"SiSUSBRG"="d:\windows\sisUSBrg.exe" [2002-02-21 28675]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2007-04-25 949376]
"LVCOMSX"="d:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\mshhfhh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"vidc.XVID"= xvid.dll
"msacm.enc"= ITIG726.acm
"vidc.I263"= i263_32.drv
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=d:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-08-24 10:47 3053056 d:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:06 1667584 d:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 d:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 d:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
Contents of the 'Scheduled Tasks' folder
2008-11-28 d:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2007-05-26 d:\windows\Tasks\Uniblue SpeedUpMyPC.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - d:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - d:\program files\DAP\dapextie.htm
IE: Download &all with DAP - d:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\drazen\Application Data\Mozilla\Firefox\Profiles\91rv9iys.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: d:\documents and settings\drazen\Application Data\Mozilla\Firefox\Profiles\91rv9iys.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: d:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-24 14:01:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(680)
d:\windows\system32\imon.dll
.
Completion time: 2008-12-24 14:08:33
ComboFix-quarantined-files.txt 2008-12-24 13:07:05
ComboFix2.txt 2008-12-24 10:58:59
Pre-Run: 1,712,746,496 bytes free
Post-Run: 1,702,735,872 bytes free
163
Dopuna: 24 Dec 2008 14:29
ups..! bobby, ja sam po vašem prvom upozorenju otišao na ambulantu i postupio po uputstvo pocetka formiranja teme na ambulanti i pokrenuo sam tog hijackThis... i sačuvao sam izveštaj. potom ste mi vi dali uputstva za onaj CFScript postupak... e sad znači da imam od hijacka izveštaj pre CFScripta a posle postupka kada sam hteo krenuti onoga hijackThis on da neku malu poruku sa žutim trouglom... ps ako imate strpljenja za mene biće SUPER! a ako ne i to je dobro, već ste mi puno pažnje i vremena posvetili. hvala vam,
Dopuna: 24 Dec 2008 15:24
ups..! bobby, ja sam po vašem prvom upozorenju-uputstvu, otišao na ambulantu i postupio po uputstvo pocetka formiranja teme. potom sam sledeći uputstva pokrenuo tog hijackThis... .. sačuvao sam izveštaj. .. u međuvremenu ste mi vi dali uputstva za onaj CFScript postupak... .. e sad znači da imam od hijackThis izveštaj pre CFScript postupka... a posle CFScript postupka, kada sam sledeći uputstvo hteo krenuti toga hijackThis nisam mogao, on da neku malu poruku sa žutim trouglom... ps ako imate strpljenja za mene biće SUPER! a ako ne i to je dobro, već ste mi puno pažnje i vremena posvetili. hvala vam
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 15:59
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Izvini na cekanju, imao sam neku frku (jurio autobus po auto-putu posto je moj otac uspeo da zaboravi neke stvari kada je posao na put).
Evo ovako:
- Postavi HijackThis log, nije bitno da li je od pre ili posle skeniranja ComboFixom
- Ovo zadnje skeniranje ComboFixom je nesto poslo naopako (nista opasno, ali nije obavio posao).
Daj mi prvo HijackThis log, pa da vidimo da li mogu tim putem da popravim nesto sto me muci iz tvojih logova.
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 18:51
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
sve 5, sto se vas tiče.(vaš tata, kao svaki tata ima duhovite načine kojima deci pruža priliku da budu brižna i važna...) :-) ps sad izvinite Vi, izašao sam malo van. sada sam tu i biću u kući celo veče, Badnje je veče. možemo nastaviti, ako ste za. (meni je opet pošto sam upalio komp, iskočio pored sata onaj creveni štit sa belim X, i oblačićem koji me nešto upozorava.
HijackThus sam pokrenuo i evo izveštaja :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:37, on 24-Dec-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\sistray.EXE
D:\WINDOWS\system32\khooker.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAP\DAP.EXE
D:\Documents and Settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe
D:\Program Files\Transparent Icon Labels\Transparent Icon Labels.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
D:\Program Files\Opera\opera.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Documents and Settings\drazen\Desktop\bobby\TR3.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - D:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SiS Tray] D:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] D:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [JFSW2Launch] D:\Documents and Settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe
O4 - HKCU\..\Run: [Transparent Icon Labels] "D:\Program Files\Transparent Icon Labels\Transparent Icon Labels.exe" 15726591
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\mshhfhh.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nod 32 - Unknown owner - D:\WINDOWS\system32\serhost.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
--
End of file - 6571 bytes
|
|
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 20:11
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
zdravo,
poslao sam ti onaj fajl (uspešno sam uploadovao fajl, reče mi poruka, uz obvezu da ti to javim.) jel Ti sada bolje, jesam li Ti sada "nelagodu" rašćerao 
|
|
|
|
|
|
|
|
