msn i email problem

1

msn i email problem

offline
  • Pridružio: 18 Jan 2008
  • Poruke: 20
  • Gde živiš: Kragujevac

Pozz svima, ljudi pomoc mi je hitno potrebna ...
kada pokusam da se logujem na msn izbacuje problem-error...
odem na troubleshoot pokazuje da je sve ok osim key ports tu stavlja uzvicnik... i nema sanse da se logujem ..
takodje kada pokusajam na gmail, yahoo, ili hotmail da proverim postu pokazuje kao da nisam na netu, i kaze da je problem sa firewall setings ,
iskljucio sam firewall ali opet isto .....
sta da radim ???
hwala unapred ...

offline
  • Pridružio: 07 Avg 2006
  • Poruke: 1182
  • Gde živiš: Fili Davydkovo, Moscow, Russia

за почетак:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 18 Jan 2008
  • Poruke: 20
  • Gde živiš: Kragujevac

da ne otvaram novu temu moze i ovde .... Smile
nadam se da je to to ...


Logfile of HijackThis v1.99.1
Scan saved at 12:12:13 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sancez\Desktop\poprawka racunara\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=gffdg
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Marko, izvini na cekanju, u prilicnoj smo guzvi ovih dana.

Gornji log ne pokazuje nikakvu zarazu, pa pretpostavljam da je problem ili do podesavanja na tvom kompu, ili do servera preko kojeg se tvoj messenger prikljucuje. Eventualno problem moze biti i do provajdera.

Da ja ovde ne bih nista ostavio slucaju, uradicemo jos jednu proveru.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 18 Jan 2008
  • Poruke: 20
  • Gde živiš: Kragujevac

Oke brate... uradio sam kako si rekao ... cekam dalja upustwa Very Happy


ComboFix 08-07-26.1 - Sancez 2008-07-27 4:11:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.187 [GMT -7:00]
Running from: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sancez\Application Data\macromedia\Flash Player\#SharedObjects\DCXV54Y7\interclick.com
C:\Documents and Settings\Sancez\Application Data\macromedia\Flash Player\#SharedObjects\DCXV54Y7\interclick.com\ud.sol
C:\Documents and Settings\Sancez\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Sancez\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\com\lsass.exe
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll
D:\RECYCLER\Desktop_.ini
E:\RECYCLER\Desktop_.ini
G:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-25 16:24 . 2008-07-25 16:24 268 --ah----- C:\sqmdata12.sqm
2008-07-25 16:24 . 2008-07-25 16:24 244 --ah----- C:\sqmnoopt12.sqm
2008-07-25 08:52 . 2008-07-25 08:52 268 --ah----- C:\sqmdata11.sqm
2008-07-25 08:52 . 2008-07-25 08:52 244 --ah----- C:\sqmnoopt11.sqm
2008-07-24 21:48 . 2008-07-24 21:48 268 --ah----- C:\sqmdata10.sqm
2008-07-24 21:48 . 2008-07-24 21:48 244 --ah----- C:\sqmnoopt10.sqm
2008-07-24 12:17 . 2008-07-24 12:17 268 --ah----- C:\sqmdata09.sqm
2008-07-24 12:17 . 2008-07-24 12:17 244 --ah----- C:\sqmnoopt09.sqm
2008-07-24 10:33 . 2008-07-24 10:33 268 --ah----- C:\sqmdata08.sqm
2008-07-24 10:33 . 2008-07-24 10:33 244 --ah----- C:\sqmnoopt08.sqm
2008-07-22 21:41 . 2008-07-22 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-22 21:14 . 2008-07-22 21:14 <DIR> d-------- C:\Program Files\MySpace
2008-07-22 21:14 . 2008-07-22 21:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\MySpace
2008-07-19 17:43 . 2008-07-19 17:43 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-07-19 17:41 . 2008-07-19 17:44 <DIR> d-------- C:\Program Files\TryFastMessenger
2008-07-17 17:53 . 2008-07-17 17:53 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-17 17:53 . 2008-07-17 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-17 17:53 . 2008-07-17 17:53 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-07-17 13:07 . 2008-07-17 13:07 <DIR> d--hs---- C:\Documents and Settings\Sancez\Phone Browser
2008-07-17 05:01 . 2008-07-17 05:01 <DIR> d-------- C:\Program Files\Digimarc
2008-07-16 21:52 . 2008-07-16 21:52 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-07-16 08:17 . 2008-07-16 08:37 34 --a------ C:\WINDOWS\cdplayer.ini
2008-07-16 08:14 . 2008-07-16 08:14 <DIR> d-------- C:\Program Files\Audiograbber
2008-07-16 08:14 . 2008-07-16 08:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\AD ON Multimedia
2008-07-16 07:58 . 2008-07-16 07:58 286,720 --------- C:\WINDOWS\Setup1.exe
2008-07-16 07:58 . 2008-07-16 07:58 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-15 15:50 . 2008-07-19 17:17 <DIR> d-------- C:\Program Files\Achilles-Script 4.5 White
2008-07-10 11:01 . 2008-07-19 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-10 07:31 . 2008-07-10 07:31 <DIR> d-------- C:\Program Files\Recnik20
2008-07-08 22:01 . 2008-07-08 22:01 268 --ah----- C:\sqmdata07.sqm
2008-07-08 22:01 . 2008-07-08 22:01 244 --ah----- C:\sqmnoopt07.sqm
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-07-08 08:34 . 2008-07-08 08:34 268 --ah----- C:\sqmdata06.sqm
2008-07-08 08:34 . 2008-07-08 08:34 244 --ah----- C:\sqmnoopt06.sqm
2008-07-08 07:49 . 2008-07-08 07:49 268 --ah----- C:\sqmdata05.sqm
2008-07-08 07:49 . 2008-07-08 07:49 244 --ah----- C:\sqmnoopt05.sqm
2008-07-07 22:05 . 2008-07-07 22:05 268 --ah----- C:\sqmdata04.sqm
2008-07-07 22:05 . 2008-07-07 22:05 244 --ah----- C:\sqmnoopt04.sqm
2008-07-07 15:28 . 2008-07-07 15:28 268 --ah----- C:\sqmdata03.sqm
2008-07-07 15:28 . 2008-07-07 15:28 244 --ah----- C:\sqmnoopt03.sqm
2008-07-07 12:18 . 2008-07-07 12:18 268 --ah----- C:\sqmdata02.sqm
2008-07-07 12:18 . 2008-07-07 12:18 244 --ah----- C:\sqmnoopt02.sqm
2008-07-03 09:30 . 2008-07-03 09:31 <DIR> d-------- C:\Program Files\The KMPlayer
2008-07-03 04:09 . 2008-07-03 04:09 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\Media Player Classic
2008-06-30 07:50 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-30 07:50 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-28 02:26 . 2008-06-28 02:26 <DIR> d-------- C:\Program Files\Sweet Home 3D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 04:14 --------- d-----w C:\Program Files\Professional §©®ÎÞt v.2
2008-07-26 19:18 --------- d-----w C:\Documents and Settings\Sancez\Application Data\AVG7
2008-07-23 05:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-07-20 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-18 00:53 --------- d-----w C:\Documents and Settings\Sancez\Application Data\AdobeUM
2008-07-17 04:53 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-17 04:50 --------- d-----w C:\Program Files\Windows Live
2008-07-16 12:34 921,632 ----a-w C:\PA207.DAT
2008-07-09 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 19:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 08:14 --------- d-----w C:\Documents and Settings\Sancez\Application Data\LimeWire
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:18 --------- d-----w C:\Program Files\Call Corder 2
2008-06-10 07:11 --------- d-----w C:\Documents and Settings\Sancez\Application Data\HP
2008-06-09 23:01 1,536 ----a-w C:\fss.exe
2008-06-04 07:46 --------- d-----w C:\Program Files\Mv2Player
2008-05-27 21:30 --------- d-----w C:\Documents and Settings\Sancez\Application Data\Yahoo!
2008-05-27 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-27 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-27 19:59 --------- d-----w C:\Program Files\Yahoo!
2008-05-27 05:17 --------- d-----w C:\Documents and Settings\Sancez\Application Data\Ahead
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 16:27 9117696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-07-22 22:22 579584]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 06:01 46592 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 16:27 9117696]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-22 21:44 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-08 12:20:11 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S3 PAC207;i-Look 111;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 16:32]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c43ab00-532f-11dd-a587-0018682d9e53}]
\Shell\AutoRun\command - gjn2pjlw.exe
\Shell\explore\Command - gjn2pjlw.exe
\Shell\open\Command - gjn2pjlw.exe
.
Contents of the 'Scheduled Tasks' folder
2008-07-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - s!;2C:\Program Files\Windows Live Toolbar\MSNTBUP.EXESancez0;< []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Settings,ProxyServer = https=gffdg
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-27 04:16:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-07-27 4:20:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-27 11:20:08

Pre-Run: 3,708,399,616 bytes free
Post-Run: 5,974,388,736 bytes free

192 --- E O F --- 2008-07-20 03:25:33

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

U kompjuter je bio ubacivan neki inficirani USB storage (flash drive, MP3 plejer, mobilni). Jel posedujes nesto od toga?

Dalje, vidim da imas instalirane dve mIRC skripte. Skripte obicno sadrze viruse, ili imaju skrivene servise kojim pretvaraju tvoj komp u neciji zombi (moze da upravlja tvojim kompom). Moj savet je da deinstaliras te takozvane skripte, i da instaliras cist mIRC sa zvanicnog sajta.

Zamolio bih te da mi sledeci fajl uploadujes na proveru:
C:\fss.exe
Upload uradi preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php
Javi kada odradis upload.

offline
  • Pridružio: 18 Jan 2008
  • Poruke: 20
  • Gde živiš: Kragujevac

Upload-ovao sam, koristim flesh i za mob usb ...moguce da je nesto od toga Very Happy

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\fss.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Sto se tice USB stickova i mobilnog:
- skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker_beta.exe
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi

Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.

offline
  • Pridružio: 18 Jan 2008
  • Poruke: 20
  • Gde živiš: Kragujevac

evo za ovaj file fss ...

ComboFix 08-07-26.1 - Sancez 2008-07-30 6:46:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.206 [GMT -7:00]
Running from: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\fss.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fss.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-29 11:21 . 2008-07-29 11:21 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-25 16:24 . 2008-07-25 16:24 268 --ah----- C:\sqmdata12.sqm
2008-07-25 16:24 . 2008-07-25 16:24 244 --ah----- C:\sqmnoopt12.sqm
2008-07-25 08:52 . 2008-07-25 08:52 268 --ah----- C:\sqmdata11.sqm
2008-07-25 08:52 . 2008-07-25 08:52 244 --ah----- C:\sqmnoopt11.sqm
2008-07-24 21:48 . 2008-07-24 21:48 268 --ah----- C:\sqmdata10.sqm
2008-07-24 21:48 . 2008-07-24 21:48 244 --ah----- C:\sqmnoopt10.sqm
2008-07-24 12:17 . 2008-07-24 12:17 268 --ah----- C:\sqmdata09.sqm
2008-07-24 12:17 . 2008-07-24 12:17 244 --ah----- C:\sqmnoopt09.sqm
2008-07-24 10:33 . 2008-07-24 10:33 268 --ah----- C:\sqmdata08.sqm
2008-07-24 10:33 . 2008-07-24 10:33 244 --ah----- C:\sqmnoopt08.sqm
2008-07-22 21:41 . 2008-07-22 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-22 21:14 . 2008-07-22 21:14 <DIR> d-------- C:\Program Files\MySpace
2008-07-22 21:14 . 2008-07-22 21:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\MySpace
2008-07-19 17:43 . 2008-07-19 17:43 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-07-19 17:41 . 2008-07-19 17:44 <DIR> d-------- C:\Program Files\TryFastMessenger
2008-07-17 17:53 . 2008-07-17 17:53 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-17 17:53 . 2008-07-17 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-17 17:53 . 2008-07-17 17:53 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-07-17 13:07 . 2008-07-17 13:07 <DIR> d--hs---- C:\Documents and Settings\Sancez\Phone Browser
2008-07-17 05:01 . 2008-07-17 05:01 <DIR> d-------- C:\Program Files\Digimarc
2008-07-16 21:52 . 2008-07-16 21:52 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-07-16 08:17 . 2008-07-16 08:37 34 --a------ C:\WINDOWS\cdplayer.ini
2008-07-16 08:14 . 2008-07-16 08:14 <DIR> d-------- C:\Program Files\Audiograbber
2008-07-16 08:14 . 2008-07-16 08:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\AD ON Multimedia
2008-07-16 07:58 . 2008-07-16 07:58 286,720 --------- C:\WINDOWS\Setup1.exe
2008-07-16 07:58 . 2008-07-16 07:58 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-15 15:50 . 2008-07-19 17:17 <DIR> d-------- C:\Program Files\Achilles-Script 4.5 White
2008-07-10 11:01 . 2008-07-19 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-10 07:31 . 2008-07-10 07:31 <DIR> d-------- C:\Program Files\Recnik20
2008-07-08 22:01 . 2008-07-08 22:01 268 --ah----- C:\sqmdata07.sqm
2008-07-08 22:01 . 2008-07-08 22:01 244 --ah----- C:\sqmnoopt07.sqm
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-07-08 08:34 . 2008-07-08 08:34 268 --ah----- C:\sqmdata06.sqm
2008-07-08 08:34 . 2008-07-08 08:34 244 --ah----- C:\sqmnoopt06.sqm
2008-07-08 07:49 . 2008-07-08 07:49 268 --ah----- C:\sqmdata05.sqm
2008-07-08 07:49 . 2008-07-08 07:49 244 --ah----- C:\sqmnoopt05.sqm
2008-07-07 22:05 . 2008-07-07 22:05 268 --ah----- C:\sqmdata04.sqm
2008-07-07 22:05 . 2008-07-07 22:05 244 --ah----- C:\sqmnoopt04.sqm
2008-07-07 15:28 . 2008-07-07 15:28 268 --ah----- C:\sqmdata03.sqm
2008-07-07 15:28 . 2008-07-07 15:28 244 --ah----- C:\sqmnoopt03.sqm
2008-07-07 12:18 . 2008-07-07 12:18 268 --ah----- C:\sqmdata02.sqm
2008-07-07 12:18 . 2008-07-07 12:18 244 --ah----- C:\sqmnoopt02.sqm
2008-07-03 09:30 . 2008-07-03 09:31 <DIR> d-------- C:\Program Files\The KMPlayer
2008-07-03 04:09 . 2008-07-03 04:09 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\Media Player Classic
2008-06-30 07:50 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-30 07:50 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-28 02:26 . 2008-06-28 02:26 <DIR> d-------- C:\Program Files\Sweet Home 3D
2008-06-23 04:43 . 2008-06-23 04:43 268 --ah----- C:\sqmdata01.sqm
2008-06-23 04:43 . 2008-06-23 04:43 244 --ah----- C:\sqmnoopt01.sqm
2008-06-23 02:48 . 2008-06-23 02:48 268 --ah----- C:\sqmdata00.sqm
2008-06-23 02:48 . 2008-06-23 02:48 244 --ah----- C:\sqmnoopt00.sqm
2008-06-22 15:42 . 2008-07-16 05:34 921,632 --a------ C:\PA207.DAT
2008-06-14 17:44 . 2008-07-19 17:20 <DIR> d-------- C:\Documents and Settings\Sancez\Shared
2008-06-14 17:44 . 2008-07-19 17:20 <DIR> d-------- C:\Documents and Settings\Sancez\Incomplete
2008-06-14 17:44 . 2008-06-15 01:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\LimeWire
2008-06-12 10:42 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-12 10:42 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-12 10:42 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-12 10:42 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Gde je ostatak loga?

Ko je trenutno na forumu
 

Ukupno su 581 korisnika na forumu :: 4 registrovanih, 3 sakrivenih i 574 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, cikadeda, dejoglina, slonic_tonic