LAN Problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:14 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\dean\Desktop\Test\TR3.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpha.exe] C:\WINDOWS\system32\kdpha.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100408 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{09255ACD-90B9-4EF2-8857-24960821D814}: NameServer = 85.255.116.62,85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FE00294-3AC6-4C47-99A2-BDF1C549114F}: NameServer = 85.255.116.62,85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{09255ACD-90B9-4EF2-8857-24960821D814}: NameServer = 85.255.116.62,85.255.112.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{09255ACD-90B9-4EF2-8857-24960821D814}: NameServer = 85.255.116.62,85.255.112.166
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5989 bytes


NA mrezi smo 5 ljudi povezani sa ruteru to vec 2 godine i sve radi kao sta treba.

Problem se javio pred nekoliko dana kod mene ... nemogu da udzem na nekoliko WEB strane na koji drugi mrezni clanovi ulaze bez problema...meni javja uobicaenu poruku:

Server not found

Firefox can't find the server


* Check the address for typing errors such as
ww.example.com instead of
example.com

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

To se dogadja i sa Internet Explorer i sa Mozilla Firefox i Opera.

Preinstalirao Window, formatirao diska C i zamislite opet isti problem...

KAd se povezem direktno na interneta bez rutera sve je O.k i mogu uci u te stranice ALI PREKO RUTERA NIKAKO I TO SAMO JA OD SVIH PETORICA, zaista cudno (bar meni).

Pozdrav iz Makedonije

p.s. sorry zbog loseg jezika i nadam se da ste me razumjeli

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...



* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Preuzmi FixWareOut.
Dvoklikom pokreni Fixwareout.exe
U prozoru koji se otvori, klikni Next >, a nakon toga Install
Kada instalacija bude gotova, klikni Finish
Otvoriće se prozor - pritisni bilo koji taster za nastavak
Kada se pojavi upit o restartovanju kompjutera, klikni OK
Kompjuter će se restartovati, nakon čega će biti nastavljen proces čišćenja
Kada se pojavi obaveštenje o započinjanju čišćenja, klikni OK
Kada proces bude završen, pojaviće se obaveštenje koje treba zatvoriti klikom na OK i otvoriće se logfile u Notepad-u (C:\fixwareout\report.txt) koji je potrebno iskopirati u temu na forumu.



Nakon svega, postavi i svež HijackThis logfile.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Username "dean" - 09/20/2008 19:47:38 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdpha.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{09255ACD-90B9-4EF2-8857-24960821D814}
"nameserver"="85.255.116.62,85.255.112.166" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1FE00294-3AC6-4C47-99A2-BDF1C549114F}
"nameserver"="85.255.116.62,85.255.112.166" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{09255ACD-90B9-4EF2-8857-24960821D814}
"DhcpNameServer"="85.255.116.62,85.255.112.166" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BC412099-2443-4963-B758-3A22991C4B48}
"DhcpNameServer"="85.255.116.62,85.255.112.166" <Value cleared.

Successfully flushed the DNS Resolver Cache.


PC crashed or was not allowed to reboot.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\kdpha.exe"="C:\\WINDOWS\\system32\\kdpha.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"C-Media Mixer"="Mixer.exe /startup"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"CorelDRAW Graphics Suite 11b"="C:\\Program Files\\Corel\\Corel Graphics 12\\Languages\\EN\\Programs\\Registration.exe /title=\"CorelDRAW Graphics Suite 12\" /date=100408 serial=DR12WEX-1504397-KTY lang=EN"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"IDMan"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Evo i svež HijackThis logfile.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:49 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Documents and Settings\dean\Desktop\Test\TR3.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdpha.exe] C:\WINDOWS\system32\kdpha.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100408 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5413 bytes


Doktore svaka cast izgleda da smo resili taj problem , sad sam primjetio da nemogu uci u particije C, D, E ( hard diskova) direktno sa klikom na njih nego moram da idem preko Explore....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li je došlo do restartovanja kompjutera tokom rada FixWareOut-a?
Ili možda do BSOD-a?



Privremeno ćemo isključiti TeaTimer:
Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.
- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.


-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Do restartovanja automatskog nije doslo , ali ja sam restartovao manuelno zato sto je gore pisalo da ce se restartirati sam....

Isto tako NOD 32 se automatski posle restartiranja vratio na uobicajenu poziciju

Evo izvestaj programa:

ComboFix 08-09-20.02 - dean 2008-09-20 20:41:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.459 [GMT 2:00]
Running from: C:\Documents and Settings\dean\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.

2008-09-20 19:47 . 2008-09-20 19:58 <DIR> d-------- C:\fixwareout
2008-09-20 18:44 . 2008-09-20 18:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-20 18:25 . 2008-09-20 18:25 1,196 --a------ C:\WINDOWS\mozver.dat
2008-09-20 16:41 . 2008-09-20 16:41 88 --a------ C:\WINDOWS\wininit.ini
2008-09-20 15:58 . 2008-09-20 15:58 <DIR> d-------- C:\Program Files\Opera
2008-09-20 15:49 . 2008-09-20 15:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-20 15:49 . 2008-09-20 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 14:44 . 2008-09-20 14:44 <DIR> d---s---- C:\Documents and Settings\dean\UserData
2008-09-20 00:19 . 2008-09-20 00:19 <DIR> d-------- C:\Program Files\Google
2008-09-19 23:58 . 2008-09-19 23:58 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-19 23:58 . 2008-09-19 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-19 23:56 . 2008-09-19 23:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-19 23:42 . 2008-09-19 23:42 <DIR> d-------- C:\Program Files\Windows Live
2008-09-19 23:35 . 2007-09-18 15:24 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-09-19 23:32 . 2008-09-19 23:32 268 --ah----- C:\sqmdata00.sqm
2008-09-19 23:32 . 2008-09-19 23:32 244 --ah----- C:\sqmnoopt00.sqm
2008-09-19 23:24 . 2008-09-19 23:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-19 23:22 . 2008-09-19 23:22 <DIR> dr-h----- C:\MSOCache
2008-09-19 23:04 . 2008-09-19 23:04 <DIR> d-------- C:\Program Files\Ashampoo
2008-09-19 23:04 . 2008-09-19 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-09-19 22:49 . 2008-09-20 13:10 <DIR> d-------- C:\Documents and Settings\dean\Application Data\skypePM
2008-09-19 22:49 . 2008-09-19 22:49 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-19 22:06 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-19 21:52 . 2008-09-19 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-19 21:52 . 2008-09-19 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-19 21:31 . 2008-09-19 21:32 <DIR> d-------- C:\Documents and Settings\dean\Application Data\Softros Messenger
2008-09-19 21:29 . 2008-09-19 21:29 <DIR> d-------- C:\Program Files\Softros Systems
2008-09-19 21:13 . 2008-09-19 21:13 <DIR> d-------- C:\Documents and Settings\dean\Application Data\Corel
2008-09-19 21:12 . 2008-09-20 00:10 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-19 21:11 . 2008-09-19 21:11 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-09-19 21:10 . 2008-09-19 21:10 <DIR> d-------- C:\Program Files\Corel
2008-09-19 20:35 . 2008-09-19 20:35 <DIR> d-------- C:\Program Files\FlashFXP
2008-09-19 20:35 . 2008-09-19 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-09-19 20:28 . 2008-09-19 20:28 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-19 20:28 . 2008-09-19 20:29 <DIR> d-------- C:\Program Files\Macromedia
2008-09-19 20:28 . 2008-09-19 20:31 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-09-19 20:28 . 2008-09-19 23:54 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-19 20:22 . 2008-09-19 20:22 <DIR> d-------- C:\Documents and Settings\dean\Application Data\Media Player Classic
2008-09-19 20:21 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-09-19 20:20 . 2008-09-19 20:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-19 20:14 . 2008-09-19 20:14 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-09-19 20:14 . 2008-09-20 00:35 <DIR> d-------- C:\Documents and Settings\dean\Application Data\IDM
2008-09-19 20:14 . 2008-09-20 20:44 <DIR> d-------- C:\Documents and Settings\dean\Application Data\DMCache
2008-09-19 18:54 . 2008-09-19 19:10 <DIR> d-------- C:\Documents and Settings\dean\Application Data\Ahead
2008-09-19 18:52 . 2008-09-19 18:52 <DIR> d-------- C:\Program Files\Nero
2008-09-19 18:52 . 2008-09-19 18:55 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-19 18:34 . 2008-09-20 20:34 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2008-09-19 18:34 . 2008-09-19 18:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-19 18:32 . 2008-09-19 18:32 <DIR> d-------- C:\Documents and Settings\dean\Application Data\DeskSoft
2008-09-19 18:28 . 2008-09-19 18:28 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-09-19 18:28 . 2008-09-19 18:28 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-09-19 18:28 . 2008-09-19 18:28 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-09-19 18:17 . 2008-09-19 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset
2008-09-19 18:10 . 2008-09-19 18:10 <DIR> d-------- C:\Program Files\BWMeter
2008-09-19 18:10 . 2008-09-19 18:10 19,584 --a------ C:\WINDOWS\system32\drivers\dsnpfd.sys
2008-09-19 18:04 . 2008-09-20 20:41 <DIR> d-------- C:\Program Files\ESET
2008-09-11 10:10 . 2008-09-12 12:44 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 18:44 --------- d-----w C:\Documents and Settings\dean\Application Data\Skype
2008-09-19 17:56 --------- d-----w C:\Program Files\Foxit Software
2008-09-19 17:41 --------- d-----w C:\Program Files\Skype
2008-09-19 17:41 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-19 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-19 17:12 --------- d-----w C:\Program Files\Winamp
2008-09-19 17:03 --------- d-----w C:\Program Files\C-Media
2008-09-19 15:45 --------- d-----w C:\Program Files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-09-12 2606512]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-19 949376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 33792]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"C-Media Mixer"="Mixer.exe" [2002-07-12 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\dean\Start Menu\Programs\Startup\
BWMeter.lnk - C:\Program Files\BWMeter\BWMeter.exe [2008-09-19 708608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-19 113664]
Launch Softros Messenger.lnk - C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe [2004-10-17 353280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-C:\WINDOWS\system32\kdpha.exe - C:\WINDOWS\system32\kdpha.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\dean\Application Data\Mozilla\Firefox\Profiles\7tq68ird.default\
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 1\plugins\npnul32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-20 20:44:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-20 20:46:03
ComboFix-quarantined-files.txt 2008-09-20 18:45:56

Pre-Run: 2,045,616,128 bytes free
Post-Run: 2,036,436,992 bytes free

149

Dopuna: 20 Sep 2008 20:58

Sori sta postam post za postom ali zaboravio sam reci da se i taj problem resio ( sa particije C D E ) i sad mogu uci najnormalno

Doktore svaka cast jos jednom !!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hajde restartuj kompjuter, proveri kako radi net (i sve ostalo), napiši mi kakvo je stanje i da li postoje neki problemi i postavi još jedan svež HijackThis logfile.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve radi kao svicarski saat !!!

Thanks jos jednom i svaka cast

REcimi jer mogu koristiti ove programe sta sam instalirao kad u buduce imam neke slicne probleme il da ponovo gnjavim vas hehe

Evo loga :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:29 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Documents and Settings\dean\Desktop\Test\TR3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=100408 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5206 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

opasniot ::... REcimi jer mogu koristiti ove programe sta sam instalirao kad u buduce imam neke slicne probleme il da ponovo gnjavim vas hehe...
Nema potrebe ... Ovde su uvek ljudi široka srca i velikog znanja - uvek spremni da pomognu... Ako nisi dovoljno stručan (ne zameri, ništa loše ne mislim - većina nas je takvih) - bolje ih zaobidji jer neupućenost može naprviti više štete nego koristi, pa eto te opet u Ambulanti ...
p.s. I ne zatrebali ti (ili makar reto trebali)...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Gnjavi nas i ubuduće...

U pitanju su specijalizovani programi koji ako se bespotrebno koriste samo mogu napraviti štetu.


FixWareOut možeš deinstalirati (shortcut postoji u Start meniju).
Takođe, uradi sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve...

Dopuna: 20 Sep 2008 22:07

Ili kao što Dušan reče...