|
Poslao: 24 Dec 2008 20:50
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
dali na način kako sam prvi puta činio: Do a system scan and save a logfile ?
ja mislim da je na ovaj prvi način, al bolje da 2x merim... kada ne znam...
Dopuna: 24 Dec 2008 20:40
evo saljem izvestaj :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:06, on 24-Dec-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\sistray.EXE
D:\WINDOWS\system32\khooker.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAP\DAP.EXE
D:\Documents and Settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe
D:\Program Files\Transparent Icon Labels\Transparent Icon Labels.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\drazen\Desktop\bobby\TR3.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - D:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SiS Tray] D:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] D:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [JFSW2Launch] D:\Documents and Settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe
O4 - HKCU\..\Run: [Transparent Icon Labels] "D:\Program Files\Transparent Icon Labels\Transparent Icon Labels.exe" 15726591
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nod 32 - Unknown owner - D:\WINDOWS\system32\serhost.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
--
End of file - 6427 bytes
Dopuna: 24 Dec 2008 20:49
evo saljem izvestaj :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:06, on 24-Dec-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\sistray.EXE
D:\WINDOWS\system32\khooker.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAP\DAP.EXE
D:\Documents and Settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe
D:\Program Files\Transparent Icon Labels\Transparent Icon Labels.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\drazen\Desktop\bobby\TR3.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - D:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SiS Tray] D:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] D:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [JFSW2Launch] D:\Documents and Settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe
O4 - HKCU\..\Run: [Transparent Icon Labels] "D:\Program Files\Transparent Icon Labels\Transparent Icon Labels.exe" 15726591
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nod 32 - Unknown owner - D:\WINDOWS\system32\serhost.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
--
End of file - 6427 bytes
Dopuna: 24 Dec 2008 20:50
greška ! 2x ista poruka... izvini!
|
|
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 21:42
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
D:\WINDOWS\system32\serhost.exe
ja taj folder nemam u windowsu a nemam ga ni solo u onoj gomili
|
|
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 23:13
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
evo como fix izveštaja. ps nisam jedno vreme mogao pristupiti forumu... bio samo error kaada saljem poruku
ComboFix 08-12-23.01 - drazen 2008-12-24 22:18:12.3 - NTFSx86
Running from: d:\documents and settings\drazen\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\drazen\Desktop\CFScript.txt
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\documents and settings\drazen\Application Data\Malwarebytes
2008-12-21 16:32 . 2008-12-21 16:32 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 16:32 . 2008-12-03 19:52 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-12-21 16:32 . 2008-12-03 19:52 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-12-17 12:06 . 2008-12-17 12:07 <DIR> d-------- d:\program files\Common Files\Nokia
2008-12-16 18:52 . 2008-12-16 18:52 <DIR> d-------- d:\program files\Makayama Software
2008-12-16 18:52 . 2004-09-07 12:16 626,688 --------- d:\windows\system32\DGPDVDRipperStudio.ocx
2008-12-15 16:27 . 2008-12-15 16:27 <DIR> d-------- d:\documents and settings\drazen\Application Data\ImTOO Software Studio
2008-12-15 01:58 . 2008-12-15 01:58 <DIR> d-------- d:\program files\CoreAAC
2008-12-05 08:33 . 2008-12-05 08:37 <DIR> d-------- d:\program files\PDFCreator
2008-12-05 08:33 . 2004-03-09 00:00 662,288 --a------ d:\windows\system32\MSCOMCT2.OCX
2008-12-05 08:33 . 2005-10-15 12:32 196,608 --a------ d:\windows\system32\pdfcmnnt.dll
2008-12-05 08:33 . 1998-06-24 00:00 137,000 --a------ d:\windows\system32\MSMAPI32.OCX
2008-12-05 08:33 . 1998-07-06 00:00 23,552 --a------ d:\windows\system32\MSMPIDE.DLL
2008-12-01 17:50 . 2008-12-01 17:49 410,976 --a------ d:\windows\system32\deploytk.dll
2008-11-29 10:23 . 2008-11-29 10:23 <DIR> d--hs---- d:\windows\system32\RECYCLER
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 21:25 --------- d-----w d:\documents and settings\drazen\Application Data\Skype
2008-12-24 19:14 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-12-24 17:23 --------- d-----w d:\documents and settings\drazen\Application Data\skypePM
2008-12-17 12:37 --------- d-----w d:\documents and settings\drazen\Application Data\Nokia
2008-12-17 11:07 --------- d-----w d:\program files\Common Files\PCSuite
2008-12-17 11:06 --------- d-----w d:\program files\Nokia
2008-12-16 08:10 --------- d-----w d:\program files\ImTOO
2008-12-15 00:58 --------- d-----w d:\program files\GRETECH
2008-12-05 07:35 14,290 -c--a-w d:\program files\settings.dat
2008-12-01 16:49 --------- d-----w d:\program files\Java
2008-11-26 21:27 --------- d-----w d:\program files\Common Files\Adobe
2008-11-25 23:14 --------- d-----w d:\program files\Opera
2008-11-04 07:59 --------- d-----w d:\documents and settings\All Users\Application Data\Installations
2008-03-01 23:39 32 -c--a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-24 09:47 251,392 ----a-w d:\program files\opera\program\plugins\dapop.dll
2008-08-07 15:26 56 -csh--r d:\windows\system32\DCF64F123F.sys
2008-08-07 15:26 10,022 -csha-w d:\windows\system32\KGyGaAvL.sys
2004-08-04 05:56 36,864 --sha-w d:\windows\system32\serhost.exe
2004-08-04 05:56 3,352 -cshatw d:\windows\system32\dllcache\mkllb.dll
2004-08-04 05:56 98,304 -csha-w d:\windows\system32\dllcache\ntisapi.dll
2004-08-04 05:56 0 -csha-w d:\windows\system32\dllcache\ntoist.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-24_11.57.18.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-24 10:49:17 16,384 -c--a-w d:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-24 19:15:20 16,384 -c--a-w d:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-24 10:49:17 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-24 19:15:20 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-24 10:49:17 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-24 19:15:20 32,768 -c--a-w d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-24 19:15:11 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_778.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "d:\progra~1\DAP\SBSearch.dll" [2008-08-24 32768]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"LogitechSoftwareUpdate"="d:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DownloadAccelerator"="d:\program files\DAP\DAP.EXE" [2008-08-24 3053056]
"JFSW2Launch"="d:\documents and settings\drazen\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2008-04-02 45056]
"Transparent Icon Labels"="d:\program files\Transparent Icon Labels\Transparent Icon Labels.exe" [2008-09-20 126976]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="d:\windows\system32\sistray.EXE" [2001-12-24 327680]
"SiS KHooker"="d:\windows\system32\khooker.exe" [2002-01-25 290816]
"SiSUSBRG"="d:\windows\sisUSBrg.exe" [2002-02-21 28675]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2007-04-25 949376]
"LVCOMSX"="d:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"vidc.XVID"= xvid.dll
"msacm.enc"= ITIG726.acm
"vidc.I263"= i263_32.drv
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=d:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-08-24 10:47 3053056 d:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:06 1667584 d:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 d:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 d:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [2007-04-25 15424]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);d:\windows\system32\drivers\sis7012.sys [2007-04-25 174848]
S3 Dhcssp;Dhcssp; []
.
Contents of the 'Scheduled Tasks' folder
2008-11-28 d:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2007-05-26 d:\windows\Tasks\Uniblue SpeedUpMyPC.job
- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - d:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - d:\program files\DAP\dapextie.htm
IE: Download &all with DAP - d:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
FF - ProfilePath - d:\documents and settings\drazen\Application Data\Mozilla\Firefox\Profiles\91rv9iys.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: d:\documents and settings\drazen\Application Data\Mozilla\Firefox\Profiles\91rv9iys.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: d:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-24 22:25:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(684)
d:\windows\system32\imon.dll
.
Completion time: 2008-12-24 22:28:39
ComboFix-quarantined-files.txt 2008-12-24 21:27:44
ComboFix2.txt 2008-12-24 13:08:38
ComboFix3.txt 2008-12-24 10:58:59
Pre-Run: 1,670,303,744 bytes free
Post-Run: 1,660,739,584 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
174
|
|
|
|
|
|
|
Poslao: 24 Dec 2008 23:20
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Forum nesto zakucava.
Jel koristis Notepad za pisanje CFScripta, ili neki drugi program?
Ni prosli put, a izgleda ni sada CFScript nije uspeo.
Jel' uspeo ComboFix da napravi folder [b]d:\to_upload[\b] i da u njega smesti fajlove koje sam ti u prethodnoj poruci zatrazio na upload da bi ih proverio?
|
|
|
|
|
|
|
Poslao: 25 Dec 2008 01:15
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
nemam pojma gde da nadjem taj d:\to/upload
*Nakon toga, spakuj mi u jedan ZIP/RAR ceo folder d:\to_upload i uploaduj ZIP/RAR arhivu preko one forme.
Dopuna: 25 Dec 2008 1:15
svi CFScript i su u Notpadu iskljucivo. i imam ih sve sacuvane kao txt dokumente u folderu sa tvojim imenom
|
|
|
|
|
|
|
Poslao: 25 Dec 2008 10:16
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Znaci, kada san ti davao uputstva za pisanje skriptova, ti si te skriptove iz Notepada snimao u fajlove koji se zovu CFScript, i posle fajl CFScript prevlacio na ikonicu ComboFixa?
Zasto onda ComboFix nije izvrsavao komande koje sam mu zadavao u skriptovima?
|
|
|
|
|
|
|
Poslao: 25 Dec 2008 10:39
|
offline
- milnem
- Novi MyCity građanin
- Pridružio: 24 Dec 2008
- Poruke: 23
- Gde živiš: Novi Sad
|
dobro jutro, da kada mi posaljes "kod :... " ja to sa ove stranice kopiram u notepad i kada ga pamtim pamtim ga kao CFScript.txt pamtim ga na desktopu,postavim ga pored combo fixa i prevucem na ilustrovani nacin. kada posao bude gotov iskoci note pad prozor preko celoga ekrana koji ja oznacim, copiram i paste u polje objavi na ovoj starnici...
Dopuna: 25 Dec 2008 10:39
u postupku rada, ComboFix me nekoliko puta pita nesto. Svaki puta mu potvrdim to sto nudi... *(ne znam dali nesto znaci ali sada skype nikada ne podize sa podizanjem sistema, pa to moram rucno. I download Accelerator plus ggubi prioritet noseceg skidaca. Meni to nije smetnja, nije zalba, vec ilustracija... i onaj crveni stit se stalno zali  gto sam jedino primetio)
|
|
|
|
|
|
|
|
