|
Poslao: 16 Dec 2006 12:01
|
offline
- Penzioner
- Novi MyCity građanin
- Pridružio: 06 Dec 2006
- Poruke: 21
|
Uradio upload, idem sada u safe mode da premjestim fajlove
Hvala
Dopuna: 16 Dec 2006 11:28
Prilikom dizanja windows pojavio mi se update za Adobe flash player, Prt Sc cu upload,
sada nisam siguran da li je stvarno update ili Flaw Flag pokusava da se pokrene??
Dopuna: 16 Dec 2006 11:30
Zaboravio sam dodati da se sve ponasalo normalno, bez popup prozora.
Dopuna: 16 Dec 2006 12:01
Poslao sam jos nesto sto se pojavilo iz cista mira. Ja sam stisnuo na terminate.
|
|
|
|
|
|
|
Poslao: 16 Dec 2006 14:26
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
@Penzioner
Upravo su ovu temu pogledali par strucnjaka, izmedju ostalog i jedan iz jedne AV kompanije.
Imamo posla sa novim oblikom jedne stare infekcije.
Dva fajla koja si uploadovao jesu maliciozni, kao i lazna poruka o Flash Playeru (za nju znaju, ali nisu uspeli da ugrabe fajlove od zrtve)
Receno mi je da zasigurno ima jos fajlova vezanih za ovu infekciju.
Ja cu sada sa raphom da se posavetujem o daljem, pa ti se javljamo do veceras sa uputstvima.
|
|
|
|
|
|
|
Poslao: 16 Dec 2006 14:50
|
offline
- Penzioner
- Novi MyCity građanin
- Pridružio: 06 Dec 2006
- Poruke: 21
|
Hvala na dosadasnjoj pomoci, jos par puta je NOD "iskocio" sa swizzor-om, flash nisam pokrenuo, stoji od jutros i ne diram ga.
Hvala jos jednom
P.S. znam i gdje sam pokupio ovo cudoviste, Frocus stranica za sat tv, ako je to od neke pomoci
|
|
|
|
|
|
|
Poslao: 16 Dec 2006 15:11
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Mozes li na PP da mi posaljes tacnu adresu tog sajta, kao i kako si se tamo tacno inficirao, bilo bi mi od velike pomoci, a i od pomoci za tvoj problem.
Ja bih inficirao jednu moju test-masinu istom infekcijom, pa bih uradio forenziku, i na kraju bih ti tacno rekao sta je sve potrebno uraditi.
|
|
|
|
|
|
|
|
|
Poslao: 17 Dec 2006 14:16
|
offline
- rapha
- Mod u pemziji
- Pridružio: 14 Feb 2005
- Poruke: 9113
- Gde živiš: Beograd
|
@B3AST
Izvinjavam ti se, jer danas ceo dan mi net nije radio te nisam bio u mogućnosti da ti se javim. Odmah ujutro ću ti napisati šta da radiš dalje, jer sad je jako kasno (3:24  )...
Dopuna: 17 Dec 2006 14:16
Moj net opet ne radi, pa sam prinuđen da pišem iz komšiluka, jer nije lepo da me ovoliko čekaš... 
Dakle `vako: 
Flaw Flag.exe i LoadLicence. exe su trojanci i to swizzor ili lop (zavisi kako ih je koja firma nazvala). Pre uklanjanja zamolio bih te da oba foldera u kojima se nalaze ova dva EXE fajla uploaduješ na našu ambulantu, jer su nam jako potrebni radi dalje analize.
Kada to uradiš, pokušaćemo da ih uklonimo pomoću programa NoLop:
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16
(potrebno je skrolovati malo niže, pošto ide prvo HJT, pa reklama, pa NoLop)
Ugasi sve ostale programe koji su pokrenuti u "pozadini"
Dupli klik na NoLop.exe
Klikni na Search and Destroy
Kada je skeniranje završeno, u slučaju da si zaražen, tražiće da restartuješ računar
Klikni na REBOOT
Trebalo bi da se pojavi NoLop pop-up poruka, ako ne-ponovo dupli klik na NoLop.exe da bi čišćenje bilo završeno
Nakon toga, postuj nam sadržaj C:\NoLop.log i svež HijackThis log
 Napomena: Ako se pojavi greška, da mscomctl.ocx ili neki od fajlova nisu tačno registrovani, downloaduj ovaj fajl u svoj system32 folder i onda pokreni program:
http://www.boletrice.com/downloads/mscomctl.ocx
Sada je potrebno obrisati kompletne foldere u kojima su se nalazila ova dva EXE fajla, pošto u njima postoje downloaderi koji će ponovo da reinstaliraju Lop nakon otklanjanja. Znači, nakon što si ova dva kompletna foldera uploadovao na našu ambulantu , obriši ih...
|
|
|
|
|
|
|
Poslao: 17 Dec 2006 18:24
|
offline
- Penzioner
- Novi MyCity građanin
- Pridružio: 06 Dec 2006
- Poruke: 21
|
NoLop Log
NoLop! Log by Skate_Punk_21
Please Note: any existing old logs will have now been renamed to NoLop!OLD.log
Fix running from: F:\Documents and Settings\Penzioner\Desktop
[17.12.2006]
[18:10:21]
---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.
---Listing AppData sub directories---
F:\Documents and Settings\All Users\Application Data\Adobe
F:\Documents and Settings\All Users\Application Data\Cyberlink
F:\Documents and Settings\All Users\Application Data\Flap Mpeg Cool Sect
F:\Documents and Settings\All Users\Application Data\Google
F:\Documents and Settings\All Users\Application Data\Messenger Plus!
F:\Documents and Settings\All Users\Application Data\Microsoft
F:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
F:\Documents and Settings\All Users\Application Data\Rvs
F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
F:\Documents and Settings\Default User\Application Data\Microsoft
F:\Documents and Settings\Localservice\Application Data\Microsoft
F:\Documents and Settings\Networkservice\Application Data\Microsoft
F:\Documents and Settings\Penzioner\Application Data\Adobe
F:\Documents and Settings\Penzioner\Application Data\Adobeum
F:\Documents and Settings\Penzioner\Application Data\Ahead
F:\Documents and Settings\Penzioner\Application Data\Arcsoft
F:\Documents and Settings\Penzioner\Application Data\Faststone
F:\Documents and Settings\Penzioner\Application Data\Google
F:\Documents and Settings\Penzioner\Application Data\Help -- EMPTY Directory
F:\Documents and Settings\Penzioner\Application Data\Icqlite
F:\Documents and Settings\Penzioner\Application Data\Identities
F:\Documents and Settings\Penzioner\Application Data\Lavasoft
F:\Documents and Settings\Penzioner\Application Data\Macromedia
F:\Documents and Settings\Penzioner\Application Data\Microsoft
F:\Documents and Settings\Penzioner\Application Data\Microsoft Web Folders -- EMPTY Directory
F:\Documents and Settings\Penzioner\Application Data\Mozilla
F:\Documents and Settings\Penzioner\Application Data\Online Junk
F:\Documents and Settings\Penzioner\Application Data\Opera
F:\Documents and Settings\Penzioner\Application Data\Real
F:\Documents and Settings\Penzioner\Application Data\Share-to-web Upload Folder -- EMPTY Directory
F:\Documents and Settings\Penzioner\Application Data\Skype
F:\Documents and Settings\Penzioner\Application Data\Stoik
F:\Documents and Settings\Penzioner\Application Data\Sun
F:\Documents and Settings\Penzioner\Application Data\Symantec
F:\Documents and Settings\Penzioner\Application Data\Talkback
F:\Documents and Settings\Penzioner\Application Data\Thunderbird
F:\Documents and Settings\Penzioner\Application Data\Ursoft
F:\Documents and Settings\Penzioner\Application Data\Vlc
F:\Documents and Settings\Penzioner\Application Data\Weather Pulse
Dopuna: 17 Dec 2006 18:13
HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 18:15:08, on 17.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WFXSVC.EXE
F:\Program Files\Symantec\WinFax\WFXMOD32.EXE
F:\PROGRA~1\eSnips\ClientGW.exe
F:\WINDOWS\system32\wfxsnt40.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\Motherboard Monitor 5\MBM5.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\DAP\DAP.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\Rscmpt.exe
F:\WINDOWS\system32\taskswitch.exe
F:\WINDOWS\Mixer.exe
F:\WINDOWS\system32\Runcheck.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\Google Talk\googletalk.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Penzioner\Desktop\New Folder\H3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - F:\PROGRA~1\eSnips\SnipBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [eSnips] "F:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MBM 5] "F:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "F:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ICQ Lite] "F:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Rscmpt] F:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cool Sect Deaf Site] F:\Documents and Settings\All Users\Application Data\Flap Mpeg Cool Sect\LoadLicense.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "F:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [waythat] F:\DOCUME~1\PENZIO~1\APPLIC~1\ONLINE~1\Flaw Flag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Snip to my eSnips account - F:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....4287612571
O17 - HKLM\System\CCS\Services\Tcpip\..\{8735214C-5837-4C76-A635-2C05E499A9B6}: NameServer = 195.222.32.10 195.222.32.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{8735214C-5837-4C76-A635-2C05E499A9B6}: NameServer = 195.222.32.10 195.222.32.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: RvscomSv - RVS Datentechnik GmbH, Munich - F:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, Munich - F:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - F:\WINDOWS\system32\WFXSVC.EXE
Dopuna: 17 Dec 2006 18:24
NoLop je nasao jedan fajl sa .job i trazio je reboot. Upload sam i ona dva fajla.
Hvala
|
|
|
|
|
|
|
Poslao: 17 Dec 2006 18:59
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Posto rapha ima problema sa netom, tako da cu ja da upadnem.
Prvo, ukoliko imas instaliran Messenger Plus!, bilo bi dobro da ga deinstaliras posto su neke od ovih stvari najverovatnije stigle sa njim (kao sponzori).
Ako imas dobre volje za jos jedan upload, treba nam kompletan sadrzaj sledeca dva foldera (ZIP-uj ih):
F:\Documents and Settings\All Users\Application Data\Flap Mpeg Cool Sect
F:\Documents and Settings\Penzioner\Application Data\Online Junk
Ukoliko su u njima samo ona dva fajla koja si vec poslao, onda nemoj da se mucis.
Nakon sto to uradis, bootuj u SafeMode i odatle obrisi ta dva foldera.
Ulazak u Safe Mode: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-uci-u-SAFE-MODE.html
Po povratku u normalan mod rada, skeniraj ponovo HJT-om i stikliraj sledece linije u HJT-u:
O4 - HKLM\..\Run: [Cool Sect Deaf Site] F:\Documents and Settings\All Users\Application Data\Flap Mpeg Cool Sect\LoadLicense.exe
O4 - HKCU\..\Run: [waythat] F:\DOCUME~1\PENZIO~1\APPLIC~1\ONLINE~1\Flaw Flag.exe
Nakon toga klikni na Fix Checked
Osim toga, opcionalno mozes da iskljucis i GoogleToolbarNotifier, posto je poznato da ukoliko je aktivan, da u browseru neces moci da promenis default search engine, kao i to da taj proces pravi protok podataka na netu (trosi kilobajte, da tako kazem).
Ukoliko zelis da ga iskljucis, stikliraj i liniju:
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
pa klikni na Fix Checked.
Kada sve to odradis, postavi nam svez log, da se uverimo da je sve proslo kako treba.
|
|
|
|
|
|
|
Poslao: 17 Dec 2006 20:46
|
offline
- Penzioner
- Novi MyCity građanin
- Pridružio: 06 Dec 2006
- Poruke: 21
|
Novi Log...nadam se da je sada sve ok?
Logfile of HijackThis v1.99.1
Scan saved at 20:44:34, on 17.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WFXSVC.EXE
F:\Program Files\Symantec\WinFax\WFXMOD32.EXE
F:\PROGRA~1\eSnips\ClientGW.exe
F:\WINDOWS\system32\wfxsnt40.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\Motherboard Monitor 5\MBM5.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\DAP\DAP.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\Rscmpt.exe
F:\WINDOWS\system32\taskswitch.exe
F:\WINDOWS\Mixer.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\Google Talk\googletalk.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\WINDOWS\system32\Runcheck.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Penzioner\Desktop\New Folder\H3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - F:\PROGRA~1\eSnips\SnipBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [eSnips] "F:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MBM 5] "F:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "F:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ICQ Lite] "F:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Rscmpt] F:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "F:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Snip to my eSnips account - F:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....4287612571
O17 - HKLM\System\CCS\Services\Tcpip\..\{8735214C-5837-4C76-A635-2C05E499A9B6}: NameServer = 195.222.32.10 195.222.32.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{8735214C-5837-4C76-A635-2C05E499A9B6}: NameServer = 195.222.32.10 195.222.32.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: RvscomSv - RVS Datentechnik GmbH, Munich - F:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, Munich - F:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - F:\WINDOWS\system32\WFXSVC.EXE
|
|
|
|
|
|
|
Poslao: 17 Dec 2006 21:01
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Cestitke, log je OK.
Nadam se da si ona dva spomenuta foldera skroz obrisao, da se infekcija ne bi vratila.
|
|
|
|
|
|
