Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Internet Explorer - cudan problem

[es] :: Zaštita :: Internet Explorer - cudan problem

[ Pregleda: 3952 | Odgovora: 18 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Internet Explorer - cudan problem20.04.2009. u 08:44 - pre 182 meseci
Pozdrav!

Skoro uopste ne koristim doticni browser, i tacno bi me bolelo uvo da ne postoji uopste. Ali...
Pre nekih 2 meseca sam stavio novi sistem, xp sp3, stavio sam kaspersky(imao sam sve zive i uvek su uletali najgori virusi) i redovno radim update.
Od skora, kad upalim racunar, medju procesima se pojave 2 procesa IEXPLORER.exe, koja ako ih ne ugasim otvaraju neke stranice za zvukom(il muzika, il video) i tako koristi maksimalno vezu.
Da napomenem da se ti prozori uopste ne vide i nigde ih nema, cuje se samo zvuk. Radio sam razna skeniranja i nadje uvek neke spyware, il viruse, ali ovaj problem uvek ostaje.

Ako neko ima neko resenje, bilo bi super da se oslobodim ovog 'pain in the ass'.
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 09:17 - pre 182 meseci
Skinite program HijackThis

Kada ga preuzmete, preimenujte fajl u bilo sta, npr. “blabla.exe”. Pokrenite ga i kliknite “Do a system scan and save a logfile”. Taj log iskopirajte ovde. ;)
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 09:26 - pre 182 meseci
Hvala na brzom odgovoru!


Citat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:37 AM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Documents and Settings\Daki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Documents and Settings\Daki\Desktop\blabla.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: D - {44A83728-E814-36DF-BB0D-9ADEA2485013} - C:\WINDOWS\system32\xwr64003.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ad20ae6b4396) (gupdate1c9ad20ae6b4396) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9222 bytes
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 09:33 - pre 182 meseci
Trudim se da budem sto brzi. :)

Stiklirajte sledece objekte i kliknite “Fix checked”

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)

Posle toga restartujte kompjuter i napravite novi log.
Ako mozete fajlove "C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll", "C:\Program Files\pdfforge Toolbar\SearchSettings.dll" i "C:\Program Files\pdfforge Toolbar\SearchSettings.exe" da zapakujete u ".rar"/".zip" sa password-om "virus" i posaljete na [email protected].
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 10:03 - pre 182 meseci
Odradio sam sve kako ste napisali, ali posle restarta, IEXPLORER je i dalje bio u procesu.

Citat:
Posle toga restartujte kompjuter i napravite novi log.
Ako mozete fajlove "C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll", "C:\Program Files\pdfforge Toolbar\SearchSettings.dll" i "C:\Program Files\pdfforge Toolbar\SearchSettings.exe" da zapakujete u ".rar"/".zip" sa password-om "virus" i posaljete na [email protected].


Ovo ste trebali da napisete pre nego sto ih je 'HijackThis' obrisao :).
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 10:10 - pre 182 meseci
Ne, izbrisao je automatsko pokretanje tih fajlova, a oni su ostali. ;)

Mozete li da napravite novi log HijackThis-a?

Ako moze i log RootRepeal-a
1. Skinite sa http://rootrepeal.googlepages.com/RootRepeal.rar
2. Odradite sve kao na slici prateci postupke po broju
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 10:43 - pre 182 meseci
Evo u attachment-u su 2 log-a.
Prikačeni fajlovi
hijackthis.log hijackthis.log - 7.95k
RootRepeal.txt RootRepeal.txt - 44.88k
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 11:15 - pre 182 meseci
Cini mi se da su logovi cisti.

Citat:
|DARKO|: 2 procesa IEXPLORER.exe


Da nisu IEXPLORE.EXE?

Da li su prestale da se otvaraju stranice?
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 11:32 - pre 182 meseci
Da, IEXPLORER.EXE, nisam mislio da su bitna velika/mala slova za ekstenziju.

Sad sam restartovao komp i procesi su i dalje tu, sto znaci da je problem ostao.
Stranice sa tim zvukovima ne otvori odmah, nego posle nekoliko minuta, mozda cak i pola sata. Veoma podmuklo...
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 11:45 - pre 182 meseci
Niste me razumeli. Da li su procesi IEXPLORER.EXE ili IEXPLORE.EXE?
P.S. Iskljucite sve programe kada se upali kompjuter i sacekajte da li ce se simptomi pojaviti.

Ako sve bude po starom onda iskljucite svu zastitu(Desni klik na Kaspersky u tray-u > Exit).
Skinite ComboFix na Desktop. Startujte ga i ne dirajte prozor programa dok skenira. Sledite uputstva koja vam program zadaje. Kada se zavrsi proces skeniranja pojavice se izvestaj koji cete ovde iskopirati. Ako slucajno ugasite izvestaj on se nalazi na C:\ComboFix.txt.

Napomena: Ukoliko vam upustvo nije najjasnije pogledajte ovaj link.

P.S. Zamolio bih Nemanju da "preuzme slucaj" usled mog ne bas dobrog poznavanja ComboFix-a. ;)

[Ovu poruku je menjao Dashkes dana 20.04.2009. u 12:57 GMT+1]

[Ovu poruku je menjao Dashkes dana 20.04.2009. u 12:58 GMT+1]
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 11:53 - pre 182 meseci
Jeste, IEXPLORE.EXE
Ja se stvarno izvinjavam, uopste nisam primetio da fali 'R', a gasio sam ih milion puta.
 
Odgovor na temu

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 12:10 - pre 182 meseci
Privremeno ugasi Kaspersky:

• Klikni desnim tasterom na Kaspersky ikonicu u donjem, desnom uglu ekrana i izaberi Pause Protection.
• U prozoru koji se otvori, izaberi By User Request.

Skini ComboFix na Desktop. Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva koja ti program zadaje. Kada se zavrsi proces skeniranja pojavice se izvestaj koji ces ovde iskopirati. Ako slucajno ugasis izvestaj on se nalazi na C:\ComboFix.txt.

Napomena: Ukoliko ti upustvo nije najjasnije pogledaj ovaj link.
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
93.86.91.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 13:14 - pre 182 meseci
Uradio sam kako si rekao, ali je izgleda zakucao komp. Ovo pisem sa laptop-a. Stigao je do stage_27 i tu stoji 15-tak minuta.
Lampica hard-a je upaljena non-stop, a mis nece ni da se pomeri. Dok je radio scan, nisam ga uopste dirao.

Jel ce biti opasno da ga restartujem sad?
 
Odgovor na temu

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 13:25 - pre 182 meseci
Restartuj racunar. Obicno zaglavi kada je neka veca "zaraza" u pitanju. Trebalo bi iz drugog puta da proradi. Skeniranje/ciscenje kod zarazenih racunara moze da potraje oko 20 minuta.

Ako i posle drugog puta zaglavi, restartuj racunar, skini novu kopiju ComboFix-a, proveri da li je Kaspersky ugasen i pre nego sto pustis ComboFix, u Task Manager-u "ubi" ove procese:

SearchSettings.exe i oba IEXPLORE.EXE


[Ovu poruku je menjao Nemanja Živanović dana 20.04.2009. u 14:36 GMT+1]
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 13:37 - pre 182 meseci
Ovaj put je odradio za bukvalno 3min.

Evo log:
Citat:
ComboFix 09-04-20.A1 - Daki 04/20/2009 14:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1555 [GMT 2:00]
Running from: c:\documents and settings\Daki\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.

2009-04-20 09:04 . 2009-04-20 09:04 11 ----a-r c:\windows\amunres.lsl
2009-04-20 09:04 . 2009-04-20 10:28 -------- d-----w c:\windows\SxsCaPendDel
2009-04-18 05:20 . 2009-04-18 18:38 -------- d-----w c:\documents and settings\All Users\Application Data\Cabela's® Big Game Hunter III Saves
2009-04-18 05:18 . 2005-05-26 13:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-18 05:15 . 2009-04-18 05:15 -------- d-----w c:\program files\Activision Value
2009-04-16 16:21 . 2009-04-16 16:21 -------- d-----w c:\program files\Sagasoft
2009-04-16 16:09 . 2009-04-16 16:09 -------- d-----w c:\program files\MusicBrainz Picard
2009-04-16 04:36 . 2009-04-16 16:01 -------- d-----r C:\UDC Output Files
2009-04-16 03:55 . 2004-03-08 23:00 662288 ----a-w c:\windows\system32\MSCOMCT2.OCX
2009-04-16 03:55 . 2001-10-28 15:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-04-16 03:55 . 1998-06-23 23:00 137000 ----a-w c:\windows\system32\MSMAPI32.OCX
2009-04-16 03:55 . 2009-04-16 03:55 -------- d-----w c:\program files\PDFCreator
2009-04-16 03:55 . 1998-07-05 23:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-04-14 04:27 . 2009-04-14 04:27 140288 ----a-w c:\windows\system32\COMDLG32.OCX
2009-04-13 19:50 . 2009-04-13 19:50 376832 ----a-w c:\windows\suinstw4001.exe
2009-04-13 19:50 . 2009-04-13 19:50 -------- d-----w c:\program files\XIIZeal
2009-04-09 19:24 . 2009-04-09 19:27 -------- d-----w c:\windows\NV50044252.TMP
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\Downloaded Installations
2009-04-06 08:27 . 2009-04-06 08:27 -------- d-----w c:\program files\PhotomatixPro3
2009-04-04 20:29 . 2009-04-04 20:29 -------- d-----w c:\program files\Koingo Software
2009-03-30 17:52 . 2009-03-30 17:52 -------- d-----w c:\program files\Rockstar Games
2009-03-29 09:12 . 2009-03-29 09:14 -------- d-----w c:\program files\Privacy center
2009-03-29 09:12 . 2009-03-29 09:12 -------- d-----w c:\documents and settings\Daki\Application Data\Privacy center
2009-03-29 08:33 . 2009-03-29 08:33 -------- d-----w c:\documents and settings\Daki\Application Data\Uniblue
2009-03-29 08:33 . 2009-03-29 08:33 -------- d-----w c:\program files\Uniblue
2009-03-29 08:32 . 2009-03-29 08:33 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-29 07:39 . 2009-03-29 07:39 -------- d-----w c:\program files\Jufsoft
2009-03-28 17:36 . 2009-03-28 17:36 109378686 ----a-w c:\windows\system32\xa7226718.exe
2009-03-28 17:36 . 2009-03-28 17:36 109378686 ----a-w c:\windows\system32\xa7224921.exe
2009-03-27 09:35 . 2009-03-31 05:57 -------- d-----w c:\program files\DU Meter
2009-03-27 06:11 . 2009-03-27 06:11 109378686 ----a-w c:\windows\system32\xa2468937.exe
2009-03-27 06:11 . 2009-03-27 06:11 109378686 ----a-w c:\windows\system32\xa2467140.exe
2009-03-27 06:11 . 2009-03-27 06:11 200704 ----a-w c:\windows\system32\xwr64003.dll
2009-03-27 06:11 . 2009-03-27 06:11 200704 ----a-w c:\windows\system32\wr64003.dll
2009-03-27 06:10 . 2009-03-27 06:10 109378686 ----a-w c:\windows\system32\xa2422375.exe
2009-03-27 06:10 . 2009-03-27 06:10 109378686 ----a-w c:\windows\system32\xa2416562.exe
2009-03-27 06:10 . 2009-03-27 06:10 109378686 ----a-w c:\windows\system32\xa2406109.exe
2009-03-27 06:10 . 2009-03-27 06:10 109378686 ----a-w c:\windows\system32\xa2404125.exe
2009-03-25 18:11 . 2009-03-25 18:11 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-03-25 08:07 . 2009-03-25 08:07 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-03-25 06:22 . 2009-03-25 06:22 -------- d-----w c:\documents and settings\Daki\Application Data\ABBYY
2009-03-25 06:21 . 2009-04-20 12:34 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-25 06:19 . 2009-03-25 06:22 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\ABBYY
2009-03-25 06:19 . 2009-03-25 06:22 -------- d-----w c:\program files\ABBYY FineReader 9.0
2009-03-25 06:19 . 2009-03-25 06:19 -------- d-----w c:\documents and settings\All Users\Application Data\ABBYY
2009-03-25 05:30 . 2009-03-25 05:30 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\MiKTeX
2009-03-25 05:30 . 2009-03-25 05:30 -------- d-----w c:\documents and settings\All Users\Application Data\MiKTeX
2009-03-25 05:26 . 2009-03-25 05:29 -------- d-----w c:\program files\MiKTeX 2.7
2009-03-25 05:14 . 2009-03-25 20:13 -------- d-----w c:\documents and settings\Daki\Application Data\WinEdt
2009-03-25 05:14 . 2009-03-25 05:14 -------- d-----w c:\program files\WinEdt Team
2009-03-24 19:49 . 2009-03-24 19:49 -------- d-----w c:\documents and settings\Daki\Application Data\Kaspersky_Key_Finder_(KKF
2009-03-23 21:32 . 2009-03-23 21:33 -------- d-----w c:\program files\AnvSoft Photo Flash Maker Professional
2009-03-23 20:12 . 2009-03-23 20:12 -------- d--h--w c:\windows\PIF
2009-03-22 20:18 . 2009-03-22 20:18 -------- d-----w c:\windows\system32\AGEIA
2009-03-22 20:18 . 2009-03-22 20:18 -------- d-----w c:\program files\AGEIA Technologies
2009-03-22 20:17 . 2009-03-27 08:03 215465 ----a-w c:\windows\system32\nvapps.nvb
2009-03-22 20:17 . 2009-03-22 20:19 -------- d-----w c:\windows\NV14523752.TMP
2009-03-22 20:17 . 2009-03-22 20:17 -------- d-----w C:\NVIDIA
2009-03-22 14:00 . 2009-04-20 09:04 -------- d-----w c:\program files\Astraware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 12:34 . 2009-02-22 21:36 -------- d-----w c:\documents and settings\Daki\Application Data\Skype
2009-04-20 12:34 . 2009-03-07 12:40 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-20 12:33 . 2009-03-07 12:40 8881184 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 12:33 . 2009-03-07 12:40 72560 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-20 12:33 . 2009-03-07 12:40 655392 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-20 12:33 . 2009-03-07 12:40 5416 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-20 10:27 . 2009-02-23 07:42 -------- d-----w c:\documents and settings\Daki\Application Data\Azureus
2009-04-20 09:04 . 2009-02-26 09:39 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-20 08:57 . 2009-03-07 10:30 -------- d-----w c:\documents and settings\Daki\Application Data\skypePM
2009-04-19 13:22 . 2009-02-23 07:40 -------- d-----w c:\program files\Vuze
2009-04-16 17:36 . 2009-02-23 19:56 -------- d-----w c:\program files\Winamp
2009-04-16 17:35 . 2009-02-23 19:56 -------- d-----w c:\documents and settings\Daki\Application Data\Winamp
2009-04-09 12:30 . 2009-02-23 06:56 -------- d-----w c:\documents and settings\Daki\Application Data\uTorrent
2009-04-08 19:02 . 2009-02-22 21:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 18:51 . 2009-02-25 07:22 162816 ----a-w c:\windows\system32\fmod.dll
2009-04-05 20:55 . 2009-02-23 06:56 -------- d-----w c:\program files\uTorrent
2009-04-02 17:08 . 2009-02-23 07:09 -------- d-----w c:\program files\Buddy Icon Constructor FREE
2009-03-31 05:55 . 2009-02-22 21:03 69624 ----a-w c:\documents and settings\Daki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 05:55 . 2009-03-19 20:32 -------- d-----w c:\program files\Google
2009-03-29 21:39 . 2009-02-23 10:33 -------- d-----w c:\documents and settings\Daki\Application Data\DAEMON Tools
2009-03-27 06:14 . 2009-02-22 21:12 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-22 20:18 . 2009-03-11 05:51 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-22 20:02 . 2009-02-24 22:41 -------- d-----w c:\program files\Chartcross
2009-03-22 20:01 . 2009-03-07 10:59 -------- d-----w c:\program files\Resco
2009-03-22 19:59 . 2009-03-03 09:23 -------- d-----w c:\program files\MDM
2009-03-16 21:15 . 2009-02-22 22:08 -------- d-----w c:\program files\Common Files\Adobe
2009-03-16 21:14 . 2009-03-16 21:14 -------- d-----w c:\program files\Adobe Media Player
2009-03-16 21:12 . 2009-03-16 21:12 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-12 20:29 . 2009-02-23 07:49 -------- d-----w c:\program files\JetAudio
2009-03-11 05:57 . 2009-03-11 05:51 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 05:51 . 2009-03-11 05:51 -------- d-----w c:\program files\Lavasoft
2009-03-07 12:53 . 2008-01-29 17:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-07 12:53 . 2009-03-07 12:40 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-07 12:53 . 2009-03-07 12:40 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-07 12:40 . 2009-03-07 12:40 -------- d-----w c:\program files\Kaspersky Lab
2009-03-07 12:39 . 2009-03-07 12:39 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-07 10:58 . 2009-03-07 10:58 -------- d-----w c:\program files\IMPlus for Skype 1.00 for PocketPC
2009-03-07 10:29 . 2009-03-07 10:29 -------- d-----w c:\program files\Common Files\Skype
2009-03-07 10:29 . 2009-02-22 21:36 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 10:29 . 2009-02-22 21:35 -------- d-----r c:\program files\Skype
2009-03-06 21:29 . 2009-03-06 21:29 -------- d-----w c:\program files\Handmark
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\documents and settings\Daki\Application Data\Publish Providers
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\documents and settings\Daki\Application Data\Sony
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\program files\Sony
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\program files\Sony Setup
2009-02-28 17:14 . 2009-02-28 17:14 -------- d-----w c:\program files\Crystal Player
2009-02-26 11:56 . 2009-02-26 11:56 -------- d-----w c:\program files\Soft Object Technologies Inc
2009-02-26 10:35 . 2009-02-26 10:35 -------- d-----w c:\program files\Belkin
2009-02-26 09:30 . 2009-02-26 09:18 35328 ----a-w c:\windows\system32\cygz.dll
2009-02-26 09:30 . 2009-02-26 09:18 35328 ----a-w c:\windows\cygz.dll
2009-02-26 09:30 . 2009-02-26 09:18 1126281 ----a-w c:\windows\system32\cygwin1.dll
2009-02-26 09:30 . 2009-02-26 09:18 1126281 ----a-w c:\windows\cygwin1.dll
2009-02-26 08:22 . 2009-02-26 08:22 -------- d-----w c:\program files\Padus
2009-02-26 08:16 . 2009-02-26 08:16 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-23 22:36 . 2009-02-23 22:36 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-23 22:32 . 2009-02-23 22:32 -------- d-----w c:\program files\Bonjour
2009-02-23 22:28 . 2009-02-23 22:28 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-23 20:19 . 2009-02-23 20:19 -------- d-----w c:\documents and settings\Daki\Application Data\AdobeUM
2009-02-23 10:38 . 2009-02-23 10:34 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-23 10:37 . 2009-02-23 10:37 -------- d-----w c:\program files\Microsoft Works
2009-02-23 10:37 . 2009-02-23 10:37 -------- d-----w c:\program files\MSBuild
2009-02-23 10:34 . 2009-02-23 10:33 -------- d-----w c:\program files\DAEMON Tools Lite
2009-02-23 10:31 . 2009-02-23 10:31 715248 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-23 10:30 . 2009-02-23 10:30 -------- d-----w c:\documents and settings\All Users\Application Data\NexonEU
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Common Files\Macromedia Shared
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Common Files\Macromedia
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Macromedia
2009-02-23 09:30 . 2009-02-22 21:12 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-23 07:49 . 2009-02-23 07:49 -------- d-----w c:\documents and settings\Daki\Application Data\COWON
2009-02-23 07:49 . 2009-02-23 07:49 -------- d-----w c:\program files\Common Files\COWON
2009-02-23 07:42 . 2009-02-23 07:42 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-02-23 07:40 . 2009-02-23 07:40 -------- d-----w c:\program files\Common Files\i4j_jres
2009-02-23 07:02 . 2009-02-22 22:06 -------- d-----w c:\documents and settings\Daki\Application Data\Notepad++
2009-02-23 07:01 . 2009-02-23 07:01 -------- d-----w c:\program files\totalcmd
2009-02-22 22:11 . 2009-02-22 22:11 -------- d-----w c:\program files\K-Lite Codec Pack
2009-02-22 22:09 . 2009-02-22 22:09 -------- d-----w c:\documents and settings\Daki\Application Data\Media Player Classic
2009-02-22 22:06 . 2009-02-22 22:06 -------- d-----w c:\program files\Notepad++
2009-02-22 21:58 . 2009-02-22 21:58 -------- d-----w c:\program files\Yahoo!
2009-02-22 21:55 . 2009-02-22 21:55 -------- d-----w c:\program files\Microsoft
2009-02-22 21:55 . 2009-02-22 21:54 -------- d-----w c:\program files\Windows Live
2009-02-22 21:53 . 2009-02-22 21:53 -------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-02-22 21:47 . 2009-02-22 21:47 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-22 21:27 . 2009-02-22 21:23 15600 ----a-w c:\windows\gdrv.sys
2009-02-22 21:26 . 2009-02-22 21:25 429 ----a-w C:\RHDSetup.log
2009-02-22 21:26 . 2009-02-22 21:25 206 ----a-w C:\csb.log
2009-02-22 21:25 . 2009-02-22 21:25 -------- d-----w c:\program files\Realtek
2009-02-22 21:25 . 2009-02-22 21:25 315392 ----a-w c:\windows\HideWin.exe
2009-02-22 21:25 . 2009-02-22 21:25 -------- d-----w c:\program files\DIFX
2009-02-22 21:24 . 2009-02-22 21:24 -------- d-----w c:\documents and settings\Daki\Application Data\InstallShield
2009-02-22 21:22 . 2009-02-22 21:22 -------- d-----w c:\program files\Microsoft IntelliPoint
2009-02-22 21:22 . 2009-02-22 21:22 -------- d-----w c:\program files\Microsoft IntelliType Pro
2009-02-22 21:15 . 2009-02-22 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-22 21:03 . 2009-02-22 20:58 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-22 20:59 . 2009-02-22 20:59 -------- d-----w c:\program files\microsoft frontpage
2009-02-22 20:56 . 2009-02-22 20:56 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44A83728-E814-36DF-BB0D-9ADEA2485013}]
2009-03-27 06:11 200704 ----a-w c:\windows\system32\xwr64003.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-10-17 979968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-03 486856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"Google Update"="c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-07 206088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Daki\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-7-20 2913584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2004-10-1 565309]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 gupdate1c9ad20ae6b4396;Google Update Service (gupdate1c9ad20ae6b4396);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
R4 ASKService;ASKService; [x]
R4 ASKUpgrade;ASKUpgrade; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-03-07 33808]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b76352-297a-11de-a566-001a4dfbfa37}]
\Shell\AutoRun\command - yo2mq6.exe
\Shell\explore\Command - yo2mq6.exe
\Shell\open\Command - yo2mq6.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ace938dd-1bcc-11de-a54b-001a4dfbfa37}]
\Shell\AutoRun\command - ohexwx.exe
\Shell\explore\Command - ohexwx.exe
\Shell\open\Command - ohexwx.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 08:06]

2009-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-789336058-1801674531-1003.job
- c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 06:38]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Daki\Application Data\Mozilla\Firefox\Profiles\yr3dw3ez.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 14:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rootrepeal]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-20 14:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-20 12:36

Pre-Run: 18,386,006,016 bytes free
Post-Run: 21,615,906,816 bytes free

313


Da, da dodam, nema vise procesa IEXPLORE.EXE :)
Jel u log-u sve ok?
 
Odgovor na temu

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 14:10 - pre 182 meseci
Opet iskljuci Kaspersky. Otvori Notepad i iskopiraj sledeci tekst:

Citat:


File::
c:\windows\system32\xa7226718.exe
c:\windows\system32\xa7224921.exe
c:\windows\system32\xa2468937.exe
c:\windows\system32\xa2467140.exe
c:\windows\system32\xwr64003.dll
c:\windows\system32\wr64003.dll
c:\windows\system32\xa2422375.exe
c:\windows\system32\xa2416562.exe
c:\windows\system32\xa2406109.exe
c:\windows\system32\xa2404125.exe

Driver::
ASKService
ASKUpgrade

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b76352-297a-11de-a566-001a4dfbfa37}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ace938dd-1bcc-11de-a54b-001a4dfbfa37}]



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljenu tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Prati upustva koja ti zadajem do kraja, posto treba da uninstaliramo ComboFix kad sve zavrsimo.
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 14:26 - pre 182 meseci
Citat:
ComboFix 09-04-20.A1 - Daki 04/20/2009 15:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1401 [GMT 2:00]
Running from: c:\documents and settings\Daki\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Daki\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\wr64003.dll
c:\windows\system32\xa2404125.exe
c:\windows\system32\xa2406109.exe
c:\windows\system32\xa2416562.exe
c:\windows\system32\xa2422375.exe
c:\windows\system32\xa2467140.exe
c:\windows\system32\xa2468937.exe
c:\windows\system32\xa7224921.exe
c:\windows\system32\xa7226718.exe
c:\windows\system32\xwr64003.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wr64003.dll
c:\windows\system32\xa2404125.exe
c:\windows\system32\xa2406109.exe
c:\windows\system32\xa2416562.exe
c:\windows\system32\xa2422375.exe
c:\windows\system32\xa2467140.exe
c:\windows\system32\xa2468937.exe
c:\windows\system32\xa7224921.exe
c:\windows\system32\xa7226718.exe
c:\windows\system32\xwr64003.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Service_ASKService
-------\Service_ASKUpgrade


((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.

2009-04-20 12:37 . 2009-04-20 12:37 -------- d-----w c:\program files\AskBardis
2009-04-20 09:04 . 2009-04-20 09:04 11 ----a-r c:\windows\amunres.lsl
2009-04-20 09:04 . 2009-04-20 10:28 -------- d-----w c:\windows\SxsCaPendDel
2009-04-18 05:20 . 2009-04-18 18:38 -------- d-----w c:\documents and settings\All Users\Application Data\Cabela's® Big Game Hunter III Saves
2009-04-18 05:18 . 2005-05-26 13:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-18 05:15 . 2009-04-18 05:15 -------- d-----w c:\program files\Activision Value
2009-04-16 16:21 . 2009-04-16 16:21 -------- d-----w c:\program files\Sagasoft
2009-04-16 16:09 . 2009-04-16 16:09 -------- d-----w c:\program files\MusicBrainz Picard
2009-04-16 04:36 . 2009-04-16 16:01 -------- d-----r C:\UDC Output Files
2009-04-16 03:55 . 2004-03-08 23:00 662288 ----a-w c:\windows\system32\MSCOMCT2.OCX
2009-04-16 03:55 . 2001-10-28 15:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-04-16 03:55 . 1998-06-23 23:00 137000 ----a-w c:\windows\system32\MSMAPI32.OCX
2009-04-16 03:55 . 2009-04-16 03:55 -------- d-----w c:\program files\PDFCreator
2009-04-16 03:55 . 1998-07-05 23:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-04-14 04:27 . 2009-04-14 04:27 140288 ----a-w c:\windows\system32\COMDLG32.OCX
2009-04-13 19:50 . 2009-04-13 19:50 376832 ----a-w c:\windows\suinstw4001.exe
2009-04-13 19:50 . 2009-04-13 19:50 -------- d-----w c:\program files\XIIZeal
2009-04-09 19:24 . 2009-04-09 19:27 -------- d-----w c:\windows\NV50044252.TMP
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\Downloaded Installations
2009-04-06 08:27 . 2009-04-06 08:27 -------- d-----w c:\program files\PhotomatixPro3
2009-04-04 20:29 . 2009-04-04 20:29 -------- d-----w c:\program files\Koingo Software
2009-03-30 17:52 . 2009-03-30 17:52 -------- d-----w c:\program files\Rockstar Games
2009-03-29 09:12 . 2009-03-29 09:14 -------- d-----w c:\program files\Privacy center
2009-03-29 09:12 . 2009-03-29 09:12 -------- d-----w c:\documents and settings\Daki\Application Data\Privacy center
2009-03-29 08:33 . 2009-03-29 08:33 -------- d-----w c:\documents and settings\Daki\Application Data\Uniblue
2009-03-29 08:33 . 2009-03-29 08:33 -------- d-----w c:\program files\Uniblue
2009-03-29 08:32 . 2009-03-29 08:33 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-29 07:39 . 2009-03-29 07:39 -------- d-----w c:\program files\Jufsoft
2009-03-27 09:35 . 2009-03-31 05:57 -------- d-----w c:\program files\DU Meter
2009-03-25 18:11 . 2009-03-25 18:11 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-03-25 08:07 . 2009-03-25 08:07 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-03-25 06:22 . 2009-03-25 06:22 -------- d-----w c:\documents and settings\Daki\Application Data\ABBYY
2009-03-25 06:21 . 2009-04-20 13:22 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-25 06:19 . 2009-03-25 06:22 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\ABBYY
2009-03-25 06:19 . 2009-03-25 06:22 -------- d-----w c:\program files\ABBYY FineReader 9.0
2009-03-25 06:19 . 2009-03-25 06:19 -------- d-----w c:\documents and settings\All Users\Application Data\ABBYY
2009-03-25 05:30 . 2009-03-25 05:30 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\MiKTeX
2009-03-25 05:30 . 2009-03-25 05:30 -------- d-----w c:\documents and settings\All Users\Application Data\MiKTeX
2009-03-25 05:26 . 2009-03-25 05:29 -------- d-----w c:\program files\MiKTeX 2.7
2009-03-25 05:14 . 2009-03-25 20:13 -------- d-----w c:\documents and settings\Daki\Application Data\WinEdt
2009-03-25 05:14 . 2009-03-25 05:14 -------- d-----w c:\program files\WinEdt Team
2009-03-24 19:49 . 2009-03-24 19:49 -------- d-----w c:\documents and settings\Daki\Application Data\Kaspersky_Key_Finder_(KKF
2009-03-23 21:32 . 2009-03-23 21:33 -------- d-----w c:\program files\AnvSoft Photo Flash Maker Professional
2009-03-23 20:12 . 2009-03-23 20:12 -------- d--h--w c:\windows\PIF
2009-03-22 20:18 . 2009-03-22 20:18 -------- d-----w c:\windows\system32\AGEIA
2009-03-22 20:18 . 2009-03-22 20:18 -------- d-----w c:\program files\AGEIA Technologies
2009-03-22 20:17 . 2009-03-27 08:03 215465 ----a-w c:\windows\system32\nvapps.nvb
2009-03-22 20:17 . 2009-03-22 20:19 -------- d-----w c:\windows\NV14523752.TMP
2009-03-22 20:17 . 2009-03-22 20:17 -------- d-----w C:\NVIDIA
2009-03-22 14:00 . 2009-04-20 09:04 -------- d-----w c:\program files\Astraware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 13:22 . 2009-02-22 21:36 -------- d-----w c:\documents and settings\Daki\Application Data\Skype
2009-04-20 13:22 . 2009-03-07 12:40 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-20 12:33 . 2009-03-07 12:40 8881184 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 12:33 . 2009-03-07 12:40 72560 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-20 12:33 . 2009-03-07 12:40 655392 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-20 12:33 . 2009-03-07 12:40 5416 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-20 10:27 . 2009-02-23 07:42 -------- d-----w c:\documents and settings\Daki\Application Data\Azureus
2009-04-20 09:04 . 2009-02-26 09:39 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-20 08:57 . 2009-03-07 10:30 -------- d-----w c:\documents and settings\Daki\Application Data\skypePM
2009-04-19 13:22 . 2009-02-23 07:40 -------- d-----w c:\program files\Vuze
2009-04-16 17:36 . 2009-02-23 19:56 -------- d-----w c:\program files\Winamp
2009-04-16 17:35 . 2009-02-23 19:56 -------- d-----w c:\documents and settings\Daki\Application Data\Winamp
2009-04-09 12:30 . 2009-02-23 06:56 -------- d-----w c:\documents and settings\Daki\Application Data\uTorrent
2009-04-08 19:02 . 2009-02-22 21:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 18:51 . 2009-02-25 07:22 162816 ----a-w c:\windows\system32\fmod.dll
2009-04-05 20:55 . 2009-02-23 06:56 -------- d-----w c:\program files\uTorrent
2009-04-02 17:08 . 2009-02-23 07:09 -------- d-----w c:\program files\Buddy Icon Constructor FREE
2009-03-31 05:55 . 2009-02-22 21:03 69624 ----a-w c:\documents and settings\Daki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 05:55 . 2009-03-19 20:32 -------- d-----w c:\program files\Google
2009-03-29 21:39 . 2009-02-23 10:33 -------- d-----w c:\documents and settings\Daki\Application Data\DAEMON Tools
2009-03-27 06:14 . 2009-02-22 21:12 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-22 20:18 . 2009-03-11 05:51 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-22 20:02 . 2009-02-24 22:41 -------- d-----w c:\program files\Chartcross
2009-03-22 20:01 . 2009-03-07 10:59 -------- d-----w c:\program files\Resco
2009-03-22 19:59 . 2009-03-03 09:23 -------- d-----w c:\program files\MDM
2009-03-16 21:15 . 2009-02-22 22:08 -------- d-----w c:\program files\Common Files\Adobe
2009-03-16 21:14 . 2009-03-16 21:14 -------- d-----w c:\program files\Adobe Media Player
2009-03-16 21:12 . 2009-03-16 21:12 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-12 20:29 . 2009-02-23 07:49 -------- d-----w c:\program files\JetAudio
2009-03-11 05:57 . 2009-03-11 05:51 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 05:51 . 2009-03-11 05:51 -------- d-----w c:\program files\Lavasoft
2009-03-07 12:53 . 2008-01-29 17:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-07 12:53 . 2009-03-07 12:40 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-07 12:53 . 2009-03-07 12:40 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-07 12:40 . 2009-03-07 12:40 -------- d-----w c:\program files\Kaspersky Lab
2009-03-07 12:39 . 2009-03-07 12:39 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-07 10:58 . 2009-03-07 10:58 -------- d-----w c:\program files\IMPlus for Skype 1.00 for PocketPC
2009-03-07 10:29 . 2009-03-07 10:29 -------- d-----w c:\program files\Common Files\Skype
2009-03-07 10:29 . 2009-02-22 21:36 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 10:29 . 2009-02-22 21:35 -------- d-----r c:\program files\Skype
2009-03-06 21:29 . 2009-03-06 21:29 -------- d-----w c:\program files\Handmark
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\documents and settings\Daki\Application Data\Publish Providers
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\documents and settings\Daki\Application Data\Sony
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\program files\Sony
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\program files\Sony Setup
2009-02-28 17:14 . 2009-02-28 17:14 -------- d-----w c:\program files\Crystal Player
2009-02-26 11:56 . 2009-02-26 11:56 -------- d-----w c:\program files\Soft Object Technologies Inc
2009-02-26 10:35 . 2009-02-26 10:35 -------- d-----w c:\program files\Belkin
2009-02-26 09:30 . 2009-02-26 09:18 35328 ----a-w c:\windows\system32\cygz.dll
2009-02-26 09:30 . 2009-02-26 09:18 35328 ----a-w c:\windows\cygz.dll
2009-02-26 09:30 . 2009-02-26 09:18 1126281 ----a-w c:\windows\system32\cygwin1.dll
2009-02-26 09:30 . 2009-02-26 09:18 1126281 ----a-w c:\windows\cygwin1.dll
2009-02-26 08:22 . 2009-02-26 08:22 -------- d-----w c:\program files\Padus
2009-02-26 08:16 . 2009-02-26 08:16 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-23 22:36 . 2009-02-23 22:36 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-23 22:32 . 2009-02-23 22:32 -------- d-----w c:\program files\Bonjour
2009-02-23 22:28 . 2009-02-23 22:28 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-23 20:19 . 2009-02-23 20:19 -------- d-----w c:\documents and settings\Daki\Application Data\AdobeUM
2009-02-23 10:38 . 2009-02-23 10:34 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-23 10:37 . 2009-02-23 10:37 -------- d-----w c:\program files\Microsoft Works
2009-02-23 10:37 . 2009-02-23 10:37 -------- d-----w c:\program files\MSBuild
2009-02-23 10:34 . 2009-02-23 10:33 -------- d-----w c:\program files\DAEMON Tools Lite
2009-02-23 10:31 . 2009-02-23 10:31 715248 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-23 10:30 . 2009-02-23 10:30 -------- d-----w c:\documents and settings\All Users\Application Data\NexonEU
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Common Files\Macromedia Shared
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Common Files\Macromedia
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Macromedia
2009-02-23 09:30 . 2009-02-22 21:12 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-23 07:49 . 2009-02-23 07:49 -------- d-----w c:\documents and settings\Daki\Application Data\COWON
2009-02-23 07:49 . 2009-02-23 07:49 -------- d-----w c:\program files\Common Files\COWON
2009-02-23 07:42 . 2009-02-23 07:42 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-02-23 07:40 . 2009-02-23 07:40 -------- d-----w c:\program files\Common Files\i4j_jres
2009-02-23 07:02 . 2009-02-22 22:06 -------- d-----w c:\documents and settings\Daki\Application Data\Notepad++
2009-02-23 07:01 . 2009-02-23 07:01 -------- d-----w c:\program files\totalcmd
2009-02-22 22:11 . 2009-02-22 22:11 -------- d-----w c:\program files\K-Lite Codec Pack
2009-02-22 22:09 . 2009-02-22 22:09 -------- d-----w c:\documents and settings\Daki\Application Data\Media Player Classic
2009-02-22 22:06 . 2009-02-22 22:06 -------- d-----w c:\program files\Notepad++
2009-02-22 21:58 . 2009-02-22 21:58 -------- d-----w c:\program files\Yahoo!
2009-02-22 21:55 . 2009-02-22 21:55 -------- d-----w c:\program files\Microsoft
2009-02-22 21:55 . 2009-02-22 21:54 -------- d-----w c:\program files\Windows Live
2009-02-22 21:53 . 2009-02-22 21:53 -------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-02-22 21:47 . 2009-02-22 21:47 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-22 21:27 . 2009-02-22 21:23 15600 ----a-w c:\windows\gdrv.sys
2009-02-22 21:26 . 2009-02-22 21:25 429 ----a-w C:\RHDSetup.log
2009-02-22 21:26 . 2009-02-22 21:25 206 ----a-w C:\csb.log
2009-02-22 21:25 . 2009-02-22 21:25 -------- d-----w c:\program files\Realtek
2009-02-22 21:25 . 2009-02-22 21:25 315392 ----a-w c:\windows\HideWin.exe
2009-02-22 21:25 . 2009-02-22 21:25 -------- d-----w c:\program files\DIFX
2009-02-22 21:24 . 2009-02-22 21:24 -------- d-----w c:\documents and settings\Daki\Application Data\InstallShield
2009-02-22 21:22 . 2009-02-22 21:22 -------- d-----w c:\program files\Microsoft IntelliPoint
2009-02-22 21:22 . 2009-02-22 21:22 -------- d-----w c:\program files\Microsoft IntelliType Pro
2009-02-22 21:15 . 2009-02-22 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-22 21:03 . 2009-02-22 20:58 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-22 20:59 . 2009-02-22 20:59 -------- d-----w c:\program files\microsoft frontpage
2009-02-22 20:56 . 2009-02-22 20:56 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-20_12.34.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-20 13:22 . 2009-04-20 13:22 16384 c:\windows\temp\Perflib_Perfdata_b64.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-10-17 979968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-03 486856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"Google Update"="c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-07 206088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Daki\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-7-20 2913584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2004-10-1 565309]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 gupdate1c9ad20ae6b4396;Google Update Service (gupdate1c9ad20ae6b4396);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-03-07 33808]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 08:06]

2009-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-789336058-1801674531-1003.job
- c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 06:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{44A83728-E814-36DF-BB0D-9ADEA2485013} - c:\windows\system32\xwr64003.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Daki\Application Data\Mozilla\Firefox\Profiles\yr3dw3ez.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 15:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASKService]
"ImagePath"="c:\program files\AskBarDis\bar\bin\AskService.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASKUpgrade]
"ImagePath"="c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-20 15:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-20 13:24
ComboFix2.txt 2009-04-20 12:36

Pre-Run: 21,585,268,736 bytes free
Post-Run: 20,694,192,128 bytes free

323
 
Odgovor na temu

|DARKO|
Darko Kovacevic
Pancevo

Član broj: 20063
Poruke: 136
79.101.200.*

ICQ: 179153323


Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 14:41 - pre 182 meseci
Hmm, nestala ti je poruka...


Citat:
To je to. Hajde mi samo odgovori na par pitanja:

1. Kada je proradio ComboFix, posle drugog puta ili si morao da "ubijes" one procese?
2. Kakvo je sada stanje na racunaru?

Hajde da uninstaliramo ComboFix:

Otvori Start > Run i ukucaj combofix /u

Program ce se automatski uninstalirati. Nemoj zaboraviti da ukljucis svu zastitu, posto si je gasio zbog rada ovog programa.


1.Prvi put je totalno zakucao. Kad sam restartovao racunar, pokrenuo sam combofix i za 3min. je odradio scan.
2.Sad je sve ok, nema onog sugavog IEXPLORE.EXE

HVALA puno na pomoci!
 
Odgovor na temu

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Internet Explorer - cudan problem20.04.2009. u 14:45 - pre 182 meseci
Ok. Mislio sam jos nesto da sredimo, posto se opet vratio ovaj AskToolbar, ali nema veze, ne smeta on. Hvala na odgovorima. Ne zaboravi da uninstaliras ComboFix.

Pozdrav
 
Odgovor na temu

[es] :: Zaštita :: Internet Explorer - cudan problem

[ Pregleda: 3952 | Odgovora: 18 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.