Combofix opasan?

1

Combofix opasan?

offline
  • Dejvid 
  • Novi MyCity građanin
  • Pridružio: 11 Jan 2008
  • Poruke: 20

Pozdrav, Upravo sam ukucao combofix u google, ne bi li ga skinuo i uradio log, no naisao sam na post na jednom forumu koji kaze da je opasan. Evo linka techspot.com/vb/topic70127.html

Inace, imam neke viruse i stalno mi se javljaju, pritom windows xp mi se tesko pali jer na pocetku, dok je welcome ekran, javlja da ne moze da pristupi nekom .dll fajlu. Sve ostalo normalno radi. Pritom mi i IE ima nesto na kineskom u adress baru, ali ionako koristim mozillu ; )
pritom nece da obrise c:program files/ocin koji ima viruse, ali imam access denied kada pokusam da ga obrisem.
Koristim AVG free edition.
Postavicu log hijacka. Hvala unapred, stvarno zasluzujete sve pohvale za forum. David.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:23, on 11.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\a2db1.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OCINS\idnsvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
O1 - Hosts: 127.0.0.2 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\ea21.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BHO Class - {BCBD80C9-6AD7-48ed-8DF1-6963414B3649} - C:\WINDOWS\system32\flym.dll
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [hgz] rundll32 "C:\WINDOWS\Downlo~1\hgz.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [l7e] rundll32 "C:\WINDOWS\Downlo~1\l7e.dll",Run
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Access Internet Keyword - C:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: N×C¤asÎd - {FFB2385E-E812-4091-8C12-2370DC67F769} - eachnet.com/specials/digi.html?adid=dzcm_dza_000_soft0_digi (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7953 bytes

Dopuna: 11 Jan 2008 2:44

Jao, tek sad sam video koliko je star post...premoren sam.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...

Da li ti još uvek treba pomoć? Ako treba, uradi sledeće...

-------------------------------------------------------------------------------------


Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\ea21.dll
O2 - BHO: BHO Class - {BCBD80C9-6AD7-48ed-8DF1-6963414B3649} - C:\WINDOWS\system32\flym.dll
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O4 - HKLM\..\Policies\Explorer\Run: [hgz] rundll32 "C:\WINDOWS\Downlo~1\hgz.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [l7e] rundll32 "C:\WINDOWS\Downlo~1\l7e.dll",Run
O8 - Extra context menu item: &Access Internet Keyword - C:\Program Files\OCINS\cnrbtn.html
O9 - Extra button: N×C¤asÎd - {FFB2385E-E812-4091-8C12-2370DC67F769} - http://www.eachnet.com/specials/digi.html?adid=dzcm_dza_000_soft0_digi (file missing)

Klikni Fix Checked.

Restartuj PC.


-------------------------------------------------------------------------------------


Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

offline
  • Dejvid 
  • Novi MyCity građanin
  • Pridružio: 11 Jan 2008
  • Poruke: 20

Hvala jos jednom. Dakle, evo ukratko tri problema koja imam:

1./
Kada upalim racunar, pojavi mi se prozor RUNDLL i kaze da c:/windows/system32/e5z98q5t.dll access is denied.

2./
Ista stvar samo sa c:/windows/downlo~1/nfk.dll specified module could not be found.

3./
NAJNOVIJI problem mi je sto mi se pojavi limited virtual memory prozor i kaze your system has no paging file, or the paging file is too small. Iako ja redovno odem tamo gde mi savetuje i podesim custom od 768 do 1536 mb koliko mi i savetuje.

Evo loga od combofixa

ComboFix 08-01-11.1 - David 2008-01-11 19:38:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.90 [GMT 1:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - svchost.exe: deleted 228 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 100 bytes in 1 streams.
ADS - explorer.exe: deleted 196 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a1642.dat
C:\Documents and Settings\All Users\Application Data.\t\b1642.dat
C:\Documents and Settings\All Users\Application Data.\t\k1642.dat
C:\Documents and Settings\All Users\Application Data.\t\p1642.dat
C:\Documents and Settings\All Users\Application Data.\t\r1642.dat
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\David\Favorites\7BFA~1.URL
C:\Documents and Settings\David\ravmonlog
C:\Program Files\Common Files\cpush
C:\Program Files\Common Files\cpush\cpush.dll
C:\Program Files\Common Files\cpush\cpush.tmp
C:\Program Files\Common Files\cpush\Uninst.exe
C:\Program Files\internet explorer\iekey.dll
C:\Program Files\OCINS\austr.dll
C:\Program Files\OCINS\cndsv.dll
C:\Program Files\OCINS\cnprovh.dll
C:\Program Files\OCINS\cnrbtn.html
C:\Program Files\OCINS\cnstc.ini
C:\Program Files\OCINS\config.exe
C:\Program Files\OCINS\convf.dll
C:\Program Files\OCINS\convs.dll
C:\Program Files\OCINS\ctrcfg.ini
C:\Program Files\OCINS\cuscfg.dat
C:\Program Files\OCINS\idnaux.dat
C:\Program Files\OCINS\idnsvr.dll
C:\Program Files\OCINS\idnsvr.exe
C:\Program Files\OCINS\ieaux.dll
C:\Program Files\OCINS\kwacs.dat
C:\Program Files\OCINS\kwrep.dat
C:\Program Files\OCINS\ocinfo.dat
C:\Program Files\OCINS\path.dat
C:\Program Files\OCINS\uninstall.exe
C:\Program Files\OCINS\update\austr.dll
C:\Program Files\OCINS\update\cnprov.dat
C:\Program Files\OCINS\update\cnrbtn.html
C:\Program Files\OCINS\update\cnstc.ini
C:\Program Files\OCINS\update\cuscfg.dat
C:\Program Files\OCINS\update\data.cab
C:\Program Files\OCINS\update\data2.cab
C:\Program Files\OCINS\update\idnaux.dat
C:\Program Files\OCINS\update\kwacs.dat
C:\Program Files\OCINS\update\kwrep.dat
C:\Program Files\OCINS\update\ocinfo.dat
C:\Program Files\OCINS\update\path.dat
C:\Program Files\OCINS\update\version.dat
C:\Program Files\OCINS\usrcfg.ini
C:\Program Files\OCINS\version.dat
C:\WINDOWS\1b1.bmp
C:\WINDOWS\b581.exe
C:\WINDOWS\Downloaded Program Files.\adpy.dll
C:\WINDOWS\Downloaded Program Files.\beb.dll
C:\WINDOWS\Downloaded Program Files.\fqnrxw.dll
C:\WINDOWS\Downloaded Program Files.\gno.dll
C:\WINDOWS\Downloaded Program Files.\hduq.dll
C:\WINDOWS\Downloaded Program Files.\l7e.dll
C:\WINDOWS\Downloaded Program Files.\ohrlpc.dll
C:\WINDOWS\Downloaded Program Files.\p3qgtp.dll
C:\WINDOWS\Downloaded Program Files.\qfw.dll
C:\WINDOWS\Downloaded Program Files.\qtymj7zo.dll
C:\WINDOWS\Downloaded Program Files.\wtpgd1gr.dll
C:\WINDOWS\Downloaded Program Files.\wx5y.dll
C:\WINDOWS\Downloaded Program Files.\zctlh.dll
C:\WINDOWS\ocinfo.dat
C:\WINDOWS\system32\2e1.dll
C:\WINDOWS\system32\a2db1.exe
C:\WINDOWS\system32\cnprov.dat
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\cnprov.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\yxs2.sys
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mstacim.sig
C:\WINDOWS\TEMP.\~my1.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CNPROV
-------\LEGACY_MS_2FAX
-------\LEGACY_MXDISPDR
-------\LEGACY_SFSYNC02
-------\cnprov
-------\ms_2fax
-------\mxdispdr
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 19:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 01:11 . 2008-01-11 01:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 21:53 . 2008-01-01 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 21:53 . 2008-01-01 21:53 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 11:53 . 2007-12-31 11:53 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-12-31 11:53 . 1998-12-12 07:25 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2007-12-31 11:53 . 1998-11-14 18:39 87,424 --a------ C:\WINDOWS\system32\drivers\TPkd.sys
2007-12-31 11:53 . 1998-11-14 18:40 39,741 --a------ C:\WINDOWS\system32\Tpkd.vxd
2007-12-30 10:33 . 2007-12-29 15:10 28,672 -ra------ C:\WINDOWS\system32\flym.dlltmp
2007-12-19 03:06 . 2007-12-19 03:06 <DIR> d-------- C:\Program Files\APEXX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 18:37 --------- d-----w C:\Documents and Settings\David\Application Data\Skype
2008-01-11 08:22 53,248 ------w C:\WINDOWS\system32\ea21.dll
2008-01-11 07:00 --------- d-----w C:\Documents and Settings\David\Application Data\AVG7
2008-01-04 22:25 --------- d-----w C:\Program Files\Java
2007-12-21 10:32 --------- d-----w C:\Program Files\eachnet
2007-11-30 03:29 --------- d-----w C:\Documents and Settings\David\Application Data\uTorrent
2007-11-26 04:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-26 04:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 04:21 --------- d-----w C:\Program Files\Lavasoft
2007-11-26 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 04:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 03:47 --------- d-----w C:\Program Files\Winamp
2007-11-23 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-23 11:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-23 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-23 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-22 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-19 06:52 20,541 ----a-w C:\WINDOWS\system32\detoured.dll
2007-11-19 06:52 --------- d-----w C:\Program Files\Windows Live
2007-11-19 06:52 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 06:52 --------- d-----w C:\Program Files\Incesoft
2007-11-12 00:49 178,999 ----a-w C:\Documents and Settings\David\dodolook020.exe
2005-12-28 11:16 17,528 ----a-w C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT
2005-11-11 18:31 457 ----a-w C:\Program Files\INSTALL.LOG
.
<pre>
----a-w            76,208 2007-10-23 17:53:17  C:\Lajm vajr\cdg plugin karaoke .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 16:40 22879528]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 16:00 1937408]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-25 22:37 155648]
"nwiz"="nwiz.exe" [2005-02-24 06:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 06:32 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 06:32 5537792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"MagicKey"="C:\PROGRA~1\MEDIAK~1\MagicKey.exe" [2004-03-15 13:27 45056]
"LiveNote"="livenote.exe" [2002-07-11 20:31 40960 C:\WINDOWS\livenote.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43 274432]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"C-Media Mixer"="Mixer.exe" [2001-12-07 16:24 1216512 C:\WINDOWS\Mixer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 02:43 579072]
"anvshell"="anvshell.exe" [2003-07-24 14:19 380928 C:\WINDOWS\anvshell.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-23 12:40 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-19 13:35:37]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"nfk"= rundll32 "C:\WINDOWS\Downlo~1\nfk.dll",start
"qfw"= rundll32 "C:\WINDOWS\Downlo~1\qfw.dll",Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IrCOMM2kSvc"=2 (0x2)
"IDriverT"=3 (0x3)

R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2003-08-11 15:16]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2005-12-23 23:20]
R3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 22:31]
S0 yxs2;yxs;C:\WINDOWS\system32\DRIVERS\yxs2.sys []
S2 9mzjhb24;9mzjhb24;C:\WINDOWS\system32\drivers\9mzjhb24.sys []
S2 rikr3j222;rikr3j222;C:\WINDOWS\system32\drivers\rikr3j222.sys []
S2 v97e;v97e;C:\WINDOWS\system32\drivers\v97e.sys []
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys []
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 14:05]
S3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2001-05-09 18:06]
S3 KCIRDA;%KCIRDA.ServiceDesc%;C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2000-02-08 14:38]
S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2004-08-03 21:39]
S3 VendorJoystickEnabler;Game device driver;C:\WINDOWS\system32\drivers\ghgame.sys []
S4 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2001-05-09 18:13]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-11 19:51:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 19:56:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 18:56:32

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\flym.dlltmp
C:\WINDOWS\system32\ea21.dll
C:\Documents and Settings\David\dodolook020.exe
C:\WINDOWS\Downlo~1\nfk.dll

Driver::
SVKP
yxs2
9mzjhb24
rikr3j222
v97e

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"nfk"=-
"qfw"=-

Filelook::
C:\Windows\system32\e5z98q5t.dll



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Dejvid 
  • Novi MyCity građanin
  • Pridružio: 11 Jan 2008
  • Poruke: 20

Ne znam sta je bilo, ali posto je combofix restartovao sistem, nije mi radio internet, pa sam ja rucno restartovao, pa mi je javio found new hardware USB CABLE MODEM, ali nece da ga instalira, ni sa CD koji sam dobio uz njega. NE RADI MI MODEM, ovo sam sad preko dial up, evo loga
ComboFix 08-01-11.1 - David 2008-01-12 3:08:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.154 [GMT 1:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David\Desktop\CFScript.txt C:\Documents and Settings\David\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\David\dodolook020.exe
C:\WINDOWS\Downlo~1\nfk.dll
C:\WINDOWS\system32\ea21.dll
C:\WINDOWS\system32\flym.dlltmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\David\dodolook020.exe
C:\WINDOWS\system32\ea21.dll
C:\WINDOWS\system32\flym.dlltmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_9MZJHB24
-------\LEGACY_RIKR3J222
-------\LEGACY_SVKP
-------\LEGACY_V97E
-------\LEGACY_YXS2
-------\9mzjhb24
-------\rikr3j222
-------\SVKP
-------\v97e
-------\yxs2


((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-11 19:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 01:11 . 2008-01-11 01:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 21:53 . 2008-01-01 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 21:53 . 2008-01-01 21:53 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 11:53 . 2007-12-31 11:53 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-12-31 11:53 . 1998-12-12 07:25 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2007-12-31 11:53 . 1998-11-14 18:39 87,424 --a------ C:\WINDOWS\system32\drivers\TPkd.sys
2007-12-31 11:53 . 1998-11-14 18:40 39,741 --a------ C:\WINDOWS\system32\Tpkd.vxd
2007-12-19 03:06 . 2007-12-19 03:06 <DIR> d-------- C:\Program Files\APEXX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 01:57 --------- d-----w C:\Documents and Settings\David\Application Data\Skype
2008-01-11 07:00 --------- d-----w C:\Documents and Settings\David\Application Data\AVG7
2008-01-04 22:25 --------- d-----w C:\Program Files\Java
2007-12-21 10:32 --------- d-----w C:\Program Files\eachnet
2007-11-30 03:29 --------- d-----w C:\Documents and Settings\David\Application Data\uTorrent
2007-11-26 04:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-26 04:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 04:21 --------- d-----w C:\Program Files\Lavasoft
2007-11-26 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 04:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 03:47 --------- d-----w C:\Program Files\Winamp
2007-11-23 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-23 11:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-23 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-23 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-22 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-19 06:52 20,541 ----a-w C:\WINDOWS\system32\detoured.dll
2007-11-19 06:52 --------- d-----w C:\Program Files\Windows Live
2007-11-19 06:52 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 06:52 --------- d-----w C:\Program Files\Incesoft
2005-12-28 11:16 17,528 ----a-w C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT
2005-11-11 18:31 457 ----a-w C:\Program Files\INSTALL.LOG
.
<pre>
----a-w            76,208 2007-10-23 17:53:17  C:\Lajm vajr\cdg plugin karaoke .exe
</pre>



((((((((((((((((((((((((((((( snapshot@2008-01-11_19.56.11.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 18:38:20 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-12 02:08:36 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-11 18:38:20 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-12 02:08:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-11 18:38:20 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-12 02:08:36 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-11 18:38:20 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-12 02:08:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-11 18:38:21 7,593,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-12 02:08:36 7,593,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-11 18:38:21 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-12 02:08:36 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 16:40 22879528]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 16:00 1937408]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-25 22:37 155648]
"nwiz"="nwiz.exe" [2005-02-24 06:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 06:32 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 06:32 5537792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"MagicKey"="C:\PROGRA~1\MEDIAK~1\MagicKey.exe" [2004-03-15 13:27 45056]
"LiveNote"="livenote.exe" [2002-07-11 20:31 40960 C:\WINDOWS\livenote.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43 274432]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"C-Media Mixer"="Mixer.exe" [2001-12-07 16:24 1216512 C:\WINDOWS\Mixer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 02:43 579072]
"anvshell"="anvshell.exe" [2003-07-24 14:19 380928 C:\WINDOWS\anvshell.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-23 12:40 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-19 13:35:37]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IrCOMM2kSvc"=2 (0x2)
"IDriverT"=3 (0x3)

R1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2003-08-11 15:16]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 22:31]
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys []
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 14:05]
S3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2001-05-09 18:06]
S3 KCIRDA;%KCIRDA.ServiceDesc%;C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2000-02-08 14:38]
S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2004-08-03 21:39]
S3 VendorJoystickEnabler;Game device driver;C:\WINDOWS\system32\drivers\ghgame.sys []
S4 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2001-05-09 18:13]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-12 03:18:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 3:23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 02:22:52
ComboFix2.txt 2008-01-11 18:56:54

Dopuna: 12 Jan 2008 3:52

SVE OK SA MODEMOM, INSTALIRAO SAM DRIVERE, SVE OK.

Dopuna: 12 Jan 2008 4:08

Dalje, ne javljaju se vise oni .dll fajlovi, tako da je to ok. hvala.
Medjutim, sad sam nasao na microsoft support sajtu uputstvo kako da prebacis paging fajl iz root-a ako se javlja onaj problem koji se meni javlja. Prebacio sam ga putem regedita u C:\windows\ ali i dalje mi pri startupu javlja da je paging fajl premali ili da ga nema.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hmm... Normalno je da ComboFix prekine internet konekciju, no nakon restarta bi sve trebalo da radi. Nisam siguran tačno gde je došlo do problema - verujem da su brisani samo maliciozni file-ovi.

Ovaj poslednji log više ne pokazuje tragove malware-a.


Vezano za paging file... Hajde da vidimo može li se oko toga nešto uraditi.



Preuzmi program Deckard's System Scanner.
Preporučuje se čuvanje programa direktno na Desktop radi lakšeg i bržeg pokretanja.

Program se startuje prosto - dvoklikom na ikonu. Skeniranje i provera sistema se odvija kroz par koraka i traje maksimalno par minuta.

Rezultat je log main.txt koji Deckard's System Scanner kreira i otvara automatski po završetku skeniranja. Kompletan sadržaj tog loga je potrebno kopirati i postovati na forum u sledećem postu radi analize.

offline
  • Dejvid 
  • Novi MyCity građanin
  • Pridružio: 11 Jan 2008
  • Poruke: 20

Dobro, dottore, evo ga i deckard's log. Dao mi je main i extra pa oba kacim. Komp je cist, zasad, stvarno si expert, svaka cast!


Deckard's System Scanner v20071014.68
Run by David on 2008-01-12 12:38:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-01-12 11:38:27 UTC - RP5 - Deckard's System Scanner Restore Point
3: 2008-01-12 02:08:33 UTC - RP4 - ComboFix created restore point
2: 2008-01-11 19:16:20 UTC - RP3 - System Checkpoint
1: 2008-01-11 18:44:11 UTC - RP2 - ComboFix created restore point


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
System Drive C: has 5.3 GiB (less than 15%) free.


-- HijackThis (run as David.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:28, on 12.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\David\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6581 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080111-192237-102 O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
backup-20080111-192237-182 O4 - HKLM\..\Policies\Explorer\Run: [hgz] rundll32 "C:\WINDOWS\Downlo~1\hgz.dll",start
backup-20080111-192237-323 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
backup-20080111-192237-381 O4 - HKLM\..\Policies\Explorer\Run: [l7e] rundll32 "C:\WINDOWS\Downlo~1\l7e.dll",Run
backup-20080111-192237-403 O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\ea21.dll
backup-20080111-192237-561 O2 - BHO: BHO Class - {BCBD80C9-6AD7-48ed-8DF1-6963414B3649} - C:\WINDOWS\system32\flym.dll
backup-20080111-192237-824 O9 - Extra button: N×C¤asÎd - {FFB2385E-E812-4091-8C12-2370DC67F769} - eachnet.com/specials/digi.html?adid=dzcm_dza_000_soft0_digi (file missing)
backup-20080111-192237-830 O8 - Extra context menu item: &Access Internet Keyword - C:\Program Files\OCINS\cnrbtn.html
backup-20080111-192237-874 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html
backup-20080111-192237-915 O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy; InterLok(tm)>
R1 ANVIOCTL - c:\windows\system32\drivers\anvioctl.sys <Not Verified; ASUSTeK; ASUS VGA Driver for Windows 2000/XP>
R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 asuskbnt - c:\windows\system32\drivers\asuskbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Hot-Key filter driver.>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys

S3 catchme - c:\docume~1\david\locals~1\temp\catchme.sys (file missing)
S3 dump_wmimmc - c:\windows\system32\drivers\dump_wmimmc.sys (file missing)
S3 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
S3 IrCOMM2k (Virtual IR COM Port) - c:\windows\system32\drivers\ircomm2k.sys <Not Verified; Jan Kiszka; IrCOMM2k>
S3 kbfiltr (Keyboard Filter) - c:\windows\system32\drivers\kbfiltr.sys (file missing)
S3 KCIRDA (%KCIRDA.ServiceDesc%) - c:\windows\system32\drivers\kcirnet.sys <Not Verified; KC Technology Inc.; NDIS Miniport Driver for IrDA>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 VendorJoystickEnabler (Game device driver) - c:\windows\system32\drivers\ghgame.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 IrCOMM2kSvc (Virtual IR COM Port, Service Program) - c:\windows\system32\ircomm2k.exe <Not Verified; Jan Kiszka; IrCOMM2k>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}
Description: Standard floppy disk controller
Device ID: ACPI\PNP0700\4&268D196D&0
Manufacturer: (Standard floppy disk controllers)
Name: Standard floppy disk controller
PNP Device ID: ACPI\PNP0700\4&268D196D&0
Service: fdc


-- Files created between 2007-12-12 and 2008-01-12 -----------------------------

2008-01-11 01:11:08 0 d-------- C:\Program Files\Trend Micro
2007-12-31 11:53:09 149504 --a------ C:\WINDOWS\UNWISE.EXE
2007-12-31 11:53:08 0 d-------- C:\WINDOWS\system32\IOSUBSYS
2007-12-31 11:53:08 87424 --a------ C:\WINDOWS\system32\drivers\TPkd.sys <Not Verified; PACE Anti-Piracy; InterLok(tm)>
2007-12-31 11:53:08 0 d-------- C:\audio
2007-12-19 03:06:20 0 d-------- C:\Program Files\APEXX


-- Find3M Report ---------------------------------------------------------------

2008-01-12 12:09:01 191 --a------ C:\WINDOWS\system32\bmajj1.sys
2008-01-12 12:06:43 0 d-------- C:\Documents and Settings\David\Application Data\Skype
2008-01-12 08:00:05 0 d-------- C:\Documents and Settings\David\Application Data\AVG7
2008-01-11 19:44:15 0 d-------- C:\Program Files\Common Files
2008-01-11 00:26:01 39 --a------ C:\WINDOWS\system32\9d54da05
2008-01-04 23:25:35 0 d-------- C:\Program Files\Java
2007-12-21 11:32:07 0 d-------- C:\Program Files\eachnet
2007-11-30 04:29:03 0 d-------- C:\Documents and Settings\David\Application Data\uTorrent
2007-11-26 19:33:43 78 --a------ C:\WINDOWS\-8184-385
2007-11-26 05:49:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-26 05:21:18 0 d-------- C:\Program Files\Lavasoft
2007-11-26 05:20:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 04:47:41 0 d-------- C:\Program Files\Winamp
2007-11-20 05:18:05 68 --a------ C:\WINDOWS\system32\0094
2007-11-19 12:38:50 68 --a------ C:\WINDOWS\system32\f106e
2007-11-19 12:08:49 68 --a------ C:\WINDOWS\system32\d8ed
2007-11-19 11:38:48 68 --a------ C:\WINDOWS\system32\cf10
2007-11-19 11:08:47 68 --a------ C:\WINDOWS\system32\acf
2007-11-19 10:38:46 68 --a------ C:\WINDOWS\system32\8ed3a4
2007-11-19 10:08:45 68 --a------ C:\WINDOWS\system32\77d
2007-11-19 09:38:44 68 --a------ C:\WINDOWS\system32\6e2
2007-11-19 09:08:43 68 --a------ C:\WINDOWS\system32\0e3
2007-11-19 08:38:42 68 --a------ C:\WINDOWS\system32\06e2
2007-11-19 08:02:41 14 --a------ C:\WINDOWS\system32\-5784-385
2007-11-19 07:52:50 20541 --a------ C:\WINDOWS\system32\detoured.dll <Not Verified; Microsoft Corporation; Microsoft Research Detours Package>
2007-11-19 07:52:50 0 d-------- C:\Program Files\Windows Live
2007-11-19 07:52:50 0 d-------- C:\Program Files\MSN Messenger
2007-11-19 07:52:50 0 d-------- C:\Program Files\Incesoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26.10.2005 16:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25.11.2005 22:37]
"nwiz"="nwiz.exe" [24.02.2005 06:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [24.02.2005 06:32]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24.02.2005 06:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 09:50]
"MagicKey"="C:\PROGRA~1\MEDIAK~1\MagicKey.exe" [15.03.2004 13:27]
"LiveNote"="livenote.exe" [11.07.2002 20:31 C:\WINDOWS\livenote.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [16.09.2005 08:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12.02.2004 12:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12.05.2004 14:18]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10.12.2005 15:57]
"C-Media Mixer"="Mixer.exe" [07.12.2001 16:24 C:\WINDOWS\Mixer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21.12.2007 02:43]
"anvshell"="anvshell.exe" [24.07.2003 14:19 C:\WINDOWS\anvshell.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.2006 15:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [31.08.2007 16:40]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [10.02.2005 16:00]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01.01.2007 22:22]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 23:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [19.3.2006 13:35:37]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 21:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [28.5.2004 21:31:38]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.2.2001 0:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IrCOMM2kSvc"=2 (0x2)
"IDriverT"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-01-12 12:41:15 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 1.80GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 511.47 MiB / 103.09 MiB
Pagefile Memory (total/avail): 481.63 MiB / 189.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.99 MiB

C: is Fixed (NTFS) - 38.16 GiB total, 5.3 GiB free.
D: is Fixed (FAT32) - 38.15 GiB total, 4.02 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 38.16 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.16 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\David\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ARTHURX900
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David
LOGONSERVER=\\ARTHURX900
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\David\LOCALS~1\Temp
TMP=C:\DOCUME~1\David\LOCALS~1\Temp
USERDOMAIN=ARTHURX900
USERNAME=David
USERPROFILE=C:\Documents and Settings\David
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

David (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
--> MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
AC3 Decoder --> C:\Program Files\Mediatwins software\AC3 Decoder\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AGEIA PhysX v6.10.25 --> MsiExec.exe /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
ASAPI Update --> C:\PROGRA~1\VOB\ASAPIU~1\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ASUS Display Drivers --> C:\WINDOWS\anvunis.exe
Auto-Tune DX v1.1 --> C:\WINDOWS\UNWISE.EXE C:\audio\AutoTune\INSTALL.LOG
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI/MPEG/ASF/WMV Splitter 3.25 --> "C:\Program Files\AVI MPEG ASF WMV Splitter\unins000.exe"
AVS VideoConverter 2.7.5.122 --> "C:\Program Files\AVSMedia\VideoConverter2\unins000.exe"
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
DC++ 0.689 --> "C:\Program Files\DC++\uninstall.exe"
DivX 4.12 Codec --> "C:\Program Files\DivXCodec\uninstall.exe"
DivXG400 --> "C:\WINDOWS\IPUI_DivXG400.exe" /U /D
DivXLand Media Subtitler --> C:\WINDOWS\unvise32.exe C:\Program Files\DivXLand\Media Subtitler\uninstal.log
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
eachnet --> "C:\Program Files\eachnet\uninstall.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Honda_civic_screensaver_1024 --> C:\WINDOWS\system32\HONDA_~1.SCR /UNINSTALL "C:\WINDOWS\system32\Honda_civic_screensaver_1024.log"
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE
ImTOO MP4 Video Converter --> C:\Program Files\ImTOO\MP4 Video Converter 3\Uninstall.exe
Internet Jamb 2006 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Internet Jamb Klub\irunin.ini"
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{78F4DFCE-1336-4027-BCB2-1A00C24A8653} /l1033
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Leisure Suit Larry - Magna Cum Laude --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A31289C6-04EF-4437-A35B-7CC96167145C}
LimeWire 4.10.9 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Media Key --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D14BEA3-9115-42C2-870A-5CDC14309F68}\Setup.exe" -l0x9
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Morpheus --> C:\WINDOWS\iun506.exe C:\Morpheus\irunin.ini
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MV2Player (remove only) --> C:\Program Files\Mv2Player\uninst.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Paragraf Net 4 --> C:\WINDOWS\PNUninstall.v4.exe
PCI Audio Applications --> C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PCI Audio Driver --> cmuninst.exe
Quick Screen Capture 2.2 --> "C:\Program Files\Quick Screen Capture\unins000.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033
Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony ACID Pro 6.0 --> MsiExec.exe /X{C2714A90-DE36-4C69-9B89-E43ACD8C0235}
Sony Ericsson PC Suite --> MsiExec.exe /I{52809086-618D-4F0B-8BF1-B75A5BB817A4}
Sony Media Manager 2.1 --> MsiExec.exe /X{DD10F763-CDF6-46CD-9254-C8CE5E91B53E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
vanBasco's Karaoke Player --> C:\Program Files\vanBasco's Karaoke Player\uninst.exe
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WaveLab 4.0e --> C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahtzee 1.1.6 --> "C:\Program Files\Rekenwonder Software\Yahtzee\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type636 / Error
Event Submitted/Written: 01/12/2008 03:33:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type621 / Error
Event Submitted/Written: 01/12/2008 03:08:54 AM
Event ID/Source: 100 / AVG7
Event Description:
2008-01-12 02:08:54,140 ARTHURX900 [001704:001712] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2720) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type612 / Warning
Event Submitted/Written: 01/11/2008 07:46:16 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type76986 / Warning
Event Submitted/Written: 01/12/2008 00:21:33 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014F8613B25. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type76985 / Warning
Event Submitted/Written: 01/12/2008 09:20:54 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014F8613B25. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type76984 / Warning
Event Submitted/Written: 01/12/2008 09:19:47 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014F8613B25. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type76983 / Warning
Event Submitted/Written: 01/12/2008 09:17:39 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014F8613B25. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type76982 / Warning
Event Submitted/Written: 01/12/2008 09:13:28 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014F8613B25. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-01-12 12:41:15 ------------

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hajde ovako da probamo...

Control Panel - System: na Advanced tabu, Performance: Settings - na Advanced tabu, Virtual Memory: Change - obeleži C disk, obeleži Custom Size i unesi:

Initial size: 1024
Maximum size: 2048

Klikni Set a zatim zatvori sve prozore klikanjem na OK.

Restartuj PC. Da li se problem i dalje javlja?

offline
  • Dejvid 
  • Novi MyCity građanin
  • Pridružio: 11 Jan 2008
  • Poruke: 20

Da, javlja se, isto je.
stvarno ne znam sta je.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hmm... Paging file je pravilno setovan - problema ne bi trebalo biti.
Gotovo je sigurno da problem nije prouzrokovan malware-om, no proverićemo još nešto. Ukoliko ništa maliciozno ne bude vidljivo, moraću te uputiti na forum Windows - možda će tamo neko imati ideju...


Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.

Ko je trenutno na forumu
 

Ukupno su 1356 korisnika na forumu :: 38 registrovanih, 7 sakrivenih i 1311 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, babaroga, bagor10, bigfoot, Dimitrise93, Dorcolac, draganca, draganl, Georgius, ikan, ILGromovnik, kikisp, kovinacc, kuntalo, Leonov, lord sir giga, LUDI, M1los, Marko Marković, Mcdado, Mi lao shu, milimoj, Milos ZA, Mixelotti, nikola990, pein, repac, robert1979, S2M, sasa87, shone34, Skywhaler, suton, t84dar, Vlada78, YugoSlav, zlaya011