offline
- vux777
- Novi MyCity građanin
- Pridružio: 22 Apr 2008
- Poruke: 21
|
OK....evo ga.....mada nekužim zašto...(valjda da neki crv ili virus se ne prijavi pod hijackthis.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:30, on 22.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programi\WinPatrol\winpatrol.exe
D:\Programi\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programi\NetMeter\NetMeter.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\tr3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] D:\Programi\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Programi\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [D:\Programi\NetMeter\NetMeter.exe] D:\Programi\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 2952 bytes
Dopuna: 23 Apr 2008 0:01
btw. inače pokrećem firefox u sandboxie, ali sada je čisti firefox
Dopuna: 23 Apr 2008 0:37
btw2. najviše me muči ovo:
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
u exploreru ga ne vidim, a firefox mi je u ---Program files\Mozilla Firefox\Firefox.exe
Dopuna: 23 Apr 2008 1:08
malo sam prosurfao forumom i vidio da često tražiš/tražite ComboFix log pa evo i njega.....
ComboFix 08-04-22.1 - prodigy 2008-04-23 0:47:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.752 [GMT 2:00]
Running from: C:\Documents and Settings\prodigy\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-22 21:36 . 2008-04-22 21:36 3,592,931 --a------ C:\WINDOWS\system32\Beach Tranquility.edm
2008-04-22 21:36 . 2008-04-22 21:36 1,491,708 --a------ C:\WINDOWS\system32\goodvibs.wav
2008-04-22 21:36 . 2008-04-22 21:36 361,984 --a------ C:\WINDOWS\system32\Beach Tranquility.scr
2008-04-22 21:10 . 2008-04-22 21:10 <DIR> d-------- C:\Program Files\Security Task Manager
2008-04-22 21:10 . 2008-04-22 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-22 21:00 . 2008-04-22 21:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 20:48 . 2008-04-22 20:48 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-22 20:48 . 2008-04-22 20:48 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-21 15:27 . 2008-04-21 15:27 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2008-04-21 15:24 . 2008-04-21 15:24 <DIR> d-------- C:\Program Files\Chaos Group
2008-04-21 10:13 . 2008-04-21 10:13 <DIR> d-------- C:\Program Files\ArchVision
2008-04-19 15:59 . 2008-04-19 15:59 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-04-19 15:57 . 2008-04-19 16:02 <DIR> d-------- C:\Documents and Settings\prodigy\Application Data\Autodesk
2008-04-17 19:19 . 2008-04-17 19:19 <DIR> d-------- C:\Documents and Settings\prodigy\Application Data\Apple Computer
2008-04-17 19:19 . 2008-04-22 20:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 19:19 . 2008-04-17 19:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 16:26 . 2008-04-17 16:26 <DIR> d-------- C:\WINDOWS\Sun
2008-04-17 15:09 . 2008-04-17 15:09 <DIR> d---s---- C:\Documents and Settings\prodigy\UserData
2008-04-17 14:48 . 2008-04-17 14:48 <DIR> d-------- C:\Program Files\T-Mobile
2008-04-17 14:26 . 2007-12-03 02:10 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-17 14:21 . 2008-04-17 14:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-17 14:21 . 2008-04-17 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-17 14:21 . 2008-04-17 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-17 14:00 . 2008-04-17 14:00 <DIR> d-------- C:\WINDOWS\nview
2008-04-17 14:00 . 2008-04-01 18:53 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-17 14:00 . 2008-04-17 12:23 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-17 14:00 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-17 14:00 . 2008-04-01 18:53 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-01 18:57 . 2008-04-01 18:57 1,580,544 --a------ C:\WINDOWS\system32\sfcfiles.dll
2008-04-01 18:53 . 2008-04-01 18:53 6,842,880 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-04-01 18:53 . 2008-04-01 18:53 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-04-01 18:53 . 2008-04-01 18:53 730,092 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-04-01 18:53 . 2008-04-01 18:53 720,896 --a------ C:\WINDOWS\system32\Audio3D.dll
2008-04-01 18:53 . 2008-04-01 18:53 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2008-04-01 18:53 . 2008-04-01 18:53 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-04-01 18:53 . 2008-04-01 18:53 54,784 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-04-01 18:51 . 2008-04-01 18:51 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 18:42 --------- d-----w C:\Documents and Settings\prodigy\Application Data\Spyware Terminator
2008-04-21 22:01 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-21 08:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 13:59 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-19 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-17 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-17 11:44 --------- d-----w C:\Documents and Settings\prodigy\Application Data\Winamp
2008-04-17 11:26 --------- d-----w C:\Documents and Settings\prodigy\Application Data\combustion4
2008-04-17 11:18 --------- d-----w C:\Program Files\Autodesk
2008-04-17 11:04 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-17 11:02 --------- d-----w C:\Program Files\Sandboxie
2008-04-17 10:56 --------- d-----w C:\Program Files\Google
2008-04-17 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-17 10:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-17 10:48 --------- d-----w C:\Documents and Settings\prodigy\Application Data\FastStone
2008-04-17 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-04-17 10:46 --------- d-----w C:\Program Files\Java
2008-04-17 10:46 --------- d-----w C:\Documents and Settings\prodigy\Application Data\GRETECH
2008-04-17 10:45 --------- d-----w C:\Program Files\Common Files\Java
2008-04-17 10:36 --------- d-----w C:\Documents and Settings\prodigy\Application Data\WinPatrol
2008-04-17 10:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-17 10:32 --------- d-----w C:\Program Files\MSBuild
2008-04-17 10:28 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-17 10:22 --------- d-----w C:\Program Files\Intel
2008-04-17 10:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-17 10:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-01 16:55 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"D:\Programi\NetMeter\NetMeter.exe"="D:\Programi\NetMeter\NetMeter.exe" [2007-08-11 15:50 331264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"WinPatrol"="D:\Programi\WinPatrol\winpatrol.exe" [2007-08-12 00:48 292152]
"ZoneAlarm Client"="D:\Programi\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:56 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 03:56 99840 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"D:\\Programi\\Autodesk\\3d MAX 9\\3dsmax.exe"=
"D:\\Programi\\Autodesk\\Backburner\\monitor.exe"=
"D:\\Programi\\Autodesk\\Backburner\\manager.exe"=
"D:\\Programi\\Autodesk\\Backburner\\server.exe"=
R3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-07-09 14:17]
R3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-06-26 13:38]
R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-03-30 13:38]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-01-13 13:53]
S4 NMSAccessU;NMSAccessU;D:\Programi\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15b616c2-0c7a-11dd-8334-9dd8b9869610}]
\Shell\AutoRun\command - H:\setup.exe AUTORUN=1
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-04-23 00:48:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D:\\Programi\\NetMeter\\NetMeter.exe"="D:\\Programi\\NetMeter\\NetMeter.exe"
.
Completion time: 2008-04-23 0:49:09
ComboFix-quarantined-files.txt 2008-04-22 22:49:06
Pre-Run: 22,167,560,192 bytes free
Post-Run: 22,274,121,728 bytes free
151
JOŠ NEŠTO!!!!!!!!!!!......nakon skena sa ComboFix, winpatrol mi je javio da se novi startup servis želi "ugnjezdit":
C:\WINDOWS\System32\msgsvc.dll
a ja sam ga odbio, brzopleto i automatski 
valjda nisam nešto zajebo?!?
|
