|
Poslao: 29 Maj 2009 22:37
|
offline
- Pridružio: 21 Feb 2006
- Poruke: 128
- Gde živiš: Montenegro
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:02, on 29.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mia\Desktop\New Folder\TR3.exe
C:\WINDOWS\System32\rasautou.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A970F61-67B6-4794-B9F0-7C96479304A9}: NameServer = 195.66.160.1,195.66.160.2
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3547 bytes
|
|
|
|
|
|
|
Poslao: 29 Maj 2009 23:59
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Pozdrav...
Ovo izgleda ok. Postoji li neki konkretan problem?
|
|
|
|
|
|
|
Poslao: 30 Maj 2009 22:45
|
offline
- Pridružio: 21 Feb 2006
- Poruke: 128
- Gde živiš: Montenegro
|
postoji, samo sam mislio to postavit pod windows temom, al vec kad si pitao
Istalirao sam nov windows, jednu particiju sa podacima nisam formatirao
potom sam istalirao Autopatcher-e, to uvek radim na svaki komp, pa potom Aviru i jos par programcica koje koristim na istom disku
medjutim kakda sam konektovao na ADSL pocinje sranje kidanja veze non stop nekako uspijem da updatujem, i nadjemi par trojanaca u windowsu
potom istaliram spyware doctor i on obrise tri malwarea
ali sad veza na wimax konekciju puca, i duplo je slabija nego stoje bila 
|
|
|
|
|
|
|
|
|
Poslao: 01 Jun 2009 18:40
|
offline
- Pridružio: 21 Feb 2006
- Poruke: 128
- Gde živiš: Montenegro
|
e vako, da bih bio siguran da nije do autopatchera istalirao sam nov windows ponovo, ovaj put sam posle istalacije i drajvera odmah istalirao Aviru premium skenirao i nista nije bilo, potom sam istalirao Mozilu, Ccleaner, Winamp i WinRar, normalno je sve radilo dok u jednom trenu nije nesto zablokirala mozila i nije moglo da se raskonektuje sa ADSL?
Potom sam istalirao pkrenuo ovaj ComboFix, disemblovao aviru, ali nisam Firwall, i odmah me pitao da dozvolim pristup combo nekom fajlu to sam dozvolio i to je odradilo potom sam ponovo krenuo na net ali nije htelo nesto pa sam restartovao komp, ali mi se sad pri podizanju pojavljuje da odaberem Windows normal i windows recovly to traje dve sek. i nestane i podigne se windows? to se desilo posle ovog ComboFixa
a evo izvestaj sta on kaze
ComboFix 09-05-31.06 - Mico 06/01/2009 18:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1683 [GMT 2:00]
Running from: c:\documents and settings\Mico\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 16:07 . 2009-06-01 16:07 -------- d-----w- c:\program files\CCleaner
2009-06-01 16:06 . 2009-06-01 16:03 -------- d-----w- c:\documents and settings\Mico\Application Data\Winamp
2009-06-01 16:05 . 2009-06-01 16:03 -------- d-----w- c:\program files\Winamp
2009-06-01 15:45 . 2009-06-01 15:45 0 ----a-w- c:\windows\nsreg.dat
2009-06-01 15:42 . 2009-06-01 14:48 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-01 15:42 . 2009-06-01 15:42 12328 ----a-w- c:\documents and settings\Mico\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 15:28 . 2009-06-01 15:16 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-01 15:28 . 2009-06-01 15:16 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-01 15:28 . 2009-06-01 15:16 97480 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-06-01 15:23 . 2009-06-01 15:23 -------- d-----w- c:\documents and settings\Mico\Application Data\Avira
2009-06-01 15:17 . 2009-06-01 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-01 15:16 . 2009-06-01 15:16 -------- d-----w- c:\program files\Avira
2009-06-01 15:08 . 2009-06-01 15:08 -------- d-----w- c:\program files\Realtek
2009-06-01 15:08 . 2009-06-01 15:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 15:08 . 2009-06-01 15:08 315392 ----a-w- c:\windows\HideWin.exe
2009-06-01 15:08 . 2009-06-01 15:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-01 14:48 . 2009-06-01 14:48 -------- d-----w- c:\program files\microsoft frontpage
2009-06-01 14:46 . 2009-06-01 14:46 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-25 07:52 . 2009-06-01 15:16 34271960 ----a-w- C:\avira_premium_security_suite_en.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [6/1/2009 5:16 PM 97480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [6/1/2009 5:16 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [6/1/2009 5:16 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/1/2009 5:16 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/1/2009 5:16 PM 432897]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [6/1/2009 5:04 PM 36864]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [6/1/2009 5:16 PM 69632]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - UMWDF
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {36581D0D-AF77-4DE8-B715-56565237DDD2} = 195.66.160.1 195.66.160.2
TCP: {D2C89E98-1BA9-427E-BBA0-761896050ABA} = 195.66.160.1,195.66.160.2
FF - ProfilePath - c:\documents and settings\Mico\Application Data\Mozilla\Firefox\Profiles\p84blslr.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-01 18:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1104)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-06-01 18:23
ComboFix-quarantined-files.txt 2009-06-01 16:23
Pre-Run: 48,293,646,336 bytes free
Post-Run: 48,286,707,712 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
91
|
|
|
|
|
|
|
Poslao: 01 Jun 2009 21:25
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Ovde stvarno ništa maliciozno nema. Oko problema sa konekcijom se raspitaj u odgovarajućem forumu (unutar Domaća IT scena, internet provajderi).
Citat:pri podizanju pojavljuje da odaberem Windows normal i windows recovly to traje dve sek. i nestane
ComboFix je inst. Recovery Console (to je ta druga opcija koja ti se nudi). Ako ti baš smeta, može se ukloniti, ali bih preporučio da ostane.
|
|
|
|
|
|
|
|
|
Poslao: 01 Jun 2009 22:13
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
To što je SD detektovao su ComboFix i njegove komponente (sve je to legitimno).
To poslednje na trećoj slici:
Citat:dumprep.exe forms a part of Microsoft Windows XP (and later versions), in-built fault logging software. Upon serious errors this program will write the details to a text file and request the information be sent to Microsoft. This program is a non-essential system process, and is installed for third party use.
Znači, deo Windows-a (možeš isključiti ako želiš).
|
|
|
|
|
|
|
|
Preuzmi 
Kada preuzimanje programa bude završeno:
, al ne mari sredicu to.
