Windows explorer problemcina!!!

1

Windows explorer problemcina!!!

offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Comp radi stabilno dok ga ne restartujem, tu nastaju problemi.
Kada se startuje pojavi se prazan desktop, nema ikona, nema start menija samo pointer misa radi. Takodje ne rade ni precice na tastaturi t.j.
nemogu da pozovem task menager (ctrl+alt+del) Levi, desni taster misa ma nista ne reaguje. Jedini spas za sada je safe mod pa system restore, to sljaka do sledeceg restarta.
Evo i izvestaja:
Logfile of HijackThis v1.99.1
Scan saved at 01:02:01, on 5.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Rec\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = startpage.reganam.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - webmail.pconnect.biz/InternalSite/WhlCompMgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2\RpcAgentSrv.exe
O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing)

Hvala.

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Pozdrav...

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.

Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Sutra ne radim, uradicu to prekosutra i postaviti log.

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

U redu... Video sam da si online, pa sam sačekao u nadi da ćeš postaviti log...
S obzirom da nema loga, odoh na spavanje... Wink

offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Pa da pocnem! Iste noci sam skenirao disk sa avastom i pronasao mi je neke trojance evo ga i log:
5.11.2008 04:15:01 Rec 3156 Sign of "Win32:BHO-NE [Adw]" has been found in "E:\office\ikone\BitAccelerator.exe\$INSTDIR\BitAccelerator.dll" file.
5.11.2008 04:15:01 Rec 3156 Sign of "Win32:ConnServices-G [Trj]" has been found in "E:\office\ikone\BitAccelerator.exe\$INSTDIR\BitAccelerator.exe\[Embedded#08a58]\$INSTDIR\ConnectionServices.dll" file.
5.11.2008 04:15:01 Rec 3156 Sign of "Win32:ConnServices-D [Trj]" has been found in "E:\office\ikone\BitAccelerator.exe\$INSTDIR\BitAccelerator.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Exdl [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\exdl.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\exul.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\trkgif.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\autoheal.exe\$INSTDIR\angelex.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\autoheal.exe\$INSTDIR\msexreg.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\autoheal.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\adp8034_MARKETING2.exe\$INSTDIR\bargains.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\adp8034_MARKETING2.exe\$INSTDIR\adv.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\adp8034_MARKETING2.exe\$INSTDIR\adx.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adan-022 [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\adp8034_MARKETING2.exe\$INSTDIR\msbe.dll" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adan-022 [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\nls8034_MARKETING2.exe\$INSTDIR\nvms.dll" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adan-023 [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\nls8034_MARKETING2.exe\$INSTDIR\nls.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adan-022 [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\cb8034_MARKETING2.exe\$INSTDIR\mscb.dll" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\cb8034_MARKETING2.exe\$INSTDIR\cashback.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\cb8034_MARKETING2.exe\$INSTDIR\cb.exe" file.
5.11.2008 04:17:44 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\Recepcija\Desktop\EX\funcade_MARKETING2_install.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\cb8034_MARKETING2.exe\$INSTDIR\flash.exe" file.
5.11.2008 04:22:10 Rec 3156 Sign of "Win32:Agent-AWB [Adw]" has been found in "E:\Stari\Downloads\Deamon Tools 4.09.rar\Deamon Tools 4.09\daemon409-x86.exe\$INSTDIR\SetupDTSB.exe\DaemonTools_WhenUSave_Installer.exe" file.
5.11.2008 04:23:08 Rec 3156 Sign of "Win32:BHO-NE [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150521.exe\$INSTDIR\BitAccelerator.dll" file.
5.11.2008 04:23:08 Rec 3156 Sign of "Win32:ConnServices-G [Trj]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150521.exe\$INSTDIR\BitAccelerator.exe\[Embedded#08a58]\$INSTDIR\ConnectionServices.dll" file.
5.11.2008 04:23:08 Rec 3156 Sign of "Win32:ConnServices-D [Trj]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150521.exe\$INSTDIR\BitAccelerator.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Exdl [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\exdl.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\exul.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\trkgif.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\autoheal.exe\$INSTDIR\angelex.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\autoheal.exe\$INSTDIR\msexreg.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\autoheal.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\adp8034_MARKETING2.exe\$INSTDIR\bargains.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\adp8034_MARKETING2.exe\$INSTDIR\adv.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\adp8034_MARKETING2.exe\$INSTDIR\adx.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adan-022 [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\adp8034_MARKETING2.exe\$INSTDIR\msbe.dll" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adan-022 [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\nls8034_MARKETING2.exe\$INSTDIR\nvms.dll" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adan-023 [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\nls8034_MARKETING2.exe\$INSTDIR\nls.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adan-022 [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\cb8034_MARKETING2.exe\$INSTDIR\mscb.dll" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\cb8034_MARKETING2.exe\$INSTDIR\cashback.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\cb8034_MARKETING2.exe\$INSTDIR\cb.exe" file.
5.11.2008 04:23:09 Rec 3156 Sign of "Win32:Adware-gen [Adw]" has been found in "E:\System Volume Information\_restore{A0D9D97F-39CC-48D4-B699-0934EA4BCE02}\RP392\A0150522.exe\$INSTDIR\package8034_MARKETING2.exe\$INSTDIR\cb8034_MARKETING2.exe\$INSTDIR\flash.exe" file.

... Avast ih je kao obrisao. Medjutim posle restarta skeniram disk trojanci su jos uvek tu.
Onda sam instalirao SmitfraudFix (procitao sam ovde na forumu da je neko sa slicnim problemom, resio problem pomocu ovog alata.)
SmitfraudFix je definitivno resio problem. Nakon skeniranja sa avastom nema vise trojanaca.

ComboFix log:
ComboFix 08-11-06.01 - Rec 2008-11-07 12:45:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.554 [GMT 1:00]
Running from: c:\documents and settings\Rec\Desktop\Odrzavanje\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\sysproc64
c:\documents and settings\LocalService\Application Data\sysproc64\sysproc32.sys
c:\documents and settings\NetworkService\Application Data\sysproc64
c:\documents and settings\NetworkService\Application Data\sysproc64\sysproc32.sys
c:\documents and settings\Rec\Favorites\Download programs.url
c:\documents and settings\Rec\Favorites\Games.url
c:\documents and settings\Rec\Favorites\Translator.url
c:\documents and settings\Rec\Favorites\Videos.url
C:\smp.bat
c:\windows\system32\sysproc64
c:\windows\system32\sysproc64\002F9045.uf
c:\windows\system32\sysproc64\002F912F.uf
c:\windows\system32\sysproc64\002F91BC.uf
c:\windows\system32\sysproc64\002F920A.uf
c:\windows\system32\sysproc64\0048BD46.uf
c:\windows\system32\sysproc64\0048BD75.uf
c:\windows\system32\sysproc64\0048CFA6.uf
c:\windows\system32\sysproc64\0048CFE4.uf
c:\windows\system32\sysproc64\sysproc32.sys
c:\windows\system32\sysproc64\sysproc32.sys.cla
c:\windows\system32\sysproc64\sysproc86.sys
c:\windows\system32\tdssinit.dll
c:\windows\system32\tdssservers.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-07 11:44 . 2008-11-07 12:39 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-05 05:02 . 2008-11-05 05:02 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-05 04:42 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-05 04:42 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-05 04:42 . 2008-09-08 22:38 88,576 --a------ c:\windows\system32\AntiXPVSTFix.exe
2008-11-05 04:42 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-05 04:42 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-05 04:42 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-05 04:42 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-05 04:42 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-05 04:42 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-05 04:42 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-05 04:42 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-05 00:38 . 2008-11-05 04:44 1,618 --a------ c:\windows\system32\tmp.reg
2008-10-19 23:58 . 2008-10-19 23:58 <DIR> d-------- c:\program files\Xinox Software
2008-10-19 23:58 . 2008-10-19 23:58 <DIR> d-------- c:\documents and settings\Rec\Application Data\JCreator
2008-10-19 23:58 . 2008-10-19 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\JCreator
2008-10-19 23:54 . 2008-10-19 23:55 <DIR> d-------- C:\j2sdk1.4.2_18

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 11:45 --------- d-----w c:\documents and settings\Rec\Application Data\DMCache
2008-11-07 10:39 --------- d-----w c:\documents and settings\Rec\Application Data\OpenOffice.org2
2008-11-06 16:40 --------- d-----w c:\documents and settings\Rec\Application Data\uTorrent
2008-11-06 09:54 88 --sh--r c:\documents and settings\All Users\Application Data\D595C4CCF7.sys
2008-11-06 09:54 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-11-05 04:02 --------- d-----w c:\program files\Java
2008-11-05 04:01 --------- d-----w c:\program files\FlashGet
2008-11-05 03:19 --------- d-----w c:\documents and settings\Rec\Application Data\mIRC
2008-11-05 03:18 --------- d-----w c:\program files\mIRC
2008-10-12 00:12 --------- d-----w c:\program files\3GP Player
2008-10-06 15:27 --------- d-----w c:\program files\iMagic Hotel Reservation
2008-10-06 15:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-04 07:01 --------- d-----w c:\program files\Whale Communications
2008-10-02 14:58 --------- d-----w c:\documents and settings\Rec\Application Data\IDM
2008-10-02 14:18 --------- d-----w c:\program files\Internet Download Manager
2008-09-17 21:34 --------- d-----w c:\program files\NeuroTran
2008-09-16 13:52 --------- d-----w c:\program files\Word Translator Demo
2008-09-16 13:51 --------- d-----w c:\program files\KnowledgeSearch
2008-09-16 13:49 --------- d-----w c:\program files\HumanTran
2008-09-16 13:46 --------- d-----w c:\program files\PocketTran Demo
2008-09-16 13:44 --------- d-----w c:\program files\PalmTran Demo
2008-09-16 13:43 --------- d-----w c:\program files\LetterTran Demo
2008-09-16 13:42 --------- d-----w c:\program files\SearchTran Demo
2008-09-16 11:19 --------- d-----w c:\documents and settings\Rec\Application Data\Corel
2008-09-16 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2008-09-16 11:17 --------- d-----w c:\program files\Common Files\Protexis
2008-09-16 11:15 --------- d-----w c:\program files\Common Files\Corel
2008-09-16 11:14 --------- d-----w c:\program files\Corel
2008-09-16 09:25 --------- d-----w c:\documents and settings\Rec\Application Data\OPaC bright ideas
2008-09-16 09:25 --------- d-----w c:\documents and settings\Rec\Application Data\Epsitec Cache
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-04-24 20:30 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-24 17:15 608 --sha-w c:\windows\system32\winzvprt5.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-07 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-05 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"S3Trayp"="S3trayp.exe" [2006-07-11 c:\windows\system32\S3Trayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.mp42"= c:\windows\Mpg4c32.dll
"vidc.mp43"= c:\windows\Mpg4c32.dll
"vidc.mpg4"= c:\windows\Mpg4c32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Rec^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Rec\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rec^Start Menu^Programs^Startup^OpenOffice.org 1.9.69.lnk]
path=c:\documents and settings\Rec\Start Menu\Programs\Startup\OpenOffice.org 1.9.69.lnk
backup=c:\windows\pss\OpenOffice.org 1.9.69.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-11-07 12:19 2606512 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 2005-11-28 06:52 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 2005-11-28 06:55 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 2005-11-28 06:55 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-17 13:19 243072 c:\program files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-08-04 00:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
--------- 2005-07-03 08:20 372736 c:\windows\Samsung\ComSMMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-02-13 13:31 16857600 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 17:15 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-07-21 15:14 86016 c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2006-08-03 16:53 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25436:TCP"= 25436:TCP:BitComet 25436 TCP
"25436:UDP"= 25436:UDP:BitComet 25436 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-05 152984]
R2 PSI_SVC_2;Protexis Licensing V2;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2\RpcAgentSrv.exe [2008-04-07 98488]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 mpr_freader;MPR FileReader Driver;c:\program files\Multi Password Recovery\mpr_freader.sys [ ]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2006-09-12 659456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f3c3966-83b0-11dc-9a81-001d60518968}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{addaa956-4087-11dd-8ff2-001a4df9354b}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c712c75c-4e50-11dd-8ff4-001a4df9354b}]
\Shell\AutoRun\command - I:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee9f7364-bef2-11dc-9abe-001d60518968}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
MSConfigStartUp-adsnwm - c:\windows\system32\adsnwm.exe
MSConfigStartUp-DesktopIconToy - c:\program files\Desktop Icon Toy\DesktopIconToy.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-SeekmoSA - c:\program files\Seekmo\bin\10.0.406.0\SeekmoSA.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Rec\Application Data\Mozilla\Firefox\Profiles\9a6ij8ih.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919268
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-07 12:47:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
-> c:\windows\system32\ac3filter.acm
.
Completion time: 2008-11-07 12:48:23
ComboFix-quarantined-files.txt 2008-11-07 11:48:05

Pre-Run: 2.818.383.872 bytes free
Post-Run: 2,981,023,744 bytes free

229


Nadam se da je sada sistem stabilan.
Hvala na pomoci!

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Isprati sledeću proceduru ->

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

mycity.rs/must-login.png

mycity.rs/must-login.png

Hvala!

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Arrow Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Arrow Postavićeš mi i novi GMER rootkit log, kako bi bili sigurni da su reg. ključevi izbrisani.

offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Hvala jos jednom na trudu!
Danas sam slobodan sutra cu to da odradim
i postavljam log.

Dopuna: 11 Nov 2008 9:43

Ispratio sam tvoje uputstvo evo loga:

ComboFix 08-11-10.01 - Rec 2008-11-11 9:08:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.532 [GMT 1:00]
Running from: c:\documents and settings\Rec\Desktop\Odrzavanje\ComboFix.exe
Command switches used :: c:\documents and settings\Rec\Desktop\Odrzavanje\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-08 23:07 . 2008-11-08 23:08 250 --a------ c:\windows\gmer.ini
2008-11-07 11:44 . 2008-11-07 12:39 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-05 05:02 . 2008-11-05 05:02 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-05 04:42 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-05 04:42 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-05 04:42 . 2008-09-08 22:38 88,576 --a------ c:\windows\system32\AntiXPVSTFix.exe
2008-11-05 04:42 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-05 04:42 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-05 04:42 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-05 04:42 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-05 04:42 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-05 04:42 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-05 04:42 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-05 04:42 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-05 00:38 . 2008-11-05 04:44 1,618 --a------ c:\windows\system32\tmp.reg
2008-10-19 23:58 . 2008-10-19 23:58 <DIR> d-------- c:\program files\Xinox Software
2008-10-19 23:58 . 2008-10-19 23:58 <DIR> d-------- c:\documents and settings\Rec\Application Data\JCreator
2008-10-19 23:58 . 2008-10-19 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\JCreator
2008-10-19 23:54 . 2008-10-19 23:55 <DIR> d-------- C:\j2sdk1.4.2_18

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 08:09 --------- d-----w c:\documents and settings\Rec\Application Data\DMCache
2008-11-11 05:58 --------- d-----w c:\documents and settings\Rec\Application Data\OpenOffice.org2
2008-11-07 15:51 --------- d-----w c:\documents and settings\Rec\Application Data\uTorrent
2008-11-07 15:35 --------- d-----w c:\program files\FlashGet
2008-11-07 15:33 --------- d-----w c:\documents and settings\Rec\Application Data\Corel
2008-11-07 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2008-11-07 15:28 --------- d-----w c:\documents and settings\Rec\Application Data\Lavasoft
2008-11-07 13:03 --------- d-----w c:\program files\Common Files\Adobe
2008-11-06 09:54 88 --sh--r c:\documents and settings\All Users\Application Data\D595C4CCF7.sys
2008-11-06 09:54 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-11-05 04:02 --------- d-----w c:\program files\Java
2008-11-05 03:19 --------- d-----w c:\documents and settings\Rec\Application Data\mIRC
2008-11-05 03:18 --------- d-----w c:\program files\mIRC
2008-10-06 15:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-04 07:01 --------- d-----w c:\program files\Whale Communications
2008-10-02 14:58 --------- d-----w c:\documents and settings\Rec\Application Data\IDM
2008-10-02 14:18 --------- d-----w c:\program files\Internet Download Manager
2008-09-16 09:25 --------- d-----w c:\documents and settings\Rec\Application Data\OPaC bright ideas
2008-09-16 09:25 --------- d-----w c:\documents and settings\Rec\Application Data\Epsitec Cache
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-04-24 20:30 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-24 17:15 608 --sha-w c:\windows\system32\winzvprt5.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-07_12.47.45,04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-08 22:07:35 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-11-07 13:03:58 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2008-11-08 22:07:35 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-10-21 13:40:45 133,280 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-07 15:56:43 130,096 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-07 15:59:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_57c.dat
+ 2008-11-07 15:59:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-07 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-05 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"S3Trayp"="S3trayp.exe" [2006-07-11 c:\windows\system32\S3Trayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.mp42"= c:\windows\Mpg4c32.dll
"vidc.mp43"= c:\windows\Mpg4c32.dll
"vidc.mpg4"= c:\windows\Mpg4c32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Rec^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Rec\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rec^Start Menu^Programs^Startup^OpenOffice.org 1.9.69.lnk]
path=c:\documents and settings\Rec\Start Menu\Programs\Startup\OpenOffice.org 1.9.69.lnk
backup=c:\windows\pss\OpenOffice.org 1.9.69.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-11-07 12:19 2606512 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 2005-11-28 06:52 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 2005-11-28 06:55 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 2005-11-28 06:55 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-17 13:19 243072 c:\program files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-08-04 00:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
--------- 2005-07-03 08:20 372736 c:\windows\Samsung\ComSMMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-02-13 13:31 16857600 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 17:15 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-07-21 15:14 86016 c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2006-08-03 16:53 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25436:TCP"= 25436:TCP:BitComet 25436 TCP
"25436:UDP"= 25436:UDP:BitComet 25436 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 mpr_freader;MPR FileReader Driver;c:\program files\Multi Password Recovery\mpr_freader.sys [ ]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2006-09-12 659456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f3c3966-83b0-11dc-9a81-001d60518968}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{addaa956-4087-11dd-8ff2-001a4df9354b}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c712c75c-4e50-11dd-8ff4-001a4df9354b}]
\Shell\AutoRun\command - I:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee9f7364-bef2-11dc-9abe-001d60518968}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

*Newly Created Service* - GMER
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-11 09:09:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
-> c:\windows\system32\ac3filter.acm
.
Completion time: 2008-11-11 9:10:09
ComboFix-quarantined-files.txt 2008-11-11 08:09:52

Pre-Run: 4.743.843.840 bytes free
Post-Run: 4,745,859,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

184


mycity.rs/must-login.png

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Moraćemo da ponovimo postupak...

Arrow Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
tdssserv


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Arrow Postavićeš mi i novi GMER rootkit log, kako bi bili sigurni da su reg. ključevi izbrisani.

Ko je trenutno na forumu
 

Ukupno su 1368 korisnika na forumu :: 29 registrovanih, 6 sakrivenih i 1333 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, babaroga, bojcistv, celik, darkangel, Dorcolac, FileFinder, GandorCC, hatman, kinez88, Magistar78, MB120mm, Mixelotti, nebkv, Nemanja.M, nenaddz, oganj123, procesor, RJ, rodoljub, royst33, S2M, Skywhaler, Toper, vathra, VitezKoja, YugoSlav, zlaya011