Izdvojeno iz druge teme

1

Izdvojeno iz druge teme

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

Molim za resenje problema. nakon odredjenog vremena gubim konekciju i javlja mi se sledece
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:15, on 30.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\xp pro\Desktop\New Folder\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mystart.incredimail.com/english/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {26C2446C-C846-46ED-ABBE-CEECDA22011E} - (no file)
O2 - BHO: (no name) - {2736E8C4-EAF2-4E68-82D1-43309C142F0C} - (no file)
O2 - BHO: (no name) - {4A5AB901-1612-4AA6-AC61-441CB73BBA7E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A6D9B5C8-92CA-4391-841A-195484A04AE1} - (no file)
O2 - BHO: (no name) - {A7A54F3C-5DBD-4346-ADF6-4C65091E41C3} - (no file)
O2 - BHO: (no name) - {BB71CDF8-460C-4CE2-96D6-AAADBEFA1421} - (no file)
O2 - BHO: (no name) - {BFFF70ED-AC47-4859-B8CE-484DA874610D} - (no file)
O2 - BHO: (no name) - {D23955D4-8421-4A81-AE3B-9764E00FB40E} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Configuration Driver] scghost.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunServices: [Configuration Driver] scghost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\XPPRO~1\LOCALS~1\Temp\E_S264.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AD8E4E2-6BD0-4E03-BE2A-4C46E9C6CA27}: NameServer = 82.117.200.6
O20 - Winlogon Notify: jkkIYomn - C:\WINDOWS\
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7057 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...

crni_kac ::Molim za resenje problema. nakon odredjenog vremena gubim konekciju i javlja mi se sledece

Šta se javlja? Neka greška?




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

ComboFix 08-12-01.01 - xp pro 2008-12-02 13:36:04.1 - NTFSx86
Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\xp pro\Start Menu\SMS TRAP.url
c:\program files\msgaurd.exe
c:\windows\BM27dcc015.txt
c:\windows\BM27dcc015.xml
c:\windows\Install.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ENUFffii.ini
c:\windows\system32\i
c:\windows\system32\ioyapxuu.ini
c:\windows\system32\jqcyqhim.ini
c:\windows\system32\nrrtk.dll
c:\windows\system32\open.exe
c:\windows\system32\packet.dll
c:\windows\system32\qqBKRqru.ini
c:\windows\system32\tmp0_145053804157.bk
c:\windows\system32\tmp0_294088187352.bk
c:\windows\system32\tmp0_409374200896.bk
c:\windows\system32\tmp0_539548716150.bk
c:\windows\system32\tmp0_608598487077.bk
c:\windows\system32\tmp0_730074630193.bk
c:\windows\system32\tmp0_733591122938.bk
c:\windows\system32\tmp0_800607858590.bk
c:\windows\system32\tmp0_81383711578.bk
c:\windows\system32\tmp0_8605736756.bk
c:\windows\system32\wFffLRqr.ini
c:\windows\system32\whrkqivr.ini
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Legacy_SOTPECA
-------\Legacy_TDXDOWKC
-------\Service_ISODrive
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-02 08:17 . 2008-12-02 08:17 <DIR> d-------- c:\program files\3D-Relax
2008-12-02 07:35 . 2008-12-02 07:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 20:46 . 2008-12-01 20:46 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Thinstall
2008-12-01 19:51 . 2008-12-02 07:33 <DIR> d-------- c:\program files\Lavasoft
2008-12-01 06:31 . 2008-12-01 10:52 84,492 --a------ c:\windows\system32\wt.exe
2008-11-30 12:55 . 2008-11-30 13:17 <DIR> d-------- c:\program files\T-Com Antidialer
2008-11-30 12:46 . 2008-11-30 12:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Netsweeper
2008-11-28 17:19 . 2008-12-01 11:57 74,764 --a------ c:\windows\system32\quicktime.exe
2008-11-28 12:49 . 2008-12-02 13:11 <DIR> d-------- c:\program files\Trojan Remover
2008-11-26 20:17 . 2005-05-03 11:43 69,632 -r------- c:\windows\Alcmtr.exe
2008-11-23 22:09 . 2008-12-02 13:39 171,135 --a------ c:\windows\system32\nvapps.xml
2008-11-23 22:08 . 2008-11-23 22:08 <DIR> d-------- c:\windows\nview
2008-11-23 22:08 . 2008-02-28 06:34 360,448 -ra------ c:\windows\system32\nvuninst.exe
2008-11-23 22:08 . 2008-02-28 06:34 360,448 --a------ c:\windows\system32\nvudisp.exe
2008-11-23 22:08 . 2008-02-28 06:34 17,848 --a------ c:\windows\system32\nvdisp.nvu
2008-11-23 21:31 . 2008-11-30 09:26 <DIR> d-------- c:\program files\Dr.Hardware 2008 english
2008-11-22 17:54 . 2008-11-24 11:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-18 14:13 . 2008-11-18 14:13 <DIR> d-------- c:\windows\Green Valley Fun on the Farm
2008-11-18 13:46 . 2008-11-18 13:49 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Ancient Quest of Saqqarah__cminion
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\program files\Ancient Quest of Saqqarah
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\StoneLoops!
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Saqqarah
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\MagicMatch
2008-11-15 19:51 . 2008-11-15 19:57 <DIR> d-------- c:\documents and settings\xp pro\Application Data\DMCache
2008-11-15 00:08 . 2008-11-15 00:08 <DIR> d-------- c:\windows\3planesoft 3D Screensavers [36-in-1] 32-bit
2008-11-09 20:23 . 2008-11-11 12:57 <DIR> d-------- c:\program files\XP Repair Pro 2007
2008-11-05 10:17 . 2008-11-08 22:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-05 09:23 . 2008-11-05 09:23 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Sahmon Games
2008-11-04 22:59 . 2008-11-04 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\HipSoft
2008-11-03 10:34 . 2008-11-03 10:34 <DIR> d-------- c:\program files\Windows Sidebar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 12:28 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-12-02 12:25 --------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent
2008-12-02 12:10 --------- d-----w c:\documents and settings\xp pro\Application Data\Gearbox Software
2008-12-01 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-29 15:35 --------- d-----w c:\program files\Puzzle Express
2008-11-26 19:25 16,376 ----a-w c:\windows\gdrv.sys
2008-11-18 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium
2008-11-08 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-05 09:25 --------- d-----w c:\program files\GameHouse
2008-11-05 09:22 --------- d-----w c:\program files\Platypus II
2008-11-05 09:22 --------- d-----w c:\program files\Pinocchio ENG
2008-11-03 09:35 --------- d-----w c:\program files\Nero
2008-11-03 09:35 --------- d-----w c:\program files\Common Files\Nero
2008-11-03 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-31 10:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 10:35 --------- d-----w c:\program files\EA GAMES
2008-10-31 10:21 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games
2008-10-30 11:30 --------- d-----w c:\documents and settings\xp pro\Application Data\SolSuite
2008-10-30 11:19 --------- d-----w c:\program files\SolSuite
2008-10-30 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames
2008-10-29 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-29 10:38 --------- d-----w c:\program files\Midway Games
2008-10-28 07:31 --------- d-----w c:\program files\Escape From Paradise
2008-10-28 07:28 --------- d-----w c:\program files\Rainforest Adventure
2008-10-27 12:40 --------- d-----w c:\program files\Fire Maple Games
2008-10-27 12:39 472,576 ----a-w c:\windows\uninstall.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263769828.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263766796.exe
2008-10-27 12:39 --------- d-----w c:\program files\Mahjong Forests
2008-10-21 17:37 --------- d-----w c:\documents and settings\xp pro\Application Data\Playfirst
2008-10-21 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Playfirst
2008-10-21 16:36 --------- d-----w c:\documents and settings\xp pro\Application Data\Righteous Kill
2008-10-21 15:56 --------- d-----w c:\program files\LeeGTs Games
2008-10-21 15:27 --------- d-----w c:\program files\Chromentum 2
2008-10-17 01:36 --------- d-----w c:\program files\JLC's Software
2008-10-17 01:28 --------- d-----w c:\documents and settings\xp pro\Application Data\JLC's Software
2008-10-14 21:01 81,920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe
2008-10-14 21:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-14 21:01 47,360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys
2008-10-14 21:01 --------- d-----w c:\program files\Video Convert Premier
2008-10-14 21:01 --------- d-----w c:\documents and settings\xp pro\Application Data\Vso
2008-10-07 20:48 --------- d-----w c:\program files\Webteh
2008-10-07 20:48 --------- d-----w c:\documents and settings\xp pro\Application Data\BSplayer PRO
2008-10-05 11:14 --------- d-----w c:\program files\UltraISO
2008-10-05 11:13 --------- d-----w c:\program files\Common Files\EZB Systems
2008-10-02 16:52 --------- d-----w c:\documents and settings\xp pro\Application Data\Nero
2007-07-26 19:00 23,800,756 ----a-w c:\program files\Burning Studio 7.1.0.exe
2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat
.

------- Sigcheck -------

2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2004-08-04 00:14 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-12-02 2468200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
.
- - - - ORPHANS REMOVED - - - -

BHO-{26C2446C-C846-46ED-ABBE-CEECDA22011E} - (no file)
BHO-{2736E8C4-EAF2-4E68-82D1-43309C142F0C} - (no file)
BHO-{4A5AB901-1612-4AA6-AC61-441CB73BBA7E} - (no file)
BHO-{516B8DC9-1E9B-442E-B84C-1CCCE91368A2} - c:\windows\system32\nrrtk.dll
BHO-{A6D9B5C8-92CA-4391-841A-195484A04AE1} - (no file)
BHO-{A7A54F3C-5DBD-4346-ADF6-4C65091E41C3} - (no file)
BHO-{BB71CDF8-460C-4CE2-96D6-AAADBEFA1421} - (no file)
BHO-{BFFF70ED-AC47-4859-B8CE-484DA874610D} - (no file)
BHO-{D23955D4-8421-4A81-AE3B-9764E00FB40E} - (no file)
HKLM-RunServices-Configuration Driver - scghost.exe
HKU-Default-Run-MS Gaurd Driver - c:\program files\msgaurd.exe
Notify-jkkIYomn - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\xp pro\Application Data\Mozilla\Firefox\Profiles\ftjliinr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/
FF -: plugin - c:\program files\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-02 13:39:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\honestech\honestech TVR\scheduleTV.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-02 13:40:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 12:40:55

Pre-Run: 66.832.887.808 bytes free
Post-Run: 66,821,795,840 bytes free

214

Dopuna: 02 Dec 2008 13:47

gubim konekciju interneta posle 5 minuta nakon srestarta i pise Generic host process for win 32 service

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\wt.exe
c:\windows\system32\quicktime.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Što se tiče problema sa internet konekcijom:

http://www.mycity.rs/Windows/Generic-host-process-problem.html

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

ComboFix 08-12-01.01 - xp pro 2008-12-03 11:31:16.4 - NTFSx86
Running from: c:\documents and settings\xp pro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\xp pro\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\quicktime.exe
c:\windows\system32\wt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wt.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-02 14:46 . 2008-12-02 14:46 482,816 --a------ c:\windows\system32PLSR.exe
2008-12-02 14:46 . 2008-12-02 14:46 7,680 --a------ c:\windows\system32PLSR.006
2008-12-02 14:46 . 2008-12-02 14:46 5,632 --a------ c:\windows\system32PLSR.007
2008-12-02 08:17 . 2008-12-02 08:17 <DIR> d-------- c:\program files\3D-Relax
2008-12-02 07:35 . 2008-12-02 07:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 20:46 . 2008-12-01 20:46 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Thinstall
2008-12-01 19:51 . 2008-12-02 07:33 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 12:55 . 2008-11-30 13:17 <DIR> d-------- c:\program files\T-Com Antidialer
2008-11-30 12:46 . 2008-11-30 12:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Netsweeper
2008-11-28 12:49 . 2008-12-02 13:11 <DIR> d-------- c:\program files\Trojan Remover
2008-11-26 20:17 . 2005-05-03 11:43 69,632 -ra------ c:\windows\Alcmtr.exe
2008-11-23 22:09 . 2008-12-03 11:24 171,135 --a------ c:\windows\system32\nvapps.xml
2008-11-23 22:08 . 2008-11-23 22:08 <DIR> d-------- c:\windows\nview
2008-11-23 22:08 . 2008-02-28 06:34 360,448 -ra------ c:\windows\system32\nvuninst.exe
2008-11-23 22:08 . 2008-02-28 06:34 360,448 --a------ c:\windows\system32\nvudisp.exe
2008-11-23 22:08 . 2008-02-28 06:34 17,848 --a------ c:\windows\system32\nvdisp.nvu
2008-11-23 21:31 . 2008-11-30 09:26 <DIR> d-------- c:\program files\Dr.Hardware 2008 english
2008-11-22 17:54 . 2008-11-24 11:22 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-18 14:13 . 2008-11-18 14:13 <DIR> d-------- c:\windows\Green Valley Fun on the Farm
2008-11-18 13:46 . 2008-11-18 13:49 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Ancient Quest of Saqqarah__cminion
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\StoneLoops!
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Saqqarah
2008-11-18 13:45 . 2008-11-18 13:45 <DIR> d-------- c:\documents and settings\xp pro\Application Data\MagicMatch
2008-11-15 19:51 . 2008-11-15 19:57 <DIR> d-------- c:\documents and settings\xp pro\Application Data\DMCache
2008-11-15 00:08 . 2008-11-15 00:08 <DIR> d-------- c:\windows\3planesoft 3D Screensavers [36-in-1] 32-bit
2008-11-09 20:23 . 2008-11-11 12:57 <DIR> d-------- c:\program files\XP Repair Pro 2007
2008-11-05 10:17 . 2008-11-08 22:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-05 09:23 . 2008-11-05 09:23 <DIR> d-------- c:\documents and settings\xp pro\Application Data\Sahmon Games
2008-11-04 22:59 . 2008-11-04 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\HipSoft
2008-11-03 10:34 . 2008-11-03 10:34 <DIR> d-------- c:\program files\Windows Sidebar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 10:25 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-12-03 10:23 --------- d-----w c:\documents and settings\xp pro\Application Data\uTorrent
2008-12-02 12:10 --------- d-----w c:\documents and settings\xp pro\Application Data\Gearbox Software
2008-12-01 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-29 15:35 --------- d-----w c:\program files\Puzzle Express
2008-11-26 19:25 16,376 ----a-w c:\windows\gdrv.sys
2008-11-18 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium
2008-11-08 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-05 09:25 --------- d-----w c:\program files\GameHouse
2008-11-05 09:22 --------- d-----w c:\program files\Platypus II
2008-11-05 09:22 --------- d-----w c:\program files\Pinocchio ENG
2008-11-03 09:35 --------- d-----w c:\program files\Nero
2008-11-03 09:35 --------- d-----w c:\program files\Common Files\Nero
2008-11-03 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-31 10:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 10:35 --------- d-----w c:\program files\EA GAMES
2008-10-31 10:21 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap Games
2008-10-30 11:30 --------- d-----w c:\documents and settings\xp pro\Application Data\SolSuite
2008-10-30 11:19 --------- d-----w c:\program files\SolSuite
2008-10-30 11:19 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames
2008-10-29 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-29 10:38 --------- d-----w c:\program files\Midway Games
2008-10-28 07:31 --------- d-----w c:\program files\Escape From Paradise
2008-10-28 07:28 --------- d-----w c:\program files\Rainforest Adventure
2008-10-27 12:40 --------- d-----w c:\program files\Fire Maple Games
2008-10-27 12:39 472,576 ----a-w c:\windows\uninstall.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263769828.exe
2008-10-27 12:39 26,555,220 ----a-w c:\windows\system32\ntx263766796.exe
2008-10-27 12:39 --------- d-----w c:\program files\Mahjong Forests
2008-10-21 17:37 --------- d-----w c:\documents and settings\xp pro\Application Data\Playfirst
2008-10-21 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Playfirst
2008-10-21 16:36 --------- d-----w c:\documents and settings\xp pro\Application Data\Righteous Kill
2008-10-21 15:56 --------- d-----w c:\program files\LeeGTs Games
2008-10-21 15:27 --------- d-----w c:\program files\Chromentum 2
2008-10-17 01:36 --------- d-----w c:\program files\JLC's Software
2008-10-17 01:28 --------- d-----w c:\documents and settings\xp pro\Application Data\JLC's Software
2008-10-14 21:01 81,920 ----a-w c:\documents and settings\xp pro\Application Data\ezpinst.exe
2008-10-14 21:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-14 21:01 47,360 ----a-w c:\documents and settings\xp pro\Application Data\pcouffin.sys
2008-10-14 21:01 --------- d-----w c:\program files\Video Convert Premier
2008-10-14 21:01 --------- d-----w c:\documents and settings\xp pro\Application Data\Vso
2008-10-07 20:48 --------- d-----w c:\program files\Webteh
2008-10-07 20:48 --------- d-----w c:\documents and settings\xp pro\Application Data\BSplayer PRO
2008-10-05 11:14 --------- d-----w c:\program files\UltraISO
2008-10-05 11:13 --------- d-----w c:\program files\Common Files\EZB Systems
2007-07-26 19:00 23,800,756 ----a-w c:\program files\Burning Studio 7.1.0.exe
2002-07-01 14:13 224 --sha-w c:\documents and settings\xp pro\Application Data\maildriver32.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-12-02 2468200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"system32PLSR Agent"="c:\windows\system32PLSR.exe" [2008-12-02 482816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-03 11:32:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-12-03 11:32:52
ComboFix-quarantined-files.txt 2008-12-03 10:32:42
ComboFix2.txt 2008-12-03 10:14:08
ComboFix3.txt 2008-12-02 12:52:32
ComboFix4.txt 2008-12-02 12:40:58

Pre-Run: 66.935.623.680 bytes free
Post-Run: 66,922,635,264 bytes free

148

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ardamax Keylogger - da li si ga ti sam instalirao?

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

nisam.Da li je to u pitanju? Kako izleciti komp?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uploaduj sledeće file-ove:

c:\windows\system32PLSR.exe
c:\windows\system32PLSR.006
c:\windows\system32PLSR.007


Upload link: http://www.mycity.rs/ambulanta-upload.php



Arrow Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 25 Apr 2006
  • Poruke: 46

mycity.rs/must-login.png

mycity.rs/must-login.png


ovo sam odradio sem sto neznam da pronadjem ove fajlove da upoadujem

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovako ćemo...


Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32PLSR.exe
c:\windows\system32PLSR.006
c:\windows\system32PLSR.007


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 924 korisnika na forumu :: 68 registrovanih, 11 sakrivenih i 845 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, acatomic, aleksandarbl, armor, arzak, babaroga, bavar357, bojank, bojcistv, Boris90, Brada i Gibanica, branko7, Bubili, Despot1, djboj, doklevise, Dostanic09, Drug pukovnik, Duh sa sekirom, dule10savic, Ehinacea, fijesta7, FileFinder, Frunze, Georgius, gomago, gzoki, igorbugi, Istman, Još malo pa deda, Kriglord, krkalon, kuntalo, liman, Lucije Kvint, Mahovljani, mgolub, mile23, Miskohd, Nemanja.M, Neutral-M, niksa517, opt1, ozz, Panter, PEGIN, Penzula, peruni, proka89, Rogan33, Romibrat, ruso, Shinobi, Snorks, srbijaiznadsvega, stalja, t84dar, Toni, virked, Vlad000, Vlada78, vladulns, Vlajman1957, Voja1978, voja64, wolf431, x9, zxstole