Neshto vuche konekciju

1

Neshto vuche konekciju

offline
  • Uroš Ilić
  • dr stom.
  • Pridružio: 08 Jul 2006
  • Poruke: 2182
  • Gde živiš: Beograd

Evo sada dok pishem neki proces vuche skoro kompletne resurse konekcije. Otkrio sam neki fajl u Tempu mog korisnika koji je sakriven i ne dozvoljava da se obrishe, dok se ne diskonektujem. Zove se BIT66.tmp i kada ga obrishem i ponovo se konektujem, ista pricha, sve dok se ne skine, a tada prestaje aktivnost. Tezak je 19.2 Mb.
Od zashtite imam Symantes Endpoin Security 11 i Spyware Terminator i oni ne reaguju.
Evo mog loga iz Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:35, on 28.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608-)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe
C:\Documents and Settings\Fritz\Start Menu\Programs\Startup\PS2.bat
C:\Program Files\MSN Messenger\Windows Live Messenger.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Total Commander 7.0 RC5\Total Commander 7.0.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE7 / Cfrium I
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PS2.bat
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....6187994171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6.....6188131265
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC17F6B4-A672-448A-957E-48AF5C5851CA}: NameServer = 80.74.160.35 80.74.160.52
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9080 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8558
  • Gde živiš: Novi Beograd

Nisi ispratio do kraja uputstvo za postavljanje HJT loga.
Potrebno je da HijackThis.exe preimenujes u neko drugo ime npr.hazmaju.exe

Kad preimenujes,postavi novi log.

offline
  • Uroš Ilić
  • dr stom.
  • Pridružio: 08 Jul 2006
  • Poruke: 2182
  • Gde živiš: Beograd

Izvinjavam se! Evo kao shto si nalozio, promenjeno u hazmaju.exe i evo ga log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:13, on 28.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608-)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe
C:\Documents and Settings\Fritz\Start Menu\Programs\Startup\PS2.bat
C:\Program Files\Trend Micro\HijackThis\hazmaju.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE7 / Cfrium I
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PS2.bat
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....6187994171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6.....6188131265
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8696 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8558
  • Gde živiš: Novi Beograd

Izgleda da si zapatio nekog trojanca.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Uroš Ilić
  • dr stom.
  • Pridružio: 08 Jul 2006
  • Poruke: 2182
  • Gde živiš: Beograd

Mnogo sam se zeznuo! Pre nego shto sam video ponudjeno reshenje, video sam Party Poker liniju u logu od HJT, pa sam ispratio to do fajla shdocvw.dll u System 32 i obrisao ga iz Linuxa. E, sad ne mogu da dignem Win normalno,nema mi taskbara i na pochetku se javlja da mu fali taj dll i da ne moze da inicira ne znam vec shta.
Kako sad ovo da reshim, moze li neki user da mi poshalje ovaj dll da ga stavim nazad u System 32? ja sam mislio da je to nepotreban dll, tj da nije od sistema, vec od trojanca, a ispada da je on samo bio promenjen, a poteban sistemu.
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
Pomagajte molim Vas!

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8558
  • Gde živiš: Novi Beograd

E,stvarno...
Kucaj u google shdocvw.dll,pa nadji neki sajt gde mozes besplatno da skines taj dll,ima ih vise.
Kad si vec resio sam da resavas,sto nisi googlao i video za sta taj fajl zapravo sluzi.Na istio nacin i ja proveravam koji je legitiman,a koji ne.

Da ti ne bojkotujes moju pomoc,posto te nisam poslusao po mom Kubuntu Stand by pitanju? Wink

Ajde pokusaj to da sredis,pa da nastavimo dalje,uz novi hjt log i ComboFix log.

offline
  • Uroš Ilić
  • dr stom.
  • Pridružio: 08 Jul 2006
  • Poruke: 2182
  • Gde živiš: Beograd

Daleko bilo, cenim pomocu u svakom obliku, a narochito dobru volju!
Nisam bio azuran u proveri maila, a pravio sam se pametan!
Sacu da proguglam pa se javljam ...

Dopuna: 28 Mar 2008 17:13

Skinuo sam dll, ubacio ga nazad i vishe ne javlja greshku kako fali, medjutim nisam reshio problem i dalje ne mogu da bootujem normalno.
Kad se digne Win imam samo sliku desktopa, bes taskbara ili bilo chega drugog i sve shto mogu da uradim je da udjem u Task Manager.
Neki drugi hint? Smile

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8558
  • Gde živiš: Novi Beograd

Veruj mi,skroz sam ispao iz Win fazona,ako sam u njemu uopste bio.Pitacu bobbya sta dalje....Mada sve sto nema veze sa uklanjanjem malwera ne sme da bude u Ambulanti,vec u tvom slucaju u Windows forumu.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Probaj sledece da bi "podigao" desktop:

- otvori TaskManager
- idi gore na File > New task (Run...)
- tu ukucaj explorer i klikni OK

To bi trebalo da podigne desktop.
Ukoliko ne uspe tako, onda umesto explorer probaj desktop

Ukoliko uspes da podignes desktop, postavi nam ComboFix log.

offline
  • Uroš Ilić
  • dr stom.
  • Pridružio: 08 Jul 2006
  • Poruke: 2182
  • Gde živiš: Beograd

Nazalost nije uspelo ni na jednu komandu. Na obe komande vidim taskbar na delic sekunde, kao da pokusha da se digne i odmah nestane. U procesima uopshte nema explorera Sad
Izvinjavam se shto sam trazeci pomoc u ovoj temi otishao u off, ali ako mozda imate drugu ideju...
Izgleda da mu ne odgovara ovaj dll koji sam skinuo, jer koliko se secam kada sam ga brisao u Linuxu, pomocu Gnome Commandera, primetio sam da fajl ima danashnji datum, pa pretpostavljam da ovom skinutom fale neke info vezane za moj sistem. Zao mi je samo shto sam bio brzoplet i pravio se pametan, bez prethodne provere. Svaka se greshka placa na neki nacin.

Dopuna: 30 Mar 2008 0:25

Evo me opet, reshio mi m4rk0 brljotinu koju sam napravio, hvala mu!
Evo loga iz ComboFixa:

ComboFix 08-03-29.1 - Fritz 2008-03-30 0:19:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1526 [GMT 1:00]
Running from: C:\Documents and Settings\Fritz\Local Settings\Temporary Internet Files\Content.IE5\YCM68PBS\ComboFix[1].exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-30 00:03 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-03-30 00:03 . 2004-08-04 12:00 113,222 --a--c--- C:\WINDOWS\system32\dllcache\zoneclim.dll
2008-03-30 00:03 . 2004-08-04 12:00 41,029 --a--c--- C:\WINDOWS\system32\dllcache\zcorem.dll
2008-03-30 00:03 . 2004-08-04 12:00 36,937 --a--c--- C:\WINDOWS\system32\dllcache\zclientm.exe
2008-03-30 00:03 . 2004-08-04 12:00 29,760 --a--c--- C:\WINDOWS\system32\dllcache\znetm.dll
2008-03-30 00:03 . 2004-08-04 12:00 13,894 --a--c--- C:\WINDOWS\system32\dllcache\zonelibm.dll
2008-03-30 00:03 . 2004-08-04 12:00 4,677 --a--c--- C:\WINDOWS\system32\dllcache\zeeverm.dll
2008-03-30 00:01 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-03-30 00:00 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-03-29 23:59 . 2004-08-04 12:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-03-29 23:58 . 2004-08-04 12:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-03-29 23:57 . 2004-08-04 12:00 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll
2008-03-29 23:56 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-03-29 23:55 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-03-29 23:54 . 2004-08-04 12:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-03-29 23:53 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-03-29 23:52 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-03-29 23:51 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-29 23:50 . 2004-08-04 12:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-03-29 23:49 . 2004-08-04 12:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-03-29 23:48 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-29 23:47 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-03-29 23:46 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-03-29 23:45 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-03-29 23:44 . 2004-08-04 12:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-03-29 23:43 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-03-29 23:42 . 2004-08-04 12:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-28 20:41 . 2007-12-17 23:14 1,497,088 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-03-28 10:19 . 2007-12-27 23:47 210,432 --a------ C:\WINDOWS\system32\ifsdrives.dll
2008-03-28 10:19 . 2008-01-20 17:53 179,584 --a------ C:\WINDOWS\system32\drivers\ext2fs.sys
2008-03-28 10:19 . 2007-12-16 17:27 74,752 --a------ C:\WINDOWS\system32\ifsdrives.cpl
2008-03-28 10:19 . 2007-12-29 19:48 49,536 --a------ C:\WINDOWS\system32\drivers\ifsmount.sys
2008-03-26 22:08 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-03-19 21:58 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-19 21:58 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-15 00:25 . 2008-03-15 00:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 00:25 . 2008-03-15 00:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-15 00:18 . 2008-03-15 00:18 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-14 17:55 . 2008-03-14 17:58 <DIR> d-------- C:\Documents and Settings\Fritz\Application Data\DisplayTune
2008-03-14 17:50 . 2004-08-04 01:56 1,392,671 --a------ C:\WINDOWS\msvbvm60.dll
2008-03-14 17:50 . 2002-01-05 04:40 487,424 --a------ C:\WINDOWS\msvcp70.dll
2008-03-14 17:50 . 2002-01-05 04:37 344,064 --a------ C:\WINDOWS\msvcr70.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 20:49 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-27 20:49 --------- d-----w C:\Documents and Settings\Fritz\Application Data\Spyware Terminator
2008-03-27 17:59 --------- d-----w C:\Documents and Settings\Fritz\Application Data\uTorrent
2008-03-25 15:15 50,536 ----a-w C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-19 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-14 16:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 21:55 --------- d-----w C:\Program Files\Java
2008-03-06 16:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 16:10 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 15:53 566,784 ----a-w C:\WINDOWS\~de74bc.tmp
2008-03-04 18:19 --------- d-----w C:\Documents and Settings\Fritz\Application Data\LimeWire
2008-02-22 23:12 --------- d-----w C:\Program Files\Opera
2008-02-15 09:01 --------- d-----w C:\Program Files\Common Files\Autodata Limited Shared
2008-02-12 17:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-03 13:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 13:28 --------- d-----w C:\Program Files\Sierra
2008-02-02 12:56 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-02 12:52 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-29 18:35 --------- d-----w C:\Program Files\PartyGaming
2008-01-28 22:18 --------- d-----w C:\Program Files\Futuremark
2008-01-04 22:05 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2008-01-02 18:15 78 --sh--w C:\Program Files\Desktop.ini
2007-12-30 11:55 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 18:22 1822720 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27 222208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 19:05 2650112]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 19:05 2650112]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-06 17:10 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\Fritz\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
PS2.bat [2002-10-16 23:57:10 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe [2007-11-27 00:29:26 929889]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
--a------ 2002-10-14 21:09 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
--a------ 2006-08-26 09:34 365056 C:\Program Files\RFA Platinum\rfagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\EA Games\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-01-20 17:53]
R1 IfsMount;IfsMount;C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2007-12-29 19:48]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 17:10]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 07:27]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]
S3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 12:06]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-30 12:55]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 00:21:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\nview.dll
.
Completion time: 2008-03-30 0:21:32
ComboFix-quarantined-files.txt 2008-03-29 23:21:24
Pre-Run: 11,270,799,360 bytes free
Post-Run: 11,256,672,256 bytes free

Dopuna: 30 Mar 2008 17:01

Reshio sam se svih tragova onog PartyPoker trojanca.
Evo novi ComboFix log, na procenu, vama shto se razumete:

ComboFix 08-03-30.2 - Fritz 2008-03-30 16:53:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1434 [GMT 2:00]
Running from: C:\Documents and Settings\Fritz\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.

2008-03-28 11:19 . 2007-12-28 00:47 210,432 --a------ C:\WINDOWS\system32\ifsdrives.dll
2008-03-28 11:19 . 2008-01-20 18:53 179,584 --a------ C:\WINDOWS\system32\drivers\ext2fs.sys
2008-03-28 11:19 . 2007-12-16 18:27 74,752 --a------ C:\WINDOWS\system32\ifsdrives.cpl
2008-03-28 11:19 . 2007-12-29 20:48 49,536 --a------ C:\WINDOWS\system32\drivers\ifsmount.sys
2008-03-26 23:08 . 1997-11-19 16:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-03-15 01:25 . 2008-03-15 01:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 01:25 . 2008-03-15 01:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-15 01:18 . 2008-03-15 01:18 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-14 18:55 . 2008-03-14 18:58 <DIR> d-------- C:\Documents and Settings\Fritz\Application Data\DisplayTune
2008-03-14 18:50 . 2004-08-04 02:56 1,392,671 --a------ C:\WINDOWS\msvbvm60.dll
2008-03-14 18:50 . 2002-01-05 05:40 487,424 --a------ C:\WINDOWS\msvcp70.dll
2008-03-14 18:50 . 2002-01-05 05:37 344,064 --a------ C:\WINDOWS\msvcr70.dll
2008-03-12 14:10 . 2008-03-12 14:10 633,344 --------- C:\WINDOWS\system32\gpprefcl.dll
2008-02-28 21:53 . 2004-05-14 17:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-02-28 21:53 . 2004-05-14 17:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-02-28 21:53 . 2004-05-14 17:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-02-28 21:53 . 2004-05-14 17:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-02-28 21:53 . 2004-01-12 03:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-02-28 21:53 . 2004-05-14 17:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-02-28 21:53 . 2004-05-14 17:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-02-15 11:01 . 2008-02-15 11:01 <DIR> d-------- C:\Program Files\Common Files\Autodata Limited Shared
2008-02-11 18:25 . 2008-03-06 17:53 566,784 --a------ C:\WINDOWS\~de74bc.tmp
2008-02-11 18:25 . 2008-03-06 17:53 1,696 --a------ C:\WINDOWS\Ky5s96SF.csa
2008-02-11 18:22 . 2005-06-01 23:57 697,884 --a------ C:\WINDOWS\~df394b.tmp
2008-02-11 18:22 . 2006-06-08 11:11 567,296 --a------ C:\WINDOWS\n.tmp
2008-02-03 15:11 . 2008-03-06 18:10 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-03 15:10 . 2008-03-30 01:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-03 15:10 . 2008-03-30 01:39 <DIR> d-------- C:\Documents and Settings\Fritz\Application Data\Spyware Terminator
2008-02-03 15:10 . 2008-03-06 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-02 15:28 . 2008-02-02 15:28 <DIR> d-------- C:\Program Files\Sierra
2008-02-02 15:28 . 2001-04-07 18:07 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-02-02 14:56 . 2008-02-02 14:56 <DIR> d-------- C:\Program Files\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 13:52 --------- d-----w C:\Program Files\LClock
2008-03-29 23:46 --------- d-----w C:\Documents and Settings\Fritz\Application Data\uTorrent
2008-03-25 15:15 50,536 ----a-w C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-19 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-14 16:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 21:55 --------- d-----w C:\Program Files\Java
2008-03-06 15:53 566,784 ----a-w C:\WINDOWS\~de74bc.tmp
2008-03-04 18:19 --------- d-----w C:\Documents and Settings\Fritz\Application Data\LimeWire
2008-02-22 23:12 --------- d-----w C:\Program Files\Opera
2008-02-12 17:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-03 13:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 12:52 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-28 22:18 --------- d-----w C:\Program Files\Futuremark
2008-01-04 22:05 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2008-01-02 18:15 78 --sh--w C:\Program Files\Desktop.ini
2007-12-30 11:55 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2007-12-25 11:18 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-12-17 22:24 1,226,752 ----a-w C:\WINDOWS\explorer.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-06 17:37 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-06 17:37 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
.

------- Sigcheck -------

2007-12-18 00:24 1226752 e0c482f440b81974649bb101c6c71d80 C:\WINDOWS\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-12-18 00:24 1226752 e0c482f440b81974649bb101c6c71d80 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 12:23 1246208 a4d7137b5804532b75bd9dd8d7c17566 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 17:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 19:22 1822720 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 04:08 115560]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 18:10 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\Fritz\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
PS2.bat [2002-10-17 00:57:10 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\ASUS USB ADSL Modem\ASUS USB ADSL Modem\dslmon.exe [2007-11-27 01:29:26 929889]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
--a------ 2002-10-14 22:09 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
--a------ 2006-08-26 10:34 365056 C:\Program Files\RFA Platinum\rfagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\EA Games\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-01-20 18:53]
R1 IfsMount;IfsMount;C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2007-12-29 20:48]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 18:10]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 08:27]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 13:54]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 20:05]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
S3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18:12]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 13:06]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 14:55]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-30 13:55]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 16:54:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\nview.dll
.
Completion time: 2008-03-30 16:54:45
ComboFix-quarantined-files.txt 2008-03-30 14:54:43
Pre-Run: 11,641,655,296 bytes free
Post-Run: 11,629,633,536 bytes free

Dopuna: 31 Mar 2008 9:26

helen1 javi se Wink

Ko je trenutno na forumu
 

Ukupno su 953 korisnika na forumu :: 40 registrovanih, 8 sakrivenih i 905 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Alibaba1981, amaterSRB, Apok, Areal84, bojank, Dimitrise93, doklevise, FileFinder, FOX, Georgius, Helket, HrcAk47, hyla, Kalem, Karla, Kriglord, krlebgd77, Kvazar, ladro, laurusri, MB120mm, mercedesamg, Milan A. Nikolic, MilosKop, nedeljkovici, nenad81, Nobunaga, Oscar, Panonsky, pceklic, RiV, Rocker, ruger357, ruso, Sale.S, sasa87, Stoilkovic, TITAN DUDIN JARAN, VJ, Vlada1389