|
Poslao: 17 Apr 2008 10:49
|
offline
- Kat10
- Novi MyCity građanin
- Pridružio: 17 Apr 2008
- Poruke: 6
|
Mozete li provjeriti ovaj log?
Ima li nesto sto bi trebalo obrisati?
Hvala 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:29 AM, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Administrator\Desktop\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
--
End of file - 3853 bytes
|
|
|
|
|
|
|
Poslao: 17 Apr 2008 17:29
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Citat:C:\Documents and Settings\Administrator\Desktop\IEXPLORE.EXE
Zasto ti je Internet Explorer na desktopu?
|
|
|
|
|
|
|
Poslao: 17 Apr 2008 20:20
|
offline
- Kat10
- Novi MyCity građanin
- Pridružio: 17 Apr 2008
- Poruke: 6
|
Ne znam :s Pokusavala sam ga delete sa desktopa i povuci novi shortcut, ali onda me upozori da: "IE is a program and if you remove it, you will no longer be able to run this program or edit some documents. " Posto mi to ne zvuci kao dobra ideja, ostavila sam ga gdje je.
Dopuna: 17 Apr 2008 20:20
Zaustavila sam ovaj proces :
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
Problem mi je bio lag i sve je totalno bilo usporeno, pogotovo kada otvorim IE. Ne bitno da li je msn messenger ukljucen ili ne.
Sada mi se cini ok.
Umm, sta da radim sa tim IE na desktopu? Pokusala sam ga povuci u taskbar, ali bezuspjesno.
|
|
|
|
|
|
|
Poslao: 17 Apr 2008 20:23
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Ne vidim nista sporno u logu.
Mozes li nam detaljnije opisati simptome na koje se zalis, tj. sta to nije u redu?
Dopuna: 17 Apr 2008 20:23
Pisali smo istovremeno.
IE se obicno nalazi u sledecem folderu:
C:\Program Files\Internet Explorer\
Postoji li kod tebe u tom folderu fajl IEXPLORE.EXE ?
|
|
|
|
|
|
|
Poslao: 17 Apr 2008 20:41
|
offline
- Kat10
- Novi MyCity građanin
- Pridružio: 17 Apr 2008
- Poruke: 6
|
Hmm, ne!
Problem je bio sto je sve totalno usporeno, pogotovo kada otvorim explorer. Rcimo zelim li utipkati adresu u address bar.....svako slovo traje cijelu vjecnost da se pojavi.....zatim stranice - vidim bijelu stranicu i moram cekati 5 minuta dok se stranica otvori. Dial up bi bio brzi!
Skenirala sam vec sve zivo, antivirus, run nekoliko spyware programa i nista nisam nasla. Ne znam sta je problem. Trenutno cak nista ni ne downlodiram.
|
|
|
|
|
|
|
|
|
Poslao: 17 Apr 2008 21:05
|
offline
- Kat10
- Novi MyCity građanin
- Pridružio: 17 Apr 2008
- Poruke: 6
|
mycity.rs/must-login.png
ComboFix 08-04-16.5 - Administrator 2008-04-17 20:55:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.656 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-17 17:57 . 2008-04-17 17:57 <DIR> d-------- C:\Program Files\StartupRun
2008-04-17 17:57 . 2008-04-17 17:57 39,424 --a------ C:\WINDOWS\zipinst.exe
2008-04-17 12:11 . 2008-04-17 12:25 <DIR> d-------- C:\Program Files\Security Task Manager
2008-04-17 12:11 . 2008-04-17 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-12 15:02 . 2008-04-12 15:02 <DIR> d-------- C:\Program Files\uTorrent
2008-04-12 15:02 . 2008-04-17 19:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-03 23:31 . 2005-06-16 20:18 31,744 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-28 01:20 . 2008-03-28 01:20 996 --a------ C:\WINDOWS\desctemp.dat
2008-03-27 16:45 . 2008-04-09 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-27 15:56 . 2008-03-27 15:56 <DIR> d-------- C:\Program Files\IVT Corporation
2008-03-27 15:56 . 2008-04-09 11:35 32 --a------ C:\WINDOWS\0
2008-03-27 15:56 . 2008-03-27 15:56 0 --a------ C:\WINDOWS\system32\0
2008-03-24 11:44 . 2008-03-24 11:46 <DIR> d-------- C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility
2008-03-24 11:44 . 2006-11-15 17:23 38,144 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2008-03-24 11:44 . 2008-03-24 11:44 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-24 11:43 . 2008-03-24 11:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-03-24 11:21 . 2008-04-17 12:05 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-03-24 11:21 . 2008-03-24 11:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-03-24 11:21 . 2008-03-24 13:47 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-03-24 11:21 . 2008-03-24 13:47 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-24 11:07 . 2008-03-24 11:07 <DIR> d-------- C:\Program Files\AVG
2008-03-24 11:07 . 2008-03-24 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-24 11:07 . 2008-03-24 11:07 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-03-24 11:07 . 2008-03-24 11:07 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 18:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\mIRC
2008-04-17 17:59 --------- d-----w C:\Program Files\mIRC
2008-04-17 16:03 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2008-04-14 10:22 --------- d-----w C:\Program Files\Soulseek
2008-03-24 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 18:26 --------- d-----w C:\Program Files\Windows Live
2008-02-27 18:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2003-07-15 21:19 150,192 ----a-w C:\Program Files\TweakUiPowertoySetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-09-13 02:13 163840 C:\WINDOWS\system32\VTTrayp.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-04-17 18:03 155648]
"RegistryMechanic"="" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-13 08:11 1177368]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-12-20 15:10:04 649024]
REALTEK RTL8185 Wireless LAN Utility.lnk - C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe [2008-03-24 11:44:09 770048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Aware.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-24 11:21]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-24 13:47]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-03-24 13:47]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-24 13:47]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 17:23]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 11:07]
S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys []
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-24 11:07]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-17 20:57:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-17 20:58:59
ComboFix-quarantined-files.txt 2008-04-17 18:58:45
Pre-Run: 1,105,473,536 bytes free
Post-Run: 1,267,089,408 bytes free
.
2008-01-16 21:19:07 --- E O F ---
|
|
|
|
|
|
|
Poslao: 17 Apr 2008 21:12
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Zanimljivo...
Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.
Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.
Prikaci (opcija Prikaci fajl ispod polja za pisanje poruke) nam ovde sadrzaj ta dva fajla koja smo malopre snimili
|
|
|
|
|
|
|
|
|
|
i 
