MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Internet explorerom

Problem sa Internet explorerom

Napisano na dan: 29.5.2008
2

Problem sa Internet explorerom
Pagination Prethodna strana

Idi na vrh

Poslao: 29 Maj 2008 23:48
Idi na vrh
offline
  • Pridružio: 23 Jan 2008
  • Poruke: 9
  • Gde živiš: Bor

ComboFix 08-05-29.1 - Radosavljevic 2008-05-29 23:36:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.147 [GMT 2:00]
Running from: C:\Documents and Settings\Radosavljevic\Desktop\Programi i ostalo\ComboFix.exe
Command switches used :: C:\Documents and Settings\Radosavljevic\Desktop\Programi i ostalo\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Radosavljevic\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Radosavljevic\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 23:15 . 2008-05-29 23:15 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-29 23:15 . 2008-05-29 23:15 <DIR> d-------- C:\WINDOWS\srchasst
2008-05-29 23:15 . 2008-05-29 23:15 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-05-25 23:18 . 2008-05-25 23:18 <DIR> d-------- C:\Program Files\Firefly Studios
2008-05-16 22:25 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-05-10 00:44 . 2008-05-10 00:44 <DIR> d-------- C:\Program Files\Microsoft
2008-05-05 11:12 . 2000-03-17 08:21 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2008-05-05 11:12 . 2000-03-17 08:21 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2008-05-05 11:12 . 2002-04-24 12:43 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca
2008-05-05 11:12 . 2002-10-17 10:35 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2008-05-05 11:12 . 2002-01-07 16:30 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll
2008-05-02 20:59 . 2008-05-14 17:00 <DIR> d-------- C:\Program Files\Counter Strike - SRPSKA CAST
2008-04-29 20:14 . 2008-04-29 20:44 1,752 --a------ C:\WINDOWS\carax95.ini
2008-04-29 20:11 . 1998-06-02 21:33 205,824 --a------ C:\Temp\Cx95.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 20:54 --------- d-----w C:\Documents and Settings\Radosavljevic\Application Data\Skype
2008-05-28 13:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-27 19:30 --------- d-----w C:\Program Files\PokerStars
2008-05-26 12:03 33 ----a-w C:\WINDOWS\Fonts\rebooter.bat
2008-05-25 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 20:23 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-16 20:27 --------- d-----w C:\Program Files\Valve
2008-05-14 14:52 --------- d-----w C:\Program Files\Corel
2008-05-14 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-04-28 12:59 --------- d-----w C:\Program Files\EA SPORTS
2008-04-21 14:21 --------- d-----w C:\Program Files\VeryPDF PDF2Word v2.0
2008-04-20 18:55 --------- d-----w C:\Program Files\PDF Password Remover v3.0
2008-04-20 09:07 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-20 09:07 --------- d-----w C:\Documents and Settings\Radosavljevic\Application Data\Talkback
2008-04-20 09:06 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-20 09:06 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-20 09:06 --------- d-----w C:\Program Files\Common Files\Real
2008-04-14 10:00 --------- d-----w C:\Program Files\Liquid Entertainment
.

------- Sigcheck -------

2006-12-31 10:24 1135616 42736d3152e64bde33b5ae230c8394c1 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-29_22.31.12,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 05:32:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 21:15:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-29 14:25:27 63,188 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-29 21:24:23 63,188 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-29 14:25:27 403,968 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-29 21:24:23 403,968 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-18 00:02 950664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\soundman.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 11:06 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2007-03-17 21:36:48 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.ACDV"= ACDV.dll
"msacm.ac3filter"= ac3filter.acm
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 12:31]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 09:34]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c55c7008-636a-11dc-a3d7-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe

*Newly Created Service* - WUAUSERV
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-29 23:38:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 23:40:28
ComboFix-quarantined-files.txt 2008-05-29 21:40:00
ComboFix2.txt 2008-05-29 21:10:21
ComboFix3.txt 2008-05-29 20:31:36

Pre-Run: 7,008,866,304 bytes free
Post-Run: 7,004,385,280 bytes free

136


Nemam fajl koji si rekao da čekiram.Kad startujem IE prazno mi je polje za adresu ali kad ukucam gppgle.com odmah mi prebaci na onu staru koja je izbrisana



Logfile of HijackThis v1.99.1
Scan saved at 23:40:59, on 29.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Documents\Svasta\Spas za nindza kornjače\Spas za nas.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Poslao: 30 Maj 2008 00:05
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jesi li PokerStars ti instalirao ili ga je nesto ubacilo? Nije mi poznat taj program/igrica.

Potrazi da li u Program Files imas folder pod imenom Kiwee Toolbar i napisi mi sta u njemu ima od fajlova.

Posalji mi na analizu sledeci fajl:
C:\WINDOWS\system32\ebkp.dll

Upload uradi preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Ukoliko ne mozes da nadjes taj fajl, onda pogledaj kako se ukljucuje prikaz skrivenih fajlova:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html

Poslao: 01 Jun 2008 01:17
Idi na vrh
offline
  • Pridružio: 23 Jan 2008
  • Poruke: 9
  • Gde živiš: Bor

Pokerstars sam ja instalirao. To je program za igranje pokera online.File C:\WINDOWS\system32\ebkp.dll postoji ali ga browser ne vidi iako su mi vidljivi skriveni folderi.
Izvini što odgovaram tek sada ali bio sam na putu dva dana.
Pozdrav

Dopuna: 01 Jun 2008 1:17

Kiwee toolbar ne postoji u program filesu. Nekad sam ga imao ali sam ga deinstalirao

Poslao: 07 Jun 2008 08:50
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Uh, ja sam potpuno zaboravio na ovu temu...

Javi se, pa da nastavimo.

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Internet explorerom

Ko je trenutno na forumu
 

Ukupno su 978 korisnika na forumu :: 51 registrovanih, 11 sakrivenih i 916 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., amaterSRB, Atomski čoban, babaroga, Bane san, bankulen, cavatina, ccoogg123, cinoeye, dane007, Dannyboy, Dimitrise93, djboj, doklevise, FileFinder, GORDI, grenadir, Istman, Ivica1102, Kubovac, kunktator, laganini123, MB120mm, mercedesamg, Mercury, mile23, Milometer, mkukoleca, mrav pesadinac, novator, pein, radionica1, randja26, Ripanjac, sevenino, Shinobi, Sićko, slonic_tonic, Srle993, Stija zmija, Tores, virked, Vlad000, Vlajman1957, voja64, VP6919, wolf431, zastavnik, zeo, 125