Problemi sa netom,ne znamo sta je

1

Problemi sa netom,ne znamo sta je

offline
  • Pridružio: 01 Jul 2008
  • Poruke: 33
  • Gde živiš: u Pančevu

Imamo problema sa netom vec nekoliko dana, usporen, neke sajtove nije mogao da ucita, medutim, od juce ne možemo nikako da ucitamo ni jednu stranicu (ovo kuckamo sa drugog kompjutera), funkcioniše nam torrent, msn i outlook, ali ništa ne funkcioniše u pretraživacima, ni u operi, ni u firefoxu, ni u exploreru. Provajder kaže da nije do njih, pa smo pomislili da nije opet neki virus. Nod32 ništa ne nalazi, a update-ovan je poslednji put sinoc. Imamo adsl 512/64 preko Telekoma.

Logfile of HijackThis v1.99.1
Scan saved at 20:04:33, on 11.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\stickies\stickies.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\DOWNLOAD\New Folder\TR3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iolo Utility Bar] "C:\Program Files\iolo\System Mechanic 5 Professional\SMUtilityBar.exe"
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN Lookup - res://C:\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Translate - res://C:\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - pandasoftware.com/activescan (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Hvala unapred

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Ništa konkretno se ne vidi u logu što bi moglo da prouzrokuje pomenute probleme.

Hajde da odradimo još jednu proveru...


* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 01 Jul 2008
  • Poruke: 33
  • Gde živiš: u Pančevu

Evo loga

ComboFix 08-09-10.04 - Windows Xp 2008-09-11 22:55:29.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.625 [GMT 2:00]
Running from: D:\DOWNLOAD\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat

.
((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))
.

...
...
...

offline
  • Pridružio: 01 Jul 2008
  • Poruke: 33
  • Gde živiš: u Pančevu

Uspela sam preko Firefoxa da pošaljem post, sa mog kompjutera Smile
Hoće da učitava stranice, ali je net jako usporen

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Log nije kompletan (prevelik je).

Priloži C:\ComboFix.txt korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 01 Jul 2008
  • Poruke: 33
  • Gde živiš: u Pančevu

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\Drivers\TDSSserv.sys

Driver::
TDSSserv


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 01 Jul 2008
  • Poruke: 33
  • Gde živiš: u Pančevu

ComboFix 08-09-10.04 - Windows Xp 2008-09-12 17:35:06.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT 2:00]
Running from: D:\DOWNLOAD\ComboFix.exe
Command switches used :: C:\Documents and Settings\Windows Xp\My Documents\My Received Files\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-09-10 21:03 . 2008-09-10 21:03 <DIR> d-------- C:\Documents and Settings\Windows Xp\Application Data\SYSTRAN
2008-09-10 20:45 . 2008-09-10 20:51 878,080 --a------ C:\WINDOWS\system32\iconv.dll
2008-09-10 20:45 . 2008-09-10 20:51 721,920 --a------ C:\WINDOWS\system32\libxml2.dll
2008-09-10 20:45 . 2008-09-10 20:51 170,432 --a------ C:\WINDOWS\system32\libsyslic1.pd
2008-09-10 20:45 . 2008-09-10 20:51 150,016 --a------ C:\WINDOWS\system32\libxslt.dll
2008-09-10 20:45 . 2008-09-10 20:45 144,896 --a------ C:\WINDOWS\system32\libsyslic1.dll
2008-09-10 20:45 . 2008-09-10 20:51 51,200 --a------ C:\WINDOWS\system32\libexslt.dll
2008-09-10 20:45 . 2008-09-10 20:45 192 --a------ C:\WINDOWS\system32\libsyslic1.ls
2008-08-30 10:51 . 2008-09-10 15:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-30 10:51 . 2008-08-30 10:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-12 07:23 . 2008-08-12 07:23 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 15:34 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\stickies
2008-09-12 08:40 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\uTorrent
2008-09-10 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 18:59 --------- d-----w C:\Program Files\Corel
2008-09-10 13:02 10,072 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-29 00:06 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Skype
2008-08-16 16:58 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Autodesk
2008-08-16 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-08-10 20:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 20:51 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-08-10 20:32 --------- d-----w C:\Program Files\AutoCAD 2009
2008-08-10 20:23 --------- d-----w C:\Program Files\MSBuild
2008-08-10 20:18 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-01 17:11 --------- d-----w C:\Program Files\ArtOfIllusion
2008-07-25 08:12 --------- d-----w C:\Program Files\Common Files\Corel
2008-07-25 07:47 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Corel
2008-07-24 06:56 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Windows Desktop Search
2008-07-24 06:54 --------- d-----w C:\Program Files\Windows Desktop Search
2008-07-21 06:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-04-19 01:47 88 --sh--r C:\WINDOWS\system32\7BABFE60C1.sys
2007-11-17 12:34 88 --sh--r C:\WINDOWS\system32\D9C8DBE01D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"iolo Utility Bar"="C:\Program Files\iolo\System Mechanic 5 Professional\SMUtilityBar.exe" [2005-01-31 735232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-29 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Windows Xp\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 700416]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Windows Xp\Desktop\html Ivana\baby_desktop.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\PopCap Games\\Bejeweled Deluxe\\WinBej.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\eMule2\\eMule.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Custom Content Manager\\CCM.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-04 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2002-11-28 21081]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3db6522c-5993-11dd-b4d0-00148586ce49}]
\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-12 17:38:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-12 17:40:38
ComboFix-quarantined-files.txt 2008-09-12 15:39:36
ComboFix2.txt 2008-09-11 21:01:29
ComboFix3.txt 2008-07-04 16:48:40
ComboFix4.txt 2008-07-01 15:51:42
ComboFix5.txt 2008-09-12 15:34:36

Pre-Run: 2,792,001,536 bytes free
Post-Run: 2,777,620,480 bytes free

152 --- E O F --- 2008-08-12 05:23:27

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Mislim da ovo nije bilo odrađeno kako treba - molim te, ponovi postupak.

Znači, potrebno je iskopirati sve što se nalazi unutar kod polja.


Takođe, nakon toga uradi i sledeće:

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 01 Jul 2008
  • Poruke: 33
  • Gde živiš: u Pančevu

Drugi pokušaj...


ComboFix 08-09-10.04 - Windows Xp 2008-09-12 18:49:44.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.569 [GMT 2:00]
Running from: C:\Documents and Settings\Windows Xp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Windows Xp\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-09-10 21:03 . 2008-09-10 21:03 <DIR> d-------- C:\Documents and Settings\Windows Xp\Application Data\SYSTRAN
2008-09-10 20:45 . 2008-09-10 20:51 878,080 --a------ C:\WINDOWS\system32\iconv.dll
2008-09-10 20:45 . 2008-09-10 20:51 721,920 --a------ C:\WINDOWS\system32\libxml2.dll
2008-09-10 20:45 . 2008-09-10 20:51 170,432 --a------ C:\WINDOWS\system32\libsyslic1.pd
2008-09-10 20:45 . 2008-09-10 20:51 150,016 --a------ C:\WINDOWS\system32\libxslt.dll
2008-09-10 20:45 . 2008-09-10 20:45 144,896 --a------ C:\WINDOWS\system32\libsyslic1.dll
2008-09-10 20:45 . 2008-09-10 20:51 51,200 --a------ C:\WINDOWS\system32\libexslt.dll
2008-09-10 20:45 . 2008-09-10 20:45 192 --a------ C:\WINDOWS\system32\libsyslic1.ls
2008-08-30 10:51 . 2008-09-10 15:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-30 10:51 . 2008-08-30 10:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-12 07:23 . 2008-08-12 07:23 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 16:38 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\uTorrent
2008-09-12 15:34 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\stickies
2008-09-10 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 18:59 --------- d-----w C:\Program Files\Corel
2008-09-10 13:02 10,072 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-29 00:06 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Skype
2008-08-16 16:58 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Autodesk
2008-08-16 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-08-10 20:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 20:51 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-08-10 20:32 --------- d-----w C:\Program Files\AutoCAD 2009
2008-08-10 20:23 --------- d-----w C:\Program Files\MSBuild
2008-08-10 20:18 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-01 17:11 --------- d-----w C:\Program Files\ArtOfIllusion
2008-07-25 08:12 --------- d-----w C:\Program Files\Common Files\Corel
2008-07-25 07:47 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Corel
2008-07-24 06:56 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Windows Desktop Search
2008-07-24 06:54 --------- d-----w C:\Program Files\Windows Desktop Search
2008-07-21 06:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-04-19 01:47 88 --sh--r C:\WINDOWS\system32\7BABFE60C1.sys
2007-11-17 12:34 88 --sh--r C:\WINDOWS\system32\D9C8DBE01D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"iolo Utility Bar"="C:\Program Files\iolo\System Mechanic 5 Professional\SMUtilityBar.exe" [2005-01-31 735232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-29 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Windows Xp\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 700416]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Windows Xp\Desktop\html Ivana\baby_desktop.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\PopCap Games\\Bejeweled Deluxe\\WinBej.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\eMule2\\eMule.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Custom Content Manager\\CCM.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-04 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2002-11-28 21081]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3db6522c-5993-11dd-b4d0-00148586ce49}]
\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-12 18:52:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-12 18:54:29
ComboFix-quarantined-files.txt 2008-09-12 16:53:26
ComboFix2.txt 2008-09-12 15:40:39
ComboFix3.txt 2008-09-11 21:01:29
ComboFix4.txt 2008-07-04 16:48:40
ComboFix5.txt 2008-09-12 16:48:33

Pre-Run: 2,817,384,448 bytes free
Post-Run: 2,803,535,872 bytes free

152 --- E O F --- 2008-08-12 05:23:27




...a sada ću preći na drugi deo postupka (gmer).

Dopuna: 12 Sep 2008 19:05

Da proverim... u gmeru je čekirana samo kućica C drajva. Da čekiram i D, pa onda skeniram?

Ko je trenutno na forumu
 

Ukupno su 775 korisnika na forumu :: 33 registrovanih, 6 sakrivenih i 736 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, Boris Bosiljčić, brundo65, cavatina, ddjxxi, dekir, djordje92sm, draganl, JOntra, kairos, Koridor, Kriglord, Krusarac, mercedesamg, Miskohd, Mixelotti, niksa517, nuke92, opt1, Partizanija, pein, popzex, QStorm, Rakenica, Recce, rikirubio, robertino, Shufle, slonic_tonic, Smiljke, sovanova95, Username1000, vaso1