straaašno usporen internet

1

straaašno usporen internet

offline
  • Pridružio: 15 Dec 2008
  • Poruke: 159
  • Gde živiš: Beograd

Za podizanje brauzera na home page treba straašno mnooogo vremena, ali posebno duuuuugo čekanje (čak više od dva-tri minuta) tek sledi za otvaranje bilo koje stranice na internetu.

Desni klik na kopjuteriće dole desno, za Repair veze odgovara da Couldn`t finish repairing problem zato što ne može da Cleaning DNS cashe!
Pomagajte, već danima se mučim; prethodno se pri svakom podizanju sistema restartovao više puta, ali to je prestalo posle uzastopnih antivirus skeniranja.

Sad me još dodatno ne sluša ni podešavanje izgleda pri logovanju - odjednom se sam vratio stari, klasični izgled, pravougaonika sa imenom usera i prostorom za pasvord (koga nema, jer je samo jedan user), umesto jednostavnog (kao ranije) podizanja bez tog zahteva. Čekiranje ili dečekiranje welcome screen kroz Control panel-User account, ništa ne menja.

Lokalne aplikacije (word i sl.) izgleda funkcionišu normalno, osim onih koje imaju veze sa internetom (rečnik online i sl.)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:25 AM, on 3/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\RR\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RR\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RR\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\RR\Desktop\lecenje\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: Raketa Krstarice - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 5866 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Prvo, nije ti lepo deinstaliran AVG antivirus.
Vidi ako to mozes da resis nekako.

Sto se tice ostatka, hajde da pogledamo jos i ovako:

* Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 15 Dec 2008
  • Poruke: 159
  • Gde živiš: Beograd

Vidim i ja ovde AVG ali be umem da deinstaliram te tragove, probao sam sa AVG remover ali ipak ostaje nešto.



ComboFix 09-03-06.02 - RR 2009-03-09 16:11:05.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1326 [GMT 1:00]
Running from: c:\documents and settings\RR\My Documents\My Completed Downloads\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ntndis.sys

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-08 16:51 . 2009-03-08 16:53 <DIR> d-------- c:\program files\SpeedBit Video Accelerator
2009-03-08 14:57 . 2009-03-08 14:57 <DIR> d-------- c:\documents and settings\RRR
2009-03-07 22:19 . 2009-03-07 22:19 <DIR> d-------- c:\program files\Software Informer
2009-03-07 04:43 . 2005-10-31 19:17 135,168 -r------- c:\windows\system32\RtlCPAPI.dll
2009-03-07 04:42 . 2005-05-03 19:43 69,632 -r------- c:\windows\Alcmtr.exe
2009-03-06 22:53 . 2009-03-06 22:55 6,656 --a------ c:\windows\system32\drivers\restore.sys
2009-03-05 18:38 . 2009-03-05 18:38 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-03-05 14:41 . 2009-03-05 14:44 161,792 --a------ c:\windows\system32\1C.tmp
2009-03-05 14:41 . 2009-03-05 14:41 22,821 --a------ c:\windows\system32\19.tmp
2009-03-05 14:40 . 2009-03-05 14:40 124 --a------ c:\windows\system32\4.tmp
2009-03-05 14:39 . 2009-03-05 14:39 11,776 --a------ c:\windows\fpyyydvh.exe
2009-03-05 14:36 . 2009-03-05 14:39 161,792 --a------ c:\windows\system32\347.tmp
2009-03-05 14:36 . 2009-03-05 14:36 22,821 --a------ c:\windows\system32\345.tmp
2009-03-05 14:36 . 2009-03-05 14:36 124 --a------ c:\windows\system32\341.tmp
2009-03-03 16:20 . 2009-03-03 16:20 <DIR> d-------- c:\documents and settings\RR\Application Data\Thinstall
2009-03-03 16:16 . 2009-03-08 00:40 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-03 16:15 . 2009-03-07 04:33 <DIR> d-------- c:\program files\CBS Software
2009-03-03 16:14 . 2009-03-03 16:14 <DIR> d-------- c:\program files\TuneUp Utilities 2009 8.0.2000.35
2009-03-02 17:46 . 2009-03-02 17:46 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-28 19:51 . 2009-02-28 19:51 <DIR> d-------- c:\documents and settings\RR\Application Data\URSoft
2009-02-28 03:25 . 2009-03-06 12:59 <DIR> d-------- c:\program files\Breakaway
2009-02-28 02:00 . 2009-02-28 06:03 <DIR> d-------- c:\program files\Magic Video Converter
2009-02-28 02:00 . 2003-03-19 11:03 544,768 --a------ c:\windows\system32\msvcr71d.dll
2009-02-25 03:18 . 2009-01-09 20:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-25 02:51 . 2009-02-26 03:17 <DIR> d-------- c:\program files\Total Video Converter
2009-02-25 02:50 . 2009-02-28 05:51 <DIR> d-------- c:\program files\Codec Pack - All In 1
2009-02-25 02:50 . 2009-02-28 05:51 737,280 --a------ c:\windows\iun6002.exe
2009-02-25 02:39 . 2009-03-02 01:30 <DIR> d-------- c:\program files\Amadis Software
2009-02-24 17:04 . 2009-02-24 17:04 <DIR> d-------- C:\ZCVideoConverter
2009-02-24 16:59 . 2009-02-24 17:00 <DIR> d-------- c:\program files\ZC Video Converter
2009-02-24 16:42 . 2009-02-24 16:42 <DIR> d-------- c:\program files\XviD
2009-02-24 16:39 . 2001-08-23 17:00 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-02-24 02:44 . 2009-02-24 02:44 <DIR> d-------- c:\program files\XP Codec Pack
2009-02-24 02:44 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-02-22 16:42 . 2009-02-22 16:43 <DIR> d-------- c:\program files\Any Video Converter
2009-02-22 16:42 . 2009-02-26 03:17 <DIR> d-------- c:\documents and settings\RR\Application Data\Any Video Converter
2009-02-22 16:14 . 2009-02-22 16:39 <DIR> d-------- c:\program files\Any Video Converter Professional
2009-02-22 16:14 . 2009-02-26 03:17 <DIR> d-------- c:\documents and settings\RR\Application Data\Any Video Converter Professional
2009-02-22 15:38 . 2009-02-22 15:39 <DIR> d-------- c:\program files\Media Convert Master
2009-02-22 15:38 . 2009-02-22 15:39 <DIR> d-------- c:\documents and settings\RR\Application Data\Vso
2009-02-22 15:38 . 2009-02-22 15:38 81,920 --a------ c:\documents and settings\RR\Application Data\ezpinst.exe
2009-02-22 15:38 . 2009-02-22 15:38 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-02-22 15:38 . 2009-02-22 15:38 47,360 --a------ c:\documents and settings\RR\Application Data\pcouffin.sys
2009-02-22 15:20 . 2007-02-07 20:05 269,824 --a------ c:\windows\system32\baksm.dll
2009-02-22 14:14 . 2009-02-22 14:14 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-22 14:14 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2009-02-22 14:14 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2009-02-22 14:14 . 2005-02-13 00:00 186,880 -r-hs---- c:\windows\system32\RLOgg.ax
2009-02-22 14:14 . 2005-02-06 00:00 92,672 -r-hs---- c:\windows\system32\RLVorbisDec.ax
2009-02-22 14:14 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll
2009-02-22 14:14 . 2005-02-13 00:00 67,584 -r-hs---- c:\windows\system32\RLTheoraDec.ax
2009-02-22 14:14 . 2005-02-13 00:00 51,712 -r-hs---- c:\windows\system32\RLSpeexDec.ax
2009-02-22 14:13 . 2005-01-18 00:26 179,200 -r-hs---- c:\windows\system32\DiracSplitter.ax
2009-02-22 14:13 . 2005-02-22 17:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax
2009-02-22 03:39 . 2009-02-22 03:39 <DIR> d-------- C:\ConverterOutput
2009-02-22 03:31 . 2009-02-22 03:31 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-02-20 20:39 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2009-02-20 20:39 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2009-02-20 20:33 . 2009-02-20 20:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-11 17:56 . 2009-02-11 17:56 <DIR> d-------- c:\program files\BillP Studios
2009-02-11 17:56 . 2009-02-12 02:23 <DIR> d-------- c:\documents and settings\RR\Application Data\WinPatrol
2009-02-11 17:45 . 2009-02-14 08:15 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-09 02:20 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-02-09 02:20 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-02-09 02:20 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-02-09 02:20 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-02-09 02:20 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-02-09 02:20 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-02-09 02:20 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-02-09 02:01 . 2006-01-12 15:40 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-02-09 02:01 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 15:21 --------- d-----w c:\documents and settings\RR\Application Data\Skype
2009-03-09 15:20 --------- d-----w c:\documents and settings\RR\Application Data\skypePM
2009-03-09 14:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-09 14:49 --------- d-----w c:\program files\Everything
2009-03-09 07:41 --------- d-----w c:\documents and settings\RR\Application Data\FrostWire
2009-03-08 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-08 15:49 --------- d-----w c:\program files\DAP
2009-03-08 15:08 --------- d-----w c:\documents and settings\RR\Application Data\Software Informer
2009-03-07 21:57 --------- d-----w c:\program files\Windows Live
2009-03-07 21:29 --------- d-----w c:\documents and settings\RR\Application Data\uTorrent
2009-03-07 03:42 --------- d-----w c:\program files\Realtek
2009-03-07 03:23 --------- d-----w c:\program files\Foxit Software
2009-03-06 14:08 --------- d-----w c:\program files\Opera
2009-03-05 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-05 13:39 136,128 ----a-w c:\windows\system32\drivers\aec.sys
2009-03-05 13:36 182,656 -c--a-w c:\windows\system32\drivers\ndis.sys
2009-03-03 15:17 --------- d-----w c:\documents and settings\RR\Application Data\TuneUp Software
2009-03-03 15:16 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-01 16:06 --------- d-----w c:\program files\Glary Utilities
2009-02-27 21:31 --------- d-----w c:\program files\Total Video Player
2009-02-26 02:21 --------- d-----w c:\program files\IObit
2009-02-26 02:21 --------- d-----w c:\documents and settings\RR\Application Data\IObit
2009-02-25 02:25 --------- d-----w c:\documents and settings\RR\Application Data\LimeWire
2009-02-24 02:28 --------- d-----w c:\program files\Mv2Player
2009-02-20 19:36 --------- d-----w c:\program files\ESET
2009-02-20 12:19 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-15 01:30 --------- d-----w c:\program files\SpeedFan
2009-02-12 02:02 --------- d-----w c:\program files\Google
2009-02-12 01:32 --------- d-----w c:\program files\TimeLeft3
2009-02-09 01:01 --------- d-----w c:\program files\Common Files\Ahead
2009-02-09 01:01 --------- d-----w c:\program files\Ahead
2009-02-09 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-02-08 15:14 --------- d-----w c:\program files\DivX
2009-02-08 13:39 --------- d-----w c:\documents and settings\RR\Application Data\Ahead
2009-02-08 13:17 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-02-08 13:03 --------- d-----w c:\program files\Common Files\Nero
2009-02-07 23:41 --------- d-----w c:\documents and settings\RR\Application Data\Nero
2009-02-07 12:11 --------- d-----w c:\program files\FrostWire
2009-02-04 12:17 --------- d-----w c:\program files\Wise Registry Cleaner 3
2009-02-04 12:15 --------- d-----w c:\program files\Wise Disk Cleaner
2009-02-04 11:39 --------- d-----w c:\documents and settings\All Users\Application Data\3A3E
2009-02-04 11:08 --------- d-----w c:\program files\Common Files\Skype
2009-02-04 11:08 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-04 11:08 --------- d-----r c:\program files\Skype
2009-02-02 10:41 --------- d-----w c:\documents and settings\All Users\Application Data\23CB
2009-01-31 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\F138
2009-01-31 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\2835B
2009-01-28 01:03 --------- d-----w c:\documents and settings\All Users\Application Data\3034B
2009-01-27 11:49 --------- d-----w c:\program files\Recuva
2009-01-25 01:40 17,920 -c--a-w c:\windows\WebFerretUninstall.exe
2009-01-25 01:40 --------- d-----w c:\program files\WebFerret
2009-01-23 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\3A138
2009-01-23 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\131F
2009-01-23 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\1B1F
2009-01-11 19:37 --------- d-----w c:\documents and settings\All Users\Application Data\172E
2009-01-11 13:59 --------- d-----w c:\program files\Dictionary
2009-01-09 22:12 --------- d-----w c:\documents and settings\RR\Application Data\DivX
2008-10-27 13:33 69,232 -c--a-w c:\documents and settings\RR\Application Data\GDIPFONTCACHEV1.DAT
2007-12-22 13:50 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-03-08 15:46 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll
.

------- Sigcheck -------

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-03-05 14:36 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-03-05 14:36 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-03-08 16:46 140880 --a------ c:\progra~1\DAP\DAPIEL~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]

c:\documents and settings\RR\Start Menu\Programs\Startup\
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2007-12-22 1981104]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.XVID"= xvid.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^ppcb_32.lnk]
backup=c:\windows\pss\ppcb_32.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 12:13 133104 c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\WebFerret\\WebFerret.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
S3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\DRIVERS\vaclcskd.sys --> c:\windows\system32\DRIVERS\vaclcskd.sys [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-19 36928]
S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\system32\drivers\w940nd.sys [2007-12-21 16925]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f134ebab-df1c-11dc-9549-0016767e8929}]
\Shell\AutoRun\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-02-23 17:38]

2009-03-09 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-03-09 04:43]

2009-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-527237240-725345543-1003.job
- c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:13]

2009-03-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-03-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-02-26 03:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Search - ?p=ZCfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\RR\Application Data\Mozilla\Firefox\Profiles\qq1l57ie.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\RR\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections-per-server - 6
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-09 16:21:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\snmp.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-03-09 16:24:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-09 15:24:54

Pre-Run: 19,914,944,512 bytes free
Post-Run: 19,991,224,320 bytes free

276

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\1C.tmp
c:\windows\system32\19.tmp
c:\windows\system32\4.tmp
c:\windows\fpyyydvh.exe
c:\windows\system32\347.tmp
c:\windows\system32\345.tmp
c:\windows\system32\341.tmp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f134ebab-df1c-11dc-9549-0016767e8929}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

================================

Sledece fajlove ces mi uploadovati na proveru:
c:\windows\system32\snmp.exe
c:\windows\system32\drivers\restore.sys

Upload uradi preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

================================


- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 15 Dec 2008
  • Poruke: 159
  • Gde živiš: Beograd

ComboFix 09-03-06.02 - RR 2009-03-10 3:08:06.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1215 [GMT 1:00]
Running from: c:\documents and settings\RR\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\RR\Desktop\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\fpyyydvh.exe
c:\windows\system32\19.tmp
c:\windows\system32\1C.tmp
c:\windows\system32\341.tmp
c:\windows\system32\345.tmp
c:\windows\system32\347.tmp
c:\windows\system32\4.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\fpyyydvh.exe
c:\windows\system32\19.tmp
c:\windows\system32\1C.tmp
c:\windows\system32\341.tmp
c:\windows\system32\345.tmp
c:\windows\system32\347.tmp
c:\windows\system32\4.tmp
c:\windows\system32\drivers\ntndis.sys

.
((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-08 16:51 . 2009-03-09 18:35 <DIR> d-------- c:\program files\SpeedBit Video Accelerator
2009-03-08 14:57 . 2009-03-08 14:57 <DIR> d-------- c:\documents and settings\RRR
2009-03-07 22:19 . 2009-03-07 22:19 <DIR> d-------- c:\program files\Software Informer
2009-03-07 04:43 . 2005-10-31 19:17 135,168 -r------- c:\windows\system32\RtlCPAPI.dll
2009-03-07 04:42 . 2005-05-03 19:43 69,632 -r------- c:\windows\Alcmtr.exe
2009-03-06 22:53 . 2009-03-06 22:55 6,656 --a------ c:\windows\system32\drivers\restore.sys
2009-03-05 18:38 . 2009-03-05 18:38 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-03-03 16:20 . 2009-03-03 16:20 <DIR> d-------- c:\documents and settings\RR\Application Data\Thinstall
2009-03-03 16:16 . 2009-03-08 00:40 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-03 16:15 . 2009-03-07 04:33 <DIR> d-------- c:\program files\CBS Software
2009-03-03 16:14 . 2009-03-03 16:14 <DIR> d-------- c:\program files\TuneUp Utilities 2009 8.0.2000.35
2009-03-02 17:46 . 2009-03-02 17:46 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-28 19:51 . 2009-02-28 19:51 <DIR> d-------- c:\documents and settings\RR\Application Data\URSoft
2009-02-28 03:25 . 2009-03-06 12:59 <DIR> d-------- c:\program files\Breakaway
2009-02-28 02:00 . 2009-02-28 06:03 <DIR> d-------- c:\program files\Magic Video Converter
2009-02-28 02:00 . 2003-03-19 11:03 544,768 --a------ c:\windows\system32\msvcr71d.dll
2009-02-25 03:18 . 2009-01-09 20:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-25 02:51 . 2009-02-26 03:17 <DIR> d-------- c:\program files\Total Video Converter
2009-02-25 02:50 . 2009-02-28 05:51 <DIR> d-------- c:\program files\Codec Pack - All In 1
2009-02-25 02:50 . 2009-02-28 05:51 737,280 --a------ c:\windows\iun6002.exe
2009-02-25 02:39 . 2009-03-02 01:30 <DIR> d-------- c:\program files\Amadis Software
2009-02-24 17:04 . 2009-02-24 17:04 <DIR> d-------- C:\ZCVideoConverter
2009-02-24 16:59 . 2009-02-24 17:00 <DIR> d-------- c:\program files\ZC Video Converter
2009-02-24 16:42 . 2009-02-24 16:42 <DIR> d-------- c:\program files\XviD
2009-02-24 16:39 . 2001-08-23 17:00 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-02-24 02:44 . 2009-02-24 02:44 <DIR> d-------- c:\program files\XP Codec Pack
2009-02-24 02:44 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-02-22 16:42 . 2009-02-22 16:43 <DIR> d-------- c:\program files\Any Video Converter
2009-02-22 16:42 . 2009-02-26 03:17 <DIR> d-------- c:\documents and settings\RR\Application Data\Any Video Converter
2009-02-22 16:14 . 2009-02-22 16:39 <DIR> d-------- c:\program files\Any Video Converter Professional
2009-02-22 16:14 . 2009-02-26 03:17 <DIR> d-------- c:\documents and settings\RR\Application Data\Any Video Converter Professional
2009-02-22 15:38 . 2009-02-22 15:39 <DIR> d-------- c:\program files\Media Convert Master
2009-02-22 15:38 . 2009-02-22 15:39 <DIR> d-------- c:\documents and settings\RR\Application Data\Vso
2009-02-22 15:38 . 2009-02-22 15:38 81,920 --a------ c:\documents and settings\RR\Application Data\ezpinst.exe
2009-02-22 15:38 . 2009-02-22 15:38 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-02-22 15:38 . 2009-02-22 15:38 47,360 --a------ c:\documents and settings\RR\Application Data\pcouffin.sys
2009-02-22 15:20 . 2007-02-07 20:05 269,824 --a------ c:\windows\system32\baksm.dll
2009-02-22 14:14 . 2009-02-22 14:14 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-22 14:14 . 2004-05-26 21:37 719,872 --a------ c:\windows\system32\devil.dll
2009-02-22 14:14 . 2006-09-16 19:44 314,368 --a------ c:\windows\system32\avisynth.dll
2009-02-22 14:14 . 2005-02-13 00:00 186,880 -r-hs---- c:\windows\system32\RLOgg.ax
2009-02-22 14:14 . 2005-02-06 00:00 92,672 -r-hs---- c:\windows\system32\RLVorbisDec.ax
2009-02-22 14:14 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll
2009-02-22 14:14 . 2005-02-13 00:00 67,584 -r-hs---- c:\windows\system32\RLTheoraDec.ax
2009-02-22 14:14 . 2005-02-13 00:00 51,712 -r-hs---- c:\windows\system32\RLSpeexDec.ax
2009-02-22 14:13 . 2005-01-18 00:26 179,200 -r-hs---- c:\windows\system32\DiracSplitter.ax
2009-02-22 14:13 . 2005-02-22 17:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax
2009-02-22 03:39 . 2009-02-22 03:39 <DIR> d-------- C:\ConverterOutput
2009-02-22 03:31 . 2009-02-22 03:31 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-02-20 20:39 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2009-02-20 20:39 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2009-02-20 20:33 . 2009-02-20 20:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-11 17:56 . 2009-02-11 17:56 <DIR> d-------- c:\program files\BillP Studios
2009-02-11 17:56 . 2009-02-12 02:23 <DIR> d-------- c:\documents and settings\RR\Application Data\WinPatrol
2009-02-11 17:45 . 2009-02-14 08:15 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 02:18 --------- d-----w c:\documents and settings\RR\Application Data\skypePM
2009-03-10 02:18 --------- d-----w c:\documents and settings\RR\Application Data\Skype
2009-03-09 17:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-09 14:49 --------- d-----w c:\program files\Everything
2009-03-09 07:41 --------- d-----w c:\documents and settings\RR\Application Data\FrostWire
2009-03-08 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-03-08 15:49 --------- d-----w c:\program files\DAP
2009-03-08 15:08 --------- d-----w c:\documents and settings\RR\Application Data\Software Informer
2009-03-07 21:57 --------- d-----w c:\program files\Windows Live
2009-03-07 21:29 --------- d-----w c:\documents and settings\RR\Application Data\uTorrent
2009-03-07 03:42 --------- d-----w c:\program files\Realtek
2009-03-07 03:23 --------- d-----w c:\program files\Foxit Software
2009-03-06 14:08 --------- d-----w c:\program files\Opera
2009-03-05 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-05 13:39 136,128 ----a-w c:\windows\system32\drivers\aec.sys
2009-03-05 13:36 182,656 -c--a-w c:\windows\system32\drivers\ndis.sys
2009-03-03 15:17 --------- d-----w c:\documents and settings\RR\Application Data\TuneUp Software
2009-03-03 15:16 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-01 16:06 --------- d-----w c:\program files\Glary Utilities
2009-02-27 21:31 --------- d-----w c:\program files\Total Video Player
2009-02-26 02:21 --------- d-----w c:\program files\IObit
2009-02-26 02:21 --------- d-----w c:\documents and settings\RR\Application Data\IObit
2009-02-25 02:25 --------- d-----w c:\documents and settings\RR\Application Data\LimeWire
2009-02-24 02:28 --------- d-----w c:\program files\Mv2Player
2009-02-20 19:36 --------- d-----w c:\program files\ESET
2009-02-20 12:19 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-15 01:30 --------- d-----w c:\program files\SpeedFan
2009-02-12 02:02 --------- d-----w c:\program files\Google
2009-02-12 01:32 --------- d-----w c:\program files\TimeLeft3
2009-02-09 01:01 --------- d-----w c:\program files\Common Files\Ahead
2009-02-09 01:01 --------- d-----w c:\program files\Ahead
2009-02-09 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-02-08 15:14 --------- d-----w c:\program files\DivX
2009-02-08 13:39 --------- d-----w c:\documents and settings\RR\Application Data\Ahead
2009-02-08 13:17 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-02-08 13:03 --------- d-----w c:\program files\Common Files\Nero
2009-02-07 23:41 --------- d-----w c:\documents and settings\RR\Application Data\Nero
2009-02-07 12:11 --------- d-----w c:\program files\FrostWire
2009-02-04 12:17 --------- d-----w c:\program files\Wise Registry Cleaner 3
2009-02-04 12:15 --------- d-----w c:\program files\Wise Disk Cleaner
2009-02-04 11:39 --------- d-----w c:\documents and settings\All Users\Application Data\3A3E
2009-02-04 11:08 --------- d-----w c:\program files\Common Files\Skype
2009-02-04 11:08 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-04 11:08 --------- d-----r c:\program files\Skype
2009-02-02 10:41 --------- d-----w c:\documents and settings\All Users\Application Data\23CB
2009-01-31 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\F138
2009-01-31 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\2835B
2009-01-28 01:03 --------- d-----w c:\documents and settings\All Users\Application Data\3034B
2009-01-27 11:49 --------- d-----w c:\program files\Recuva
2009-01-25 01:40 17,920 -c--a-w c:\windows\WebFerretUninstall.exe
2009-01-25 01:40 --------- d-----w c:\program files\WebFerret
2009-01-23 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\3A138
2009-01-23 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\131F
2009-01-23 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\1B1F
2009-01-11 19:37 --------- d-----w c:\documents and settings\All Users\Application Data\172E
2009-01-11 13:59 --------- d-----w c:\program files\Dictionary
2008-10-27 13:33 69,232 -c--a-w c:\documents and settings\RR\Application Data\GDIPFONTCACHEV1.DAT
2007-12-22 13:50 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-03-08 15:46 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll
.

------- Sigcheck -------

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-03-05 14:36 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-03-05 14:36 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-09_16.23.18.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-09 07:12:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-03-09 19:08:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2009-03-09 15:21:10 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-10 02:18:29 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-09 15:21:10 65,536 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-10 02:18:29 81,920 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-09 15:21:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009030920090310\index.dat
+ 2009-03-09 19:08:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009030920090310\index.dat
+ 2009-03-10 02:07:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009031020090311\index.dat
- 2009-03-09 15:21:11 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-10 02:17:54 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-10 02:17:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_770.dat
+ 2009-03-10 02:17:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]

c:\documents and settings\RR\Start Menu\Programs\Startup\
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2007-12-22 1981104]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.XVID"= xvid.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^ppcb_32.lnk]
backup=c:\windows\pss\ppcb_32.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 12:13 133104 c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\WebFerret\\WebFerret.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
S3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\DRIVERS\vaclcskd.sys --> c:\windows\system32\DRIVERS\vaclcskd.sys [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-19 36928]
S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\system32\drivers\w940nd.sys [2007-12-21 16925]
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-02-23 17:38]

2009-03-09 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-03-09 04:43]

2009-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-527237240-725345543-1003.job
- c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:13]

2009-03-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-03-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-02-26 03:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Search - ?p=ZCfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\RR\Application Data\Mozilla\Firefox\Profiles\qq1l57ie.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\RR\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections-per-server - 6
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-10 03:18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\snmp.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-03-10 3:22:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 02:22:17
ComboFix2.txt 2009-03-09 15:25:00

Pre-Run: 19,974,414,336 bytes free
Post-Run: 19,931,992,064 bytes free

284

Dopuna: 10 Mar 2009 4:05

Za Boby

poslat upload

c:\windows\system32\snmp.exe
c:\windows\system32\drivers\restore.sys

Dopuna: 10 Mar 2009 4:16

USBNoRisk 1.5 by bobby

Started at 3/10/2009 4:04:53 AM

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
D: {38c5cac5-b093-11dc-9181-0016767e8929}
G: {7dddf8f7-b02b-11dc-946e-0016767e8929}
C: {d59c70cd-b014-11dc-a1b5-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for d59c70cd-b014-11dc-a1b5-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 38c5cac5-b093-11dc-9181-0016767e8929
========================================

Autorun.inf on G: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for G:
No key found for 7dddf8f7-b02b-11dc-946e-0016767e8929
========================================



New device connected at 3/10/2009 4:06:54 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {d10c4a76-3601-11dd-8597-0016767e8929}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

========================================

========================================
Removed E:
========================================


New device connected at 3/10/2009 4:06:57 AM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 3/10/2009 4:06:58 AM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 3/10/2009 4:07:03 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {d10c4a76-3601-11dd-8597-0016767e8929}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for d10c4a76-3601-11dd-8597-0016767e8929
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

========================================

========================================
Removed E:
========================================


New device connected at 3/10/2009 4:07:17 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {d10c4a76-3601-11dd-8597-0016767e8929}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for d10c4a76-3601-11dd-8597-0016767e8929
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

========================================

========================================
Removed E:
========================================


New device connected at 3/10/2009 4:07:49 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {051a0c81-b173-11dc-919a-0016767e8929}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 051a0c81-b173-11dc-919a-0016767e8929
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

========================================

========================================
Removed E:
========================================


New device connected at 3/10/2009 4:08:20 AM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 3/10/2009 4:08:22 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {051a0c81-b173-11dc-919a-0016767e8929}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 051a0c81-b173-11dc-919a-0016767e8929
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

========================================

========================================
Removed E:
========================================


New device connected at 3/10/2009 4:08:40 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {35bb722c-d30e-11dc-9d32-0016767e8929}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 35bb722c-d30e-11dc-9d32-0016767e8929
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

========================================

========================================
Removed E:
========================================


New device connected at 3/10/2009 4:09:26 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {217456e7-2e9c-11dd-8573-0016767e8929}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 217456e7-2e9c-11dd-8573-0016767e8929
========================================

----------------------------------------

Desktop.ini on E: - None
----------------------------------------

========================================

========================================
Removed E:
========================================

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 15 Dec 2008
  • Poruke: 159
  • Gde živiš: Beograd

skeniranje sa gmer

Dopuna: 10 Mar 2009 16:55

skeniranje sa gmer, prikačen log file1.txt1

Dopuna: 10 Mar 2009 16:56

skeniranje sa gmer, prikačen log file2.txt

Dopuna: 10 Mar 2009 17:14

Ne znam da li je od značaja, ali sam zapazio da već danima NOD pri svakom podizanju sistema ubaci u karantin file BN.tmp (u WINDOWS\TEMP\....tmp), koji se nekad zove BN1, nekad BN1B, BND, BN2, BN4, BN5 i sl. i koji uvek ima size 24576, a objašnjen je kao "variant of Win32/Wigon.IN trojan".
Kad ga izbrišem iz karantina, on se u sledećem butovanju opet pojavi.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Nesto nisi dobro odradio, posto fajlovi nisu prikaceni.
Kada iskoristis opciju "Prikaci fajl" automatski ti se u poruku koju pises ubaci link ka tom fajlu. Gde su ti linkovi? Kod tebe ih nema.

offline
  • Pridružio: 15 Dec 2008
  • Poruke: 159
  • Gde živiš: Beograd

fajlovi poslati preko forme
mycity.rs/ambulanta-upload.php.
Valjda to nije stiglo do tebe, ponoviću slanje kroz poruku (tek sad vidim ovde komandu prikači fajl), ali to mogu tek noćas kasno. Sorry.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Nije stiglo nista.

Molim te, nemoj vise tamo da uploadujes. To je iskljucivo za viruse.
Logove kaci ovde na forum preko "Prikaci fajl".

Ko je trenutno na forumu
 

Ukupno su 828 korisnika na forumu :: 33 registrovanih, 4 sakrivenih i 791 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., Bane san, bankulen, bojanM84, dane007, darkangel2, Drug pukovnik, dule10savic, goxin, Kos93, Lucije Kvint, M Kovačević Fleka, Majstorr, mean_machine, Mercury, MikeHammer, milos.cbr, Mirage 2000N, Miskohd, prekodrinski, RegrutGruja, ruseskij, Sale.S, stringer bell, suton2, vasa.93, vathra, voja64, wolverined4, XBMC, zdrebac2, zlatkovuka