Problem sa wirelessom??

1

Problem sa wirelessom??

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

Imam problem sa wireless-om... Jutros oko 4 je sve radilo super... Zatim sam iskljucio laptop i pre pola sata sam opet ukljucio i ne radi mi wireless... Scanirao sam sa NOD32 i nasao samo 1 trojan virus ali cak i posle scaniranja ne radi wireless... Trenutno sam prikljucen na UTP Cable koji ide iz rutera i imam 2mbps dl / 192 ul speed, ...

Evo DDS log-a:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Freezing Cool at 21:25:10.03 on Tue 08/18/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2444 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SVRemote\USB20Remote.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Freezing Cool\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Flashget] c:\program files\flashget\flashget.exe /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PC Suite for Smartphones] "c:\program files\sony ericsson\mobile4\application launcher\Application Launcher.exe" /startoptions
mRun: [SVRemote] c:\program files\svremote\USB20Remote.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
TCP: {78CA5DED-BA3F-4DF0-A1F6-6F804B5C5BFA} = 192.168.1.1
TCP: {EAF9B5AA-8B34-482F-A9C5-406640C2DE32} = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\freezi~1\applic~1\mozilla\firefox\profiles\klvdcp6g.default\
FF - plugin: c:\documents and settings\freezing cool\application data\mozilla\firefox\profiles\klvdcp6g.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\drivers\zebrceb.sys [2009-2-6 63360]
S1 Dup;Dup;\??\c:\windows\system32\drivers\dup.sys --> c:\windows\system32\drivers\dup.sys [?]
S1 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-17 8416]
S1 rgadta;RAMDAC XGPU Controller;c:\windows\system32\rgadta.sys [2009-8-17 8416]
S1 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-8-17 8416]
S2 msupdate;Microsoft security update service;c:\windows\system32\mssrv32.exe --> c:\windows\system32\mssrv32.exe [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\freezi~1\locals~1\temp\elj84.tmp --> c:\docume~1\freezi~1\locals~1\temp\ELJ84.tmp [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-7 33752]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 TridVid;OEM 5600AI Analog plus Digital Video;c:\windows\system32\drivers\TridVid.sys [2009-2-14 151936]
S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\drivers\zebrbus.sys [2009-2-6 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\drivers\zebrmdfl.sys [2009-2-6 14848]
S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\drivers\zebrmdm.sys [2009-2-6 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\drivers\zebrmdmc.sys [2009-2-6 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\drivers\zebrsce.sys [2009-2-6 91264]

=============== Created Last 30 ================

2009-08-18 21:12 268 a---h--- C:\sqmdata16.sqm
2009-08-18 21:12 244 a---h--- C:\sqmnoopt16.sqm
2009-08-18 21:03 268 a---h--- C:\sqmdata15.sqm
2009-08-18 21:03 244 a---h--- C:\sqmnoopt15.sqm
2009-08-18 20:50 232 a---h--- C:\sqmdata14.sqm
2009-08-18 20:50 244 a---h--- C:\sqmnoopt14.sqm
2009-08-18 20:50 0 a------- c:\windows\system32\a99k.bin
2009-08-17 16:16 8,416 a------- c:\windows\system32\drivers\wg111v3.sys
2009-08-17 16:16 8,416 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 16:16 8,416 a------- c:\windows\system32\drivers\InCDRm.sys
2009-08-17 16:16 8,416 a------- c:\windows\system32\drivers\InCDPass.sys
2009-08-17 16:16 8,416 a------- c:\windows\system32\drivers\EagleNT.sys
2009-08-17 16:16 8,416 a------- c:\windows\system32\rgadta.sys
2009-08-17 13:11 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-08-17 13:11 17,212 a------- c:\windows\system32\SIntf32.dll
2009-08-17 13:11 12,067 a------- c:\windows\system32\SIntf16.dll
2009-08-17 13:09 <DIR> --d----- c:\program files\Diablo II
2009-08-16 00:25 <DIR> --d----- c:\program files\BS Hacker Unlimited
2009-08-13 16:27 16,398 a------- C:\Code7.dic
2009-08-13 13:50 13,082 a------- C:\hydra.restore
2009-08-13 00:19 <DIR> --d----- C:\(zabranjeno)ing
2009-08-12 23:40 <DIR> --d----- C:\hydra
2009-08-12 02:18 <DIR> --d----- c:\program files\URUSoft
2009-08-07 14:54 65,440 a------- c:\documents and settings\freezing cool\z-query.exe
2009-07-31 12:34 <DIR> --d----- c:\docume~1\freezi~1\applic~1\Wireshark
2009-07-31 00:22 <DIR> --d----- c:\program files\RAR Password (zabranjeno)er
2009-07-30 18:11 <DIR> --d----- c:\docume~1\freezi~1\applic~1\DrekSoftware
2009-07-30 18:11 <DIR> --d----- c:\program files\FTP Password Recovery Master
2009-07-30 18:07 <DIR> --d----- c:\program files\Advanced CheckSum Verifier
2009-07-30 17:58 <DIR> --d----- c:\program files\Password Recovery
2009-07-30 17:57 <DIR> --d----- c:\program files\SmartFTP Client
2009-07-30 17:56 <DIR> --d----- c:\program files\SmartFTP Client 3.0 Setup Files
2009-07-30 17:16 <DIR> --d----- c:\program files\FtpPassword
2009-07-28 18:21 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-28 16:29 <DIR> a-dshr-- C:\cmdcons
2009-07-28 16:19 216,064 a------- c:\windows\PEV.exe
2009-07-28 16:19 161,792 a------- c:\windows\SWREG.exe
2009-07-28 16:19 98,816 a------- c:\windows\sed.exe
2009-07-27 16:14 <DIR> --d----- C:\GamersFirst
2009-07-26 23:26 <DIR> --d-h--- c:\program files\InstallJammer Registry
2009-07-26 23:09 <DIR> --d----- c:\docume~1\freezi~1\applic~1\MyPhoneExplorer
2009-07-26 23:09 <DIR> --d----- c:\program files\MyPhoneExplorer
2009-07-26 20:56 <DIR> --d----- c:\program files\FMA 2
2009-07-26 20:56 <DIR> --d----- c:\docume~1\freezi~1\applic~1\FMA
2009-07-26 18:16 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-26 18:16 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-08-18 03:48 189,049 a------- c:\windows\system32\nvModes.dat
2009-08-17 16:59 46,239 a------- c:\windows\War3Unin.dat
2009-08-17 16:16 8,416 a------- c:\windows\system32\drivers\sptd.sys
2009-06-30 22:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-27 20:32 65,354 a------- c:\documents and settings\freezing cool\lastchar.exe
2009-06-25 21:48 62,817 a------- c:\documents and settings\freezing cool\test.exe
2009-05-12 23:43 63,994 a------- c:\documents and settings\freezing cool\kupusi.exe
2009-05-11 00:41 64,639 a------- c:\documents and settings\freezing cool\stepenice.exe
2009-05-10 17:43 65,452 a------- c:\documents and settings\freezing cool\max.exe
2009-04-26 19:46 68,982 a------- c:\documents and settings\freezing cool\tmp.exe
2009-04-11 14:03 66,116 a------- c:\documents and settings\freezing cool\alksdjklsjadaksljd.exe
2009-03-15 15:11 71,223 a------- c:\documents and settings\freezing cool\burici.exe
2009-03-15 01:18 66,222 a------- c:\documents and settings\freezing cool\brojanje.exe
2009-03-14 21:12 64,699 a------- c:\documents and settings\freezing cool\cryptography.exe
2009-03-14 19:45 66,711 a------- c:\documents and settings\freezing cool\golf.exe
2009-03-10 03:02 64,529 a------- c:\documents and settings\freezing cool\cifre.exe
2009-03-10 02:07 65,289 a------- c:\documents and settings\freezing cool\prime generator.exe
2009-03-10 01:50 65,211 a------- c:\documents and settings\freezing cool\factorials.exe
2009-03-09 01:04 66,084 a------- c:\documents and settings\freezing cool\tmo.exe
2009-03-07 22:27 43,520 a------- c:\documents and settings\freezing cool\Project1.exe
2009-02-27 17:21 65,641 a------- c:\documents and settings\freezing cool\counter_strike.exe
2009-02-22 03:02 64,237 a------- c:\documents and settings\freezing cool\src.exe
2009-02-14 01:36 64,517 a------- c:\documents and settings\freezing cool\apg.exe
2009-01-28 22:54 62,816 a------- c:\documents and settings\freezing cool\loto.exe

============= FINISH: 21:26:37.40 ===============

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


A korak #3? Postavi Gmer logove.


Na koji način uspostavljaš wireless konekciju? Tip i naziv uređaja (proizvođač).




Arrow Usput upload-uj sledeće file-ove:

c:\windows\system32\drivers\wg111v3.sys
c:\windows\system32\drivers\mbamswissarmy.sys

Upload link: http://www.mycity.rs/ambulanta-upload.php




Da li su ti poznati ovi file-ovi:

c:\documents and settings\freezing cool\z-query.exe
c:\documents and settings\freezing cool\lastchar.exe
c:\documents and settings\freezing cool\test.exe
c:\documents and settings\freezing cool\kupusi.exe
c:\documents and settings\freezing cool\stepenice.exe
c:\documents and settings\freezing cool\max.exe
c:\documents and settings\freezing cool\tmp.exe
c:\documents and settings\freezing cool\alksdjklsjadaksljd.exe
c:\documents and settings\freezing cool\burici.exe
c:\documents and settings\freezing cool\brojanje.exe
c:\documents and settings\freezing cool\cryptography.exe
c:\documents and settings\freezing cool\golf.exe
c:\documents and settings\freezing cool\cifre.exe
c:\documents and settings\freezing cool\prime generator.exe
c:\documents and settings\freezing cool\factorials.exe
c:\documents and settings\freezing cool\tmo.exe
c:\documents and settings\freezing cool\Project1.exe
c:\documents and settings\freezing cool\counter_strike.exe
c:\documents and settings\freezing cool\src.exe
c:\documents and settings\freezing cool\apg.exe
c:\documents and settings\freezing cool\loto.exe



Ako nisu, upload-uj i jedan od njih (bilo koji).

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

Poznati su mi ti fajlovi, to su samo kompajlovani .exe fajlovi nekih algoritamskih zadataka radjenih u FPCu i nekih aplikacija radjenih u delphiu nista posebno...


mycity.rs/must-login.png
Onaj drugi wg111... nisam uspeo nikako da pronadjem... Mozda ga je NOD izbrisao u medjuvremenu :S

Evo i korak-a #3

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Dao sam ti upload link, nisam rekao da file prikačiš uz poruku.



Citat:Na koji način uspostavljaš wireless konekciju? Tip i naziv uređaja (proizvođač).

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

dr_Bora ::Dao sam ti upload link, nisam rekao da file prikačiš uz poruku.



Citat:Na koji način uspostavljaš wireless konekciju? Tip i naziv uređaja (proizvođač).


Ooops sorry na brzinu sam to radio jer sam zurio u grad... Evo sad sam uploadovao (opet samo drugi fajl) na onaj link...

Inace wireless konekciju uspostavljam iz windowsa... Nadjem mrezu pa se samo konektujem na nju... Problem je sto sad uopste nemam Wireless Connection, ... Kao da nije instaliran driver.. Mada sam pokusao da reinstaliram driver i opet nece... A u device manageru se ne vidi. Inace koristim Atheros wireless...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

ComboFix 09-08-19.08 - Freezing Cool 08/20/2009 14:26.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2698 [GMT 2:00]
Running from: c:\documents and settings\Freezing Cool\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\160307b.msi
c:\windows\system32\a99k.bin
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\drivers\SKYNETxbrxlyxm.sys
c:\windows\system32\kwave.sys
c:\windows\system32\SKYNETltfuwkku.dat
c:\windows\system32\SKYNEToykrihpk.dat
c:\windows\system32\SKYNETpdqomlwa.dll
c:\windows\system32\SKYNETtklgiqmq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETyudltapu
-------\Legacy_SKYNETyudltapu
-------\Legacy_MSUPDATE
-------\Service_msupdate


((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-19 20:54 . 2009-08-19 20:54 -------- d-----w- C:\Finale
2009-08-19 14:56 . 2009-08-19 14:56 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\InstallShield
2009-08-17 14:16 . 2009-08-17 14:16 8416 ----a-w- c:\windows\system32\drivers\wg111v3.sys
2009-08-17 14:16 . 2009-08-17 14:16 8416 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-17 14:16 . 2009-08-17 14:16 8416 ----a-w- c:\windows\system32\drivers\InCDRm.sys
2009-08-17 14:16 . 2009-08-17 14:16 8416 ----a-w- c:\windows\system32\drivers\InCDPass.sys
2009-08-17 14:16 . 2009-08-17 14:16 8416 ----a-w- c:\windows\system32\drivers\EagleNT.sys
2009-08-17 14:16 . 2009-08-17 14:16 8416 ----a-w- c:\windows\system32\rgadta.sys
2009-08-17 11:11 . 2009-08-18 22:26 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-08-17 11:11 . 2009-08-18 22:26 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-08-17 11:11 . 2009-08-18 22:26 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-08-17 11:09 . 2009-08-19 23:48 -------- d-----w- c:\program files\Diablo II
2009-08-15 22:25 . 2009-08-15 22:27 -------- d-----w- c:\program files\BS Hacker Unlimited
2009-08-12 22:19 . 2009-08-14 12:12 -------- d-----w- C:\(zabranjeno)ing
2009-08-12 21:40 . 2009-08-18 19:47 -------- d-----w- C:\hydra
2009-08-12 00:18 . 2009-08-12 00:18 -------- d-----w- c:\program files\URUSoft
2009-08-07 12:54 . 2009-08-07 13:00 65440 ----a-w- c:\documents and settings\Freezing Cool\z-query.exe
2009-07-31 10:34 . 2009-07-31 10:34 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\Wireshark
2009-07-30 22:22 . 2009-07-30 22:22 -------- d-----w- c:\program files\RAR Password (zabranjeno)er
2009-07-30 16:11 . 2009-07-30 16:11 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\DrekSoftware
2009-07-30 16:11 . 2009-07-30 16:11 -------- d-----w- c:\program files\FTP Password Recovery Master
2009-07-30 16:07 . 2009-07-30 16:07 -------- d-----w- c:\program files\Advanced CheckSum Verifier
2009-07-30 15:58 . 2009-07-30 15:58 -------- d-----w- c:\program files\Password Recovery
2009-07-30 15:57 . 2009-07-30 15:57 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\SmartFTP
2009-07-30 15:57 . 2009-07-30 15:57 -------- d-----w- c:\program files\SmartFTP Client
2009-07-30 15:56 . 2009-07-30 15:56 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-07-30 15:16 . 2009-07-30 16:09 -------- d-----w- c:\program files\FtpPassword
2009-07-27 14:14 . 2009-07-27 14:14 -------- d-----w- C:\GamersFirst
2009-07-26 21:26 . 2009-08-18 19:14 -------- d--h--w- c:\program files\InstallJammer Registry
2009-07-26 21:09 . 2009-07-27 21:23 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\MyPhoneExplorer
2009-07-26 21:09 . 2009-07-26 21:09 -------- d-----w- c:\program files\MyPhoneExplorer
2009-07-26 18:56 . 2009-07-26 19:00 -------- d-----w- c:\program files\FMA 2
2009-07-26 18:56 . 2009-07-26 18:58 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\FMA
2009-07-26 18:44 . 2005-02-14 07:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 12:36 . 2009-07-13 21:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-08-20 12:36 . 2009-07-13 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-08-20 12:19 . 2008-12-31 15:16 -------- d-----w- c:\program files\FlashGet
2009-08-20 02:02 . 2008-12-31 02:26 189049 ----a-w- c:\windows\system32\nvModes.dat
2009-08-20 02:02 . 2008-12-31 21:16 -------- d-----w- c:\program files\Warcraft III
2009-08-19 23:55 . 2008-12-31 21:27 -------- d-----w- c:\program files\Garena
2009-08-19 23:49 . 2008-12-31 21:19 68656 ----a-w- c:\windows\War3Unin.dat
2009-08-19 14:56 . 2008-12-31 02:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 14:16 . 2009-01-04 20:33 8416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-17 13:50 . 2009-01-11 01:52 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\Skype
2009-08-17 12:29 . 2009-01-11 01:53 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\skypePM
2009-08-15 16:15 . 2009-02-03 23:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-31 12:47 . 2009-01-02 16:50 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\uTorrent
2009-07-29 09:03 . 2009-01-08 22:34 -------- d-----w- c:\program files\Cheat Engine
2009-07-26 18:43 . 2009-01-12 22:01 -------- d-----w- c:\program files\Avanquest update
2009-07-18 22:40 . 2009-07-18 22:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 22:39 . 2009-01-12 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-18 22:38 . 2009-07-18 22:38 -------- d-----w- c:\program files\Apple Software Update
2009-07-18 22:38 . 2009-07-18 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-13 21:49 . 2009-07-13 21:20 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\VMware
2009-07-13 21:14 . 2009-07-13 21:14 -------- d-----w- c:\program files\VMware
2009-07-10 17:49 . 2009-07-10 17:49 -------- d-----w- c:\program files\Cinemaware Marquee
2009-07-05 19:50 . 2009-07-05 19:50 -------- d-----w- c:\program files\Recuva
2009-07-05 14:16 . 2009-03-01 19:43 -------- d-----w- c:\program files\Uplink
2009-07-02 17:01 . 2009-07-02 16:58 -------- d-----w- c:\program files\AMX Mod X
2009-06-30 20:38 . 2009-06-30 20:31 -------- d-----w- c:\program files\NetBeans 6.7
2009-06-30 20:30 . 2009-06-30 20:30 -------- d-----w- c:\program files\Sun
2009-06-30 20:30 . 2009-06-30 20:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-30 20:30 . 2009-06-30 20:28 -------- d-----w- c:\program files\Java
2009-06-30 16:53 . 2009-01-07 20:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-30 14:39 . 2008-12-31 02:23 64856 ----a-w- c:\documents and settings\Freezing Cool\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 14:03 . 2009-06-30 14:02 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-30 14:01 . 2009-06-30 14:01 182704 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-30 14:00 . 2009-06-30 14:00 -------- d-----w- c:\program files\MSBuild
2009-06-30 14:00 . 2009-06-30 14:00 -------- d-----w- c:\program files\Reference Assemblies
2009-06-29 22:23 . 2009-06-29 22:22 -------- d-----w- c:\program files\PHP
2009-06-27 18:32 . 2009-06-27 17:57 65354 ----a-w- c:\documents and settings\Freezing Cool\lastchar.exe
2009-06-26 15:48 . 2009-01-01 12:57 -------- d-----w- c:\program files\Valve
2009-06-25 19:48 . 2009-06-25 19:48 62817 ----a-w- c:\documents and settings\Freezing Cool\test.exe
2009-06-25 12:17 . 2009-01-14 15:55 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\codeblocks
2009-06-21 18:52 . 2009-06-21 18:52 -------- d-----w- c:\program files\Abstractica 3
2009-06-02 09:40 . 2009-06-01 19:15 25 ----a-w- c:\windows\popcinfot.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-07-28_16.20.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-20 12:36 . 2009-08-20 12:36 16384 c:\windows\temp\Perflib_Perfdata_80c.dat
+ 2009-08-20 12:24 . 2009-08-20 12:24 16384 c:\windows\temp\Perflib_Perfdata_578.dat
+ 2009-08-20 12:36 . 2009-08-20 12:36 16384 c:\windows\temp\Perflib_Perfdata_114.dat
+ 2008-12-31 02:12 . 2009-08-20 11:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-31 02:12 . 2008-12-31 02:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-31 02:12 . 2009-08-20 11:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-31 02:12 . 2008-12-31 02:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-31 02:12 . 2008-12-31 02:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-31 02:12 . 2009-08-20 11:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-30 15:57 . 2009-07-30 15:57 22486 c:\windows\Installer\{87C1D0FD-2391-40C7-A32D-5AA8D14250E7}\Icon_SFTPBackup.exe
+ 2008-12-31 03:02 . 2004-08-03 22:58 7552 c:\windows\system32\dllcache\mskssrv.sys
+ 2009-07-30 15:57 . 2009-07-30 15:57 157733 c:\windows\Installer\{87C1D0FD-2391-40C7-A32D-5AA8D14250E7}\Icon_SmartFTP.exe
+ 2009-07-30 15:57 . 2009-07-30 15:57 1124352 c:\windows\Installer\1e1ea30.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-18 8433664]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-15 815104]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"SVRemote"="c:\program files\SVRemote\USB20Remote.exe" [2007-08-08 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 185784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-05-18 1626112]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-06-29 89541]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rgadta.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Freezing Cool^Start Menu^Programs^Startup^YouTring.lnk]
path=c:\documents and settings\Freezing Cool\Start Menu\Programs\Startup\YouTring.lnk
backup=c:\windows\pss\YouTring.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Counter-Strike 1.6 V35\\hl.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\Freezing Cool\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 11:41 AM 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 11:57 AM 5504]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 9:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 9:21 AM 468224]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [3/26/2009 11:05 PM 54960]
S1 Dup;Dup;\??\c:\windows\System32\DRIVERS\dup.sys --> c:\windows\System32\DRIVERS\dup.sys [?]
S1 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/17/2009 4:16 PM 8416]
S1 rgadta;RAMDAC XGPU Controller;c:\windows\system32\rgadta.sys [8/17/2009 4:16 PM 8416]
S1 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [8/17/2009 4:16 PM 8416]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\FREEZI~1\LOCALS~1\Temp\ELJ84.tmp --> c:\docume~1\FREEZI~1\LOCALS~1\Temp\ELJ84.tmp [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [1/7/2009 10:28 PM 33752]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 5:35 PM 50704]
S3 TridVid;OEM 5600AI Analog plus Digital Video;c:\windows\system32\drivers\TridVid.sys [2/14/2009 7:56 PM 151936]
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {78CA5DED-BA3F-4DF0-A1F6-6F804B5C5BFA} = 192.168.1.1
TCP: {EAF9B5AA-8B34-482F-A9C5-406640C2DE32} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Freezing Cool\Application Data\Mozilla\Firefox\Profiles\klvdcp6g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Freezing Cool\Application Data\Mozilla\Firefox\Profiles\klvdcp6g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-20 14:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\FREEZI~1\LOCALS~1\Temp\ELJ84.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(4072)
c:\program files\FlashGet\fgmgr.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
.
**************************************************************************
.
Completion time: 2009-08-20 14:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 12:42
ComboFix2.txt 2009-08-18 18:56
ComboFix3.txt 2009-07-28 16:22
ComboFix4.txt 2009-06-10 18:15

Pre-Run: 6,384,668,672 bytes free
Post-Run: 6,393,192,448 bytes free

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
305

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\windows\system32\drivers\wg111v3.sys
c:\windows\system32\drivers\mbamswissarmy.sys
c:\windows\system32\drivers\InCDRm.sys
c:\windows\system32\drivers\InCDPass.sys
c:\windows\system32\drivers\EagleNT.sys
c:\windows\system32\rgadta.sys

Driver::
MBAMSwissArmy
rgadta
RTL8187B

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rgadta.sys]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

ComboFix 09-08-19.0C - Freezing Cool 08/20/2009 18:18.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2486 [GMT 2:00]
Running from: c:\documents and settings\Freezing Cool\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Freezing Cool\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


FILE ::
"c:\windows\system32\drivers\EagleNT.sys"
"c:\windows\system32\drivers\InCDPass.sys"
"c:\windows\system32\drivers\InCDRm.sys"
"c:\windows\system32\drivers\mbamswissarmy.sys"
"c:\windows\system32\drivers\wg111v3.sys"
"c:\windows\system32\rgadta.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\EagleNT.sys
c:\windows\system32\drivers\InCDPass.sys
c:\windows\system32\drivers\InCDRm.sys
c:\windows\system32\drivers\mbamswissarmy.sys
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\drivers\wg111v3.sys
c:\windows\system32\kwave.sys
c:\windows\system32\rgadta.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MBAMSWISSARMY
-------\Legacy_RGADTA
-------\Service_MBAMSwissArmy
-------\Service_rgadta
-------\Service_RTL8187B
-------\Legacy_EagleNT
-------\Service_EagleNT


((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-19 20:54 . 2009-08-19 20:54 -------- d-----w- C:\Finale
2009-08-19 14:56 . 2009-08-19 14:56 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\InstallShield
2009-08-17 11:11 . 2009-08-18 22:26 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-08-17 11:11 . 2009-08-18 22:26 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-08-17 11:11 . 2009-08-18 22:26 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-08-17 11:09 . 2009-08-19 23:48 -------- d-----w- c:\program files\Diablo II
2009-08-15 22:25 . 2009-08-15 22:27 -------- d-----w- c:\program files\BS Hacker Unlimited
2009-08-12 22:19 . 2009-08-14 12:12 -------- d-----w- C:\(zabranjeno)ing
2009-08-12 21:40 . 2009-08-18 19:47 -------- d-----w- C:\hydra
2009-08-12 00:18 . 2009-08-12 00:18 -------- d-----w- c:\program files\URUSoft
2009-08-07 12:54 . 2009-08-07 13:00 65440 ----a-w- c:\documents and settings\Freezing Cool\z-query.exe
2009-07-31 10:34 . 2009-07-31 10:34 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\Wireshark
2009-07-30 22:22 . 2009-07-30 22:22 -------- d-----w- c:\program files\RAR Password (zabranjeno)er
2009-07-30 16:11 . 2009-07-30 16:11 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\DrekSoftware
2009-07-30 16:11 . 2009-07-30 16:11 -------- d-----w- c:\program files\FTP Password Recovery Master
2009-07-30 16:07 . 2009-07-30 16:07 -------- d-----w- c:\program files\Advanced CheckSum Verifier
2009-07-30 15:58 . 2009-07-30 15:58 -------- d-----w- c:\program files\Password Recovery
2009-07-30 15:57 . 2009-07-30 15:57 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\SmartFTP
2009-07-30 15:57 . 2009-07-30 15:57 -------- d-----w- c:\program files\SmartFTP Client
2009-07-30 15:56 . 2009-07-30 15:56 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-07-30 15:16 . 2009-07-30 16:09 -------- d-----w- c:\program files\FtpPassword
2009-07-27 14:14 . 2009-07-27 14:14 -------- d-----w- C:\GamersFirst
2009-07-26 21:26 . 2009-08-18 19:14 -------- d--h--w- c:\program files\InstallJammer Registry
2009-07-26 21:09 . 2009-07-27 21:23 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\MyPhoneExplorer
2009-07-26 21:09 . 2009-07-26 21:09 -------- d-----w- c:\program files\MyPhoneExplorer
2009-07-26 18:56 . 2009-07-26 19:00 -------- d-----w- c:\program files\FMA 2
2009-07-26 18:56 . 2009-07-26 18:58 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\FMA
2009-07-26 18:44 . 2005-02-14 07:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 16:24 . 2009-07-13 21:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-08-20 16:24 . 2009-07-13 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-08-20 16:07 . 2008-12-31 02:26 189049 ----a-w- c:\windows\system32\nvModes.dat
2009-08-20 15:41 . 2008-12-31 21:16 -------- d-----w- c:\program files\Warcraft III
2009-08-20 13:36 . 2008-12-31 21:27 -------- d-----w- c:\program files\Garena
2009-08-20 13:24 . 2008-12-31 15:16 -------- d-----w- c:\program files\FlashGet
2009-08-19 23:49 . 2008-12-31 21:19 68656 ----a-w- c:\windows\War3Unin.dat
2009-08-19 14:56 . 2008-12-31 02:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 14:16 . 2009-01-04 20:33 8416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-17 13:50 . 2009-01-11 01:52 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\Skype
2009-08-17 12:29 . 2009-01-11 01:53 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\skypePM
2009-08-15 16:15 . 2009-02-03 23:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-31 12:47 . 2009-01-02 16:50 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\uTorrent
2009-07-29 09:03 . 2009-01-08 22:34 -------- d-----w- c:\program files\Cheat Engine
2009-07-26 18:43 . 2009-01-12 22:01 -------- d-----w- c:\program files\Avanquest update
2009-07-18 22:40 . 2009-07-18 22:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 22:39 . 2009-01-12 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-18 22:38 . 2009-07-18 22:38 -------- d-----w- c:\program files\Apple Software Update
2009-07-18 22:38 . 2009-07-18 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-13 21:49 . 2009-07-13 21:20 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\VMware
2009-07-13 21:14 . 2009-07-13 21:14 -------- d-----w- c:\program files\VMware
2009-07-10 17:49 . 2009-07-10 17:49 -------- d-----w- c:\program files\Cinemaware Marquee
2009-07-05 19:50 . 2009-07-05 19:50 -------- d-----w- c:\program files\Recuva
2009-07-05 14:16 . 2009-03-01 19:43 -------- d-----w- c:\program files\Uplink
2009-07-02 17:01 . 2009-07-02 16:58 -------- d-----w- c:\program files\AMX Mod X
2009-06-30 20:38 . 2009-06-30 20:31 -------- d-----w- c:\program files\NetBeans 6.7
2009-06-30 20:30 . 2009-06-30 20:30 -------- d-----w- c:\program files\Sun
2009-06-30 20:30 . 2009-06-30 20:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-30 20:30 . 2009-06-30 20:28 -------- d-----w- c:\program files\Java
2009-06-30 16:53 . 2009-01-07 20:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-30 14:39 . 2008-12-31 02:23 64856 ----a-w- c:\documents and settings\Freezing Cool\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 14:03 . 2009-06-30 14:02 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-30 14:01 . 2009-06-30 14:01 182704 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-30 14:00 . 2009-06-30 14:00 -------- d-----w- c:\program files\MSBuild
2009-06-30 14:00 . 2009-06-30 14:00 -------- d-----w- c:\program files\Reference Assemblies
2009-06-29 22:23 . 2009-06-29 22:22 -------- d-----w- c:\program files\PHP
2009-06-27 18:32 . 2009-06-27 17:57 65354 ----a-w- c:\documents and settings\Freezing Cool\lastchar.exe
2009-06-26 15:48 . 2009-01-01 12:57 -------- d-----w- c:\program files\Valve
2009-06-25 19:48 . 2009-06-25 19:48 62817 ----a-w- c:\documents and settings\Freezing Cool\test.exe
2009-06-25 12:17 . 2009-01-14 15:55 -------- d-----w- c:\documents and settings\Freezing Cool\Application Data\codeblocks
2009-06-21 18:52 . 2009-06-21 18:52 -------- d-----w- c:\program files\Abstractica 3
2009-06-02 09:40 . 2009-06-01 19:15 25 ----a-w- c:\windows\popcinfot.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-07-28_16.20.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-20 12:36 . 2009-08-20 12:36 16384 c:\windows\temp\Perflib_Perfdata_80c.dat
+ 2009-08-20 16:24 . 2009-08-20 16:24 16384 c:\windows\temp\Perflib_Perfdata_58c.dat
+ 2009-08-20 16:24 . 2009-08-20 16:24 16384 c:\windows\temp\Perflib_Perfdata_244.dat
+ 2008-12-31 02:12 . 2009-08-20 11:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-31 02:12 . 2008-12-31 02:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-31 02:12 . 2009-08-20 11:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-31 02:12 . 2008-12-31 02:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-31 02:12 . 2008-12-31 02:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-31 02:12 . 2009-08-20 11:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-30 15:57 . 2009-07-30 15:57 22486 c:\windows\Installer\{87C1D0FD-2391-40C7-A32D-5AA8D14250E7}\Icon_SFTPBackup.exe
+ 2008-12-31 03:02 . 2004-08-03 22:58 7552 c:\windows\system32\dllcache\mskssrv.sys
+ 2009-07-30 15:57 . 2009-07-30 15:57 157733 c:\windows\Installer\{87C1D0FD-2391-40C7-A32D-5AA8D14250E7}\Icon_SmartFTP.exe
+ 2009-07-30 15:57 . 2009-07-30 15:57 1124352 c:\windows\Installer\1e1ea30.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-18 8433664]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-15 815104]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"SVRemote"="c:\program files\SVRemote\USB20Remote.exe" [2007-08-08 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-21 185784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-05-18 1626112]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-06-29 89541]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]

[HKLM\~\startupfolder\C:^Documents and Settings^Freezing Cool^Start Menu^Programs^Startup^YouTring.lnk]
path=c:\documents and settings\Freezing Cool\Start Menu\Programs\Startup\YouTring.lnk
backup=c:\windows\pss\YouTring.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Counter-Strike 1.6 V35\\hl.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\Freezing Cool\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [10/5/2003 11:41 AM 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [9/28/2003 11:57 AM 5504]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 9:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 9:21 AM 468224]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [3/26/2009 11:05 PM 54960]
S1 Dup;Dup;\??\c:\windows\System32\DRIVERS\dup.sys --> c:\windows\System32\DRIVERS\dup.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\FREEZI~1\LOCALS~1\Temp\ELJ84.tmp --> c:\docume~1\FREEZI~1\LOCALS~1\Temp\ELJ84.tmp [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [1/7/2009 10:28 PM 33752]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 5:35 PM 50704]
S3 TridVid;OEM 5600AI Analog plus Digital Video;c:\windows\system32\drivers\TridVid.sys [2/14/2009 7:56 PM 151936]
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {78CA5DED-BA3F-4DF0-A1F6-6F804B5C5BFA} = 192.168.1.1
TCP: {EAF9B5AA-8B34-482F-A9C5-406640C2DE32} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Freezing Cool\Application Data\Mozilla\Firefox\Profiles\klvdcp6g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Freezing Cool\Application Data\Mozilla\Firefox\Profiles\klvdcp6g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-20 18:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\FREEZI~1\LOCALS~1\Temp\ELJ84.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3676)
c:\program files\FlashGet\fgmgr.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-20 18:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 16:30
ComboFix2.txt 2009-08-20 12:42
ComboFix3.txt 2009-08-18 18:56
ComboFix4.txt 2009-07-28 16:22
ComboFix5.txt 2009-08-20 16:17

Pre-Run: 6,376,493,056 bytes free
Post-Run: 6,393,442,304 bytes free

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
304

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo sada izgleda čisto. Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Ako reinstalacija drivera ne pomogne u rešavanju problema sa wireless-om, otvori temu u Windows forumu.

Ko je trenutno na forumu
 

Ukupno su 1119 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 1074 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, ccoogg123, Centauro, d bos, Darkoniii_94, dejoglina, Dorcolac, dule10savic, FOX, Georgius, Griffon vulture, ILGromovnik, Jeremiah, Koridor, kovinacc, Kubovac, ladro, MB120mm, mercedesamg, mikrimaus, milutin134, mnn2, nextyamb, Parker, Petarvu, Povratak1912, pristinski korpus, procesor, RED4G-304, RILE-NS, royst33, Sićko, stalja, Stanlio, stegonosa, styg, suton, vathra, Yellow Pinky