MyCity » Ambulanta -> Arhiva Ambulante » internet non-stop

internet non-stop

Napisano na dan: 15.1.2008

internet non-stop
Sledeća strana Pagination

Idi na vrh

Poslao: 15 Jan 2008 08:49
Idi na vrh
offline
  • Pridružio: 15 Jan 2008
  • Poruke: 1

Zamolio bih vas za pomoc, naime internet mi je non stop aktivan i neznam sta da radim, verovatno mi se uvukao neki trojanac koga sam bezuspesno otklonio.
u prilog saljem log file



Logfile of HijackThis v1.99.1
Scan saved at 7:10:11 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
F:\install\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon .exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?864652db6ba549eaa2a2026b08534435
O8 - Extra context menu item: Open in new foreground tab - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?864652db6ba549eaa2a2026b08534435
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yvjjeduc - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Dopuna: 15 Jan 2008 7:50

evo saljem log file combo fix-a mozda ce vam biti od pomoci



ComboFix 08-01-15.4 - Gilera 2008-01-16 7:31:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.925 [GMT 1:00]
Running from: F:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\jbfkqfds.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\vbxpdwyn.dll
C:\WINDOWS\system32\yvjjeduc.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-16 07:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 02:11 . 2003-09-24 09:44 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll
2008-01-16 02:11 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-01-16 02:11 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-01-16 02:11 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-01-16 02:11 . 2003-09-24 09:44 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2008-01-16 02:11 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-01-16 01:33 . 2008-01-16 01:33 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-01-16 01:32 . 2008-01-16 01:32 <DIR> d-------- C:\Program Files\HP
2008-01-16 01:32 . 2008-01-16 01:33 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-16 01:32 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-16 01:31 . 2008-01-16 01:34 236,082 --a------ C:\WINDOWS\hpdj5100.his
2008-01-16 01:31 . 2008-01-16 01:34 11,975 --a------ C:\WINDOWS\hpdj5100.ini
2008-01-16 01:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-16 01:27 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-16 00:58 . 2008-01-16 00:58 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\Nokia
2008-01-16 00:56 . 2008-01-16 00:57 <DIR> d-------- C:\Program Files\Nokia
2008-01-16 00:56 . 2008-01-16 00:56 <DIR> d-------- C:\Program Files\DIFX
2008-01-16 00:56 . 2008-01-16 00:56 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-01-16 00:56 . 2008-01-16 00:56 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-01-16 00:56 . 2008-01-16 00:56 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\PC Suite
2008-01-16 00:56 . 2008-01-16 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-16 00:56 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-16 00:56 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-01-16 00:56 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-16 00:56 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-16 00:56 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-01-16 00:56 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-16 00:56 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2008-01-16 00:55 . 2008-01-16 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-15 19:28 . 2008-01-15 19:28 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\Grisoft
2008-01-15 19:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 16:25 . 2008-01-15 16:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-15 16:17 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-15 16:17 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-15 16:17 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-15 16:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-15 16:17 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-15 16:17 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-15 15:49 . 2008-01-15 15:53 5,400,054 --a------ C:\WINDOWS\ACD Wallpaper.bmp
2008-01-15 15:32 . 2008-01-15 16:17 2,346 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-15 15:02 . 2008-01-15 15:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-15 15:02 . 2008-01-15 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-15 07:02 . 2008-01-15 14:29 <DIR> d-------- C:\Program Files\Trojan Remover
2008-01-15 07:02 . 2008-01-15 07:02 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\Simply Super Software
2008-01-15 06:50 . 2008-01-15 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 05:36 . 2008-01-16 04:40 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-01-15 05:33 . 2008-01-15 05:33 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-15 05:12 . 2008-01-15 15:59 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-15 05:12 . 2008-01-15 05:12 <DIR> d-------- C:\Program Files\Crawler
2008-01-15 05:12 . 2008-01-16 04:35 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\Spyware Terminator
2008-01-15 05:12 . 2008-01-15 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-01-14 19:27 . 2008-01-14 20:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 19:27 . 2008-01-15 15:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 19:27 . 2008-01-14 19:27 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\SUPERAntiSpyware.com
2008-01-14 19:27 . 2008-01-14 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 19:22 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-14 19:16 . 2008-01-15 19:23 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-14 18:29 . 2008-01-15 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-14 17:57 . 2008-01-15 06:48 <DIR> d-------- C:\Program Files\Advanced Spyware Remover Pro
2008-01-14 17:57 . 2008-01-14 17:58 10,048 --a------ C:\WINDOWS\system32\mspriv32.dll
2008-01-14 17:48 . 2008-01-14 17:48 <DIR> d-------- C:\Program Files\Error Repair Professional
2008-01-14 17:19 . 2008-01-14 17:19 <DIR> d-------- C:\Program Files\TimeAdjuster
2008-01-13 16:26 . 2008-01-13 16:26 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-13 16:25 . 2008-01-13 16:25 <DIR> d-------- C:\Program Files\Real
2008-01-13 16:25 . 2008-01-13 16:25 <DIR> d-------- C:\Documents and Settings\Gilera\Contacts
2008-01-13 16:24 . 2008-01-13 16:26 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-13 16:24 . 2008-01-13 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-01-13 16:23 . 2008-01-16 00:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-13 16:23 . 2008-01-15 05:21 <DIR> d-------- C:\Program Files\MSN Messenger
2008-01-13 00:41 . 2008-01-13 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-13 00:41 . 2008-01-15 16:37 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\AVG7
2008-01-13 00:39 . 2008-01-13 00:39 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-13 00:16 . 2008-01-14 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-12 23:24 . 2008-01-12 23:24 <DIR> d-------- C:\Program Files\uTorrent
2008-01-12 23:24 . 2008-01-16 07:08 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\uTorrent
2008-01-12 23:11 . 2008-01-12 23:11 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-12 23:03 . 2008-01-12 23:03 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-12 21:39 . 2008-01-12 21:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-01-12 21:32 . 2008-01-16 04:35 <DIR> d-------- C:\Program Files\Xfire
2008-01-12 21:32 . 2008-01-16 06:53 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\Xfire
2008-01-12 21:05 . 2008-01-12 21:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-12 21:02 . 2008-01-12 21:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-12 21:02 . 2008-01-16 04:56 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-12 21:02 . 2008-01-12 21:39 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-12 21:02 . 2008-01-16 04:57 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-12 21:02 . 2008-01-12 21:02 22,328 --a------ C:\Documents and Settings\Gilera\Application Data\PnkBstrK.sys
2008-01-12 21:01 . 2008-01-12 21:01 311 --a------ C:\WINDOWS\game.ini
2008-01-12 20:52 . 2008-01-12 20:52 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-12 20:12 . 2008-01-12 20:12 <DIR> d-------- C:\Documents and Settings\Gilera\Application Data\ACD Systems
2008-01-12 20:00 . 2004-08-04 01:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-12 20:00 . 2008-01-12 19:27 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-11 01:29 . 2008-01-11 01:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 17:24 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-01-12 23:39 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-12 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 18:54 --------- d-----w C:\Program Files\Winamp
2008-01-12 18:54 --------- d-----w C:\Program Files\DFX
2008-01-12 18:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-12 18:50 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-01-12 18:48 --------- d-----w C:\Program Files\Nero
2008-01-12 18:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-12 18:48 --------- d-----w C:\Documents and Settings\Gilera\Application Data\Ahead
2008-01-12 18:47 --------- d-----w C:\Program Files\Java
2008-01-12 18:46 --------- d-----w C:\Program Files\Common Files\Java
2008-01-12 18:44 262,883 ----a-w C:\WINDOWS\IPUI_DivXG400.exe
2008-01-12 18:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-12 18:39 65,856 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-01-12 18:39 --------- d-----w C:\Program Files\Common Files\Acronis
2008-01-12 18:39 --------- d-----w C:\Program Files\Acronis
2008-01-12 18:35 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-12 18:35 --------- d-----w C:\Program Files\MozBackup
2008-01-12 18:34 --------- d-----w C:\Program Files\MainConcept
2008-01-12 18:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-12 18:33 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-01-12 18:33 --------- d-----w C:\Program Files\ACD Systems
2008-01-12 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-01-12 18:27 --------- d-----w C:\Program Files\Realtek
2008-01-12 18:08 --------- d-----w C:\Program Files\microsoft frontpage
.
<pre>
----a-w           133,016 2008-01-12 23:39:12  C:\Program Files\DAEMON Tools\daemon .exe
----a-w            36,975 2008-01-12 23:39:11  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w           158,208 2008-01-14 17:24:32  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           155,648 2008-01-12 23:39:11  C:\WINDOWS\system32\NeroCheck .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:07 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 03:34 8466432]
"nwiz"="nwiz.exe" [2007-07-23 03:34 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 03:34 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 07:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-14 20:24 579072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-15 05:16 2834432]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [2008-01-15 19:34 6731312]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon .exe" [2008-01-13 00:39 133016]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 14:43 188416]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-28 19:03 4579328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 20:24 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yvjjeduc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\mljge.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M2111]
C:\DOCUME~1\Gilera\LOCALS~1\Temp\qrjatydi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-15 05:33]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 06:05:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-16 01:21:01 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY44S4P0JD7A.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-16 07:41:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 7:42:04
ComboFix-quarantined-files.txt 2008-01-16 06:41:56

Dopuna: 15 Jan 2008 8:14

inace koristim sbb flat internet konekciju

Dopuna: 15 Jan 2008 8:49

e ljudi mnogo sam dosadan, al sta da radim,odgovotite pleaseeeeee

posto sam na flat-u dosta koristim torrente i od velike mi je vaznosti da resim ovaj problem jer mi neko sr*** vuce dosta download

pozzzzz



Poslao: 15 Jan 2008 23:47
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Samo strpljivo...
Mi ponekada i spavamo, radimo i sl. OK?



Skini sledeci program:
[Link mogu videti samo ulogovani korisnici]

Pokreni ga i pređi na Script tab. U prozor programa kopiraj tekst koji se nalazi unutar kod polja:
files:
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\WINDOWS\system32\NeroCheck .exe
Klikni Run.

Uploaduj mi file catchme.zip koji će se nalaziti na desktopu preko sledeće forme:
[Link mogu videti samo ulogovani korisnici]

Javi kada odradiš upload...

Dopuna: 15 Jan 2008 23:47

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yvjjeduc]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M2111]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Takođe, reci mi kakvo je sada stanje.



MyCity » Ambulanta -> Arhiva Ambulante » internet non-stop

Ko je trenutno na forumu
 

Ukupno su 1220 korisnika na forumu :: 141 registrovanih, 13 sakrivenih i 1066 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100ka, A.R.Chafee.Jr., aleksmajstor, Alexa77, AndrejPetar, Apok, aramis s, babaroga, Bane5, BB, Belac91, bgs, bobomicek, bojan581, bokisha253, boxbole, bpop, bufanje, Cian, dankisha, Deki Duga Devetka, dekiz, deLacy, DH, Djota1, Dorcolac, dulleo, Electron, esko_hz, Fabius, filip1326, Flanker-G, Futurama, Gerilac, Gogi_avio, gregorxix, Hardenberg, Heisenberg99, Hitri, Holy Saber, iceburn, Ir, istina, Istman, Jonbonjovi, Josef, K-1A, Kolimator, kolle.the.kid, koom0001, Kubovac, kunktator, lafa008, lcc, Lester Freamon, LjubisaR, LostInSpaceandTime, M74AB3, macak44, MarijaC84, mat, MB120mm, mercedesamg, Mercury, Metanoja, Mi lao shu, Milan Miscevic, milos.cbr, mir, mist-mist, mix1, Mićko, MK10, monomah, Motocar, Mskok, Murko, N.e.m.a.nj.a., narandzasti, Ne doznajem se u oružje, neko iz mase, nevjerna beba, nisamBot, nnnnnnnnnn, novator, Orc, paja69, Paklenica, panzerwaffe, PlayerOne, Polifon, precan, PrincipL, proka89, Rothmans, S94, Sagotolio, samocitam, Sančo, sekretar, Shadow soldier, Shinobi, silikon, Sir Budimir, Sićko, Smajser, spalev, Sr.Stat., Srky Boy, strn, styg, synergia, Tas011, tenkiasta71, theNedjeljko, Token, Tribal, Trpe Grozni, tubular, tvlada, vasa.93, vensla, vidra1, Vlad000, voja64, Volkhov-M, VOŽD, vuksa72, wolf431, XBMC, Yugol33, YugoSlav, zafon031, Zdilar, ZetaMan, zlatkoa987, zokizemun, Zorge, Zrcalo, šumar bk2, 79693