Poslao: 11 Nov 2009 10:11
|
offline
- Dexter
- Počasni građanin
- Pridružio: 03 Apr 2004
- Poruke: 987
- Gde živiš: Novi Sad
|
Znaci, problemi se javljaju sa mrezom, posle nekog vremena racunar jednostavno prestaje da komunicira sa internetom, nece da stampa na mrezni stampac itd. Povremeno se zablokiraju mis i tastatura, i desava se da se sam od sebe otvori My Documents.
Pokusavao sam da skeniram sa Malwarebytes-om, BitDefender online i ESET Online, navodno nadju infekcije i obrisu, ali se posle reboota vraca.
Na masini nema instaliranog antivirusa (nikad do sada nije ni trebao), a mislim da je zaraza dosla preko nekog USB drajva.
DDS (Ver_09-10-26.01) - NTFSx86
Run by RTV Duga at 9:55:11,51 on sre 11.11.2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1023.649 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mv2Player\Mv2Player.exe
C:\totalcmd\WINCMD32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe
C:\Documents and Settings\RTV Duga\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\rtv duga\junaa.exe \s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"
mRun: [WMI RPC Server] c:\windows\system32\wmisrpc.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: LMIinit - LMIinit.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rtvdug~1\applic~1\mozilla\firefox\profiles\ddvi9pb9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\rtv duga\application data\mozilla\firefox\profiles\ddvi9pb9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\rtv duga\application data\mozilla\firefox\profiles\ddvi9pb9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\rtv duga\application data\mozilla\firefox\profiles\ddvi9pb9.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
============= SERVICES / DRIVERS ===============
R0 hafgrgkp;hafgrgkp;c:\windows\system32\drivers\hafgrgkp.sys [2009-11-10 40128]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-3 47640]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2006-9-9 70016]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/09/2005, 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-4-22 33792]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
=============== Created Last 30 ================
2009-11-11 08:42:57 15360 ---ha-w- c:\documents and settings\rtv duga\junaa.exe
2009-11-11 08:39:46 15360 ---ha-w- c:\documents and settings\rtv duga\uuon.exe
2009-11-11 08:11:30 24576 ----a-w- c:\windows\system32\userinit.exe
2009-11-10 14:00:37 0 d-----w- C:\!!
2009-11-10 13:46:35 0 d-----w- c:\program files\SHOUTcast
2009-11-10 13:36:07 0 d-----w- c:\docume~1\rtvdug~1\applic~1\Malwarebytes
2009-11-10 13:36:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 13:36:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 13:36:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 13:36:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-10 13:33:07 68608 ---h--w- c:\windows\system32\secupdat.dat
2009-11-10 13:33:00 697 ----a-w- c:\documents and settings\rtv duga\netsf_m.inf
2009-11-10 13:33:00 56576 ----a-w- c:\windows\system32\drivers\ndisvvan.sys
2009-11-10 13:33:00 1754 ----a-w- c:\documents and settings\rtv duga\netsf.inf
2009-11-10 13:10:35 98816 ----a-w- c:\windows\sed.exe
2009-11-10 13:10:35 77312 ----a-w- c:\windows\MBR.exe
2009-11-10 13:10:35 267264 ----a-w- c:\windows\PEV.exe
2009-11-10 13:10:35 161792 ----a-w- c:\windows\SWREG.exe
2009-11-10 08:28:07 40128 ----a-w- c:\windows\system32\drivers\hafgrgkp.sys
2009-11-10 08:17:59 0 d-----w- c:\program files\ESET
2009-11-10 07:11:51 0 d-----w- c:\docume~1\rtvdug~1\applic~1\QuickScan
2009-11-08 19:24:42 151040 ----a-w- c:\windows\system32\wmisrpc.exe
==================== Find3M ====================
2009-10-02 13:28:36 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 13:28:32 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-02 13:28:31 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-08 13:24:21 11552 -c--a-w- c:\windows\system32\LMImirr2.dll
2009-09-08 13:24:20 25248 -c--a-w- c:\windows\system32\LMImirr.dll
============= FINISH: 9:55:23,65 ===============
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
|
|
|
|
|
Poslao: 11 Nov 2009 17:17
|
offline
- Dexter
- Počasni građanin
- Pridružio: 03 Apr 2004
- Poruke: 987
- Gde živiš: Novi Sad
|
Evo ga log
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\documents and settings\rtv duga\junaa.exe" deleted successfully.
File "c:\documents and settings\rtv duga\uuon.exe" deleted successfully.
File "c:\windows\system32\drivers\hafgrgkp.sys" deleted successfully.
File "c:\windows\system32\wmisrpc.exe" deleted successfully.
File "c:\windows\system32\drivers\ndisvvan.sys" deleted successfully.
File "c:\windows\system32\secupdat.dat" deleted successfully.
File "c:\documents and settings\rtv duga\netsf_m.inf" deleted successfully.
File "c:\documents and settings\rtv duga\netsf.inf" deleted successfully.
Driver "hafgrgkp" deleted successfully.
Driver "Passthru" deleted successfully.
Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WMI RPC Server" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Inace net radi, pisem sa tog kompa.
|
|
|
|
Poslao: 11 Nov 2009 17:46
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Daj mi svez DDS log
Jedno pitanje: a koji je tacan razlog zbog kog ovaj racunar nema nikakvu real-time zastitu?
|
|
|
|
Poslao: 11 Nov 2009 17:46
|
offline
- Dexter
- Počasni građanin
- Pridružio: 03 Apr 2004
- Poruke: 987
- Gde živiš: Novi Sad
|
Samo mi je ovo cudno, u Device Manageru mi se javljanju jos neke stavke oko mrezne karte, koje nikako ne mogu ni da apdejtujem drajvere, ni da ih uklonim... Evo slike.
|
|
|
|
Poslao: 11 Nov 2009 18:08
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
To vec nije u mojoj nadleznosti...probaj negde na netu da nadjes odgovarajuce drajvere pa ih rucno instaliraj..
Nego :
Citat:Daj mi svez DDS log
Jedno pitanje: a koji je tacan razlog zbog kog ovaj racunar nema nikakvu real-time zastitu?
|
|
|
|
|
|
Poslao: 11 Nov 2009 20:05
|
offline
- Dexter
- Počasni građanin
- Pridružio: 03 Apr 2004
- Poruke: 987
- Gde živiš: Novi Sad
|
NOD je nasao par zaostalih fajlova i obrisao, koliko mi se cini sve radi OK. Ako primetim nesto da zeza javicu.
|
|
|
|