Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

windows explorer blokiran...

[es] :: Zaštita :: windows explorer blokiran...

[ Pregleda: 3011 | Odgovora: 6 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

zsn

Član broj: 156299
Poruke: 17
89.146.168.*



Profil

icon windows explorer blokiran...30.01.2008. u 11:03 - pre 197 meseci
Odnedavno mi se nakon logovanja na winxpu pojavi prozor win-ovog firewalla koji kaze da mi je windows explorer ili neka njegova funkcija blokirana i pita da li da ga nastavi blokirati lli mu dopusti prostup internetu...zasto je tako i da li je to proizvod nekoj trojanca ili slicno
unaprijed hvala
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-3.sezampro.yu.



+3779 Profil

icon Re: windows explorer blokiran...30.01.2008. u 13:27 - pre 197 meseci
Cudno. Odblokiraj to i postavi HiJackThis! log. Uradi pretragu za "HiJackThis!" na ovom forumu.
 
Odgovor na temu

zsn

Član broj: 156299
Poruke: 17
89.146.182.*



Profil

icon Re: windows explorer blokiran...11.02.2008. u 22:24 - pre 197 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:42, on 11.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wnss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Network Security Service (wnss) - Unknown owner - C:\WINDOWS\system32\wnss.exe

--
End of file - 4326 bytes

sorry sto kasnim,...
 
Odgovor na temu

Danijel Krmar
Novi Sad

Član broj: 158660
Poruke: 325
*.eunet.yu.



+9 Profil

icon Re: windows explorer blokiran...11.02.2008. u 23:24 - pre 197 meseci
C:\WINDOWS\system32\wnss.exe i
O23 - Service: Windows Network Security Service (wnss) - Unknown owner - C:\WINDOWS\system32\wnss.exe, je izgleda trojanac Backdoor.Win32.Agent.dvq. Proveri jos sa Combofixom, i okaci log.
A izbrisati mozes:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
www.printeks.rs
 
Odgovor na temu

zsn

Član broj: 156299
Poruke: 17
*.PPPoE-3256.sa.bih.net.ba.



Profil

icon Re: windows explorer blokiran...12.02.2008. u 10:32 - pre 197 meseci
ComboFix 08-02-12.1 - tino 2008-02-12 11:28:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.571 [GMT 1:00]
Running from: C:\Documents and Settings\tino\Desktop\bafer1\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-11 21:10 . 2008-02-11 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 15:50 . 2008-02-07 15:50 <DIR> d-------- C:\Program Files\THQ
2008-02-07 15:49 . 2008-02-07 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-01 17:30 . 2008-02-01 17:30 <DIR> d-------- C:\Program Files\Real
2008-02-01 17:30 . 2008-02-01 17:30 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-01 17:30 . 2008-02-01 17:30 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-20 15:39 . 2008-01-20 15:39 183,416 -r-hs---- C:\WINDOWS\system32\wnss.exe
2008-01-19 14:33 . 2008-01-19 14:33 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-13 17:22 . 2008-01-13 17:22 <DIR> d-------- C:\Documents and Settings\tino\Application Data\IrfanView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 16:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-06 16:17 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-31 18:14 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2008-01-20 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-20 18:05 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-17 18:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-09 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-05 21:49 --------- d-----w C:\Documents and Settings\tino\Application Data\Dev-Cpp
2007-12-14 23:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-14 20:04 22,328 ----a-w C:\Documents and Settings\tino\Application Data\PnkBstrK.sys
2007-12-14 19:40 --------- d-----w C:\Program Files\Activision
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-12 17:47 262,884 ----a-w C:\WINDOWS\IPUI_DivXG400.exe
2007-11-12 14:19 558,142 ----a-w C:\WINDOWS\java\Packages\PBFBT33Z.ZIP
2007-11-12 14:19 155,995 ----a-w C:\WINDOWS\java\Packages\GPNPJ5B9.ZIP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ToUcamVProperty"="C:\PROGRA~1\PHILIP~1\VProperty.exe" [2003-04-02 14:56 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STManager]
--------- 2003-05-28 11:37 118784 C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-01 17:30 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Console Norms]

R2 wnss;Windows Network Security Service;C:\WINDOWS\system32\wnss.exe [2008-01-20 15:39]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a957912-bee6-11dc-afcc-0008541ab64e}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a12d3d6-c91c-11dc-b00b-0008541ab64e}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 11:29:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ToUcamVProperty = C:\PROGRA~1\PHILIP~1\VProperty.exe??~?1?\?V?P?r?o?p?e?r?t?y?.?e?x?e???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-12 11:29:44
.
2007-12-02 01:06:22 --- E O F ---





combofix log...
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3779 Profil

icon Re: windows explorer blokiran...12.02.2008. u 11:31 - pre 197 meseci
Skini SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Kad skines SDFix, pokreni ga duplim klikom i instalirace se na svojoj defaultnoj lokaciji C:\SDFix... Posle toga restartuj racunar, udji u Safe Mode i nadji C:\SDFix. Kad udjes u C:\SDFix pokreni RunThis.bat duplim klikom na isti i upisi Y da bi poceo sa skeniranjem i ciscenjem trojanaca. Kad zavrsi taj deo ciscenja javice "press any key to reboot", nakon cega ces pritisnuti bilo koji taster da bi restartovao racunar. Kad se racunar restaruje pre nego sto se Windows podigne SDFix ce nastaviti sa ciscenjem dok ne zavrsi i obavesti te, nakon cega ces pritisnuti bilo koji taster da bi usao u Windows. Kad udjes u Windows pojavice se SDFix report koji ce biti sacuvan kao Report.txt. Okaci report ovde kad budes sve ovo zavrsio i naravno novi HiJackThis! log.
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3779 Profil

icon Re: windows explorer blokiran...13.02.2008. u 01:07 - pre 197 meseci
Kako ide sa SDfix-om?
 
Odgovor na temu

[es] :: Zaštita :: windows explorer blokiran...

[ Pregleda: 3011 | Odgovora: 6 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.