Log file

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

1.

mycity.rs/must-login.png

2.

ComboFix 08-02.03.1 - Biljanko 2008-02-07 1:30:02.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1512 [GMT 1:00]
Running from: C:\Documents and Settings\Biljanko\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\tmpPrst.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 21:23 . 2008-02-06 21:23 14 --a------ C:\WINDOWS\system32\tmpPrst.tgz
2008-02-06 02:30 . 2008-02-07 01:24 250 --a------ C:\WINDOWS\gmer.ini
2008-02-03 15:28 . 2008-02-03 15:28 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-03 15:07 . 2008-02-03 15:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-03 15:05 . 2008-02-03 15:05 <DIR> d-------- C:\kav
2008-02-01 03:20 . 2008-02-01 03:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-01 03:20 . 2008-02-06 02:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-31 20:48 . 2008-01-31 20:50 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-31 17:17 . 2008-01-31 17:14 691,545 --a------ C:\WINDOWS\unins000.exe
2008-01-31 17:17 . 2008-01-31 17:17 3,455 --a------ C:\WINDOWS\unins000.dat
2008-01-31 17:08 . 2008-01-31 17:08 70,129 --------- C:\AVG7QT.DAT
2008-01-31 16:57 . 2008-01-31 16:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-31 16:57 . 2008-02-03 14:52 <DIR> d-------- C:\Documents and Settings\Biljanko\Application Data\AVG7
2008-01-31 16:56 . 2008-02-03 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-31 15:57 . 2008-01-31 15:57 109,248 --a------ C:\WINDOWS\system32\MSWINSCN.OCX
2008-01-31 15:39 . 2008-01-31 15:39 <DIR> d-------- C:\WINDOWS\Web Download
2008-01-31 06:58 . 2008-01-31 06:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-31 06:58 . 2008-02-04 04:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 06:38 . 2008-01-31 06:38 <DIR> d-------- C:\Program Files\CCleaner
2008-01-31 04:43 . 2008-02-03 12:04 329 --a------ C:\WINDOWS\wininit.ini
2008-01-31 03:37 . 2008-01-31 03:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-31 03:03 . 2008-01-31 03:03 2 --a------ C:\817147028
2008-01-25 00:08 . 2008-01-25 00:32 <DIR> d-------- C:\Documents and Settings\Biljanko\Application Data\Ableton
2008-01-25 00:08 . 2008-01-25 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-01-25 00:07 . 2006-09-27 20:21 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-01-25 00:06 . 2008-01-25 00:32 <DIR> d-------- C:\Program Files\Ableton
2008-01-24 23:50 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-24 23:50 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-24 23:47 . 2008-01-24 23:47 <DIR> d-------- C:\WINDOWS\system32\INF
2008-01-24 23:47 . 2005-06-14 13:44 85,504 --a------ C:\WINDOWS\system32\ma_cmidn.dll
2008-01-24 23:47 . 2005-06-14 13:44 21,888 --a------ C:\WINDOWS\system32\drivers\ma_cmidi.sys
2008-01-24 23:47 . 2005-06-14 13:44 17,920 --a------ C:\WINDOWS\system32\MA_CMIDI.DLL
2008-01-24 23:47 . 2005-06-14 13:44 14,176 --a------ C:\WINDOWS\system32\MA_CMIDI.DRV
2008-01-24 23:47 . 2005-06-14 13:44 7,282 --a------ C:\WINDOWS\system32\MA_CMIDI.VXD
2008-01-24 23:46 . 2008-01-24 23:47 <DIR> d-------- C:\Program Files\M-Audio MA_CMIDI
2008-01-21 04:28 . 2008-01-21 04:28 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-16 15:56 . 2008-01-22 01:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-16 15:49 . 2008-01-16 15:58 <DIR> d-------- C:\Documents and Settings\Biljanko\Application Data\Ahead
2008-01-16 15:48 . 2008-01-16 15:48 <DIR> d-------- C:\Program Files\Nero
2008-01-16 15:48 . 2008-01-16 15:49 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-14 03:34 . 2008-01-14 03:34 <DIR> d-------- C:\Documents and Settings\Biljanko\Application Data\Uniblue
2008-01-13 16:13 . 2008-01-13 16:13 <DIR> d-------- C:\Documents and Settings\Biljanko\Application Data\ATI
2008-01-13 04:03 . 2008-01-13 04:03 <DIR> d-------- C:\Documents and Settings\Biljanko\WINDOWS
2008-01-13 03:58 . 2008-01-13 16:09 <DIR> d-------- C:\Documents and Settings\Biljanko\Application Data\SlipStream
2008-01-13 03:52 . 2008-02-01 05:07 <DIR> d-------- C:\torrent
2008-01-12 18:44 . 2008-01-13 03:18 <DIR> d-------- C:\Incomplete
2008-01-12 18:41 . 2008-01-13 02:52 <DIR> d-------- C:\LimeWire fileovi
2008-01-12 18:40 . 2008-01-12 18:40 <DIR> d-------- C:\Program Files\LimeWire
2008-01-12 18:40 . 2008-01-13 02:52 <DIR> d-------- C:\Documents and Settings\Biljanko\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 19:15 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\MailWasherPro
2008-02-01 14:54 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\uTorrent
2008-01-31 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 19:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-31 14:57 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-01-31 02:19 --------- d-----w C:\Program Files\uTorrent
2008-01-24 22:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 23:06 196,582 ----a-w C:\WINDOWS\system32\drivers\aStandard.bin
2007-12-26 02:07 --------- d-----w C:\Program Files\Stamina
2007-12-20 17:17 --------- d-----w C:\Program Files\XnView
2007-12-20 17:10 --------- d-----w C:\Program Files\AC3Filter
2007-12-20 17:03 --------- d-----w C:\Program Files\QuickTime Alternative
2007-12-20 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 17:02 --------- d-----w C:\Program Files\Real Alternative
2007-12-20 16:56 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-19 06:45 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-18 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Samsung
2007-12-18 21:22 --------- d-----w C:\Program Files\Samsung
2007-12-18 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2007-12-18 02:29 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\GRETECH
2007-12-18 02:28 --------- d-----w C:\Program Files\GRETECH
2007-12-18 00:45 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\Media Player Classic
2007-12-17 18:55 --------- d-----w C:\Program Files\Mv2Player
2007-12-17 02:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-17 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-17 00:28 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\Corel
2007-12-17 00:12 --------- d-----w C:\Program Files\Common Files\Corel
2007-12-17 00:06 --------- d-----w C:\Program Files\Corel
2007-12-16 23:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 02:17 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-16 02:16 --------- d-----w C:\Program Files\Java
2007-12-16 02:16 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\SystemRequirementsLab
2007-12-16 02:13 --------- d-----w C:\Program Files\Common Files\Java
2007-12-16 01:33 --------- d-----w C:\Program Files\HP
2007-12-16 01:14 --------- d-----w C:\Program Files\Common Files\HP
2007-12-16 01:12 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-16 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-12-16 00:40 --------- d-----w C:\Program Files\WinPcap
2007-12-15 23:02 --------- d-----w C:\Program Files\Webteh
2007-12-15 21:56 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-12-15 16:16 --------- d-----w C:\Program Files\Free Internet Window Washer
2007-12-15 15:33 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-15 15:21 --------- d-----w C:\Program Files\CD to MP3 Freeware
2007-12-15 13:58 --------- d-----w C:\Program Files\MailWasher
2007-12-15 01:18 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-14 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-14 21:57 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-14 21:57 --------- d-----w C:\Program Files\Windows Live
2007-12-14 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-14 21:28 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\Talkback
2007-12-14 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-14 18:18 --------- d-----w C:\Program Files\Bonjour
2007-12-14 18:17 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-14 18:13 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-14 17:46 --------- d-----w C:\Program Files\Native Instruments
2007-12-14 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-13 17:29 --------- d-----w C:\Program Files\IK Multimedia
2007-12-13 17:20 --------- d-----w C:\Program Files\TCWorks
2007-12-13 17:09 --------- d-----w C:\Program Files\Antares Audio Technologies
2007-12-13 17:09 --------- d-----w C:\Program Files\Antares
2007-12-13 17:08 --------- d-----w C:\Program Files\Waves
2007-12-13 17:05 --------- d-----w C:\Program Files\Superwave
2007-12-13 16:56 --------- d-----w C:\Program Files\KORG
2007-12-13 16:56 --------- d-----w C:\Program Files\Common Files\KORG
2007-12-13 16:55 --------- d-----w C:\Program Files\Edirol
2007-12-13 16:54 --------- d-----w C:\Program Files\Way Out Ware
2007-12-13 16:54 --------- d-----w C:\Program Files\Arturia
2007-12-13 16:48 --------- d-----w C:\Program Files\Garritan Personal Orchestra
2007-12-13 15:47 --------- d-----w C:\Program Files\East West
2007-12-13 15:14 --------- d-----w C:\Program Files\Spectrasonics
2007-12-13 12:28 --------- d-----w C:\Program Files\Toontrack
2007-12-13 12:15 --------- d-----w C:\Program Files\Common Files\Digidesign
2007-12-13 11:32 --------- d-----w C:\Program Files\Zero-G
2007-12-13 10:32 --------- d-----w C:\Program Files\Zards software
2007-12-13 09:57 --------- d-----w C:\Program Files\XLN Audio
2007-12-13 09:57 --------- d-----w C:\Program Files\Steinberg
2007-12-13 08:48 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\Steinberg
2007-12-13 08:44 --------- d-----w C:\Program Files\Syncrosoft
2007-12-13 06:50 --------- d-----w C:\Program Files\M-Audio
2007-12-12 23:08 --------- d-----w C:\Documents and Settings\Biljanko\Application Data\Nero
2007-12-12 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-12 23:06 --------- d-----w C:\Program Files\Sony Setup
2007-12-12 23:05 --------- d-----w C:\Program Files\OO Software
2007-12-12 22:49 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-12 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-12-12 22:06 --------- d-----w C:\Program Files\My Company Name
2007-12-12 22:06 --------- d-----w C:\Program Files\ASUS
2007-12-12 22:04 --------- d-----w C:\Program Files\ATI Technologies
2007-12-12 22:01 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-12-12 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-12 21:49 --------- d-----w C:\Program Files\Realtek
2007-12-12 21:48 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-12 21:47 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-12-12 21:45 --------- d-----w C:\Program Files\Intel
2007-12-12 21:33 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08 1953792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 10:03 380928]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"M-Audio Delta Taskbar Icon"="C:\WINDOWS\System32\DeltTray.exe" [2004-08-26 23:43 56320]
"DeltTray"="DeltTray.exe" [2004-08-26 23:43 56320 C:\WINDOWS\system32\delttray.exe]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk.disabled [2007-12-16 02:13:02 1817]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-12 22:47]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 13:44]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 07:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 07:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 07:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 23:37:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-07 01:30:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 1:31:02
ComboFix-quarantined-files.txt 2008-02-07 00:30:47
ComboFix2.txt 2008-02-06 01:23:41
ComboFix3.txt 2008-02-04 14:21:49
.
2008-02-02 22:54:30 --- E O F ---

3.

Fileova iz C:\Windows\Temp više nema. Gledala sam i sa uključenom opcijom za hidden fileove ali tu nema ništa. Ni Spybot ih više ne detektuje.

U folderu C:\avenger postoji samo file backup i to ću postaviti. Filea 'avenger.zip' nema.
Obaveštavam te da je file uspešno postavljen.

Takodje hoću da napomenem da je kompjuter bio na internetu isključivo u safe modu. Scanovi su radjeni u normalnom modu ali bez veze sa internetom. Sad ne znam da li bi se opet pomoću nekog procesa koga možda nismo uspeli da obrišemo ponovo obnovili fileovi u temp folderu - ne bih da probam! Sačekaću da logovi budu čisti.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. Hvala. Za sad sve dobro radi. Spybot nije ništa otkrio, instalirala sam Avast...Ništa mi više ne restartuje komp Još jednom hvala na pomoći!