MyCity » Ambulanta -> Arhiva Ambulante » Provera loga

Provera loga

Napisano na dan: 22.11.2008
1

Provera loga
Sledeća strana Pagination

Idi na vrh

Poslao: 22 Nov 2008 20:16
Idi na vrh
offline
  • 3nsim 
  • Novi MyCity građanin
  • Pridružio: 22 Nov 2008
  • Poruke: 9

ComboFix 08-11-22.01 - USER 2008-11-22 20:08:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.537 [GMT 1:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.

2008-11-18 22:53 . 2008-11-18 22:53 293 --a------ C:\nene tr.csv
2008-11-18 22:15 . 2008-11-18 22:29 443 --a------ C:\nevzetatrubljanin.csv
2008-11-17 14:59 . 2008-11-17 14:59 <DIR> d-------- C:\ATI
2008-11-17 14:58 . 2008-11-17 14:58 <DIR> d-------- c:\documents and settings\USER\Application Data\CoSoSys
2008-11-17 14:48 . 2008-11-17 14:48 <DIR> d-------- c:\documents and settings\USER\Application Data\zweitgeist

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 17:20 --------- d-----w c:\documents and settings\USER\Application Data\AVG7
2008-10-30 13:15 --------- d-----w c:\documents and settings\USER\Application Data\Image Zone Express
2008-10-04 22:46 --------- d-----w c:\program files\Disney Interactive
2008-09-24 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-24 18:09 --------- d-----w c:\documents and settings\USER\Application Data\MSNInstaller
2008-09-24 16:41 --------- d-----w c:\documents and settings\USER\Application Data\skypePM
2008-09-17 14:47 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-08-31 17:30 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-06-21 11:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-20 590848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"etMonitor"="c:\windows\etMon.exe" [2007-04-13 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-01 219136]

c:\documents and settings\USER\Start Menu\Programs\Startup\
Corel Registration.lnk - c:\program files\Corel\Graphics9\Register\Remind32.exe [2007-11-29 67584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
PCSuiteForNokia7650 Detect.lnk - D:\connmngmntbox.exe [2008-02-16 192512]
PCSuiteForNokia7650 TS.lnk - D:\ectaskscheduler.exe [2008-02-16 258112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= c:\progra~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= c:\progra~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= c:\progra~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= c:\progra~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= c:\progra~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= c:\progra~1\K-LITE~1\codecs\l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 c:\windows\Tasks\Schedule Task Weekly.job
- d:\registry easy\RE.exe [2008-07-17 14:49]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-22 20:08:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-22 20:09:12
ComboFix-quarantined-files.txt 2008-11-22 19:09:10
ComboFix2.txt 2008-11-22 18:23:55

Pre-Run: 8,383,926,272 bytes free
Post-Run: 8,374,579,200 bytes free

133

Poslao: 22 Nov 2008 21:23
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Postavio si CF log (i to u tuđu temu).

Zašto?

Poslao: 24 Nov 2008 20:19
Idi na vrh
offline
  • 3nsim 
  • Novi MyCity građanin
  • Pridružio: 22 Nov 2008
  • Poruke: 9

greskom. pojma nemam sta sam uradila a treba mi vasa pomoc jer mi kompjuter ocajno radi a i autorun.exe me mnogo zeza i neznam kako da ga odklonim. cula za combofix a neznam da odradim do kraja.HELPP end SORY.

Poslao: 24 Nov 2008 21:26
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovako ćemo... Isprati uputstvo za postavljanje HijackThis loga:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

i pojasni malo kako te to ''autorun.exe mnogo zeza''.

Poslao: 02 Dec 2008 20:22
Idi na vrh
offline
  • 3nsim 
  • Novi MyCity građanin
  • Pridružio: 22 Nov 2008
  • Poruke: 9

zdravo,
slijedila sam vasa uputstva ali kada treba da odradim 3.korak tj. da pokrenem Hijack This, pojavi se prozor na kojem pise: OPEN FILE-SECURITY WARNING a u prozoru pise :
DO YOU WANT YO RUN THIS FILE?i ima dugme za RUN i CANCEL. Ja ne smijem kliknuti ni na jedno ( vec ga iksiram) jer me zabrinjava zuti stit u donjem lijevom uglu koji ima crni znak uzvika na sebi.
Dalje ste rekli da trebam imati instaliran SP2 ili SP3. Iskreno ja i ne znam sta je to a kamo li sta imam, pa ako je moguce daj te mi neko uputstvo kako da provjerim da li instaliran SR1.
Pod tackom 5, o konekciji. DIAL UP je.
Sto se tice tacke 6, nemam lose navike,i ne volim zabranjeno i tako te stvari.
Zamalo zaboravih. Taj "autorun.exe"mi je brat rekao da napisem jer kaze da postoji u kompjuteru, tako da ja ne znam sta je mislio pod tim "zeza".

Poslao: 02 Dec 2008 21:01
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Samo ti bez brige klikni Run...

Kada postaviš log, videćemo da li tu ima nešto problematično.

Poslao: 03 Dec 2008 17:40
Idi na vrh
offline
  • 3nsim 
  • Novi MyCity građanin
  • Pridružio: 22 Nov 2008
  • Poruke: 9

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:10, on 3.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\etMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\connmngmntbox.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\ectaskscheduler.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\USER\Desktop\New Folder\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = t-com.me/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cg.rs:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C89417-2744-4ED1-95A4-F69E7F644576}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{11C89417-2744-4ED1-95A4-F69E7F644576}: NameServer = 195.66.160.1 195.66.160.2
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - bojanke.com/small/jesen_1024x768.jpg

--
End of file - 6706 bytes

Poslao: 03 Dec 2008 17:52
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Spojio sam teme...



Sem dva file-a koji su na jako čudnom mestu, ne vidim nešto problematično.


Upload-uj file: D:\connmngmntbox.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php



Obriši verziju ComboFix-a koju trenutno imaš (ako već nisi obrisala), a zatim skini najnoviju.



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 03 Dec 2008 21:09
Idi na vrh
offline
  • 3nsim 
  • Novi MyCity građanin
  • Pridružio: 22 Nov 2008
  • Poruke: 9

uploadovala sam trazeni fajl.
hvala na razumijevanju i pomoci jednoj neznalici.

Dopuna: 03 Dec 2008 20:43

ComboFix 08-12-02.02 - USER 2008-12-03 20:32:27.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.534 [GMT 1:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 16:37 . 2008-12-03 16:37 <DIR> d-------- c:\windows\LastGood
2008-12-02 20:17 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-02 18:17 . 2008-12-03 16:37 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-02 18:17 . 2008-12-02 23:42 1,374 --a------ c:\windows\imsins.BAK
2008-11-22 20:57 . 2008-11-22 20:57 <DIR> d-------- c:\documents and settings\USER\Application Data\NASA
2008-11-17 14:59 . 2008-11-17 14:59 <DIR> d-------- C:\ATI
2008-11-17 14:58 . 2008-11-17 14:58 <DIR> d-------- c:\documents and settings\USER\Application Data\CoSoSys
2008-11-17 14:48 . 2008-11-17 14:48 <DIR> d-------- c:\documents and settings\USER\Application Data\zweitgeist

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 14:53 --------- d-----w c:\documents and settings\USER\Application Data\AVG7
2008-11-29 17:17 --------- d-----w c:\documents and settings\USER\Application Data\Image Zone Express
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-04 22:46 --------- d-----w c:\program files\Disney Interactive
2008-09-17 14:47 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-06-21 11:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-31 17:30 56 --sh--r c:\windows\system32\5D71E43A33.sys
2008-08-31 17:30 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-22_19.23.37,82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2004-08-03 22:56:42 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2004-08-03 22:56:44 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2001-08-23 10:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2004-08-03 22:56:48 430,592 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2004-08-03 22:56:58 111,104 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-03 22:56:48 1,134,592 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2004-08-03 22:56:48 112,640 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2004-08-03 22:56:48 36,864 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2004-08-03 22:56:48 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2001-08-23 10:00:00 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2005-05-04 12:45:26 13,536 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2004-03-17 12:36:52 15,872 ----a-w c:\windows\system32\spupdsvc.exe
+ 2005-02-25 03:35:05 22,752 ----a-w c:\windows\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-20 590848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"etMonitor"="c:\windows\etMon.exe" [2007-04-13 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-01 219136]

c:\documents and settings\USER\Start Menu\Programs\Startup\
Corel Registration.lnk - c:\program files\Corel\Graphics9\Register\Remind32.exe [2007-11-29 67584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
PCSuiteForNokia7650 Detect.lnk - D:\connmngmntbox.exe [2008-02-16 192512]
PCSuiteForNokia7650 TS.lnk - D:\ectaskscheduler.exe [2008-02-16 258112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= c:\progra~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= c:\progra~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= c:\progra~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= c:\progra~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= c:\progra~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= c:\progra~1\K-LITE~1\codecs\l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 c:\windows\Tasks\Schedule Task Weekly.job
- d:\registry easy\RE.exe [2008-07-17 14:49]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-03 20:33:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-03 20:33:44
ComboFix-quarantined-files.txt 2008-12-03 19:33:38

Pre-Run: 8.129.908.736 bytes free
Post-Run: 8,158,752,768 bytes free

173 --- E O F --- 2008-12-03 11:26:34

Dopuna: 03 Dec 2008 21:09

sory ako saljem dupli log. nijesam sigurna da sam to odradila.
sta dalje?
ComboFix 08-12-02.02 - USER 2008-12-03 20:32:27.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.534 [GMT 1:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 16:37 . 2008-12-03 16:37 <DIR> d-------- c:\windows\LastGood
2008-12-02 20:17 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-02 18:17 . 2008-12-03 16:37 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-02 18:17 . 2008-12-02 23:42 1,374 --a------ c:\windows\imsins.BAK
2008-11-22 20:57 . 2008-11-22 20:57 <DIR> d-------- c:\documents and settings\USER\Application Data\NASA
2008-11-17 14:59 . 2008-11-17 14:59 <DIR> d-------- C:\ATI
2008-11-17 14:58 . 2008-11-17 14:58 <DIR> d-------- c:\documents and settings\USER\Application Data\CoSoSys
2008-11-17 14:48 . 2008-11-17 14:48 <DIR> d-------- c:\documents and settings\USER\Application Data\zweitgeist

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 14:53 --------- d-----w c:\documents and settings\USER\Application Data\AVG7
2008-11-29 17:17 --------- d-----w c:\documents and settings\USER\Application Data\Image Zone Express
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-04 22:46 --------- d-----w c:\program files\Disney Interactive
2008-09-17 14:47 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-06-21 11:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-31 17:30 56 --sh--r c:\windows\system32\5D71E43A33.sys
2008-08-31 17:30 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-22_19.23.37,82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2004-08-03 22:56:42 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2004-08-03 22:56:44 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2001-08-23 10:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2004-08-03 22:56:48 430,592 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2004-08-03 22:56:58 111,104 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-03 22:56:48 1,134,592 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2004-08-03 22:56:48 112,640 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2004-08-03 22:56:48 36,864 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2004-08-03 22:56:48 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2001-08-23 10:00:00 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2005-05-04 12:45:26 13,536 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2004-03-17 12:36:52 15,872 ----a-w c:\windows\system32\spupdsvc.exe
+ 2005-02-25 03:35:05 22,752 ----a-w c:\windows\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-20 590848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"etMonitor"="c:\windows\etMon.exe" [2007-04-13 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-01 219136]

c:\documents and settings\USER\Start Menu\Programs\Startup\
Corel Registration.lnk - c:\program files\Corel\Graphics9\Register\Remind32.exe [2007-11-29 67584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
PCSuiteForNokia7650 Detect.lnk - D:\connmngmntbox.exe [2008-02-16 192512]
PCSuiteForNokia7650 TS.lnk - D:\ectaskscheduler.exe [2008-02-16 258112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= c:\progra~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= c:\progra~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= c:\progra~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= c:\progra~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= c:\progra~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= c:\progra~1\K-LITE~1\codecs\l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
.
Contents of the 'Scheduled Tasks' folder

2008-08-22 c:\windows\Tasks\Schedule Task Weekly.job
- d:\registry easy\RE.exe [2008-07-17 14:49]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-03 20:33:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-03 20:33:44
ComboFix-quarantined-files.txt 2008-12-03 19:33:38

Pre-Run: 8.129.908.736 bytes free
Post-Run: 8,158,752,768 bytes free

173 --- E O F --- 2008-12-03 11:26:34

Poslao: 03 Dec 2008 21:14
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pa, ovde ja ne vidim bilo šta maliciozno.

Da li trenutno postoji neki konkretan problem?

MyCity » Ambulanta -> Arhiva Ambulante » Provera loga

Ko je trenutno na forumu
 

Ukupno su 1198 korisnika na forumu :: 38 registrovanih, 7 sakrivenih i 1153 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, AC-DC, ajo baba, aleksandarbl, babaroga, Bobrock1, Bubimir, dejoglina, Denaya, djboj, doktor123, Dorcolac, dragoljub11987, Duh sa sekirom, frenki1986, Istman, ivica976, Karla, kikisp, Krvava Devetka, kunktator, Lieutenant, Marko Marković, Mi lao shu, Mr. Majevica, novator, opt1, Parker, pein, Pohovani_00, procesor, slonic_tonic, Srle993, suton, Trpe Grozni, Vlajman1957, wizzardone, zillbg