MyCity » Ambulanta -> Arhiva Ambulante » Shontavi DESK TOP

Shontavi DESK TOP

Napisano na dan: 26.6.2008
3

Shontavi DESK TOP
Pagination Prethodna strana
Sledeća strana Pagination

Idi na vrh

Poslao: 29 Jun 2008 18:09
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

ne znam zbog chega ni zashto....ali safe mode nece da se upali...

sve uradim do opcije gdje treba da izaberem safe mode...izaberem....i onda trt....crn ekran sa ono donjom crtom koja treperi u gornjem lijevom uglu....pushtao sam je pola ure da treperi...ali nishta....


SAVIJET....

Poslao: 29 Jun 2008 19:11
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ovako:

* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


I onda pokusaj da skeniras, ali u NORMAL modu, ne u Safe modu.

Poslao: 30 Jun 2008 22:52
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

on mi ga ne chuva tekst formatu da bi ga mogao ikopirati u temu...vec kao neki csv faj pa cu ga prikacit ....

prshtaj shto me nije bilo...
mycity.rs/must-login.png

Poslao: 01 Jul 2008 16:06
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Stopiraj KAV i daj novi CF log, pa da radimo.

Poslao: 01 Jul 2008 16:48
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

ComboFix 08-06-20.4 - User 2008-07-01 16:43:30.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1577 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\AMBULANTA\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-01 al 2008-07-01 )))))))))))))))))))))))))))))))))))
.

2008-06-30 20:32 . 2008-06-30 20:43 <DIR> d-------- C:\Documents and Settings\User\DoctorWeb
2008-06-30 00:05 . 2008-06-30 00:05 <DIR> d-------- C:\Programmi\HeadGames
2008-06-30 00:05 . 2008-06-30 00:05 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-06-30 00:05 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-06-29 23:13 . 2008-06-29 23:13 <DIR> d-------- C:\Programmi\BTjunkie
2008-06-29 23:11 . 2008-06-29 23:11 <DIR> d-------- C:\Programmi\uTorrent
2008-06-29 23:11 . 2008-06-30 04:24 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\uTorrent
2008-06-29 15:06 . 2008-06-29 15:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-29 00:01 . 2008-06-29 13:53 250 --a------ C:\WINDOWS\gmer.ini
2008-06-27 00:03 . 2008-06-29 18:13 <DIR> d-------- C:\Programmi\sXe Injected
2008-06-23 14:36 . 2008-06-23 14:36 268 --ah----- C:\sqmdata14.sqm
2008-06-23 14:36 . 2008-06-23 14:36 244 --ah----- C:\sqmnoopt14.sqm
2008-06-22 16:01 . 2008-06-22 16:01 <DIR> d-------- C:\Programmi\TechSmith
2008-06-22 15:59 . 2008-06-22 15:59 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-19 21:23 . 2008-06-19 21:29 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-19 21:23 . 2008-06-19 21:29 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-19 21:22 . 2008-06-19 21:22 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-06-19 21:22 . 2008-07-01 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-19 21:22 . 2008-07-01 04:38 3,985,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-19 21:22 . 2008-07-01 04:38 516,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-19 21:22 . 2008-07-01 04:38 32,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-19 21:22 . 2008-07-01 04:38 2,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-19 14:50 . 2008-07-01 15:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 14:50 . 2008-06-19 14:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-19 09:56 . 2008-06-19 09:56 <DIR> d-------- C:\Programmi\QuickTime
2008-06-19 01:43 . 2008-06-19 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-18 16:19 . 2008-06-18 16:19 <DIR> d-------- C:\WINDOWS\Counter-Strike Source Non-Steam
2008-06-18 13:47 . 2008-06-18 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-06-16 23:53 . 2008-06-17 22:45 <DIR> d-------- C:\Programmi\eMule AdunanzA
2008-06-16 23:53 . 2008-06-16 23:53 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\eMule AdunanzA
2008-06-15 22:46 . 2008-06-15 22:46 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-15 22:09 . 2008-06-15 22:09 8,439,274 --a------ C:\zlaka canterl.EPS
2008-06-11 16:03 . 2008-04-22 09:42 625,664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-11 16:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:01 . 2008-05-08 14:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:19 . 2007-05-22 11:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-06-10 18:15 . 2008-06-10 18:15 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 13:09 . 2008-06-09 14:02 424 --a------ C:\WINDOWS\ODBC.INI
2008-06-08 20:56 . 2008-06-08 20:56 <DIR> d-------- C:\Programmi\TVAnts
2008-06-05 20:52 . 2008-06-05 20:52 <DIR> d-------- C:\Programmi\Sports Interactive
2008-06-04 20:49 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-06-04 20:47 . 2008-06-19 01:46 <DIR> d-------- C:\Programmi\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 16:13 --------- d-----w C:\Programmi\Valve
2008-06-26 05:12 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-06-22 02:11 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\dvdcss
2008-06-18 00:40 --------- d-----w C:\Programmi\Winamp
2008-06-18 00:39 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-06-18 00:39 --------- d-----w C:\Programmi\Valve Hammer Editor
2008-06-14 20:14 --------- d-----w C:\Programmi\ApexDC++
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:19 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Abvent
2008-06-10 16:17 --------- d-----w C:\Programmi\Graphisoft
2008-06-10 16:15 --------- d-----w C:\Programmi\Java
2008-06-04 18:51 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-04 18:18 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-26 09:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ESET
2008-05-26 08:47 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\ESET
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Autodesk
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-21 03:15 --------- d-----w C:\Programmi\turbo squid tentacles
2008-05-21 03:11 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-21 03:11 --------- d-----w C:\Programmi\Autodesk
2008-05-10 00:19 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-05-09 23:27 --------- d-----w C:\Programmi\Webteh
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:02 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBUKEY
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBU-SYSTEMS
2008-05-06 10:16 --------- d-----w C:\Programmi\Google
2008-05-01 18:41 --------- d-----w C:\Programmi\SopCast
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-02 16:06 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-23 16:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007112320071124\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_22.45.47.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 20:40:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 13:59:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 22:00:59 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2008-06-26 18:29:28 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-30 18:29:42 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-26 18:29:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-06-30 18:29:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2008-06-26 18:29:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-30 18:29:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-28 22:01:17 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"Microsoft©"="C:\WINDOWS\system32\dllcache\iexplore.exe" [2008-04-22 09:42 625664]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 00:48 68856]
"AdobeUpdater"="C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"IRW"="C:\WINDOWS\system32\IRW.exe" [2007-10-08 21:56 147456]
"Apple_KbdMgr"="C:\Programmi\Boot Camp\KbdMgr.exe" [2007-10-08 23:06 419120]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0\bin\jusched.exe" [2008-06-10 18:15 77824]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-23 06:16 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD Startup Accelerator.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 06:43:54 11000]
SnagIt 8.lnk - C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe [2006-11-07 23:51:26 6366792]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"=
"C:\\Programmi\\ApexDC++\\ApexDC.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\WIBUKEY\\Server\\WkSvW32.exe"=
"C:\\Programmi\\Valve\\hlds.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"C:\\Programmi\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"C:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"C:\\Programmi\\Valve\\hl.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\WINDOWS\system32\AppleOSSMgr.exe [2007-10-08 23:04]
R2 AppleTimeSrv;Servizio orario Apple;C:\WINDOWS\system32\AppleTimeSrv.exe [2007-10-08 23:05]
R2 KeyAgent;KeyAgent;C:\WINDOWS\system32\drivers\KeyAgent.sys [2007-10-08 21:56]
R2 MacHALDriver;Mac HAL;C:\WINDOWS\system32\drivers\MacHALDriver.sys [2007-10-08 21:56]
R3 aapltctp;Apple Trackpad Enabler;C:\WINDOWS\system32\DRIVERS\aapltctp.sys [2007-10-08 21:56]
R3 aapltp;Apple Trackpad;C:\WINDOWS\system32\DRIVERS\aapltp.sys [2007-10-08 21:56]
R3 applebt;Apple Built-in Bluetooth;C:\WINDOWS\system32\DRIVERS\applebt.sys [2007-10-08 21:56]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2007-10-08 21:56]
R3 KeyMagic;USB Keyboard HID Filter;C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2007-10-08 21:56]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 BthKicker;Apple Bluetooth Device Driver;C:\WINDOWS\system32\DRIVERS\BthKicker.sys [2007-10-08 21:56]
S3 iSightUpdate;iSight Update Driver;C:\WINDOWS\system32\DRIVERS\iSightUP.sys [2007-10-08 21:56]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Programmi\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027d1783-b0ce-11dc-9648-0017f2be917f}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c8e248d-c601-11dc-9656-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b0d288-cfea-11dc-9668-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f51558c-392a-11dd-978d-0017f2be917f}]
\Shell\AutoRun\command - e.cmd
\Shell\explore\Command - e.cmd
\Shell\open\Command - e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b7b9c37-9e6f-11dc-9634-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73944c5a-f2e4-11dc-96c9-0017f2be917f}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bb45fe-ea33-11dc-96ad-0017f2be917f}]
\Shell\AutoRun\command - E:\3wcxx91.cmd
\Shell\explore\Command - E:\3wcxx91.cmd
\Shell\open\Command - E:\3wcxx91.cmd

.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-24 17:07:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-07-01 14:17:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-30 18:39:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-01 13:59:56 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-01 16:46:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-01 16:47:37
ComboFix-quarantined-files.txt 2008-07-01 14:47:27
ComboFix2.txt 2008-06-28 14:14:35
ComboFix3.txt 2008-06-26 20:46:10

9 Directory 9,610,661,888 byte disponibili
12 Directory 9,647,452,160 byte disponibili

232 --- E O F --- 2008-06-20 14:38:34


p.s. ne mjeshaju mi se vishe ikonice...ali mi se pali na startu internet explorer ???

Poslao: 01 Jul 2008 21:01
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\key.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft©"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 01 Jul 2008 23:26
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

ComboFix 08-06-20.4 - User 2008-07-01 23:20:33.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1581 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\AMBULANTA\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\key.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-06-01 al 2008-07-01 )))))))))))))))))))))))))))))))))))
.

2008-07-01 19:40 . 2008-07-01 19:42 <DIR> d-------- C:\Programmi\AdunanzA
2008-07-01 17:47 . 2008-07-01 17:47 <DIR> d-------- C:\Programmi\AskSBar
2008-07-01 17:47 . 2008-07-01 17:47 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-07-01 17:46 . 2008-07-01 17:47 <DIR> d-------- C:\Programmi\COMODO
2008-07-01 17:46 . 2008-07-01 17:46 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\Comodo
2008-07-01 17:46 . 2008-07-01 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\comodo
2008-07-01 17:46 . 2008-07-01 17:46 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-01 17:46 . 2008-07-01 17:46 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-01 17:46 . 2008-07-01 17:46 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-01 17:45 . 2008-07-01 17:45 <DIR> d-------- C:\Programmi\Avira
2008-07-01 17:45 . 2008-07-01 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-06-30 20:32 . 2008-06-30 20:43 <DIR> d-------- C:\Documents and Settings\User\DoctorWeb
2008-06-30 00:05 . 2008-06-30 00:05 <DIR> d-------- C:\Programmi\HeadGames
2008-06-30 00:05 . 2008-06-30 00:05 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-06-30 00:05 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-06-29 23:13 . 2008-06-29 23:13 <DIR> d-------- C:\Programmi\BTjunkie
2008-06-29 23:11 . 2008-06-29 23:11 <DIR> d-------- C:\Programmi\uTorrent
2008-06-29 23:11 . 2008-07-01 23:15 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\uTorrent
2008-06-29 15:06 . 2008-06-29 15:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-29 00:01 . 2008-06-29 13:53 250 --a------ C:\WINDOWS\gmer.ini
2008-06-27 00:03 . 2008-07-01 19:48 <DIR> d-------- C:\Programmi\sXe Injected
2008-06-23 14:36 . 2008-06-23 14:36 268 --ah----- C:\sqmdata14.sqm
2008-06-23 14:36 . 2008-06-23 14:36 244 --ah----- C:\sqmnoopt14.sqm
2008-06-22 16:01 . 2008-06-22 16:01 <DIR> d-------- C:\Programmi\TechSmith
2008-06-22 15:59 . 2008-06-22 15:59 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-19 14:50 . 2008-07-01 23:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 14:50 . 2008-06-19 14:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-19 09:56 . 2008-06-19 09:56 <DIR> d-------- C:\Programmi\QuickTime
2008-06-19 01:43 . 2008-06-19 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-18 16:19 . 2008-06-18 16:19 <DIR> d-------- C:\WINDOWS\Counter-Strike Source Non-Steam
2008-06-18 13:47 . 2008-06-18 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-06-16 23:53 . 2008-06-17 22:45 <DIR> d-------- C:\Programmi\eMule AdunanzA
2008-06-16 23:53 . 2008-06-16 23:53 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\eMule AdunanzA
2008-06-15 22:46 . 2008-06-15 22:46 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-15 22:09 . 2008-06-15 22:09 8,439,274 --a------ C:\zlaka canterl.EPS
2008-06-11 16:03 . 2008-04-22 09:42 625,664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-11 16:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:01 . 2008-05-08 14:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:19 . 2007-05-22 11:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-06-10 18:15 . 2008-06-10 18:15 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 13:09 . 2008-06-09 14:02 424 --a------ C:\WINDOWS\ODBC.INI
2008-06-08 20:56 . 2008-06-08 20:56 <DIR> d-------- C:\Programmi\TVAnts
2008-06-05 20:52 . 2008-06-05 20:52 <DIR> d-------- C:\Programmi\Sports Interactive
2008-06-04 20:49 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-06-04 20:47 . 2008-06-19 01:46 <DIR> d-------- C:\Programmi\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 17:48 --------- d-----w C:\Programmi\Valve
2008-06-22 02:11 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\dvdcss
2008-06-18 00:40 --------- d-----w C:\Programmi\Winamp
2008-06-18 00:39 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-06-14 20:14 --------- d-----w C:\Programmi\ApexDC++
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:19 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Abvent
2008-06-10 16:17 --------- d-----w C:\Programmi\Graphisoft
2008-06-10 16:15 --------- d-----w C:\Programmi\Java
2008-06-04 18:51 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-04 18:18 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-26 09:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ESET
2008-05-26 08:47 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\ESET
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Autodesk
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-21 03:15 --------- d-----w C:\Programmi\turbo squid tentacles
2008-05-21 03:11 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-21 03:11 --------- d-----w C:\Programmi\Autodesk
2008-05-10 00:19 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-05-09 23:27 --------- d-----w C:\Programmi\Webteh
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:02 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBUKEY
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBU-SYSTEMS
2008-05-06 10:16 --------- d-----w C:\Programmi\Google
2008-05-01 18:41 --------- d-----w C:\Programmi\SopCast
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-02 16:06 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-23 16:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007112320071124\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_22.45.47.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 20:40:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 21:16:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 22:00:59 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2008-06-26 18:29:28 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-30 18:29:42 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-26 18:29:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-06-30 18:29:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2008-06-26 18:29:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-30 18:29:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-06-28 22:01:17 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2008-07-01 15:46:51 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-01 17:47 66912 --a------ C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 00:48 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"IRW"="C:\WINDOWS\system32\IRW.exe" [2007-10-08 21:56 147456]
"Apple_KbdMgr"="C:\Programmi\Boot Camp\KbdMgr.exe" [2007-10-08 23:06 419120]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0\bin\jusched.exe" [2008-06-10 18:15 77824]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"COMODO SafeSurf"="C:\Programmi\COMODO\SafeSurf\cssurf.exe" [2008-07-01 17:47 278264]
"COMODO Firewall Pro"="C:\Programmi\COMODO\Firewall\cfp.exe" [2008-07-01 17:46 1655552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-23 06:16 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD Startup Accelerator.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 06:43:54 11000]
SnagIt 8.lnk - C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe [2006-11-07 23:51:26 6366792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"=
"C:\\Programmi\\ApexDC++\\ApexDC.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\WIBUKEY\\Server\\WkSvW32.exe"=
"C:\\Programmi\\Valve\\hlds.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"C:\\Programmi\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"C:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"C:\\Programmi\\Valve\\hl.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-01 17:46]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-01 17:46]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\WINDOWS\system32\AppleOSSMgr.exe [2007-10-08 23:04]
R2 AppleTimeSrv;Servizio orario Apple;C:\WINDOWS\system32\AppleTimeSrv.exe [2007-10-08 23:05]
R2 KeyAgent;KeyAgent;C:\WINDOWS\system32\drivers\KeyAgent.sys [2007-10-08 21:56]
R2 MacHALDriver;Mac HAL;C:\WINDOWS\system32\drivers\MacHALDriver.sys [2007-10-08 21:56]
R3 aapltctp;Apple Trackpad Enabler;C:\WINDOWS\system32\DRIVERS\aapltctp.sys [2007-10-08 21:56]
R3 aapltp;Apple Trackpad;C:\WINDOWS\system32\DRIVERS\aapltp.sys [2007-10-08 21:56]
R3 applebt;Apple Built-in Bluetooth;C:\WINDOWS\system32\DRIVERS\applebt.sys [2007-10-08 21:56]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2007-10-08 21:56]
R3 KeyMagic;USB Keyboard HID Filter;C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2007-10-08 21:56]
S3 BthKicker;Apple Bluetooth Device Driver;C:\WINDOWS\system32\DRIVERS\BthKicker.sys [2007-10-08 21:56]
S3 iSightUpdate;iSight Update Driver;C:\WINDOWS\system32\DRIVERS\iSightUP.sys [2007-10-08 21:56]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Programmi\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027d1783-b0ce-11dc-9648-0017f2be917f}]
\Shell\AutoRun\command - E:\uxdeiect.com
\Shell\explore\Command - E:\uxdeiect.com
\Shell\open\Command - E:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c8e248d-c601-11dc-9656-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b0d288-cfea-11dc-9668-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f51558c-392a-11dd-978d-0017f2be917f}]
\Shell\AutoRun\command - e.cmd
\Shell\explore\Command - e.cmd
\Shell\open\Command - e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b7b9c37-9e6f-11dc-9634-0017f2be917f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL key.exe
\Shell\infected\command - E:\key.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73944c5a-f2e4-11dc-96c9-0017f2be917f}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bb45fe-ea33-11dc-96ad-0017f2be917f}]
\Shell\AutoRun\command - E:\3wcxx91.cmd
\Shell\explore\Command - E:\3wcxx91.cmd
\Shell\open\Command - E:\3wcxx91.cmd

.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-01 17:07:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-07-01 21:17:30 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-01 18:39:01 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-01 21:17:28 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-01 23:23:01
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-01 23:25:38
ComboFix-quarantined-files.txt 2008-07-01 21:25:01
ComboFix2.txt 2008-07-01 14:47:38
ComboFix3.txt 2008-06-28 14:14:35
ComboFix4.txt 2008-06-26 20:46:10

9 Directory 10,475,073,536 byte disponibili
13 Directory 10,504,130,560 byte disponibili

240 --- E O F --- 2008-06-20 14:38:34

Dopuna: 01 Jul 2008 23:26

shto je ovo shto pishe u logu crvenim slovima vidio sam da se kod svih to javlja???

Poslao: 01 Jul 2008 23:33
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

To je normalno.


Otvoriti Notepad i iskopirati sledeci tekst:


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027d1783-b0ce-11dc-9648-0017f2be917f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c8e248d-c601-11dc-9656-0017f2be917f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b0d288-cfea-11dc-9668-0017f2be917f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f51558c-392a-11dd-978d-0017f2be917f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b7b9c37-9e6f-11dc-9634-0017f2be917f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73944c5a-f2e4-11dc-96c9-0017f2be917f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bb45fe-ea33-11dc-96ad-0017f2be917f}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 02 Jul 2008 15:01
Idi na vrh
offline
  • Pridružio: 26 Jun 2008
  • Poruke: 59
  • Gde živiš: Podgorica

ComboFix 08-06-20.4 - User 2008-07-01 23:46:37.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1530 [GMT 2:00]
Eseguito da: C:\Documents and Settings\User\Desktop\AMBULANTA\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\AMBULANTA\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-01 al 2008-07-01 )))))))))))))))))))))))))))))))))))
.

2008-07-01 19:40 . 2008-07-01 19:42 <DIR> d-------- C:\Programmi\AdunanzA
2008-07-01 17:47 . 2008-07-01 17:47 <DIR> d-------- C:\Programmi\AskSBar
2008-07-01 17:47 . 2008-07-01 17:47 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-07-01 17:46 . 2008-07-01 17:47 <DIR> d-------- C:\Programmi\COMODO
2008-07-01 17:46 . 2008-07-01 17:46 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\Comodo
2008-07-01 17:46 . 2008-07-01 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\comodo
2008-07-01 17:46 . 2008-07-01 17:46 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-01 17:46 . 2008-07-01 17:46 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-01 17:46 . 2008-07-01 17:46 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-01 17:45 . 2008-07-01 17:45 <DIR> d-------- C:\Programmi\Avira
2008-07-01 17:45 . 2008-07-01 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-06-30 20:32 . 2008-06-30 20:43 <DIR> d-------- C:\Documents and Settings\User\DoctorWeb
2008-06-30 00:05 . 2008-06-30 00:05 <DIR> d-------- C:\Programmi\HeadGames
2008-06-30 00:05 . 2008-06-30 00:05 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-06-30 00:05 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-06-29 23:13 . 2008-06-29 23:13 <DIR> d-------- C:\Programmi\BTjunkie
2008-06-29 23:11 . 2008-06-29 23:11 <DIR> d-------- C:\Programmi\uTorrent
2008-06-29 23:11 . 2008-07-01 23:15 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\uTorrent
2008-06-29 15:06 . 2008-06-29 15:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-29 00:01 . 2008-06-29 13:53 250 --a------ C:\WINDOWS\gmer.ini
2008-06-27 00:03 . 2008-07-01 19:48 <DIR> d-------- C:\Programmi\sXe Injected
2008-06-23 14:36 . 2008-06-23 14:36 268 --ah----- C:\sqmdata14.sqm
2008-06-23 14:36 . 2008-06-23 14:36 244 --ah----- C:\sqmnoopt14.sqm
2008-06-22 16:01 . 2008-06-22 16:01 <DIR> d-------- C:\Programmi\TechSmith
2008-06-22 15:59 . 2008-06-22 15:59 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-06-19 14:50 . 2008-07-01 23:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-19 14:50 . 2008-06-19 14:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-19 09:56 . 2008-06-19 09:56 <DIR> d-------- C:\Programmi\QuickTime
2008-06-19 01:43 . 2008-06-19 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-18 16:19 . 2008-06-18 16:19 <DIR> d-------- C:\WINDOWS\Counter-Strike Source Non-Steam
2008-06-18 13:47 . 2008-06-18 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-06-16 23:53 . 2008-06-17 22:45 <DIR> d-------- C:\Programmi\eMule AdunanzA
2008-06-16 23:53 . 2008-06-16 23:53 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\eMule AdunanzA
2008-06-15 22:46 . 2008-06-15 22:46 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-15 22:09 . 2008-06-15 22:09 8,439,274 --a------ C:\zlaka canterl.EPS
2008-06-11 16:03 . 2008-04-22 09:42 625,664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-11 16:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:01 . 2008-05-08 14:14 203,008 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:19 . 2007-05-22 11:00 516,096 --a------ C:\WINDOWS\system32\WibuXpm4J32.dll
2008-06-10 18:15 . 2008-06-10 18:15 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 13:09 . 2008-06-09 14:02 424 --a------ C:\WINDOWS\ODBC.INI
2008-06-08 20:56 . 2008-06-08 20:56 <DIR> d-------- C:\Programmi\TVAnts
2008-06-05 20:52 . 2008-06-05 20:52 <DIR> d-------- C:\Programmi\Sports Interactive
2008-06-04 20:49 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-06-04 20:47 . 2008-06-19 01:46 <DIR> d-------- C:\Programmi\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 17:48 --------- d-----w C:\Programmi\Valve
2008-06-22 02:11 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\dvdcss
2008-06-18 00:40 --------- d-----w C:\Programmi\Winamp
2008-06-18 00:39 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-06-14 20:14 --------- d-----w C:\Programmi\ApexDC++
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:19 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Abvent
2008-06-10 16:17 --------- d-----w C:\Programmi\Graphisoft
2008-06-10 16:15 --------- d-----w C:\Programmi\Java
2008-06-04 18:51 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-04 18:18 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-26 09:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ESET
2008-05-26 08:47 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\ESET
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Autodesk
2008-05-21 03:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-05-21 03:15 --------- d-----w C:\Programmi\turbo squid tentacles
2008-05-21 03:11 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-05-21 03:11 --------- d-----w C:\Programmi\Autodesk
2008-05-10 00:19 --------- d-----w C:\Programmi\File comuni\AVSMedia
2008-05-09 23:27 --------- d-----w C:\Programmi\Webteh
2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:02 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\skypePM
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:14 1,292,800 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBUKEY
2008-05-06 23:09 --------- d-----w C:\Programmi\WIBU-SYSTEMS
2008-05-06 10:16 --------- d-----w C:\Programmi\Google
2008-05-01 18:41 --------- d-----w C:\Programmi\SopCast
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 15:17 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-04-23 15:17 504,864 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-04-23 15:17 504,352 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-02 16:06 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-11-23 16:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007112320071124\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_22.45.47.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 20:40:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 21:16:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 22:00:59 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
- 2008-06-26 18:29:28 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-30 18:29:42 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-26 18:29:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-06-30 18:29:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2008-06-26 18:29:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-30 18:29:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-06-28 22:01:17 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2008-07-01 15:46:51 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-01 17:47 66912 --a------ C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 00:48 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"IRW"="C:\WINDOWS\system32\IRW.exe" [2007-10-08 21:56 147456]
"Apple_KbdMgr"="C:\Programmi\Boot Camp\KbdMgr.exe" [2007-10-08 23:06 419120]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0\bin\jusched.exe" [2008-06-10 18:15 77824]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"COMODO SafeSurf"="C:\Programmi\COMODO\SafeSurf\cssurf.exe" [2008-07-01 17:47 278264]
"COMODO Firewall Pro"="C:\Programmi\COMODO\Firewall\cfp.exe" [2008-07-01 17:46 1655552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-23 06:16 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD Startup Accelerator.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 06:43:54 11000]
SnagIt 8.lnk - C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe [2006-11-07 23:51:26 6366792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"=
"C:\\Programmi\\ApexDC++\\ApexDC.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\WIBUKEY\\Server\\WkSvW32.exe"=
"C:\\Programmi\\Valve\\hlds.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"C:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"C:\\Programmi\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"C:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"C:\\Programmi\\Valve\\hl.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-01 17:46]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-01 17:46]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\WINDOWS\system32\AppleOSSMgr.exe [2007-10-08 23:04]
R2 AppleTimeSrv;Servizio orario Apple;C:\WINDOWS\system32\AppleTimeSrv.exe [2007-10-08 23:05]
R2 KeyAgent;KeyAgent;C:\WINDOWS\system32\drivers\KeyAgent.sys [2007-10-08 21:56]
R2 MacHALDriver;Mac HAL;C:\WINDOWS\system32\drivers\MacHALDriver.sys [2007-10-08 21:56]
R3 aapltctp;Apple Trackpad Enabler;C:\WINDOWS\system32\DRIVERS\aapltctp.sys [2007-10-08 21:56]
R3 aapltp;Apple Trackpad;C:\WINDOWS\system32\DRIVERS\aapltp.sys [2007-10-08 21:56]
R3 applebt;Apple Built-in Bluetooth;C:\WINDOWS\system32\DRIVERS\applebt.sys [2007-10-08 21:56]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2007-10-08 21:56]
R3 KeyMagic;USB Keyboard HID Filter;C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2007-10-08 21:56]
S3 BthKicker;Apple Bluetooth Device Driver;C:\WINDOWS\system32\DRIVERS\BthKicker.sys [2007-10-08 21:56]
S3 iSightUpdate;iSight Update Driver;C:\WINDOWS\system32\DRIVERS\iSightUP.sys [2007-10-08 21:56]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Programmi\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-01 17:07:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-07-01 21:17:30 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-01 18:39:01 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-07-01 21:17:28 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-01 23:47:19
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-01 23:48:32
ComboFix-quarantined-files.txt 2008-07-01 21:48:29
ComboFix2.txt 2008-07-01 21:25:39
ComboFix3.txt 2008-07-01 14:47:38
ComboFix4.txt 2008-06-28 14:14:35
ComboFix5.txt 2008-06-26 20:46:10

9 Directory 10,474,635,264 byte disponibili
12 Directory 10,477,137,920 byte disponibili

217 --- E O F --- 2008-06-20 14:38:34

Dopuna: 02 Jul 2008 15:01

helen1....shto moze bit da mi se prilikom surfovanja tj. prilikom prelazenja sa jednog na drugog sajta...pojavljuje mi se onaj mali prozorchic kao da instalira neshto (kao pochetak instalacije) ali nestane odma....?????

Poslao: 02 Jul 2008 19:33
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Da nije od Firewalla?

Jel ti se ukljucuje Explorer sam od sebe?

MyCity » Ambulanta -> Arhiva Ambulante » Shontavi DESK TOP

Ko je trenutno na forumu
 

Ukupno su 964 korisnika na forumu :: 38 registrovanih, 9 sakrivenih i 917 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, babaroga, Battlehammer, Ben Roj, Bobrock1, ccoogg123, cikadeda, Denaya, djboj, doktor1964, DonRumataEstorski, DPera, dule10savic, GandorCC, Georgius, gorican, ivica976, Još malo pa deda, Kaplar2, Koridor, Leonov, lucko1, milimoj, MilosKop, Neutral-M, Njemac, ozzy, Panter, Rogan33, sevenino, Shinobi, Srki94, Sumadija34, vathra, vlvl, W123, YU-UKI, šumar bk2