MyCity » Ambulanta -> Arhiva Ambulante » Usporen racunar

Usporen racunar

Napisano na dan: 17.6.2008

Usporen racunar
Sledeća strana Pagination

Idi na vrh

Poslao: 17 Jun 2008 19:55
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

ComboFix 08-06-16.5 - n 2008-06-17 19:45:06.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.192 [GMT 2:00]
Running from: C:\Documents and Settings\n\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-13 22:33 . 2008-06-13 22:34 <DIR> d-------- C:\Program Files\QuickTime
2008-06-13 22:33 . 2008-06-13 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-13 13:37 . 2008-06-13 18:51 <DIR> d-------- C:\Program Files\weblin
2008-06-13 13:36 . 2008-06-13 18:52 <DIR> d-------- C:\Documents and Settings\n\Application Data\zweitgeist
2008-06-12 17:00 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 17:00 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 22:50 . 2008-06-11 22:50 287 --a------ C:\WINDOWS\game.ini
2008-06-08 14:50 . 2008-06-08 14:50 <DIR> d-------- C:\Temp
2008-06-08 14:48 . 2008-06-12 17:03 <DIR> d-------- C:\Program Files\ICQLite
2008-06-08 14:44 . 2008-06-08 14:44 <DIR> d-------- C:\Program Files\Skype
2008-06-08 14:44 . 2008-06-17 19:41 <DIR> d-------- C:\Documents and Settings\n\Application Data\Skype
2008-06-08 14:44 . 2008-06-08 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-08 14:28 . 2008-06-08 14:28 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-08 14:28 . 2008-06-08 14:28 8 -r-hs---- C:\WINDOWS\system32\4DEAF44982.sys
2008-06-08 14:26 . 2008-06-08 14:26 <DIR> d-------- C:\Program Files\Corel
2008-06-07 20:29 . 2008-06-07 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-07 13:15 . 2008-06-07 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-07 12:46 . 2008-06-11 22:18 52 --a------ C:\WINDOWS\mafosav.INI
2008-06-07 12:44 . 2008-06-07 12:44 <DIR> d-------- C:\Program Files\Mario Forever Toolbar
2008-06-07 12:44 . 2008-06-07 12:44 407,129 --a------ C:\WINDOWS\MarioForever_Toolbar_Uninstaller_3343.exe
2008-06-05 13:58 . 2008-06-05 13:58 <DIR> d-------- C:\Program Files\Activision
2008-06-05 13:50 . 2008-06-05 13:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-03 15:22 . 2008-06-03 15:22 <DIR> d-------- C:\Documents and Settings\n\Application Data\ESET
2008-06-03 15:20 . 2008-06-03 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-03 02:56 . 2008-06-03 02:56 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-02 22:05 . 2008-06-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-02 21:32 . 2008-06-17 19:37 2,280 --a------ C:\WINDOWS\TSCTNDBG.INI
2008-06-02 20:27 . 2008-06-02 21:34 <DIR> d-------- C:\Documents and Settings\n\Application Data\AVGTOOLBAR
2008-06-01 20:40 . 2008-06-01 20:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-01 20:36 . 2008-06-17 12:19 <DIR> d-------- C:\Documents and Settings\n\Application Data\Xfire
2008-06-01 20:35 . 2008-06-12 17:50 <DIR> d-------- C:\Program Files\Xfire
2008-05-27 21:12 . 2008-05-27 21:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\Documents and Settings\n\Application Data\Notepad++
2008-05-24 14:21 . 2008-05-24 14:21 75 --a------ C:\WINDOWS\METROMON.INI
2008-05-23 20:49 . 2008-05-26 21:47 <DIR> d-------- C:\Documents and Settings\n\Application Data\BearShare
2008-05-23 20:48 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-05-23 20:47 . 2008-06-06 21:49 <DIR> d-------- C:\Program Files\BearShare Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 17:36 --------- d-----w C:\Documents and Settings\n\Application Data\LimeWire
2008-06-16 16:59 --------- d-----w C:\Program Files\MSN Messenger
2008-06-16 16:58 --------- d-----w C:\Program Files\Windows Live
2008-06-16 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-11 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 09:37 1,848 ----a-w C:\WINDOWS\system32\MSSbs.sys
2008-06-07 18:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-07 11:15 --------- d-----w C:\Program Files\Apple Software Update
2008-06-07 10:20 --------- d-----w C:\Program Files\MP3Gain
2008-06-06 18:35 --------- d-----w C:\Program Files\Opera
2008-06-05 12:54 --------- d-----w C:\Documents and Settings\n\Application Data\Yahoo!
2008-06-03 13:20 --------- d-----w C:\Program Files\ESET
2008-05-27 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-24 11:23 81,920 ----a-w C:\Documents and Settings\n\Application Data\ezpinst.exe
2008-05-24 11:23 47,360 ----a-w C:\Documents and Settings\n\Application Data\pcouffin.sys
2008-05-24 11:23 --------- d-----w C:\Program Files\LimeWire
2008-05-24 11:23 --------- d-----w C:\Documents and Settings\n\Application Data\Vso
2008-05-24 09:38 --------- d-----w C:\Program Files\Yahoo!
2008-05-18 18:57 --------- d-----w C:\Documents and Settings\n\Application Data\CenoPDF
2008-05-13 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-12 19:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-12 17:04 --------- d-----w C:\Documents and Settings\n\Application Data\uTorrent
2008-05-12 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-08 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 18:19 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-05-08 15:51 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-18 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 20:13 1,388,544 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-04-04 18:50 64,650 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-04 18:50 6,106 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-04 18:50 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-04 10:18 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 14:28 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-11-05 12:00 524,300 ----a-w C:\Documents and Settings\n\Application Data\position.bin
2002-01-13 03:28 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-10-11 15:45 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-06 10:09 24210984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-07 11:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

C:\Documents and Settings\n\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 21:21:09 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2002-03-18 11:13:06 581632]
Remote Controller.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE [2002-03-18 11:37:43 102400]
Scheduler.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE [2002-03-18 11:37:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 18:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--------- 2004-10-11 08:54 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SSDPSRV"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 22:30]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 22:30]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 22:30]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 17:45]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 20:28:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 16:00:01 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-17 19:49:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 19:50:46
ComboFix-quarantined-files.txt 2008-06-17 17:50:31

Pre-Run: 27,628,445,696 bytes free
Post-Run: 27,777,933,312 bytes free

183 --- E O F --- 2008-06-12 17:31:11

Poslao: 17 Jun 2008 20:25
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zar nije tvoj racunar vec ciscen prosle nedelje?

Pitanje - ko ti je rekao da postavljas ComboFix log? Zar nasa uputstva u temi izdvojenoj sa Vazno nisu dovoljno precizna?

MyCity » Ambulanta -> Arhiva Ambulante » Usporen racunar

Ko je trenutno na forumu
 

Ukupno su 1028 korisnika na forumu :: 45 registrovanih, 10 sakrivenih i 973 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., aramis s, babaroga, bankulen, Bobrock1, Boris90, CHARLIE JA., darkangel, Darko8, Denaya, Djokkinen, DonRumataEstorski, Dorcolac, dule10savic, Frunze, goxin, havoc995, kjkszpj, kobaja77, Kubovac, kuntalo, KUZMAR, kybonacci, laurusri, Lieutenant, ljuba, ljubacv, mercedesamg, milenko crazy north, N.e.m.a.nj.a., nenooo, panzerwaffe, pein, Pohovani_00, procesor, raptorsi, raykan, Ripanjac, RJ, Sir Budimir, Srky Boy, vathra, Vatreni Zmaj, YugoSlav