Poslao: 25 Dec 2008 15:52
|
offline
- Janki90
- Elitni građanin
- Pridružio: 28 Maj 2006
- Poruke: 1536
- Gde živiš: Seven holy paths to hell
|
Firefox mi se cesto blokira kada otvaram sajtove koje koriste java-u
tu je log iz combofix
ComboFix 08-12-24.01 - Janki 2008-12-25 15:42:34.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1362 [GMT 1:00]
Running from: c:\documents and settings\Janki\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.
2008-12-01 02:07 . 2008-12-01 02:07 <DIR> d--h----- c:\windows\PIF
2008-11-29 15:25 . 2008-08-26 15:17 1,071,104 --a------ c:\windows\system32\Rave76VCL120.bpl
2008-11-29 15:23 . 2008-11-29 15:23 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{74724D70-43F2-4BB3-A11A-6141CCCFC4F2}
2008-11-29 15:23 . 2008-11-29 15:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{21345438-DE15-47F1-9139-F036E084A15A}
2008-11-29 15:19 . 2008-11-29 15:19 <DIR> d-------- c:\program files\Common Files\CodeGear Shared
2008-11-29 15:19 . 2008-11-29 15:19 <DIR> d-------- c:\program files\CodeGear
2008-11-29 15:19 . 2008-11-29 15:28 <DIR> d-------- c:\documents and settings\Janki\Application Data\CodeGear
2008-11-29 15:16 . 2008-11-29 15:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\CodeGear
2008-11-29 15:15 . 2008-12-20 14:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Embarcadero
2008-11-29 15:12 . 2008-11-29 15:22 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{25DCDD6B-1783-462F-9DD2-87B5653956D5}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 14:35 --------- d-----w c:\documents and settings\Janki\Application Data\uTorrent
2008-12-23 23:25 --------- d-----w c:\documents and settings\Janki\Application Data\Orbit
2008-12-23 00:27 --------- d-----w c:\program files\SpeedFan
2008-12-04 17:20 --------- d-----w c:\documents and settings\Janki\Application Data\OpenOffice.org2
2008-12-04 12:03 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-29 21:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 19:19 --------- d-----w c:\program files\Foxit Software
2008-11-25 16:08 --------- d-----w c:\documents and settings\Janki\Application Data\BSplayer PRO
2008-11-19 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\ABBYY
2008-11-19 18:15 --------- d-----w c:\program files\Common Files\Adobe
2008-11-19 18:15 --------- d-----w c:\program files\ABBYY FineReader 9.0
2008-11-19 18:15 --------- d-----w c:\documents and settings\Janki\Application Data\ABBYY
2008-11-19 17:53 --------- d-----w c:\program files\Common Files\ABBYY
2008-11-13 10:41 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-13 10:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-04 13:04 --------- d-----w c:\program files\KONAMI
2008-10-14 20:59 40,960 ----a-w c:\windows\system32\maplec.dll
2008-10-14 20:59 212,992 ----a-w c:\windows\system32\WMIMPLEX.dll
2008-10-14 20:59 20,480 ----a-w c:\windows\system32\maplecompat.dll
2008-10-10 13:48 43,602 ----a-w c:\windows\system32\xvid-uninstall.exe
2008-03-09 05:25 236 ----a-w c:\program files\Common Files\dx.reg
.
------- Sigcheck -------
2008-05-15 15:51 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\dllcache\TCPIP.SYS
2008-05-15 15:51 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-08 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="c:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-05-25 05:13 1957888 c:\windows\system32\xRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-22 18:53 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-10-12 71592]
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-05-15 13696]
R1 BS_I2cIo;BS_I2cIo;\??\c:\windows\system32\drivers\BS_I2cIo.sys [2008-05-22 8192]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service [2007-12-06 660768]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2008-10-12 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-10-12 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-10-12 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-10-12 41217]
R2 BlackfishSQL;BlackfishSQL;"c:\program files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe" -S="BlackfishSQL" [2008-08-21 65536]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService [2008-07-10 1386008]
R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2008-07-17 3712]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-10-12 71464]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Janki\LOCALS~1\Temp\GPU-Z.sys []
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\DRIVERS\se46bus.sys [2008-05-18 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se46mdfl.sys [2008-05-18 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se46mdm.sys [2008-05-18 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se46mgmt.sys [2008-05-18 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se46nd5.sys [2008-05-18 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se46obex.sys [2008-05-18 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se46unic.sys [2008-05-18 90800]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5ecb81-5739-11dd-b5bc-00055dd3fac7}]
\Shell\AutoRun\command - i:\programs\totalcmd\TCPowerPack.exe
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: avsda.dll
TCP: {FED74750-F77B-4734-8094-EB6A31216EAD} = 10.10.2.69,10.10.2.79,208.67.220.220,208.67.222.222
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\documents and settings\Janki\Application Data\Mozilla\Firefox\Profiles\4j72nezq.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 15:43:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1400)
c:\windows\system32\avsda.dll
.
Completion time: 2008-12-25 15:44:24
ComboFix-quarantined-files.txt 2008-12-25 14:44:22
ComboFix2.txt 2008-09-29 16:45:05
Pre-Run: 6,139,740,160 bytes free
Post-Run: 6,128,443,392 bytes free
181
i hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 15:24:20, on 25/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Janki\Desktop\hhh.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FED74750-F77B-4734-8094-EB6A31216EAD}: NameServer = 10.10.2.69,10.10.2.79,208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service (file missing)
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: BlackfishSQL - Unknown owner - C:\Program Files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe" -S="BlackfishSQL (file missing)
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
hvala na pomoci
|
|
|
|
Poslao: 25 Dec 2008 22:36
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Pozdrav...
Postavljeni logovi su cisti.. U prevodu, tesko da ovo ima veze sa malware-om.
Ne znam koju verziju koristis, al iz svog iskustva znam da je ver. 2.0.0.4 meni pravila raznorazne probleme.
Mozda da probas sa iskljucivanjem svih pluginova, pa da vidis kako ce se ponasati.
Sorry sto kasnim sa odgovorom(sad sam dosao kuci).
|
|
|
|
Poslao: 25 Dec 2008 23:58
|
offline
- Janki90
- Elitni građanin
- Pridružio: 28 Maj 2006
- Poruke: 1536
- Gde živiš: Seven holy paths to hell
|
pozdrav,
koristim najnoviju verziju firefox-a 3.0.0.5 ...thx za pregled logova , ja sam postavio temu zbog toga sto mi non-stop izbacuje error firefox a takodje avira je pronasla nekog trojanca
Virus or unwanted program 'TR/PePatch.JW.11 [trojan]'
detected in file 'C:\WINDOWS\system32\spoolsv.exe.
Action performed: Delete file
|
|
|
|
Poslao: 26 Dec 2008 00:18
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Kucaj u run combofix /u
pa OK.
Ova komanda ce deinstalirati Combofix.
Zatim ponovo skini isti program ali ovog puta prihvati instaliranje Recovery konzole.
Pa okaci ovde dobijeni log.
|
|
|
|
Poslao: 26 Dec 2008 00:33
|
offline
- Janki90
- Elitni građanin
- Pridružio: 28 Maj 2006
- Poruke: 1536
- Gde živiš: Seven holy paths to hell
|
ComboFix 08-12-24.01 - Janki 2008-12-26 0:24:23.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1520 [GMT 1:00]
Running from: c:\documents and settings\Janki\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.
2008-12-01 02:07 . 2008-12-01 02:07 <DIR> d--h----- c:\windows\PIF
2008-11-29 15:25 . 2008-08-26 15:17 1,071,104 --a------ c:\windows\system32\Rave76VCL120.bpl
2008-11-29 15:23 . 2008-11-29 15:23 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{74724D70-43F2-4BB3-A11A-6141CCCFC4F2}
2008-11-29 15:23 . 2008-11-29 15:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{21345438-DE15-47F1-9139-F036E084A15A}
2008-11-29 15:19 . 2008-11-29 15:19 <DIR> d-------- c:\program files\Common Files\CodeGear Shared
2008-11-29 15:19 . 2008-11-29 15:19 <DIR> d-------- c:\program files\CodeGear
2008-11-29 15:19 . 2008-11-29 15:28 <DIR> d-------- c:\documents and settings\Janki\Application Data\CodeGear
2008-11-29 15:16 . 2008-11-29 15:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\CodeGear
2008-11-29 15:15 . 2008-12-20 14:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Embarcadero
2008-11-29 15:12 . 2008-11-29 15:22 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{25DCDD6B-1783-462F-9DD2-87B5653956D5}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 18:57 --------- d-----w c:\documents and settings\Janki\Application Data\uTorrent
2008-12-25 16:13 --------- d-----w c:\documents and settings\Janki\Application Data\Orbit
2008-12-23 00:27 --------- d-----w c:\program files\SpeedFan
2008-12-04 17:20 --------- d-----w c:\documents and settings\Janki\Application Data\OpenOffice.org2
2008-12-04 12:03 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-29 21:55 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 19:19 --------- d-----w c:\program files\Foxit Software
2008-11-25 16:08 --------- d-----w c:\documents and settings\Janki\Application Data\BSplayer PRO
2008-11-19 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\ABBYY
2008-11-19 18:15 --------- d-----w c:\program files\Common Files\Adobe
2008-11-19 18:15 --------- d-----w c:\program files\ABBYY FineReader 9.0
2008-11-19 18:15 --------- d-----w c:\documents and settings\Janki\Application Data\ABBYY
2008-11-19 17:53 --------- d-----w c:\program files\Common Files\ABBYY
2008-11-13 10:41 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-13 10:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-04 13:04 --------- d-----w c:\program files\KONAMI
2008-10-14 20:59 40,960 ----a-w c:\windows\system32\maplec.dll
2008-10-14 20:59 212,992 ----a-w c:\windows\system32\WMIMPLEX.dll
2008-10-14 20:59 20,480 ----a-w c:\windows\system32\maplecompat.dll
2008-10-10 13:48 43,602 ----a-w c:\windows\system32\xvid-uninstall.exe
2008-03-09 05:25 236 ----a-w c:\program files\Common Files\dx.reg
.
------- Sigcheck -------
2008-05-15 15:51 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\dllcache\TCPIP.SYS
2008-05-15 15:51 359040 27a5959c94ee173a063ca06bd14f021a c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-08 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="c:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-08 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-05-25 05:13 1957888 c:\windows\system32\xRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 05:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-22 18:53 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Games\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-10-12 71592]
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-05-15 13696]
R1 BS_I2cIo;BS_I2cIo;\??\c:\windows\system32\drivers\BS_I2cIo.sys [2008-05-22 8192]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service [2007-12-06 660768]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2008-10-12 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-10-12 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-10-12 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-10-12 41217]
R2 BlackfishSQL;BlackfishSQL;"c:\program files\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe" -S="BlackfishSQL" [2008-08-21 65536]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService [2008-07-10 1386008]
R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2008-07-17 3712]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-10-12 71464]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Janki\LOCALS~1\Temp\GPU-Z.sys []
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\DRIVERS\se46bus.sys [2008-05-18 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se46mdfl.sys [2008-05-18 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se46mdm.sys [2008-05-18 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se46mgmt.sys [2008-05-18 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se46nd5.sys [2008-05-18 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se46obex.sys [2008-05-18 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se46unic.sys [2008-05-18 90800]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f5ecb81-5739-11dd-b5bc-00055dd3fac7}]
\Shell\AutoRun\command - i:\programs\totalcmd\TCPowerPack.exe
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: avsda.dll
TCP: {FED74750-F77B-4734-8094-EB6A31216EAD} = 10.10.2.69,10.10.2.79,208.67.220.220,208.67.222.222
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\documents and settings\Janki\Application Data\Mozilla\Firefox\Profiles\4j72nezq.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 00:25:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1400)
c:\windows\system32\avsda.dll
.
Completion time: 2008-12-26 0:26:20
ComboFix-quarantined-files.txt 2008-12-25 23:26:18
ComboFix2.txt 2008-12-25 14:44:25
Pre-Run: 6,085,632,000 bytes free
Post-Run: 6,077,575,168 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=SPK4TC /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=SPK4TC-BAK
188
|
|
|
|
Poslao: 26 Dec 2008 01:12
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Pusti sad Aviru da skenira...I javi dal prijavljuje ponovo spoolsv.exe.
|
|
|
|
|
Poslao: 26 Dec 2008 01:51
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Ok.. To je to sto se ambulante tice.... Ako i dalje imas probleme mozes otvoriti temu u potforumu web browseri.
Samo deinstaliraj Combofix sa onom istom komandom combofix /u .
I samo mi kazi jos nesto... Dali je Avira detektovala spoolsv.exe pre ili posle PRVOG skeniranja Combofixa.?
|
|
|
|
Poslao: 26 Dec 2008 12:54
|
offline
- Janki90
- Elitni građanin
- Pridružio: 28 Maj 2006
- Poruke: 1536
- Gde živiš: Seven holy paths to hell
|
Avira je detektovla nekoliko dana pre skeniranja combofixa.
Thx za pomoc
|
|
|
|