MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Pomoć u vezi loga - 7322.com problem

[bobby] Pomoć u vezi loga - 7322.com problem

Napisano na dan: 22.4.2008
3

[bobby] Pomoć u vezi loga - 7322.com problem
Pagination Prethodna strana

Idi na vrh

Poslao: 16 Maj 2008 14:00
Idi na vrh
offline
  • doida 
  • Novi MyCity građanin
  • Pridružio: 22 Apr 2008
  • Poruke: 15

ComboFix 08-05-15.2 - ljiljar 2008-05-16 13:40:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.159 [GMT 2:00]
Running from: C:\Documents and Settings\ljiljar\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ljiljar\Favorites\ÕÒµ½123ÍøÖ·µ¼º½.url
C:\Documents and Settings\ljiljar\Favorites\Á´½Ó

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-12 09:21 . 2008-05-12 09:21 <DIR> d-------- C:\Documents and Settings\ljiljar\DoctorWeb
2008-05-06 09:38 . 2008-05-06 09:38 250 --a------ C:\WINDOWS\gmer.ini
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\kav
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-16 10:49 . 2008-05-16 13:41 2,490,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 10:49 . 2008-05-16 13:41 49,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-16 10:49 . 2008-05-15 15:57 33,932 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 10:49 . 2008-05-15 15:57 6,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 13:57 3,145,728 ---ha-w C:\Documents and Settings\ljiljar\NTUSER.DAT
2008-03-19 08:49 --------- d--h--w C:\Program Files\Zenographics
2008-03-19 08:49 --------- d-----w C:\Program Files\Hewlett-Packard
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 13:25:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 07:43:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-06 07:38:42 819,200 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-03 18:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe
+ 2008-05-06 07:38:42 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 22:05 344064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-30 15:38:51 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17150:TCP"= 17150:TCP:NortonAV
"17938:TCP"= 17938:TCP:NortonAV
"15839:TCP"= 15839:TCP:NortonAV
"15416:TCP"= 15416:TCP:NortonAV
"16957:TCP"= 16957:TCP:NortonAV
"14103:TCP"= 14103:TCP:NortonAV
"18883:TCP"= 18883:TCP:NortonAV
"18284:TCP"= 18284:TCP:NortonAV
"12677:TCP"= 12677:TCP:NortonAV
"13044:TCP"= 13044:TCP:NortonAV
"16042:TCP"= 16042:TCP:NortonAV
"15202:TCP"= 15202:TCP:NortonAV
"18497:TCP"= 18497:TCP:NortonAV
"12454:TCP"= 12454:TCP:NortonAV
"14164:TCP"= 14164:TCP:NortonAV
"15087:TCP"= 15087:TCP:NortonAV
"15495:TCP"= 15495:TCP:NortonAV
"16515:TCP"= 16515:TCP:NortonAV
"18960:TCP"= 18960:TCP:NortonAV
"13052:TCP"= 13052:TCP:NortonAV
"12118:TCP"= 12118:TCP:NortonAV
"14698:TCP"= 14698:TCP:NortonAV
"16633:TCP"= 16633:TCP:NortonAV


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-05-16 13:41:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-16 13:42:22
ComboFix-quarantined-files.txt 2008-05-16 11:42:20
ComboFix2.txt 2008-05-07 11:47:42
ComboFix3.txt 2008-04-24 07:50:28
ComboFix4.txt 2008-04-22 13:27:30

Pre-Run: 68,512,342,016 bytes free
Post-Run: 68,506,460,160 bytes free

106 --- E O F --- 2007-11-14 14:58:20

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Hvala i pozdrav.



Poslao: 16 Maj 2008 17:50
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Mozes li da mi u jedan ZIP spakujes kompletan sadrzaj sledeceg foldera:
C:\Program Files\MSEB\

Molim te uploaduj to preko sledece forme:
[Link mogu videti samo ulogovani korisnici]



Poslao: 20 Maj 2008 10:08
Idi na vrh
offline
  • doida 
  • Novi MyCity građanin
  • Pridružio: 22 Apr 2008
  • Poruke: 15

Završeno.
Pozdrav.

Poslao: 22 Maj 2008 12:13
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Poslao sam fajlove na analizu, posto ga za sada samo Sunbelt prepoznaje kao malicioznog.
Nadam se da cemo uskoro dobiti odgovor.

Dopuna: 22 Maj 2008 12:13

Niko ne odgovara...

Ajde za probu promeni ime tog foldera (dodaj koje slovo), restartuj komp pa vidi sta se desava, tj. da li jos uvek ima problema.

Poslao: 23 Maj 2008 15:15
Idi na vrh
offline
  • doida 
  • Novi MyCity građanin
  • Pridružio: 22 Apr 2008
  • Poruke: 15

Probala, ali sve radi po starom.
Izgleda da nema pomoci.

Pozdrav.

Poslao: 23 Maj 2008 15:26
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ja ne bih jos odustao.
Malo je problem sto ovde pisemo po poruku u tri dana, pa malko sporo ide, a i situacija se za tri dana puno izmeni tako da stari logovi uopste nemaju vise znacaja.

Ukoliko zelis da nastavis, trebaju mi svezi HijackThis i ComboFix logovi.
Combofix treba uvek skinuti novu verziju pre svakog pravljenja loga.

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Pomoć u vezi loga - 7322.com problem

Ko je trenutno na forumu
 

Ukupno su 4599 korisnika na forumu :: 108 registrovanih, 9 sakrivenih i 4482 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5253 - dana 09 Dec 2025 16:26

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100ka, 357magnum, AOE, Apok, Ares12356, Arshavin, Avalon015, Bivan, blue, bokisha253, Boris BM, BORUTUS, Bozjidar87, Branko Matić, cenejac111, coaaco, dearg, Deki Duga Devetka, del boy, Denaya, DENIRO, Dimitrise93, Djuza, DonRumataEstorski, dulleo, dunavzed, Dungorth, dusanobr, ElGenius, EXIT78, FileFinder, geo.dule, Giskard, GrobarPovratak, Hans Gajger, HogarStrashni, HrcAk47, iceburn, Igritelj, Ilija Cvorovic, Insan, iznurenitragalac, Joint Chief, K-1A, Kalu128338, Kubovac, ladro, Lazur_01, lcc, Lester Freamon, lima, Lotus, madza, Manjane, marko.markovic, markolopin, mat, maxim_von_burdengate, Michellefromrezistance, mikrimaus, mile.ilic75, MiljanXD, Mitogna, morava_01, Mrav Obrad, mxzzz, nenooo, nevjerna beba, Nikoletina Bursac, Nole, ObelixSRB, oldtimer, ostoja, pavle_pzs, Pekman, Petar888, Pilence, pirke96, Prečanin30, Ray1973, Razdroid, ruma, sabros, samojednoimeznam, SANDRO1973, sap, singa, Sinisa76, Sićko, Slobodan Filipović, Smiljkovich, spalev, stefanmpurtic, Stoilkovic, Stojan Mrsavi, StrahinjicOgnjen, Trpe Grozni, vaci, VanZan, vathra, vidra boy, vlado_pg, x011, zdrebac, ZlatniRez, zubri, zziko, Đurđevdan