install-privacy-danger.bat

2

install-privacy-danger.bat

offline
  • Pridružio: 04 Sep 2008
  • Poruke: 25

ComboFix 08-09-04.09 - Vitez 2008-09-05 9:00:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT -7:00]
Running from: D:\Slaven\1234\4321.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-08-26 05:57 . 2008-09-04 12:04 <DIR> d-------- C:\Visnja
2008-08-25 07:47 . 2008-08-25 07:47 <DIR> d---s---- C:\Documents and Settings\Vitez\UserData
2008-08-24 06:58 . 2008-08-24 06:58 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-24 06:58 . 2008-08-24 06:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-24 06:58 . 2004-02-09 18:38 14,225,408 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-08-24 04:08 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-24 04:08 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-23 11:06 . 2008-08-27 14:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-23 11:06 . 2005-02-24 20:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmpEB280.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmpB2380.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp97380.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp66180.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp13280.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp07280.FOT
2008-08-19 04:32 . 2008-08-22 04:07 <DIR> d-------- C:\totalcmd
2008-08-19 04:32 . 2008-09-05 08:55 2,355 --a------ C:\WINDOWS\wincmd.ini
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF
2008-08-18 14:35 . 2008-08-18 14:35 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-16 14:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-16 13:01 . 2008-08-24 06:47 <DIR> d-------- C:\Documents and Settings\stefan
2008-08-11 19:18 . 2008-08-19 07:33 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-08-11 19:15 . 2008-08-22 04:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-11 19:14 . 2008-08-11 19:14 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-08-11 19:14 . 2008-08-11 19:17 244,901 --a------ C:\WINDOWS\hplj1010.his
2008-08-11 19:14 . 2008-08-11 19:17 17,959 --a------ C:\WINDOWS\hplj1010.ini
2008-08-11 19:00 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-11 19:00 . 2008-08-16 13:06 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-11 18:56 . 2008-08-11 18:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-11 18:56 . 2008-08-11 18:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-11 18:53 . 2008-08-11 18:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-11 18:50 . 2008-08-11 18:50 <DIR> dr-h----- C:\MSOCache
2008-08-11 17:11 . 2008-08-25 07:47 <DIR> d-------- C:\Documents and Settings\Vitez

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 23:54 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"zzzHPSETUP"="F:\Setup.exe" [2002-10-18 635789489]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=


*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-05 09:11:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-05 9:13:31
ComboFix-quarantined-files.txt 2008-09-05 16:13:27

Pre-Run: 528,191,488 bytes free
Post-Run: 767,361,024 bytes free

94 --- E O F --- 2008-09-05 15:59:49


drugi komp LAN

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Log je cist.
Probaj da nadjes noviji drajver za stampac.
HP ima ruzan obicaj da sa svojim drajverima instalira i Javu, i to jako matore verzije.
Nisam siguran da li browseri vide tu Javu koju HP instalira, ali ako je vide onda je komp u nevolji jer postoji gomila nacina da se iskoristi matora Java kako bi se na komp ubacio malware.

offline
  • Pridružio: 04 Sep 2008
  • Poruke: 25

Hvala... sad sam instalirao i Search & Destroy... upravo skenira

Ko je trenutno na forumu
 

Ukupno su 778 korisnika na forumu :: 33 registrovanih, 3 sakrivenih i 742 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, cemix, draganca, dragoljub11987, flash12, HrcAk47, ILGromovnik, Ilija Cvorovic, Insan, krkalon, krlebgd77, LUDI, Marko Marković, Markoni29, Milan A. Nikolic, milos.cbr, Misirac, mushroom, nikoladim, novator, Pavac, pavle_pzs, Polemarchoi, RJ, shone34, Steeeefan, Tenk, VJ, Vl veliki, Warhawk, wexy, Yellow Pinky