MyCity » Ambulanta -> Arhiva Ambulante » install-privacy-danger.bat

install-privacy-danger.bat

Napisano na dan: 4.9.2008
2

install-privacy-danger.bat
Pagination Prethodna strana

Idi na vrh

Poslao: 05 Sep 2008 18:17
Idi na vrh
offline
  • Pridružio: 04 Sep 2008
  • Poruke: 28

ComboFix 08-09-04.09 - Vitez 2008-09-05 9:00:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT -7:00]
Running from: D:\Slaven\1234\4321.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-08-26 05:57 . 2008-09-04 12:04 <DIR> d-------- C:\Visnja
2008-08-25 07:47 . 2008-08-25 07:47 <DIR> d---s---- C:\Documents and Settings\Vitez\UserData
2008-08-24 06:58 . 2008-08-24 06:58 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-24 06:58 . 2008-08-24 06:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-24 06:58 . 2004-02-09 18:38 14,225,408 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-08-24 04:08 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-24 04:08 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-23 11:06 . 2008-08-27 14:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-23 11:06 . 2005-02-24 20:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmpEB280.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmpB2380.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp97380.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp66180.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp13280.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp07280.FOT
2008-08-19 04:32 . 2008-08-22 04:07 <DIR> d-------- C:\totalcmd
2008-08-19 04:32 . 2008-09-05 08:55 2,355 --a------ C:\WINDOWS\wincmd.ini
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF
2008-08-18 14:35 . 2008-08-18 14:35 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-16 14:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-16 13:01 . 2008-08-24 06:47 <DIR> d-------- C:\Documents and Settings\stefan
2008-08-11 19:18 . 2008-08-19 07:33 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-08-11 19:15 . 2008-08-22 04:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-11 19:14 . 2008-08-11 19:14 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-08-11 19:14 . 2008-08-11 19:17 244,901 --a------ C:\WINDOWS\hplj1010.his
2008-08-11 19:14 . 2008-08-11 19:17 17,959 --a------ C:\WINDOWS\hplj1010.ini
2008-08-11 19:00 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-11 19:00 . 2008-08-16 13:06 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-11 18:56 . 2008-08-11 18:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-11 18:56 . 2008-08-11 18:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-11 18:53 . 2008-08-11 18:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-11 18:50 . 2008-08-11 18:50 <DIR> dr-h----- C:\MSOCache
2008-08-11 17:11 . 2008-08-25 07:47 <DIR> d-------- C:\Documents and Settings\Vitez

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 23:54 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"zzzHPSETUP"="F:\Setup.exe" [2002-10-18 635789489]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=


*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-09-05 09:11:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-05 9:13:31
ComboFix-quarantined-files.txt 2008-09-05 16:13:27

Pre-Run: 528,191,488 bytes free
Post-Run: 767,361,024 bytes free

94 --- E O F --- 2008-09-05 15:59:49


drugi komp LAN



Poslao: 05 Sep 2008 18:25
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Log je cist.
Probaj da nadjes noviji drajver za stampac.
HP ima ruzan obicaj da sa svojim drajverima instalira i Javu, i to jako matore verzije.
Nisam siguran da li browseri vide tu Javu koju HP instalira, ali ako je vide onda je komp u nevolji jer postoji gomila nacina da se iskoristi matora Java kako bi se na komp ubacio malware.



Poslao: 05 Sep 2008 18:41
Idi na vrh
offline
  • Pridružio: 04 Sep 2008
  • Poruke: 28

Hvala... sad sam instalirao i Search & Destroy... upravo skenira

MyCity » Ambulanta -> Arhiva Ambulante » install-privacy-danger.bat

Ko je trenutno na forumu
 

Ukupno su 1448 korisnika na forumu :: 62 registrovanih, 4 sakrivenih i 1382 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: AndrejPetar, Andy, Arhiv, Betta, bojank, brundo65, Bubili, Daba75, Deki Duga Devetka, Despot1, DovlaODR, draganl, dragoljub11987, Futog 74, g_g, grega2s, HrcAk47, ILGromovnik, istina, ivica976, Jan, Jeremiah, komenski, kuntakinte, Kuroje, kybonacci, Lazur_01, Ljubisa Pavlovic, mercedesamg, MGBRBG, Mirsen, moldway, Motocar, Mrav Obrad, Mzee, N.e.m.a.nj.a., niksa517, opt1, pobeda, Pururin, Radula, radza1, royst33, sickmouse, Srki98, starlights, Tandrčak, tecataki, TheBeastOfMG, toni061, Username1000, Vanderx, vaso1, Velibor Radoja, Velizar Laro, vjetar, Vl veliki, Weah88, wolverined4, Wrangler, Zastava, šumar bk2