offline
- novidan
- Super građanin
- Pridružio: 22 Okt 2004
- Poruke: 1434
- Gde živiš: ni na nebu ni na zemlji
|
skinula sam combo fix sa oba linka ali ne mogu otvoriti..
dobijem poruku
Windows cannot find '327882R2FWJFWVnircmd.com' make sure that you typed correctly..
jos sam dobila External protokol request
An external file must be launched to handle file:link...
i stalno mi se pojavljuje Thread Detected (Imam AVG antivirus..)
could be infected VBS /Unknown
uh..
sta da radim...
svi kompjutori su zarazeni ..nalazim se u internet cafe-u (moj prijatelj je vlasnik a ja malo pomazem..
Dopuna: 26 Mar 2008 5:37
na mom laptopu koji nije trenutno on-line
dobijem samo jedan bljesak kad pokusam startovati combo Fix.
uopce ne vidim ekran niti mogu pratiti skaniranje.
prenela sam ComboFix (copy/Paste) na moj laptop ,sa kompjutera na koji sam ga skinula ...(zasad je samo jedan kompjuter on-line)
Dopuna: 26 Mar 2008 5:47
izvinite na panici ali uspela sam na laptopu startovati ComboFix..
Scan je u toku..
ali u momentu Rebooting windows ...please wait..
zablokirao se program
Autolt v3
imam 2 opcije ili 'end program' ili cancel sta da radim?
bojim se necu dobiti log file ..
Dopuna: 26 Mar 2008 6:12
konacno sam dobila log file na laptopu koji nije on-line.
ComboFix 08-03-25.2 - OWNER 2008-03-26 10:22:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.676 [GMT -8:00]
Running from: C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\RECYCLER\RECYCLER.exe
C:\WINDOWS\scvhost.exe
D:\RECYCLER\RECYCLER.exe
E:\RECYCLER\RECYCLER.exe
.
---- Previous Run -------
.
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\blastclnnn.exe
C:\WINDOWS\system32\scvhost.exe
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\windows.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.
2008-03-25 21:15 . 2008-03-25 21:15 937 ---hs---- C:\folder.htt
2008-03-25 21:15 . 2001-10-04 11:16 2 ---hs---- C:\desktop.ini
2008-03-24 22:41 . 2008-03-24 22:42 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-03-24 22:19 . 2008-01-18 05:59 57,344 ---h----- C:\WINDOWS.EXE
2008-03-24 22:19 . 2008-01-18 05:59 57,344 ---h----- C:\Program Files\Program Files.exe
2008-03-24 22:19 . 2008-01-18 05:59 57,344 --a------ C:\Ghost.bat
2008-03-24 22:10 . 2007-12-09 16:48 225,792 -ra------ C:\WINDOWS\hinhem.scr
2008-03-24 15:36 . 2008-03-24 15:36 299 --a------ C:\WINDOWS\SOF2.INI
2008-03-24 11:20 . 2008-03-24 11:20 <DIR> d-------- C:\Documents and Settings\OWNER\Application Data\AdobeUM
2008-03-24 11:18 . 2008-03-24 11:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-23 16:04 . 2004-01-05 23:13 36,864 -r------- C:\WINDOWS\system32\ctrldll.dll
2008-03-23 16:04 . 2004-01-05 23:13 32,768 -r------- C:\WINDOWS\system32\rmctrl.exe
2008-03-23 15:43 . 2008-03-23 15:43 <DIR> d-------- C:\Documents and Settings\OWNER\Application Data\dvdcss
2008-03-21 20:59 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-21 20:59 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-21 20:59 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-21 20:59 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-19 20:43 . 2005-04-17 10:57 182,538,240 --a------ C:\Osho - Hari Om Tat Sat - To Be The Master Of One Self(1).avi
2008-03-19 18:44 . 2008-03-19 18:44 <DIR> d-------- C:\Program Files\Easy Video Joiner
2008-03-19 18:15 . 2008-03-19 18:15 <DIR> d-------- C:\Documents and Settings\OWNER\Application Data\vlc
2008-03-19 18:06 . 2008-03-19 18:06 <DIR> d-------- C:\Program Files\Winamp
2008-03-19 18:01 . 2008-03-19 18:01 <DIR> d-------- C:\Program Files\GlobFX Technologies
2008-03-19 18:00 . 2008-03-19 18:00 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-19 17:57 . 2008-03-19 17:57 <DIR> d-------- C:\WINDOWS\FLV Player
2008-03-19 17:57 . 2008-03-19 17:57 <DIR> d-------- C:\Program Files\FLV Player
2008-03-19 17:15 . 2008-03-19 17:15 <DIR> d-------- C:\Program Files\CDex_150
2008-03-19 15:48 . 2008-03-19 15:48 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-19 14:27 . 2008-03-19 14:27 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-03-19 14:27 . 2008-03-25 21:15 <DIR> d-------- C:\Downloads
2008-03-19 14:27 . 2008-03-22 21:17 <DIR> d-------- C:\Documents and Settings\OWNER\Application Data\Orbit
2008-03-19 14:10 . 2008-03-19 14:10 <DIR> d---s---- C:\Documents and Settings\OWNER\UserData
2008-03-18 13:51 . 2008-03-18 13:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-18 13:51 . 2008-03-18 13:51 <DIR> d-------- C:\Documents and Settings\OWNER\Application Data\Lavasoft
2008-03-18 13:50 . 2008-03-25 21:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-18 13:50 . 2008-03-18 13:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-18 13:47 . 2008-03-18 13:47 <DIR> d-------- C:\Program Files\ffdshow
2008-03-18 13:47 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-18 13:47 . 2007-07-29 17:51 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-03-18 13:47 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-18 13:45 . 2008-03-18 13:45 <DIR> d-------- C:\Program Files\XviD
2008-03-18 13:45 . 2008-03-18 13:45 <DIR> d-------- C:\Program Files\illiminable
2008-03-18 12:46 . 2008-03-21 11:38 <DIR> d-------- C:\Documents and Settings\OWNER\Application Data\DivX
2008-03-18 12:41 . 2008-03-18 12:42 <DIR> d-------- C:\Program Files\DivX
2008-03-18 12:10 . 2008-03-18 15:21 <DIR> d-------- C:\Program Files\Total Video Converter
2008-03-18 09:35 . 2008-03-25 21:15 <DIR> dr------- C:\OSHOBOOK
2008-03-18 09:35 . 2008-03-18 09:35 <DIR> d-------- C:\Documents and Settings\OWNER\WINDOWS
2008-03-18 09:35 . 2008-03-23 20:18 1,063 --a------ C:\WINDOWS\VIP.INI
2008-03-18 09:35 . 2008-03-18 09:35 68 --a------ C:\WINDOWS\LNAME.INI
2008-03-16 08:43 . 2008-03-16 08:43 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-15 18:23 . 2008-03-15 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-15 16:48 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-15 16:48 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-15 16:48 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-15 16:48 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-14 19:50 . 2008-03-14 19:50 <DIR> d-------- C:\Program Files\ACD Systems
2008-03-14 12:57 . 2008-03-14 12:57 268 --ah----- C:\sqmdata02.sqm
2008-03-14 12:57 . 2008-03-14 12:57 244 --ah----- C:\sqmnoopt02.sqm
2008-03-14 12:29 . 2008-03-14 12:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-13 23:47 . 2008-03-13 23:47 268 --ah----- C:\sqmdata01.sqm
2008-03-13 23:47 . 2008-03-13 23:47 244 --ah----- C:\sqmnoopt01.sqm
2008-03-13 23:42 . 2008-03-25 12:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-13 21:07 . 2008-03-13 21:07 268 --ah----- C:\sqmdata00.sqm
2008-03-13 21:07 . 2008-03-13 21:07 244 --ah----- C:\sqmnoopt00.sqm
2008-03-13 21:06 . 2008-03-13 21:06 <DIR> d-------- C:\Program Files\PIXresizer
2008-03-13 21:06 . 2001-08-23 15:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-13 21:06 . 2000-05-22 00:00 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-03-13 21:06 . 2000-12-05 23:00 209,608 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-03-13 21:06 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-03-13 21:06 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\comct232.ocx
2008-03-13 21:06 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2008-03-13 21:06 . 1998-06-24 00:00 140,096 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-03-13 21:06 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2008-03-13 21:06 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx
2008-03-13 21:06 . 2004-01-12 11:05 69,632 --a------ C:\WINDOWS\system32\imageviewer2.ocx
2008-03-13 21:03 . 2008-03-24 17:09 <DIR> d-------- C:\Documents and Settings\OWNER\Application Data\Ahead
2008-03-13 21:02 . 2008-03-13 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-13 21:01 . 2008-03-13 21:01 <DIR> d-------- C:\Program Files\Nero
2008-03-13 21:01 . 2008-03-13 21:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-13 21:01 . 2008-03-13 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-13 20:54 . 2008-03-13 20:54 <DIR> d-------- C:\Program Files\Skype
2008-03-13 20:54 . 2008-03-14 18:10 <DIR> d-------- C:\Program Files\Google
2008-03-13 20:52 . 2008-03-13 20:52 <DIR> d-------- C:\Program Files\AskTBar
2008-03-13 20:47 . 2008-03-13 20:47 <DIR> d-------- C:\Program Files\Siber Systems
2008-03-13 15:18 . 2008-03-26 08:55 <DIR> d-------- C:\Documents and Settings\OWNER\Application Data\AVG7
2008-03-13 15:18 . 2008-03-13 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-13 15:18 . 2008-03-13 15:18 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-13 15:18 . 2008-03-13 15:18 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-03-13 15:17 . 2008-03-13 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-13 15:17 . 2008-03-14 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-11 02:07 . 2004-08-03 16:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-03-11 02:07 . 2004-08-03 14:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-11 02:07 . 2004-08-03 14:58 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008-03-11 02:07 . 2004-08-03 14:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-03-11 02:07 . 2004-08-03 15:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-03-11 02:07 . 2001-08-17 05:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-03-11 02:07 . 2001-08-17 05:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-03-11 02:07 . 2004-08-03 15:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-03-11 02:05 . 2008-03-25 21:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-03-11 02:05 . 2008-03-24 11:18 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-03-11 02:04 . 2008-03-11 10:17 261 --a------ C:\WINDOWS\system32\$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 18:06 943 --sh--w C:\Program Files\folder.htt
2008-03-24 00:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 00:04 --------- d-----w C:\Program Files\CyberLink
2008-03-11 18:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-11 18:38 --------- d-----w C:\Program Files\Broadcom
2008-03-11 18:37 --------- d-----w C:\Program Files\Realtek
2008-03-11 18:36 --------- d-----w C:\Program Files\Intel
2008-03-11 18:26 --------- d-----w C:\Program Files\CONEXANT
2008-03-11 18:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-18 13:59 57,344 ----a-w C:\WINDOWS\Fonts\73ED8.com
2001-10-04 19:16 2 --sh--w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-14 11:54 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-07 21:18 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-07 21:18 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-07 21:17 131072]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 23:13 218408]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-13 07:12 579072]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2004-01-05 23:13 32768]
"TempCom"="C:\WINDOWS\FONTS\73ED8.com" [2008-01-18 05:59 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-13 15:18 219136]
"Yahoo Messengger"="C:\WINDOWS\system32\scvhost.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4da0b274-f6cf-11dc-bf2d-001b38f216aa}]
\Shell\AutoRun\command - H:\ekugb3.bat
\Shell\explore\Command - H:\ekugb3.bat
\Shell\open\Command - H:\ekugb3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84a5681c-f384-11dc-bf16-001b38f216aa}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe maskrider2001.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-03-26 18:10:04 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 10:24:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-03-26 10:25:38 - machine was rebooted [OWNER]
ComboFix-quarantined-files.txt 2008-03-26 18:25:35
|