|
Poslao: 27 Jun 2008 17:17
|
offline
- milosh86
- Građanin
- Pridružio: 02 Jan 2006
- Poruke: 232
|
Jel mi mozete pomoci posto je ovo firmrin comp a navukao sam neku glupost koji mi non-stop pokazuje da je sistem zarazen.
Logfile of HijackThis v1.99.1
Scan saved at 4:42:58 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\PosLink\POS.exe
E:\Nt2005\Poslovanje.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\branko\Desktop\New Folder\misha.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F8C5683-1A0B-4665-8E66-996BAF520DAE}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Dopuna: 27 Jun 2008 17:17
Ovi procesi me muche.Ugasio sam ih i ne pojavljuje se nishta vishe ali ne mogu da im nadjem tacnu adresu u regeditu .
|
|
|
|
|
|
|
Poslao: 27 Jun 2008 17:58
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Jesi li cackao reg. bazu pre nego sto si napravio HJT log?
|
|
|
|
|
|
|
Poslao: 27 Jun 2008 18:02
|
offline
- milosh86
- Građanin
- Pridružio: 02 Jan 2006
- Poruke: 232
|
Jesam i uspeo sam da nadjem 1 folder koji je iste oznake kao i onaj u msconfigu i obrisao ga.
|
|
|
|
|
|
|
|
|
Poslao: 27 Jun 2008 21:09
|
offline
- milosh86
- Građanin
- Pridružio: 02 Jan 2006
- Poruke: 232
|
Chistio sam neshto i sada izgleda da je sve ok ali za svaki slucaj evo i ovog loga.
ComboFix 08-06-20.4 - branko 2008-06-27 19:06:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.427 [GMT 2:00]
Running from: C:\Documents and Settings\branko\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.
2008-06-27 18:56 . 2008-06-27 18:56 <DIR> d-------- C:\WINDOWS\Sun
2008-06-27 18:56 . 2008-06-27 18:56 <DIR> d-------- C:\Documents and Settings\branko\Application Data\bang
2008-06-27 15:23 . 2008-06-27 15:23 <DIR> d-------- C:\Documents and Settings\branko\Application Data\rhc7daj0e99p
2008-06-27 15:22 . 2008-06-27 15:22 109,056 --a------ C:\WINDOWS\system32\lphc3daj0e99p.exe
2008-06-27 15:22 . 2008-06-27 16:03 60,928 --a------ C:\WINDOWS\system32\blphc3daj0e99p.scr
2008-06-24 14:59 . 2008-06-24 15:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 13:14 . 2008-06-24 13:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 13:14 . 2008-06-24 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-23 14:10 . 2008-06-23 14:10 <DIR> d-------- C:\Program Files\MSECache
2008-06-19 15:45 . 2008-06-20 11:57 <DIR> d-------- C:\Program Files\Just Sudoku
2008-06-18 11:03 . 2008-06-19 15:43 <DIR> d-------- C:\Program Files\Sudoku XP
2008-06-10 17:51 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-06-10 17:51 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-06-10 11:58 . 2008-06-10 14:30 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-10 11:58 . 2008-06-10 11:58 681 --a------ C:\WINDOWS\mozver.dat
2008-06-10 10:52 . 2008-06-10 10:53 <DIR> d-------- C:\Garmin
2008-05-31 11:39 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-27 17:28 . 2008-06-27 16:52 16 --a------ C:\WINDOWS\popcinfo.dat
2008-05-27 17:24 . 2008-05-27 17:24 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-27 17:24 . 2008-06-27 16:07 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe
2008-05-27 17:00 . 2008-05-27 17:00 <DIR> d-------- C:\games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 15:02 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-27 15:02 --------- d-----w C:\Documents and Settings\branko\Application Data\OpenOffice.org2
2008-06-10 08:50 --------- d-----w C:\Program Files\navigator
2008-05-15 11:35 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-05-13 11:09 --------- d-----w C:\Program Files\SoftwareDesign
2008-05-13 11:09 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-05-13 10:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-05-13 10:39 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-05-13 10:39 --------- d-----w C:\Program Files\PosLink
2008-05-13 10:15 --------- d-----w C:\Documents and Settings\branko\Application Data\ImgBurn
2008-05-13 10:14 --------- d-----w C:\Program Files\ImgBurn
2008-05-13 10:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 10:12 --------- d-----w C:\Program Files\Java
2008-05-13 10:12 --------- d-----w C:\Program Files\Common Files\Java
2008-05-13 09:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-13 09:30 --------- d-----w C:\Program Files\Symantec
2008-05-13 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-13 09:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 09:19 --------- d-----w C:\Program Files\Attansic
2008-05-13 09:16 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-13 09:16 --------- d-----w C:\Program Files\Realtek
2008-05-13 09:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-13 09:12 --------- d-----w C:\Program Files\Intel
2008-05-13 09:04 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-16 17:39 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-16 17:41 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-16 17:38 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\branko\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc3daj0e99p]
--a------ 2008-06-27 15:22 109056 C:\WINDOWS\system32\lphc3daj0e99p.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc7daj0e99p]
C:\Program Files\rhc7daj0e99p\rhc7daj0e99p.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-11-01 13:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17bb1605-30ae-11dd-944e-001d6033eb03}]
\Shell\AutoRun\command - G:\i.exe
\Shell\explore\Command - G:\i.exe
\Shell\open\Command - G:\i.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45437714-28a3-11dd-9442-001d6033eb03}]
\Shell\AutoRun\command - InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45437732-28a3-11dd-9442-001d6033eb03}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9de6e4-317d-11dd-9451-001d6033eb03}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{657d503c-2e1c-11dd-944b-001d6033eb03}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab7d3c6e-2b12-11dd-9444-001d6033eb03}]
\Shell\AutoRun\command - InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 19:07:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-27 19:07:45
ComboFix-quarantined-files.txt 2008-06-27 17:07:43
Pre-Run: 35,490,652,160 bytes free
Post-Run: 36,037,066,752 bytes free
126
Dopuna: 27 Jun 2008 21:09
Bobby,pazi sad.Na gornjoj slici vidish procese koje sam iskljucio.Te procese sam obrisao u system32 folderu (bio je u exe varijanti) i u program files ali i dalje kada pustim normalan start up programa (odblokiram ih) ponovo mi se pojavi na desktopu da mi je racunar zarazen i da bla bla bla...Jel mi mozes pomoci da ga isecemo u korenu?
|
|
|
|
|
|
|
|
|
Poslao: 28 Jun 2008 09:11
|
offline
- milosh86
- Građanin
- Pridružio: 02 Jan 2006
- Poruke: 232
|
Nisam u kancelariji vishe ali do zaraze je doslo tako sto je koleginica skidala neshto i samo je pozvala i ono ,please help.G drajv koliko ja znam ne postoji ,mislim nista nije prikaceno na komp.Mozda je napravljen neki virtual drajv.
Hvala ti na uputstvima,odradicu ih sutra kada odem na posao.Javicu kako je proslo.Hvala ti jos jednom!
Dopuna: 28 Jun 2008 9:11
Evo loga posle ciscenja:
ComboFix 08-06-20.4 - branko 2008-06-28 9:07:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.565 [GMT 2:00]
Running from: C:\Documents and Settings\branko\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\branko\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
C:\WINDOWS\system32\blphc3daj0e99p.scr
C:\WINDOWS\system32\lphc3daj0e99p.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\branko\Application Data\rhc7daj0e99p
C:\WINDOWS\system32\blphc3daj0e99p.scr
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
2008-06-27 19:36 . 2008-06-27 19:36 90,838 --a------ C:\WINDOWS\system32\phc3daj0e99p.bmp
2008-06-27 18:56 . 2008-06-27 18:56 <DIR> d-------- C:\WINDOWS\Sun
2008-06-27 18:56 . 2008-06-27 18:56 <DIR> d-------- C:\Documents and Settings\branko\Application Data\bang
2008-06-24 14:59 . 2008-06-24 15:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 13:14 . 2008-06-24 13:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 13:14 . 2008-06-24 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-23 14:10 . 2008-06-23 14:10 <DIR> d-------- C:\Program Files\MSECache
2008-06-19 15:45 . 2008-06-20 11:57 <DIR> d-------- C:\Program Files\Just Sudoku
2008-06-18 11:03 . 2008-06-19 15:43 <DIR> d-------- C:\Program Files\Sudoku XP
2008-06-10 17:51 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-06-10 17:51 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-06-10 11:58 . 2008-06-10 14:30 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-10 11:58 . 2008-06-10 11:58 681 --a------ C:\WINDOWS\mozver.dat
2008-06-10 10:52 . 2008-06-10 10:53 <DIR> d-------- C:\Garmin
2008-05-31 11:39 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 06:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-28 06:57 --------- d-----w C:\Documents and Settings\branko\Application Data\OpenOffice.org2
2008-06-27 14:07 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-06-10 08:50 --------- d-----w C:\Program Files\navigator
2008-05-27 15:24 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-15 11:35 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-05-13 11:09 --------- d-----w C:\Program Files\SoftwareDesign
2008-05-13 11:09 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-05-13 10:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-05-13 10:39 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-05-13 10:39 --------- d-----w C:\Program Files\PosLink
2008-05-13 10:15 --------- d-----w C:\Documents and Settings\branko\Application Data\ImgBurn
2008-05-13 10:14 --------- d-----w C:\Program Files\ImgBurn
2008-05-13 10:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 10:12 --------- d-----w C:\Program Files\Java
2008-05-13 10:12 --------- d-----w C:\Program Files\Common Files\Java
2008-05-13 09:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-13 09:30 --------- d-----w C:\Program Files\Symantec
2008-05-13 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-13 09:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 09:19 --------- d-----w C:\Program Files\Attansic
2008-05-13 09:16 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-13 09:16 --------- d-----w C:\Program Files\Realtek
2008-05-13 09:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-13 09:12 --------- d-----w C:\Program Files\Intel
2008-05-13 09:04 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-16 17:39 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-16 17:41 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-16 17:38 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\branko\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-11-01 13:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45437714-28a3-11dd-9442-001d6033eb03}]
\Shell\AutoRun\command - InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9de6e4-317d-11dd-9451-001d6033eb03}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab7d3c6e-2b12-11dd-9444-001d6033eb03}]
\Shell\AutoRun\command - InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 09:08:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-28 9:08:52
ComboFix-quarantined-files.txt 2008-06-28 07:08:50
Pre-Run: 36,074,668,032 bytes free
Post-Run: 36,069,793,792 bytes free
115
|
|
|
|
|
|
|
|
|
Poslao: 28 Jun 2008 10:12
|
offline
- milosh86
- Građanin
- Pridružio: 02 Jan 2006
- Poruke: 232
|
Sve sada deluje ok,u msconfigu se vise ne pojavljuju na start up-u.Opet si mi resio problem i po o zna koji put ti dugujem pice!A i koleginica ti duguje neshto:)
Ako nekada dodjes u BG javi se da popijemo ta pica!
Evo loga i HVALA
ComboFix 08-06-20.4 - branko 2008-06-28 10:06:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.536 [GMT 2:00]
Running from: C:\Documents and Settings\branko\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\branko\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\phc3daj0e99p.bmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\phc3daj0e99p.bmp
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
2008-06-27 18:56 . 2008-06-27 18:56 <DIR> d-------- C:\WINDOWS\Sun
2008-06-27 18:56 . 2008-06-27 18:56 <DIR> d-------- C:\Documents and Settings\branko\Application Data\bang
2008-06-24 14:59 . 2008-06-24 15:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 13:14 . 2008-06-24 13:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 13:14 . 2008-06-24 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-23 14:10 . 2008-06-23 14:10 <DIR> d-------- C:\Program Files\MSECache
2008-06-19 15:45 . 2008-06-20 11:57 <DIR> d-------- C:\Program Files\Just Sudoku
2008-06-18 11:03 . 2008-06-19 15:43 <DIR> d-------- C:\Program Files\Sudoku XP
2008-06-10 17:51 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-06-10 17:51 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-06-10 11:58 . 2008-06-10 14:30 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-10 11:58 . 2008-06-10 11:58 681 --a------ C:\WINDOWS\mozver.dat
2008-06-10 10:52 . 2008-06-10 10:53 <DIR> d-------- C:\Garmin
2008-05-31 11:39 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 07:28 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-28 07:28 --------- d-----w C:\Documents and Settings\branko\Application Data\OpenOffice.org2
2008-06-27 14:07 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-06-10 08:50 --------- d-----w C:\Program Files\navigator
2008-05-27 15:24 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-15 11:35 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-05-13 11:09 --------- d-----w C:\Program Files\SoftwareDesign
2008-05-13 11:09 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-05-13 10:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-05-13 10:39 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-05-13 10:39 --------- d-----w C:\Program Files\PosLink
2008-05-13 10:15 --------- d-----w C:\Documents and Settings\branko\Application Data\ImgBurn
2008-05-13 10:14 --------- d-----w C:\Program Files\ImgBurn
2008-05-13 10:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 10:12 --------- d-----w C:\Program Files\Java
2008-05-13 10:12 --------- d-----w C:\Program Files\Common Files\Java
2008-05-13 09:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-13 09:30 --------- d-----w C:\Program Files\Symantec
2008-05-13 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-13 09:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 09:19 --------- d-----w C:\Program Files\Attansic
2008-05-13 09:16 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-13 09:16 --------- d-----w C:\Program Files\Realtek
2008-05-13 09:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-13 09:12 --------- d-----w C:\Program Files\Intel
2008-05-13 09:04 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-06-28_ 9.08.45.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 06:56:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 07:28:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-16 17:39 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-16 17:41 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-16 17:38 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\branko\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-11-01 13:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45437714-28a3-11dd-9442-001d6033eb03}]
\Shell\AutoRun\command - InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9de6e4-317d-11dd-9451-001d6033eb03}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab7d3c6e-2b12-11dd-9444-001d6033eb03}]
\Shell\AutoRun\command - InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 10:07:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-28 10:07:56
ComboFix-quarantined-files.txt 2008-06-28 08:07:54
ComboFix2.txt 2008-06-28 07:08:53
Pre-Run: 36,051,984,384 bytes free
Post-Run: 36,047,663,104 bytes free
117
|
|
|
|
|
|
|
|
