Jako spor ADSL

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo odradio sam prema uputstvu i evo Log Combofixa po zavrsetki operacije,da dodam jos jedno koristim za mail program IncrediMail i kad kliknem na ikonu da se otovi pojavi se pescani satic samo na momenat i onda nestane a program se ne pokrene isto tako i sa msn hotmail mailom kad kliknem na ikonicu u msn-u da proverim mail jednostavno se nista ne desava kao da nije aktivno a sve je do juce uvece ok radilo.Log>

ComboFix 08-09-04.08 - Aca 2008-09-05 10:09:51.2 - NTFSx86

Running from: C:\Documents and Settings\Aca\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aca\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-04 21:47 . 2008-09-04 22:03 <DIR> d-------- C:\Program Files\eMule
2008-09-04 19:51 . 2008-09-05 09:47 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-03 21:38 . 2008-09-03 21:38 <DIR> d-------- C:\Program Files\Sun
2008-09-03 19:23 . 2008-09-03 19:23 <DIR> d-------- C:\Documents and Settings\Aca\Application Data\Malwarebytes
2008-09-03 19:23 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 19:22 . 2008-09-03 19:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 19:22 . 2008-09-03 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-03 19:22 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-03 18:49 . 2008-09-03 18:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 18:43 . 2008-09-03 18:43 <DIR> d-------- C:\Program Files\VS Revo Group
2008-08-30 20:18 . 2008-08-30 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-08-30 20:17 . 2008-08-30 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 22:01 --------- d-----w C:\Documents and Settings\Aca\Application Data\uTorrent
2008-09-04 18:52 --------- d-----w C:\Program Files\IncrediMail
2008-09-04 08:20 --------- d-----w C:\Program Files\Java
2008-09-02 23:02 --------- d-----w C:\Program Files\FlashGet
2008-08-31 20:28 --------- d-----w C:\Documents and Settings\Aca\Application Data\Skype
2008-08-27 12:23 --------- d-----w C:\Program Files\LockyScript
2008-07-15 19:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 13:39 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-07-08 12:15 --------- d-----w C:\Documents and Settings\Aca\Application Data\AdobeUM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"CapFax"="C:\Program Files\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 33792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-28 77824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MMTrayLSI"="MMTrayLSI.exe" [2002-12-15 C:\WINDOWS\system32\MMTrayLSI.exe]
"MMTray2K"="MMTray2k.exe" [2002-12-15 C:\WINDOWS\system32\MMTray2k.exe]
"MMTray"="MMTray.exe" [2002-12-15 C:\WINDOWS\system32\MMTray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-28 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2005-04-12 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"vidc.iv50"= C:\WINDOWS\system32\ir50_32.dll
"vidc.vixl"= Miroxl32.dll
"vidc.mmes"= DigiVCap.dll
"vidc.ipdv"= idvcodec.dll
"vidc.pdvc"= idvcodec.dll
"vidc.gpeg"= GPEG.dll
"vidc.glzw"= GLZW.dll
"vidc.em2v"= ETXCodec.dll
"MSVideo"= DPSVidCap.drv
"vidc.dps0"= DpsAviCC.dll
"VIDC.AP41"= APmpg4v1.dll
"vidc.advs"= Dvc.dll
"vidc.rt21"= IR21_R.DLL
"vidc.ir21"= IR21_R.DLL
"vidc.fljp"= MMTVMJ.dll
"vidc.tvmj"= MMTVMJ.dll
"vidc.mj2c"= M3JP2K32.dll
"vidc.mszh"= avimszh.dll
"vidc.zlib"= avizlib.dll
"vidc.avrn"= AvidAVICodec.dll
"vidc.dvma"= dvicmau.dll
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.hfyu"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.dmb1"= m3jpeg32.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dcmj"= MCMJPG32.DLL
"vidc.mwv1"= icmw_32.dll
"vidc.pimj"= pvljpg20.dll
"vidc.mjpx"= pvmjpg21.dll
"vidc.pvw2"= pvwv220.dll
"vidc.bt20"= btvvc32.drv
"vidc.y41p"= btvvc32.drv
"vidc.rud0"= rududu.dll
"vidc.cdvc"= CSCCDVC.DLL
"vidc.ddvc"= CSCdvsd.DLL
"vidc.vcr1"= ativcr1.dll
"vidc.vcr2"= ativcr2.dll
"vidc.asv1"= asusasv1.dll
"vidc.asv2"= asusasv2.dll
"vidc.yv12"= yv12vfw.dll
"msacm.pcdv"= pcdv.acm
"msacm.dvmpega"= dvacmau.dll
"msacm.qmpeg"= qmpeg.acm
"msacm.imc"= IMC32.ACM
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
"msacm.divxa32"= DivXa32.acm
"vidc.nt00"= NTCodec.dll
"vidc.vp31"= vp31vfw.dll
"vidc.mjpa"= rtmjpgcdc.dll
"vidc.frwu"= frwu.dll
"vidc.frwd"= frwd.dll
"vidc.frwt"= frwt.dll
"vidc.s422"= tekyuv.dll
"vidc.cyuv"= yuvcodec.dll
"vidc.sjpg"= pmjpeg32.dll
"vidc.wnv1"= WNVPLAY1.DLL
"vidc.rmp4"= rmp4.dll
"vidc.sony"= sonydv.dll
"vidc.miro"= mirodv2avi.dll
"vidc.dv25"= DigiVCap.dll
"vidc.dv50"= DigiVCap.dll
"vidc.msmc"= DigiVCap.dll
"vidc.mmjp"= DigiVCap.dll
"vidc.3ivx"= 3ivxVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LockyScript\\mirc.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"E:\\utorrent.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ea685d8-dc06-11dc-be0d-004f6300dabe}]
\Shell\AutoRun\command - H:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-05 10:11:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-05 10:14:18
ComboFix-quarantined-files.txt 2008-09-05 08:13:31
ComboFix2.txt 2008-09-03 20:05:48

Pre-Run: 12,595,974,144 bytes free
Post-Run: 12,872,515,584 bytes free

185 --- E O F --- 2007-11-30 14:28:49

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Log sada izgleda OK.
Sto se tice Incredimaila, probaj da ga ponovo instaliras.
Sto se tice Messengera, nisam siguran da ce to lepo da uradi ukoliko ti nije IE default browser. Probaj da podesis da ti IE bude default browser.

Inace, vidim da koristis neki preradjeni mIRC (takozvane skripte). Izbegavaj to. Vecina skripti ima skrivene funkcije koje su cesto zasluzne za zaraze. Bolje deinstaliraj to i instaliraj obican mIRC.