Sta mi se desava

3

Sta mi se desava

offline
  • Pridružio: 18 Feb 2008
  • Poruke: 987
  • Gde živiš: na putu za jedno ostrvo

ComboFix 08-07-04.1 - Administrator 2008-07-04 22:30:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT 2:00]
Running from: D:\ZA CUVANJE\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-04 12:54 . 2008-07-04 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime
2008-07-04 12:52 . 2008-07-04 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-30 17:28 . 2008-06-30 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 17:27 . 2008-06-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 10:04 . 2008-06-26 10:04 268 --ah----- C:\sqmdata00.sqm
2008-06-26 10:04 . 2008-06-26 10:04 244 --ah----- C:\sqmnoopt00.sqm
2008-06-18 18:09 . 2008-06-18 18:21 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-18 18:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-18 18:08 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-18 18:08 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-18 18:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-18 18:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-18 18:08 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-11 21:11 . 2008-06-11 21:18 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-11 21:09 . 2008-06-18 18:22 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-11 20:53 . 2008-06-16 21:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 20:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-07-04 17:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\mIRC
2008-07-04 17:38 --------- d-----w C:\Program Files\mIRC
2008-07-04 11:09 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 11:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-30 15:29 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 15:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-09 19:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-06-03 13:56 --------- d-----w C:\Program Files\AVG
2008-06-03 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-14 18:51 0 ----a-w C:\Program Files\temp01
.

------- Sigcheck -------

2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2GDR\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\SP2QFE\tcpip.sys
2004-06-17 11:00 360448 65c34c093e839505636954ead50fa315 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-12 17:42 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 13:09 1232152]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 18:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 13:09]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 13:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f95a11-c830-11dc-9a01-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - NLSVC
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 22:33:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-04 22:36:22
ComboFix-quarantined-files.txt 2008-07-04 20:35:20

Pre-Run: 13,860,118,528 bytes free
Post-Run: 14,716,846,080 bytes free

116

Dopuna: 05 Jul 2008 14:40

---------------------------------------------------------------------------------
Ovo je prepiska iz druge teme, ali je vezana za ovo (prvi pasus se odnosi na NetLimiter). Mozda ti ovo da neku ideju.

"Onaj prvi sa spiska mi je blokirao sve zivo, pa i net. Skinula sam onaj treci, Monitor. E, on kaze, recimo, da je protok interneta 40 mb (ne kaze za koje programe), a ja dobijem izvestaj od sbb-a da je potroseno 54. Juce je jedino potrosnja bila 20 umesto 50 mb, ali i to je mnogo, jer ja trosim najvise 10 ovih dana.

Listajuci kompjuter, najpre na particiji D nadjem folder koji ne znam sta je, MSOCache. Otvorim, pise nesto all users. Posto su tu stvari koje ja stavljam, znam sta ima. Ostavila sam da ga kasnije detaljno proucim i nastavila da radim zapoceto. Vratim se tamo njega nema. Kasnije, rasciscavajuci komp nadjem neki programcic, startujem instalaciju i kad htedoh da kliknem na save, pojavi se taj isti MSOCache na particiji C. Lepo, kazem ja. Otvorim ja particiju C, njega nema. Odem na search, ne postoji. STA JE, DAKLE, TO? "

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nisam zaboravio na temu.
Lupamo glavu svi redom iz tima, i niko ovde ne vidi nista maliciozno.
MSOCache je folder koji se formira tokom MS Office updatea, i zaista bude formiran na vise particija.

Sto se tice torrent programa, jos uvek ga imas instaliranog:
C:\Program Files\DNA\
i ukljucuje ti se zajedno sa Windowsom, tako da postoji verovatnoca da ti on pravi protok.

Ko je trenutno na forumu
 

Ukupno su 1098 korisnika na forumu :: 53 registrovanih, 9 sakrivenih i 1036 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., airsuba, babaroga, Bobrock1, Boris90, cemix, CrazyDiablo, damirZR, Dannyboy, Darko8, Denaya, dolinalima, Dorcolac, DPera, dule10savic, Hans Gajger, HrcAk47, ikan, ivan1973, jukeboxer, Koja79, kovinacc, Kubovac, kunktator, kybonacci, Leonov, Marko Marković, mercedesamg, milenko crazy north, milimoj, Millennium, MrNo, Naum T, ObicanUser, ostoja, ozzy, Panter, pein, powSrb, predragc, sasa87, savaskytec, ser.hill, sevenino, Sir Budimir, styg, tomigun, Tvrtko I, vathra, virked, Volkhov-M, Wrangler