MyCity » Ambulanta -> Arhiva Ambulante » strasno usporen komp.

strasno usporen komp.

Napisano na dan: 17.1.2009
2

strasno usporen komp.
Pagination Prethodna strana
Sledeća strana Pagination

Idi na vrh

Poslao: 17 Jan 2009 20:00
Idi na vrh
offline
  • Brano  Male
  • Super građanin
  • Pridružio: 26 Dec 2008
  • Poruke: 1428
  • Gde živiš: Bijeljina

uradjeno :

[Link mogu videti samo ulogovani korisnici]


[Link mogu videti samo ulogovani korisnici]



Poslao: 17 Jan 2009 23:18
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Komplikovano...

Jesi li imao instaliran Norton antivirus pre ovog McAfeea?


Uradi sledece:
Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\srvany.exe

Driver::
Teaacsrv
SurferService

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Poslao: 17 Jan 2009 23:54
Idi na vrh
offline
  • Brano  Male
  • Super građanin
  • Pridružio: 26 Dec 2008
  • Poruke: 1428
  • Gde živiš: Bijeljina

Uradjeno, ne Norton nikada nije bio na ovom kompu.

evo log:

ComboFix 09-01-17.03 - user 2009-01-17 23:28:15.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.78 [GMT 1:00]
Running from: d:\programi\skeniranje virusa\New Folder\ComboFix.exe
Command switches used :: d:\programi\skeniranje virusa\New Folder\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\srvany.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\srvany.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SURFERSERVICE
-------\Service_SurferService
-------\Service_Teaacsrv


((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-14 17:08 . 2009-01-14 17:08 144 --a------ c:\windows\Eudcedit.ini
2009-01-12 23:12 . 2009-01-15 00:26 249,856 --------- c:\windows\Setup1.exe
2009-01-12 23:12 . 2009-01-15 00:26 73,216 --a------ c:\windows\ST6UNST.EXE
2009-01-12 23:06 . 2009-01-12 23:06 <DIR> d-------- c:\windows\system32\Adobe
2009-01-08 21:42 . 2008-12-11 12:57 333,184 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-08 21:30 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\windows\Logs
2008-12-23 17:46 . 2008-12-23 18:05 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-12-23 17:46 . 2008-12-23 18:12 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-23 17:46 . 2008-12-23 18:12 111,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-12-23 17:46 . 2008-12-23 18:05 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-12-23 17:46 . 2008-12-23 18:05 22,328 --a------ c:\documents and settings\user\Application Data\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 22:36 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-01-17 22:30 --------- d-----w c:\documents and settings\user\Application Data\Skype
2009-01-11 13:39 --------- d-----w c:\program files\Windows Live
2009-01-10 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-10 21:06 --------- d-----w c:\program files\BlazeVideo
2009-01-10 19:20 --------- d-----w c:\program files\Lx_cats
2009-01-06 10:16 88 --sh--r c:\documents and settings\All Users\Application Data\6F79CCAF5C.sys
2009-01-06 10:16 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-12-23 17:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 21:30 --------- d-----w c:\documents and settings\user\Application Data\FaxCtr
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-19 17:27 14,298 ----a-w c:\program files\settings.dat
2006-11-14 07:42 152 --sh--r c:\windows\system32\495B68E769.sys
2007-04-07 09:30 8 --sh--r c:\windows\system32\8AF25EAEB4.sys
2007-04-06 22:38 56 --sh--r c:\windows\system32\B4AE5EF28A.sys
2007-05-24 11:30 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],57 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2008-04-17 19:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2009-01-17 12:12:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-17 21:18:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-17 12:12:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-17 21:18:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-11-24 40960]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\user\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"d:\\programi\\bluetooth adapter\\BlueSoleil.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-01-29 24786]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-05-14 3026]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-01-29 45534]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys --> c:\windows\system32\DRIVERS\gflmouhid.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-616249376-2147069159-1003.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 10:53]

2008-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-06-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-09 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-03 22:39]

2008-05-03 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-03 22:39]

2008-05-07 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 08:50]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\2gbr11hg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-01-17 23:37:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
d:\programi\bluetooth adapter\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\lxcgcoms.exe
c:\windows\system32\msiexec.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-01-17 23:45:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-17 22:44:09
ComboFix2.txt 2009-01-17 15:23:00
ComboFix3.txt 2008-02-09 20:06:37

Pre-Run: 1.767.706.624 bytes free
Post-Run: 1,770,991,616 bytes free

198 --- E O F --- 2009-01-14 23:35:18

Poslao: 17 Jan 2009 23:59
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zanimljivo, kazes da Norton nije bio instaliran...

Mozes li mi onda na proveru poslati sledece fajlove:
C:\NAVENG.SYS
C:\NAVEX15.SYS
C:\Program Files\Norton AntiVirus\SAVRT.SYS

Upload uradi preko sledece forme:
[Link mogu videti samo ulogovani korisnici]

Poslao: 18 Jan 2009 00:21
Idi na vrh
offline
  • Brano  Male
  • Super građanin
  • Pridružio: 26 Dec 2008
  • Poruke: 1428
  • Gde živiš: Bijeljina

Siguran sam da nije bio instaliran....

fajlove koje si napisao ne mogu da nadjem!

U C:\Program Files-u uopste nema norton Antivirus-a, evo slikao sam pa vidi, takodje sam isao i na pretragu i nije nasao Norton Antivirus ??


Poslao: 18 Jan 2009 00:33
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ovo ce morati da prespava. Treba mi da smislim nacina da izadjem sa ovim na kraj.
GMER kaze da ti fajlovi postoje, i da su pokrenuti kao servisi.
Moram da vidim kako mogu da im pridjem.

Javljam se sutra, nakon sto pogledam i sa kolegama da vidim ima li ko ideju.

Poslao: 18 Jan 2009 00:35
Idi na vrh
offline
  • Brano  Male
  • Super građanin
  • Pridružio: 26 Dec 2008
  • Poruke: 1428
  • Gde živiš: Bijeljina

Ok nastavljamo sutra..........

Poslao: 18 Jan 2009 18:50
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
SAVRT
NAVENG
NAVEX15

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Javi mi da li je to imalo uticaja, tj. da li je pomoglo.

Poslao: 18 Jan 2009 19:33
Idi na vrh
offline
  • Brano  Male
  • Super građanin
  • Pridružio: 26 Dec 2008
  • Poruke: 1428
  • Gde živiš: Bijeljina

Jeste imalo uticaja, dosta je brzi.....

Evo log:

ComboFix 09-01-17.03 - user 2009-01-18 19:00:14.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.101 [GMT 1:00]
Running from: d:\programi\skeniranje virusa\New Folder\ComboFix.exe
Command switches used :: d:\programi\skeniranje virusa\New Folder\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NAVENG
-------\Service_NAVEX15
-------\Service_SAVRT


((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-18 18:55 . 2009-01-18 18:56 <DIR> d-------- C:\32788R22FWJFW
2009-01-14 17:08 . 2009-01-14 17:08 144 --a------ c:\windows\Eudcedit.ini
2009-01-12 23:12 . 2009-01-15 00:26 249,856 --------- c:\windows\Setup1.exe
2009-01-12 23:12 . 2009-01-15 00:26 73,216 --a------ c:\windows\ST6UNST.EXE
2009-01-12 23:06 . 2009-01-12 23:06 <DIR> d-------- c:\windows\system32\Adobe
2009-01-08 21:42 . 2008-12-11 12:57 333,184 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-08 21:30 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\windows\Logs
2008-12-23 17:46 . 2008-12-23 18:05 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-12-23 17:46 . 2008-12-23 18:12 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-23 17:46 . 2008-12-23 18:12 111,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-12-23 17:46 . 2008-12-23 18:05 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-12-23 17:46 . 2008-12-23 18:05 22,328 --a------ c:\documents and settings\user\Application Data\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 18:11 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-01-18 17:44 --------- d-----w c:\documents and settings\user\Application Data\Skype
2009-01-11 13:39 --------- d-----w c:\program files\Windows Live
2009-01-10 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-10 21:06 --------- d-----w c:\program files\BlazeVideo
2009-01-10 19:20 --------- d-----w c:\program files\Lx_cats
2009-01-06 10:16 88 --sh--r c:\documents and settings\All Users\Application Data\6F79CCAF5C.sys
2009-01-06 10:16 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-12-23 17:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 21:30 --------- d-----w c:\documents and settings\user\Application Data\FaxCtr
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2006-11-14 07:42 152 --sh--r c:\windows\system32\495B68E769.sys
2007-04-07 09:30 8 --sh--r c:\windows\system32\8AF25EAEB4.sys
2007-04-06 22:38 56 --sh--r c:\windows\system32\B4AE5EF28A.sys
2007-05-24 11:30 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],57 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2008-04-17 19:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2009-01-17 12:12:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-18 13:47:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-17 12:12:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-18 13:47:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-11-24 40960]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 185896]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\user\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"d:\\programi\\bluetooth adapter\\BlueSoleil.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-01-29 24786]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-05-14 3026]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-01-29 45534]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys --> c:\windows\system32\DRIVERS\gflmouhid.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-616249376-2147069159-1003.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 10:53]

2008-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-06-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-09 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-03 22:39]

2008-05-03 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-03 22:39]

2008-05-07 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 08:50]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\2gbr11hg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-01-18 19:12:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
d:\programi\bluetooth adapter\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\windows\system32\msiexec.exe
c:\windows\system32\lxcgcoms.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-01-18 19:20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-18 18:19:07
ComboFix2.txt 2009-01-17 22:45:37
ComboFix3.txt 2009-01-17 15:23:00
ComboFix4.txt 2008-02-09 20:06:37

Pre-Run: 1.779.040.256 bytes free
Post-Run: 1,763,786,752 bytes free

196 --- E O F --- 2009-01-14 23:35:18

Poslao: 18 Jan 2009 19:46
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Sta imas u sledecem folderu:
C:\32788R22FWJFW
?

napravi mi screenshot ukoliko ima previse fajlova.

Dopuna: 18 Jan 2009 19:46

Ne mora da trazis, saznao sam koji je to folder i od cega je.

Hajmo ovako.
Ja sam na forumu do 10 veceras.
Javi mi se oko pola deset da mi kazes da li ima jos nekih simptoma.
Ako nema, da dovrsimo ciscenje (uklonimo ostatke).

MyCity » Ambulanta -> Arhiva Ambulante » strasno usporen komp.

Ko je trenutno na forumu
 

Ukupno su 1066 korisnika na forumu :: 71 registrovanih, 5 sakrivenih i 990 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, ajo baba, Aleksa 3215, Banovo Brdo, Bobrock1, Boris90, brkan1, coaaco, Dannyboy, Dare, Denaya, Dimitrije Paunovic, Dimitrise93, Django777, djukapfc, DonRumataEstorski, Georgius, GveX, Haris, Igor Antonic, Inner-Cell, ivan979, Jakonjveliki, Joja, Još malo pa deda, kinez88, Kobrim, krkalon, Krusarac, kybonacci, Lieutenant, luka35, M1los, Macalone, maksi007, Marko Marković, Mercury, mgolub, MiG-29M2, mikrimaus, milenko crazy north, milimoj, milos.cbr, mkukoleca, nazgul75, Ne doznajem se u oružje, nebojsag, nextyamb, nobutado, opt1, pein, Polemarchoi, Povratak1912, predragc, repac, rodoljub, rovac, Rusmir, samocitam, saputnik plavetnila, Silvertooth, StepskiVuk, Strasni JA, Tas011, tooljan, trajkoni018, vidra boy, vobo, zajcev1, zastavnik, |_MeD_|