URADEO SAM KAKO SI MI NAPISAO I OVO MI JE LOG :
ComboFix 09-04-04.01 - Foto SELMA 2009-04-08 12:25:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1470 [GMT 2:00]
Running from: c:\documents and settings\Foto SELMA\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
c:\windows\hosts
c:\windows\system32\Config.ini
D:\Autorun.inf
G:\autorun.inf
K:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.
2009-04-08 12:20 . 2009-04-08 12:23 30,660 --a------ c:\documents and settings\Foto SELMA\mscupdate.exe
2009-04-08 12:10 . 2009-04-08 12:22 22,484 --a------ c:\documents and settings\Foto SELMA\apow32.exe
2009-04-08 11:45 . 2009-04-08 11:45 27,083 --a------ c:\documents and settings\Foto SELMA\msesrv.exe
2009-04-08 11:41 . 2009-04-08 11:41 24,017 --a------ c:\documents and settings\Foto SELMA\msmp3.exe
2009-04-07 20:25 . 2009-04-08 11:40 28,616 --a------ c:\documents and settings\Foto SELMA\opti.exe
2009-04-07 18:56 . 2009-04-07 18:56 245,636 --ah----- c:\windows\system32\mlfcache.dat
2009-04-07 18:53 . 2008-11-20 21:19 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-04-07 18:53 . 2008-11-20 21:19 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-07 18:52 . 2009-04-07 18:52 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-04-07 18:52 . 2009-04-07 18:52 <DIR> d-------- c:\program files\Google
2009-04-07 13:52 . 2009-04-07 13:52 17,829 --a------ c:\windows\system32\drivers\hosts
2009-04-07 11:27 . 2009-04-08 11:40 8,176 --a------ c:\documents and settings\Foto SELMA\plt32.exe
2009-04-06 11:32 . 2009-04-06 11:32 <DIR> d---s---- c:\documents and settings\Foto SELMA\UserData
2009-04-06 11:15 . 2007-08-29 21:41 36,864 -ra------ c:\windows\system32\drivers\l151x86.sys
2009-04-06 11:10 . 2009-04-06 11:10 16,620 --a------ c:\windows\Ascd_tmp.ini
2009-04-06 09:27 . 2009-04-06 09:27 <DIR> d-------- c:\documents and settings\Foto SELMA\Application Data\ACD Systems
2009-04-03 19:50 . 2009-04-03 19:50 <DIR> d-------- c:\documents and settings\Foto SELMA\Application Data\EPSON
2009-04-03 19:44 . 2003-12-12 09:30 855,542 -ra------ c:\windows\system32\drivers\mosuport.sys
2009-04-03 19:44 . 2003-12-12 11:38 270,336 -ra------ c:\windows\system32\MosUsbSerial.exe
2009-04-03 19:44 . 2003-12-12 11:23 237,568 -ra------ c:\windows\system32\MosUSBParallel.exe
2009-04-03 19:44 . 2003-12-12 11:35 65,536 -ra------ c:\windows\system32\MosUSBSerPropPage.dll
2009-04-03 19:44 . 2003-12-12 11:30 65,536 -ra------ c:\windows\system32\MosUSBParPropPage.dll
2009-04-03 19:44 . 2003-12-12 09:12 28,672 -ra------ c:\windows\system32\dbgmsgcfg.dll
2009-04-03 19:30 . 2003-12-12 09:12 305,344 -ra------ c:\windows\system32\monitor.exe
2009-04-03 19:30 . 2003-12-12 09:25 249,856 -ra------ c:\windows\system32\MosUnst.exe
2009-04-03 19:30 . 2004-09-28 06:46 245,760 -ra------ c:\windows\system32\MosUSer.exe
2009-04-03 19:30 . 2004-09-28 06:46 229,376 -ra------ c:\windows\system32\MosUPar.exe
2009-04-03 19:30 . 2006-05-05 00:26 144,756 -ra------ c:\windows\system32\mosUsbSr.sys
2009-04-03 19:30 . 2004-09-28 06:47 140,407 -ra------ c:\windows\system32\MCSENUM.vxd
2009-04-03 19:30 . 2004-09-17 06:15 18,496 -ra------ c:\windows\system32\drivers\DbgMsg9X.sys
2009-04-03 19:30 . 2004-09-28 06:49 8,720 -ra------ c:\windows\system32\MOSUSRPT.vxd
2009-04-03 19:30 . 2004-09-28 06:49 8,670 -ra------ c:\windows\system32\MOSUPRPT.vxd
2009-04-03 19:30 . 2003-09-05 10:17 6,064 -ra------ c:\windows\system32\MOSUSER.DLL
2009-04-03 19:30 . 2003-09-05 10:15 4,352 -ra------ c:\windows\system32\MOSUPAR.DLL
2009-04-03 19:24 . 2009-04-03 19:24 <DIR> d-------- C:\MosUPPSP
2009-04-03 19:19 . 2005-11-24 04:08 32,768 --a------ c:\windows\system32\ParallelMP.exe
2009-04-03 19:19 . 2005-11-24 01:10 59 --a------ c:\windows\system32\PConfig.ini
2009-04-03 19:19 . 2009-04-03 19:19 0 --a------ c:\windows\MONITOR.INI
2009-04-03 19:12 . 2004-09-28 06:44 233,472 --a------ c:\windows\system32\SerialMP.exe
2009-04-03 19:12 . 2004-09-28 06:47 204,800 --a------ c:\windows\system32\MosUsbPrintConfig.exe
2009-04-03 19:12 . 2003-12-12 09:12 18,240 -ra------ c:\windows\system32\drivers\DbgMsg.sys
2009-04-03 19:09 . 2009-04-03 19:09 <DIR> d-------- c:\program files\Atheros Communications Inc
2009-04-03 19:04 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-04-03 19:04 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-04-03 13:15 . 2009-04-03 13:15 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-04-03 13:15 . 2005-10-21 03:47 30,592 --------- c:\windows\system32\drivers\rndismpx.sys
2009-04-03 13:15 . 2005-10-21 03:47 12,800 --------- c:\windows\system32\drivers\usb8023x.sys
2009-04-03 12:58 . 2009-04-07 13:20 69 --a------ c:\windows\NeroDigital.ini
2009-04-03 12:30 . 2009-04-03 12:30 <DIR> d-------- c:\documents and settings\Foto SELMA\Application Data\ESET
2009-04-03 12:30 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2009-04-03 12:29 . 2009-04-03 12:29 <DIR> d-------- c:\program files\ESET
2009-04-03 12:29 . 2009-04-03 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-20 20:50 . 2009-03-20 20:50 3,358,720 --a------ c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 17:17 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 10:26 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-02 15:26 --------- d-----w c:\program files\Telenor
2009-03-02 15:25 10,368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-02 15:25 --------- d-----w c:\program files\Common Files\ACD Systems
2009-03-02 15:25 --------- d-----w c:\program files\ACD Systems
2009-03-02 15:25 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-02 15:21 --------- d-----w c:\program files\Softwin
2009-03-02 15:21 --------- d-----w c:\program files\Common Files\Softwin
2009-03-02 15:19 --------- d-----w c:\program files\Nero
2009-03-02 15:19 --------- d-----w c:\program files\Common Files\Ahead
2009-03-02 15:19 --------- d-----w c:\documents and settings\Foto SELMA\Application Data\Ahead
2009-03-02 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-02 15:18 --------- d-----w c:\program files\Common Files\Adobe
2009-03-02 15:05 --------- d-----w c:\program files\PDF2Word v1.1
2009-03-02 15:05 --------- d-----w c:\program files\Microsoft.NET
2009-03-02 15:05 --------- d-----w c:\program files\Microsoft Works
2009-03-02 15:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-02 14:57 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-03-02 14:57 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-03-02 14:53 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2009-03-02 14:46 --------- d-----w c:\documents and settings\Foto SELMA\Application Data\ATI
2009-03-02 14:46 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-03-02 14:41 --------- d-----w c:\program files\EPSON Print CD
2009-03-02 14:41 --------- d-----w c:\program files\EPSON
2009-03-02 14:36 --------- d-----w c:\program files\ATI Technologies
2009-03-02 14:27 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-02 14:23 315,392 ----a-w c:\windows\HideWin.exe
2009-03-02 14:23 --------- d-----w c:\program files\Realtek
2009-03-02 14:15 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-04-06 36864]
R3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\drivers\mosuport.sys [2009-04-03 855542]
S3 DBGMSG;DBGMSG;dbgmsg.sys --> dbgmsg.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ADOBE_LM_SERVICE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{256b36b7-2287-11de-8e5f-001e8c9f306f}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74da52df-073a-11de-8e52-00d0b7d54084}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74da52e2-073a-11de-8e52-00d0b7d54084}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b38a36f-0739-11de-a64e-806d6172696f}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b38a370-0739-11de-a64e-806d6172696f}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9804e4d7-20fb-11de-8e5d-00d0b7d54084}]
\Shell\AutoRun\command - H:\
\Shell\open\Command - rundll32.exe .\\jgplv00.dll,InstallM
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-08 12:26:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-08 12:26:37
ComboFix-quarantined-files.txt 2009-04-08 10:26:36
Pre-Run: 21,732,311,040 bytes free
Post-Run: 23,988,854,784 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NoExecute=AlwaysOff /fastdetect
179
www.gps-srbija.co.cc sve za vas GPS uredjaj