Antichrist problem

Antichrist problem

offline
  • Gonz0 
  • Novi MyCity građanin
  • Pridružio: 06 Jul 2008
  • Poruke: 6

imam problem sa antichristom... evo ga log sa combo fixa pa ako neko moze da mi pomogne? hvala unapred!


ComboFix 08-07-05.1 - Ljiljana i Zikica 2008-07-06 16:39:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.300 [GMT 3:00]
Running from: C:\Documents and Settings\Ljiljana i Zikica\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\p4p
C:\Program Files\p4p\Bookmark.ini
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV
C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-06 16:27 . 2008-07-06 16:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-06 16:27 . 2008-07-06 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 13:38 . 2008-07-06 13:43 <DIR> d-------- C:\Downloads
2008-07-05 13:52 . 2008-07-06 11:58 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-07-05 11:01 . 2008-07-06 12:03 4,190 --ahs---- C:\WINDOWS\system32\OEMLOGO.BMP
2008-07-05 11:01 . 2008-07-06 12:03 392 --ahs---- C:\WINDOWS\system32\OEMINFO.INI
2008-07-05 10:35 . 2008-07-05 10:50 <DIR> d-------- C:\Documents and Settings\Ljiljana i Zikica\Application Data\GetRight Pro
2008-07-05 10:34 . 2008-07-06 13:43 <DIR> d-------- C:\Program Files\GetRight
2008-06-06 19:56 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-06 19:56 . 2006-10-26 20:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-06 19:55 . 2008-06-06 19:55 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-06 19:54 . 2008-06-06 19:54 <DIR> d-------- C:\Program Files\MSBuild
2008-06-06 19:53 . 2008-06-06 19:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-06 19:50 . 2008-06-06 19:50 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-06 19:49 . 2008-06-06 19:54 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-06 19:48 . 2008-06-06 19:48 <DIR> dr-h----- C:\MSOCache
2008-06-06 19:48 . 2008-06-06 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-06 02:40 . 2008-06-06 02:40 <DIR> d-------- C:\Program Files\Network Stumbler
2008-06-06 01:38 . 2008-06-06 01:38 <DIR> d-------- C:\Program Files\Guitar Pro 5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 13:44 16,605,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-06 13:42 196,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-06 13:41 2,883,584 ---ha-w C:\Documents and Settings\Ljiljana i Zikica\NTUSER.DAT
2008-07-06 01:35 --------- d-----w C:\Program Files\ESET
2008-07-05 14:12 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Skype
2008-07-05 13:25 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\skypePM
2008-06-04 01:23 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Ahead
2008-06-04 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-04 01:04 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-04 01:02 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-04 01:00 --------- d-----w C:\Program Files\Nero
2008-06-04 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-04 00:51 --------- d-----w C:\Program Files\Windows Live
2008-06-04 00:46 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Winamp
2008-06-04 00:39 --------- d-----w C:\Program Files\Winamp
2008-06-04 00:30 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Media Player Classic
2008-06-04 00:12 --------- d-----w C:\Program Files\Zone Labs
2008-06-04 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-04 00:06 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-04 00:06 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-04 00:06 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-03 23:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-03 23:27 --------- d-----w C:\Program Files\Skype
2008-06-03 23:27 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-03 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-03 23:21 --------- d-----w C:\Program Files\GRETECH
2008-06-03 23:19 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-03 16:04 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\ATI
2008-06-03 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 16:00 --------- d-----w C:\Program Files\ASUS
2008-06-03 15:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 15:56 --------- d-----w C:\Program Files\Atheros
2008-06-03 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-06-03 15:55 --------- d-----w C:\Program Files\Wireless Console 2
2008-06-03 15:54 --------- d-----w C:\Program Files\Synaptics
2008-06-03 15:53 --------- d-----w C:\Program Files\Motorola
2008-06-03 15:52 --------- d-----w C:\Program Files\Realtek
2008-06-03 15:51 --------- d-----w C:\Program Files\ATI Technologies
2008-06-03 15:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-03 15:42 --------- d-----w C:\Program Files\ATKOSD2
2008-06-03 15:41 --------- d-----w C:\Program Files\ATK Hotkey
2008-06-03 15:41 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\InstallShield
2008-06-03 15:06 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"MultiFrame"="C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 15:07 999792]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 23:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-07-12 11:25 225280]
"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 11:48 7708672]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 20:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 23:02 786521]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 17:53 1040384]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 09:27 61440]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 17:13 106496]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-04 03:06 949376]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 17:14 919016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MsmqIntCert"="mqrt.dll" [2004-08-04 01:56 177152 C:\WINDOWS\system32\mqrt.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 22:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 21:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\Ljiljana i Zikica\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeCaption"="[Antichrist]"
"LegalNoticeText"="[Day of judgment]"
"LogonPrompt"="[Day of judgment]"
"Welcome"="[Antichrist]"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 09:42]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 13:40]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 19:50]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 05:12]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 16:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-blank - C:\WINDOWS\system32\blank.htm
HKCU-Run-hlps - C:\WINDOWS\Help\hlps.exe
HKLM-Run-PowerForPhone - C:\Program Files\P4P\P4P.exe
HKLM-Run-vxds - C:\WINDOWS\vxds.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-06 16:43:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-06 16:45:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 13:45:49

Pre-Run: 2,562,646,016 bytes free
Post-Run: 2,472,628,224 bytes free

220

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Gde u uputstvu za otvaranje teme stoji da postaviš CF logfile?


http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Gonz0 
  • Novi MyCity građanin
  • Pridružio: 06 Jul 2008
  • Poruke: 6

Logfile of HijackThis v1.99.1
Scan saved at 18:04:47, on 6.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\system32\ASUSTPE.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Ljiljana i Zikica\Desktop\Ant\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MultiFrame] C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uploaduj file: C:\WINDOWS\Media\Windows XP Ringin.wav

preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php


Javi kada si odradio upload...

offline
  • Gonz0 
  • Novi MyCity građanin
  • Pridružio: 06 Jul 2008
  • Poruke: 6

uploadovao

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\OEMLOGO.BMP
C:\WINDOWS\system32\OEMINFO.INI

Folder::
C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-
"NoDriveAutoRun"=-
"NoDriveTypeAutorun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=-
"NoDriveTypeAutoRun"=-
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"AutoRun"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Window Title"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"RegisteredOrganization"=""
"RegisteredOwner"="Ljiljana i Zikica"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"LegalNoticeCaption"=-
"LegalNoticeText"-
"LogonPrompt"=-
"Welcome"=-
"SFCDisable"=dword:00000000
[HKEY_USERS\.DEFAULT\Control Panel\Colors]
"Background"="0 78 152"


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Po završetku procesa, restartuj kompjuter i napiši kakvo je stanje (tj. primetiš li bilo kakve vizuelne tragove infekcije).

offline
  • Gonz0 
  • Novi MyCity građanin
  • Pridružio: 06 Jul 2008
  • Poruke: 6

ComboFix 08-07-05.1 - Ljiljana i Zikica 2008-07-08 1:01:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.324 [GMT 3:00]
Running from: C:\Documents and Settings\Ljiljana i Zikica\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ljiljana i Zikica\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-06 16:27 . 2008-07-06 16:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-06 16:27 . 2008-07-06 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 13:38 . 2008-07-06 19:15 <DIR> d-------- C:\Downloads
2008-07-05 10:35 . 2008-07-05 10:50 <DIR> d-------- C:\Documents and Settings\Ljiljana i Zikica\Application Data\GetRight Pro
2008-07-05 10:34 . 2008-07-06 18:52 <DIR> d-------- C:\Program Files\GetRight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 22:03 17,348,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-07 21:58 3,145,728 ---ha-w C:\Documents and Settings\Ljiljana i Zikica\NTUSER.DAT
2008-07-07 16:05 204,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-06 14:39 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Skype
2008-07-06 14:20 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\skypePM
2008-07-06 01:35 --------- d-----w C:\Program Files\ESET
2008-06-06 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-06 16:55 --------- d-----w C:\Program Files\Microsoft Works
2008-06-06 16:54 --------- d-----w C:\Program Files\MSBuild
2008-06-06 16:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-06 16:50 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-05 23:40 --------- d-----w C:\Program Files\Network Stumbler
2008-06-05 22:38 --------- d-----w C:\Program Files\Guitar Pro 5
2008-06-04 01:23 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Ahead
2008-06-04 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-04 01:04 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-04 01:02 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-04 01:00 --------- d-----w C:\Program Files\Nero
2008-06-04 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-04 00:51 --------- d-----w C:\Program Files\Windows Live
2008-06-04 00:46 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Winamp
2008-06-04 00:39 --------- d-----w C:\Program Files\Winamp
2008-06-04 00:30 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Media Player Classic
2008-06-04 00:12 --------- d-----w C:\Program Files\Zone Labs
2008-06-04 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-04 00:06 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-04 00:06 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-04 00:06 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-03 23:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-03 23:27 --------- d-----w C:\Program Files\Skype
2008-06-03 23:27 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-03 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-03 23:21 --------- d-----w C:\Program Files\GRETECH
2008-06-03 23:19 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-03 16:04 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\ATI
2008-06-03 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 16:00 --------- d-----w C:\Program Files\ASUS
2008-06-03 15:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 15:56 --------- d-----w C:\Program Files\Atheros
2008-06-03 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-06-03 15:55 --------- d-----w C:\Program Files\Wireless Console 2
2008-06-03 15:54 --------- d-----w C:\Program Files\Synaptics
2008-06-03 15:53 --------- d-----w C:\Program Files\Motorola
2008-06-03 15:52 --------- d-----w C:\Program Files\Realtek
2008-06-03 15:51 --------- d-----w C:\Program Files\ATI Technologies
2008-06-03 15:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-03 15:42 --------- d-----w C:\Program Files\ATKOSD2
2008-06-03 15:41 --------- d-----w C:\Program Files\ATK Hotkey
2008-06-03 15:41 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\InstallShield
2008-06-03 15:06 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_16.45.31.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 13:42:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 21:41:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-06 13:43:30 239,289 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-07 21:43:34 239,289 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-07 07:14:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c0c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"MultiFrame"="C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 15:07 999792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 23:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-07-12 11:25 225280]
"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 11:48 7708672]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 20:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 23:02 786521]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 17:53 1040384]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 09:27 61440]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 17:13 106496]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-04 03:06 949376]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 17:14 919016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MsmqIntCert"="mqrt.dll" [2004-08-04 01:56 177152 C:\WINDOWS\system32\mqrt.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 22:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 21:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\Ljiljana i Zikica\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeText"="[Day of judgment]"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 09:42]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 13:40]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 19:50]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 05:12]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 16:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-08 01:03:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 1:04:37
ComboFix-quarantined-files.txt 2008-07-07 22:04:32
ComboFix2.txt 2008-07-06 13:45:57

Pre-Run: 2,300,055,552 bytes free
Post-Run: 2,275,393,536 bytes free

185

Dopuna: 08 Jul 2008 0:24

izgleda da je sve ok

HVALA!!!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ko je trenutno na forumu
 

Ukupno su 813 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 768 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., AleksSE, Bajker 72, bojanM84, branko7, cvrle312, dane007, darionis, Dejan84, Dorcolac, dragon986, Fog of War, Georgius, Gosha101980, kiltae, LeGrandCharles, Mercury, mkukoleca, mnn2, mrvica78, nemkea71, panzerwaffe, procesor, Recce, savaskytec, ser.hill, Shinobi, Skakac7, t84dar, Tas011, Toni, topalovicdj, trutcina, Tvrtko I, vasa.93, vlad the impaler, Vlada1389, Vojvoda86