Antichrist problem

Antichrist problem

offline
  • Gonz0 
  • Novi MyCity građanin
  • Pridružio: 06 Jul 2008
  • Poruke: 6

imam problem sa antichristom... evo ga log sa combo fixa pa ako neko moze da mi pomogne? hvala unapred!


ComboFix 08-07-05.1 - Ljiljana i Zikica 2008-07-06 16:39:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.300 [GMT 3:00]
Running from: C:\Documents and Settings\Ljiljana i Zikica\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\p4p
C:\Program Files\p4p\Bookmark.ini
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV
C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-06 16:27 . 2008-07-06 16:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-06 16:27 . 2008-07-06 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 13:38 . 2008-07-06 13:43 <DIR> d-------- C:\Downloads
2008-07-05 13:52 . 2008-07-06 11:58 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-07-05 11:01 . 2008-07-06 12:03 4,190 --ahs---- C:\WINDOWS\system32\OEMLOGO.BMP
2008-07-05 11:01 . 2008-07-06 12:03 392 --ahs---- C:\WINDOWS\system32\OEMINFO.INI
2008-07-05 10:35 . 2008-07-05 10:50 <DIR> d-------- C:\Documents and Settings\Ljiljana i Zikica\Application Data\GetRight Pro
2008-07-05 10:34 . 2008-07-06 13:43 <DIR> d-------- C:\Program Files\GetRight
2008-06-06 19:56 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-06 19:56 . 2006-10-26 20:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-06 19:55 . 2008-06-06 19:55 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-06 19:54 . 2008-06-06 19:54 <DIR> d-------- C:\Program Files\MSBuild
2008-06-06 19:53 . 2008-06-06 19:53 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-06 19:50 . 2008-06-06 19:50 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-06 19:49 . 2008-06-06 19:54 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-06 19:48 . 2008-06-06 19:48 <DIR> dr-h----- C:\MSOCache
2008-06-06 19:48 . 2008-06-06 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-06 02:40 . 2008-06-06 02:40 <DIR> d-------- C:\Program Files\Network Stumbler
2008-06-06 01:38 . 2008-06-06 01:38 <DIR> d-------- C:\Program Files\Guitar Pro 5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 13:44 16,605,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-06 13:42 196,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-06 13:41 2,883,584 ---ha-w C:\Documents and Settings\Ljiljana i Zikica\NTUSER.DAT
2008-07-06 01:35 --------- d-----w C:\Program Files\ESET
2008-07-05 14:12 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Skype
2008-07-05 13:25 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\skypePM
2008-06-04 01:23 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Ahead
2008-06-04 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-04 01:04 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-04 01:02 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-04 01:00 --------- d-----w C:\Program Files\Nero
2008-06-04 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-04 00:51 --------- d-----w C:\Program Files\Windows Live
2008-06-04 00:46 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Winamp
2008-06-04 00:39 --------- d-----w C:\Program Files\Winamp
2008-06-04 00:30 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Media Player Classic
2008-06-04 00:12 --------- d-----w C:\Program Files\Zone Labs
2008-06-04 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-04 00:06 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-04 00:06 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-04 00:06 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-03 23:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-03 23:27 --------- d-----w C:\Program Files\Skype
2008-06-03 23:27 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-03 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-03 23:21 --------- d-----w C:\Program Files\GRETECH
2008-06-03 23:19 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-03 16:04 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\ATI
2008-06-03 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 16:00 --------- d-----w C:\Program Files\ASUS
2008-06-03 15:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 15:56 --------- d-----w C:\Program Files\Atheros
2008-06-03 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-06-03 15:55 --------- d-----w C:\Program Files\Wireless Console 2
2008-06-03 15:54 --------- d-----w C:\Program Files\Synaptics
2008-06-03 15:53 --------- d-----w C:\Program Files\Motorola
2008-06-03 15:52 --------- d-----w C:\Program Files\Realtek
2008-06-03 15:51 --------- d-----w C:\Program Files\ATI Technologies
2008-06-03 15:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-03 15:42 --------- d-----w C:\Program Files\ATKOSD2
2008-06-03 15:41 --------- d-----w C:\Program Files\ATK Hotkey
2008-06-03 15:41 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\InstallShield
2008-06-03 15:06 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"MultiFrame"="C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 15:07 999792]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 23:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-07-12 11:25 225280]
"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 11:48 7708672]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 20:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 23:02 786521]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 17:53 1040384]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 09:27 61440]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 17:13 106496]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-04 03:06 949376]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 17:14 919016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MsmqIntCert"="mqrt.dll" [2004-08-04 01:56 177152 C:\WINDOWS\system32\mqrt.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 22:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 21:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\Ljiljana i Zikica\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeCaption"="[Antichrist]"
"LegalNoticeText"="[Day of judgment]"
"LogonPrompt"="[Day of judgment]"
"Welcome"="[Antichrist]"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 09:42]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 13:40]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 19:50]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 05:12]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 16:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-blank - C:\WINDOWS\system32\blank.htm
HKCU-Run-hlps - C:\WINDOWS\Help\hlps.exe
HKLM-Run-PowerForPhone - C:\Program Files\P4P\P4P.exe
HKLM-Run-vxds - C:\WINDOWS\vxds.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-06 16:43:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-06 16:45:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 13:45:49

Pre-Run: 2,562,646,016 bytes free
Post-Run: 2,472,628,224 bytes free

220

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Gde u uputstvu za otvaranje teme stoji da postaviš CF logfile?


http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Gonz0 
  • Novi MyCity građanin
  • Pridružio: 06 Jul 2008
  • Poruke: 6

Logfile of HijackThis v1.99.1
Scan saved at 18:04:47, on 6.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\system32\ASUSTPE.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Ljiljana i Zikica\Desktop\Ant\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MultiFrame] C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uploaduj file: C:\WINDOWS\Media\Windows XP Ringin.wav

preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php


Javi kada si odradio upload...

offline
  • Gonz0 
  • Novi MyCity građanin
  • Pridružio: 06 Jul 2008
  • Poruke: 6

uploadovao

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\OEMLOGO.BMP
C:\WINDOWS\system32\OEMINFO.INI

Folder::
C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-
"NoDriveAutoRun"=-
"NoDriveTypeAutorun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=-
"NoDriveTypeAutoRun"=-
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"AutoRun"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Window Title"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"RegisteredOrganization"=""
"RegisteredOwner"="Ljiljana i Zikica"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"LegalNoticeCaption"=-
"LegalNoticeText"-
"LogonPrompt"=-
"Welcome"=-
"SFCDisable"=dword:00000000
[HKEY_USERS\.DEFAULT\Control Panel\Colors]
"Background"="0 78 152"


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Po završetku procesa, restartuj kompjuter i napiši kakvo je stanje (tj. primetiš li bilo kakve vizuelne tragove infekcije).

offline
  • Gonz0 
  • Novi MyCity građanin
  • Pridružio: 06 Jul 2008
  • Poruke: 6

ComboFix 08-07-05.1 - Ljiljana i Zikica 2008-07-08 1:01:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.324 [GMT 3:00]
Running from: C:\Documents and Settings\Ljiljana i Zikica\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ljiljana i Zikica\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-06 16:27 . 2008-07-06 16:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-06 16:27 . 2008-07-06 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 13:38 . 2008-07-06 19:15 <DIR> d-------- C:\Downloads
2008-07-05 10:35 . 2008-07-05 10:50 <DIR> d-------- C:\Documents and Settings\Ljiljana i Zikica\Application Data\GetRight Pro
2008-07-05 10:34 . 2008-07-06 18:52 <DIR> d-------- C:\Program Files\GetRight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 22:03 17,348,640 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-07 21:58 3,145,728 ---ha-w C:\Documents and Settings\Ljiljana i Zikica\NTUSER.DAT
2008-07-07 16:05 204,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-06 14:39 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Skype
2008-07-06 14:20 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\skypePM
2008-07-06 01:35 --------- d-----w C:\Program Files\ESET
2008-06-06 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-06 16:55 --------- d-----w C:\Program Files\Microsoft Works
2008-06-06 16:54 --------- d-----w C:\Program Files\MSBuild
2008-06-06 16:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-06 16:50 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-05 23:40 --------- d-----w C:\Program Files\Network Stumbler
2008-06-05 22:38 --------- d-----w C:\Program Files\Guitar Pro 5
2008-06-04 01:23 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Ahead
2008-06-04 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-04 01:04 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-04 01:02 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-04 01:00 --------- d-----w C:\Program Files\Nero
2008-06-04 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-04 00:51 --------- d-----w C:\Program Files\Windows Live
2008-06-04 00:46 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Winamp
2008-06-04 00:39 --------- d-----w C:\Program Files\Winamp
2008-06-04 00:30 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\Media Player Classic
2008-06-04 00:12 --------- d-----w C:\Program Files\Zone Labs
2008-06-04 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-04 00:06 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-04 00:06 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-04 00:06 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-03 23:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-06-03 23:27 --------- d-----w C:\Program Files\Skype
2008-06-03 23:27 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-03 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-03 23:21 --------- d-----w C:\Program Files\GRETECH
2008-06-03 23:19 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-03 16:04 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\ATI
2008-06-03 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 16:00 --------- d-----w C:\Program Files\ASUS
2008-06-03 15:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 15:56 --------- d-----w C:\Program Files\Atheros
2008-06-03 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-06-03 15:55 --------- d-----w C:\Program Files\Wireless Console 2
2008-06-03 15:54 --------- d-----w C:\Program Files\Synaptics
2008-06-03 15:53 --------- d-----w C:\Program Files\Motorola
2008-06-03 15:52 --------- d-----w C:\Program Files\Realtek
2008-06-03 15:51 --------- d-----w C:\Program Files\ATI Technologies
2008-06-03 15:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-03 15:42 --------- d-----w C:\Program Files\ATKOSD2
2008-06-03 15:41 --------- d-----w C:\Program Files\ATK Hotkey
2008-06-03 15:41 --------- d-----w C:\Documents and Settings\Ljiljana i Zikica\Application Data\InstallShield
2008-06-03 15:06 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_16.45.31.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 13:42:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 21:41:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-06 13:43:30 239,289 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-07 21:43:34 239,289 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-07 07:14:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c0c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"MultiFrame"="C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe" [2007-06-21 15:07 999792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 23:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 23:32 455168]
"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-07-12 11:25 225280]
"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 11:48 7708672]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 20:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 23:02 786521]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 17:53 1040384]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 09:27 61440]
"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 17:13 106496]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-04 03:06 949376]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 17:14 919016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MsmqIntCert"="mqrt.dll" [2004-08-04 01:56 177152 C:\WINDOWS\system32\mqrt.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 22:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 21:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\Ljiljana i Zikica\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"LegalNoticeText"="[Day of judgment]"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 09:42]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 13:40]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 19:50]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 05:12]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:56]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 16:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-08 01:03:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 1:04:37
ComboFix-quarantined-files.txt 2008-07-07 22:04:32
ComboFix2.txt 2008-07-06 13:45:57

Pre-Run: 2,300,055,552 bytes free
Post-Run: 2,275,393,536 bytes free

185

Dopuna: 08 Jul 2008 0:24

izgleda da je sve ok

HVALA!!!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ko je trenutno na forumu
 

Ukupno su 1360 korisnika na forumu :: 32 registrovanih, 7 sakrivenih i 1321 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, babaroga, bojcistv, darkangel, Dorcolac, FileFinder, GandorCC, Georgius, kolle.the.kid, Marko Marković, MB120mm, Mi lao shu, Milos ZA, Mixelotti, nebkv, Nemanja.M, nenaddz, oganj123, procesor, RJ, rodoljub, royst33, S2M, Skywhaler, Toper, Trpe Grozni, vathra, VitezKoja, vladulns, YugoSlav, zlaya011