Nepoznati Problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

NapravioComboFix 08-07-20.2 - LEA 2008-07-24 17:44:55.3 - NTFSx86
Running from: C:\Documents and Settings\LEA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\LEA\Desktop\CFScript

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-24 08:37 . 2008-07-24 08:37 <DIR> d-------- C:\Aps za KV
2008-07-23 12:55 . 2008-07-23 13:12 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-23 12:55 . 2008-07-23 12:55 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-07-23 11:52 . 2008-07-23 11:52 <DIR> d-------- C:\Documents and Settings\LEA\Application Data\TrojanHunter
2008-07-23 11:17 . 2008-07-23 11:19 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-07-22 09:36 . 2008-07-22 09:36 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-18 14:14 . 2008-07-21 21:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 10:52 . 2008-07-18 12:44 <DIR> d-------- C:\Program Files\Your Uninstaller 2006
2008-07-18 10:52 . 2008-07-18 10:52 <DIR> d-------- C:\Documents and Settings\LEA\Application Data\URSoft
2008-07-15 13:45 . 2008-07-24 09:49 2,064,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-15 13:45 . 2008-07-24 09:49 401,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-15 13:45 . 2008-07-24 09:49 17,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-15 13:45 . 2008-07-24 09:49 2,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-15 13:42 . 2008-07-15 13:42 268 --ah----- C:\sqmdata04.sqm
2008-07-15 13:42 . 2008-07-15 13:42 244 --ah----- C:\sqmnoopt04.sqm
2008-07-15 13:13 . 2008-07-15 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-15 12:10 . 2008-07-15 12:10 <DIR> d-------- C:\Sega
2008-07-15 12:09 . 2008-07-23 10:41 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus
2008-07-15 12:08 . 2008-07-15 12:08 <DIR> d-------- C:\Program Files\Orbz
2008-07-15 12:08 . 2008-07-15 12:08 <DIR> d-------- C:\Program Files\Blender Foundation
2008-07-15 12:08 . 2008-07-18 12:15 <DIR> d-------- C:\Program Files\Ancient Tripeaks
2008-07-15 12:08 . 2008-07-18 12:15 <DIR> d-------- C:\Neo Sonic Universe
2008-07-15 12:08 . 2008-07-18 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft
2008-07-15 12:07 . 2008-07-15 12:07 <DIR> d-------- C:\Program Files\Common Files\DeskShare Shared
2008-07-15 12:07 . 2008-07-18 14:16 <DIR> d-------- C:\Program Files\circolar
2008-07-15 12:07 . 2008-07-18 12:15 <DIR> d-------- C:\Program Files\Arcade Race
2008-07-09 12:33 . 2008-07-23 10:28 <DIR> d-------- C:\Update
2008-07-09 12:24 . 2008-07-09 12:25 <DIR> d-------- C:\Program Files\Update za Kasperski 7.0
2008-07-08 14:59 . 2008-07-17 11:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-03 14:23 . 2008-07-03 14:23 <DIR> d-------- C:\Documents and Settings\LEA\.thumbnails
2008-07-02 09:45 . 2008-07-15 12:11 <DIR> d-------- C:\Documents and Settings\LEA\.gimp-2.4
2008-07-01 22:32 . 2008-07-01 22:32 <DIR> d-------- C:\Program Files\Yamicsoft
2008-06-30 08:50 . 2008-06-30 08:51 200 --a------ C:\WINDOWS\AUDC80UI.dat
2008-06-27 21:08 . 2001-03-23 16:29 880,912 --a------ C:\WINDOWS\WM8EUTIL.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-22 09:50 --------- d-----w C:\Program Files\WinRAR 3.40
2008-07-21 14:40 --------- d-----w C:\Program Files\Office.com
2008-07-18 20:18 --------- d-----w C:\Program Files\AIMP2
2008-07-18 10:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-18 10:15 --------- d-----w C:\Program Files\Disc2Phone
2008-07-18 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-18 10:11 --------- d-----w C:\Program Files\Winamp
2008-07-18 10:11 --------- d-----w C:\Program Files\Paint.NET
2008-07-18 10:11 --------- d-----w C:\Program Files\DipTrace
2008-07-18 10:11 --------- d-----w C:\Program Files\AIMP Classic
2008-07-17 22:05 --------- d-----w C:\Program Files\Atlantis
2008-07-15 12:31 --------- d-----w C:\Program Files\Opera
2008-07-15 10:09 --------- d-----w C:\Documents and Settings\LEA\Application Data\J River
2008-07-10 10:15 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-10 10:15 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-09 12:53 --------- d-----w C:\Program Files\BFG
2008-06-20 15:41 --------- d-----w C:\Documents and Settings\LEA\Application Data\COWON
2008-06-20 13:31 --------- d-----w C:\Documents and Settings\LEA\Application Data\NCH Software
2008-06-15 20:52 --------- d-----w C:\Program Files\Wik And The Fable Of Souls
2008-06-13 10:42 --------- d-----w C:\Program Files\Drawing Hand Creations
2008-06-13 10:41 38 ----a-w C:\config.dat
2008-06-12 19:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
2008-06-08 11:19 --------- d-----w C:\Program Files\Amazing Adventures - The Lost Tomb
2008-06-07 19:33 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-06-07 19:33 --------- d-----w C:\Program Files\Deskshare
2008-06-07 19:25 --------- d-----w C:\Documents and Settings\LEA\Application Data\Auslogics
2008-06-07 18:11 --------- d-----w C:\Program Files\MP3Gain
2008-06-07 16:22 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-06-02 19:47 --------- d-----w C:\Program Files\DXBall2
2008-05-28 20:31 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-03 10:20 116,155 ----a-w C:\Program Files\Broadhead.CurXPTheme
2008-04-03 10:19 573,812 ----a-w C:\Program Files\GreenLightBlueVersion.CurXPTheme
2008-04-03 10:19 3,921,853 ----a-w C:\Program Files\GreenLightColorPack.zip
2008-04-03 10:19 139,254 ----a-w C:\Program Files\Jazz.CurXPTheme
2008-04-03 10:17 251,387 ----a-w C:\Program Files\MBMetalReligion.CurXPTheme
2008-04-03 10:16 94,402 ----a-w C:\Program Files\PlasmaCursor2.CurXPTheme
2008-04-03 10:15 257,190 ----a-w C:\Program Files\turbine.CurXPTheme
2008-04-03 10:14 21,465 ----a-w C:\Program Files\SDDesktopcx.CurXPTheme
2008-04-03 10:13 244,755 ----a-w C:\Program Files\CURSORXPTRAILS.zip
2008-04-03 10:13 184,906 ----a-w C:\Program Files\roundFuturegreen.CurXPTheme
2008-04-03 10:12 353,578 ----a-w C:\Program Files\TentacularBlue.CurXPTheme
2008-04-03 10:11 122,240 ----a-w C:\Program Files\VistaDesignCursor.CurXPTheme
2008-04-03 10:10 43,516 ----a-w C:\Program Files\Annihilator.CurXPTheme
2008-04-03 10:09 106,213 ----a-w C:\Program Files\GlassMaxX.CurXPTheme
2008-04-03 10:00 850,408 ----a-w C:\Program Files\MBClassics.zip
2008-04-03 09:52 1,209,982 ----a-w C:\Program Files\PinkCadillac.zip
2008-04-03 09:51 144,835 ----a-w C:\Program Files\MBEyeOfTheDamned.zip
2008-04-03 09:50 357,634 ----a-w C:\Program Files\Harmony.CurXPTheme
2008-04-03 09:50 219,653 ----a-w C:\Program Files\Flame.CurXPTheme
2008-04-03 09:49 34,478 ----a-w C:\Program Files\CarbonFibre.CurXPTheme
2008-04-03 09:48 86,379 ----a-w C:\Program Files\lovesdyingembers.CurXPTheme
2008-04-03 09:48 2,020,195 ----a-w C:\Program Files\KurioCxpSuite.zip
2008-04-03 09:46 96,413 ----a-w C:\Program Files\SimpleWhiteV2.CurXPTheme
2008-04-03 09:46 90,826 ----a-w C:\Program Files\WhiteFire2.CurXPTheme
2008-04-03 09:45 165,524 ----a-w C:\Program Files\Aquart.CurXPTheme
2008-04-03 09:45 1,565,329 ----a-w C:\Program Files\GreenApparatus.CurXPTheme
2008-04-03 09:43 557,424 ----a-w C:\Program Files\Powder.zip
2008-04-03 09:43 151,313 ----a-w C:\Program Files\GuildWars.CurXPTheme
2008-04-03 09:42 14,961 ----a-w C:\Program Files\GG77emots.zip
2008-04-03 09:41 783,979 ----a-w C:\Program Files\Qetzal.zip
2008-04-03 09:41 1,010,015 ----a-w C:\Program Files\Floristic.CurXPTheme
2008-04-03 09:33 676,800 ----a-w C:\Program Files\Tryskel9UltimateVi.CurXPTheme
2008-04-03 09:32 257,773 ----a-w C:\Program Files\UltimLive.CursorFX
2008-02-27 14:22 1,491,592 ----a-w C:\Program Files\install_flash_player.exe
2008-02-27 14:09 18,103,296 ----a-w C:\Program Files\wlm_9_1407_1107_BETA.msi
2001-09-03 11:21 309,453 --sha-w C:\WINDOWS\rsx.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\rsx.exe -- Unable to find file version info.
MD5: c15ce2282ea8c5c55431e60aca3f423b


((((((((((((((((((((((((((((( snapshot@2008-07-21_ 9.38.04.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-07-20 19:34:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-21 18:46:54 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-20 19:34:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-21 18:46:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 1996-04-03 19:33:26 5,248 ----a-w C:\WINDOWS\system32\giveio.sys
+ 2006-09-24 13:28:46 5,248 ----a-w C:\WINDOWS\system32\speedfan.sys
+ 2008-07-23 09:17:54 59,392 ------r C:\WINDOWS\system32\streamhlp.dll
+ 2008-07-24 12:44:48 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 16:34 3739672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-20 00:59 418632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" [2005-08-25 11:59 344064]
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" [2005-08-25 11:47 65536]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"wcmdmgr"="C:\WINDOWS\wt\wcmdmgrl.exe" [1999-12-09 20:04 20480]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-07-09 18:54 1056928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2004-11-12 11:50 892928 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Opera\\Opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 10:43]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-24 17:48:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\WINHTTP.dll
.
Completion time: 2008-07-24 17:54:58
ComboFix-quarantined-files.txt 2008-07-24 15:54:34
ComboFix2.txt 2008-07-23 20:21:39
ComboFix3.txt 2008-07-21 07:42:27

Pre-Run: 26,007,912,448 bytes free
Post-Run: 25,996,832,768 bytes free

210 --- E O F --- 2008-02-29 16:54:22

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi CatchMe.

Dvoklikom pokreni catchme.exe i pređi na Script tab.
U (beli) prozor programa iskopiraj tekst koji se nalazi unutar kod polja:


files:
C:\WINDOWS\rsx.exe



Klikni na taster Run.

Kada se pojavi poruka sa obaveštenjem, kliknuti OK.


Po završetku procesa, na Desktopu će se nalaziti file catchme.zip.

Uploaduj ga preko sledeće forme: [Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jel stigao catchme.zip. nesto nije hteo pa sam ga najverovatnije vise puta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stigao je a poslati file je legitiman.

Ja ovde ne vidim bilo šta problematično.

Postoji li neki problem za koji misliš da bi mogao biti prouzrokovan malware-om?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kako ja sad sve to da obrisem, Mislim na ComboFix i Catchme???
Najverovatnije da je KAV to sve obrisao,posto sam nekoliko puta skenirao PC
Pozz

Dopuna: 25 Jul 2008 11:14

I jos jedno pitanjce: Da li da posle svega ISKLJUCIM SistemRestore?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije mi vratio sat a prijavio Bug log:
pushd "C:\327882R2FWJFW\"
Killing '2056'

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\LEA\Application Data
cfldr=327882R2FWJFW
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LEA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\LEA
kmd=CF27439.exe
LOGONSERVER=\\LEA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$
SESSIONNAME=Console
sfxname=C:\Documents and Settings\LEA\Desktop\ComboFix.exe
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LEA\LOCALS~1\Temp
TMP=C:\DOCUME~1\LEA\LOCALS~1\Temp
USERDOMAIN=LEA
USERNAME=LEA
USERPROFILE=C:\Documents and Settings\LEA
windir=C:\WINDOWS

=============================================


if not defined sfxname goto END

If [/u] == [] Set "SfxCmd="

if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort

if exist "C:\DOCUME~1\LEA\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\LEA\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful

copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF27439.exe"
1 file(s) copied.

if not exist "C:\WINDOWS\system32\CF27439.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF27439.exe"

For /F "tokens=*" %g in ("C:\Documents and Settings\LEA\Desktop\ComboFix.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)

Set FileName 1>FileName 2>nul

GREP -Gisqx "FileName=[-[:alnum:]@.]*" FileName || (
nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)

DIR /AD/B C:\* | Findstr -IVX ComboFix 1>dirname00

Findstr -LIXC:"ComboFix" dirname00 1>nul && call :NameChk

If exist dirname0? del /Q dirname0?

If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && (
rd /s/q "\ComboFix"
If exist "\ComboFix" (
PV -kf Findstr *.cfexe
rd /s/q "\ComboFix"
)
If exist "\ComboFix" (
handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\ComboFix"
)
)

If exist "\ComboFix" rd /s/q "\ComboFix"

If exist "\ComboFix" goto :eof

swreg query "hklm\software\microsoft\windows nt\currentversion" /v currentversion 1>osVer00

GREP -sq "currentversion.* 6.0" osVer00 && (Call :Vista ) ||

del osVer00 2>nul

CD ..

Set "comspec=C:\WINDOWS\system32\CF27439.exe"

(
echo.md "\ComboFix"
echo.Move /y "\327882R2FWJFW\*" "\ComboFix"
echo.RD /S/Q "\327882R2FWJFW"
echo.Start "." /d"C:\ComboFix" "C:\WINDOWS\system32\CF27439.exe" /k c.bat
echo.pv -kf cmd.exe
) 1>Start_.cmd

NirCmd exec hide "C:\WINDOWS\system32\CF27439.exe" /f:off /d /c call Start_.cmd

NirCmd execmd del "\327882R2FWJFW\prep.cmd"

EXIT

Dopuna: 25 Jul 2008 20:15

Bio mi ukljucen Avast kad sam radio Start - Run

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prosto obriši C:\QooBox folder ukoliko još uvek postoji.


Podešavanja sata: Control Panel > Regional And Language options > na prvom tabu klikni Customize a zatim na tabu Time podesi šta želiš.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

O.K Hvala Pozdrav