|
ComboFix 08-05-15.2 - ljiljar 2008-05-16 13:40:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.159 [GMT 2:00]
Running from: C:\Documents and Settings\ljiljar\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ljiljar\Favorites\ÕÒµ½123ÍøÖ·µ¼º½.url
C:\Documents and Settings\ljiljar\Favorites\Á´½Ó
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-12 09:21 . 2008-05-12 09:21 <DIR> d-------- C:\Documents and Settings\ljiljar\DoctorWeb
2008-05-06 09:38 . 2008-05-06 09:38 250 --a------ C:\WINDOWS\gmer.ini
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\kav
2008-04-16 10:49 . 2008-04-16 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-16 10:49 . 2008-05-16 13:41 2,490,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 10:49 . 2008-05-16 13:41 49,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-16 10:49 . 2008-05-15 15:57 33,932 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 10:49 . 2008-05-15 15:57 6,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 13:57 3,145,728 ---ha-w C:\Documents and Settings\ljiljar\NTUSER.DAT
2008-03-19 08:49 --------- d--h--w C:\Program Files\Zenographics
2008-03-19 08:49 --------- d-----w C:\Program Files\Hewlett-Packard
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_15.27.10.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 13:25:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 07:43:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-06 07:38:42 819,200 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-03 18:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe
+ 2008-05-06 07:38:42 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 22:05 344064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-30 15:38:51 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17150:TCP"= 17150:TCP:NortonAV
"17938:TCP"= 17938:TCP:NortonAV
"15839:TCP"= 15839:TCP:NortonAV
"15416:TCP"= 15416:TCP:NortonAV
"16957:TCP"= 16957:TCP:NortonAV
"14103:TCP"= 14103:TCP:NortonAV
"18883:TCP"= 18883:TCP:NortonAV
"18284:TCP"= 18284:TCP:NortonAV
"12677:TCP"= 12677:TCP:NortonAV
"13044:TCP"= 13044:TCP:NortonAV
"16042:TCP"= 16042:TCP:NortonAV
"15202:TCP"= 15202:TCP:NortonAV
"18497:TCP"= 18497:TCP:NortonAV
"12454:TCP"= 12454:TCP:NortonAV
"14164:TCP"= 14164:TCP:NortonAV
"15087:TCP"= 15087:TCP:NortonAV
"15495:TCP"= 15495:TCP:NortonAV
"16515:TCP"= 16515:TCP:NortonAV
"18960:TCP"= 18960:TCP:NortonAV
"13052:TCP"= 13052:TCP:NortonAV
"12118:TCP"= 12118:TCP:NortonAV
"14698:TCP"= 14698:TCP:NortonAV
"16633:TCP"= 16633:TCP:NortonAV
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-16 13:41:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-16 13:42:22
ComboFix-quarantined-files.txt 2008-05-16 11:42:20
ComboFix2.txt 2008-05-07 11:47:42
ComboFix3.txt 2008-04-24 07:50:28
ComboFix4.txt 2008-04-22 13:27:30
Pre-Run: 68,512,342,016 bytes free
Post-Run: 68,506,460,160 bytes free
106 --- E O F --- 2007-11-14 14:58:20
mycity.rs/must-login.png
mycity.rs/must-login.png
Hvala i pozdrav.
|
