offline
- Milos133
- Novi MyCity građanin
- Pridružio: 21 Maj 2011
- Poruke: 14
- Gde živiš: Nikšić, Montenegro
|
ComboFix 14-07-08.01 - pc 07/08/2014 12:45:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.92 [GMT 2:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2014-06-08 to 2014-07-08 )))))))))))))))))))))))))))))))
.
.
2014-07-07 18:35 . 2014-07-07 19:22 -------- d-----w- C:\FRST
2014-07-05 10:57 . 2014-07-05 11:04 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Adobe
2014-07-04 20:15 . 2014-07-04 20:15 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-04 20:15 . 2014-07-04 20:15 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 11:54 . 2014-07-03 17:42 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Adblock Plus for IE
2014-07-03 11:53 . 2014-07-05 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2014-07-03 11:46 . 2014-07-03 11:46 -------- d-----w- c:\program files\Common Files\Java
2014-07-03 11:46 . 2014-05-07 12:42 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-03 11:46 . 2014-05-07 13:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-03 11:26 . 2014-07-03 11:26 -------- d-----w- c:\documents and settings\pc\Application Data\ElevatedDiagnostics
2014-07-02 13:10 . 2014-07-02 13:10 -------- d-----w- c:\program files\AVAST Software
2014-07-01 14:58 . 2014-07-01 14:58 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Opera Software
2014-07-01 14:58 . 2014-07-01 14:58 -------- d-----w- c:\documents and settings\pc\Application Data\Opera Software
2014-07-01 14:58 . 2014-07-01 14:58 -------- d-----w- c:\program files\Opera
2014-06-23 18:31 . 2014-06-23 18:31 -------- d-sh--w- c:\documents and settings\pc\IECompatCache
2014-06-22 19:57 . 2014-06-22 19:57 -------- d-sh--w- c:\documents and settings\pc\PrivacIE
2014-06-22 19:52 . 2014-06-22 19:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-06-22 19:52 . 2014-06-22 19:52 -------- d-sh--w- c:\documents and settings\pc\IETldCache
2014-06-22 19:49 . 2008-04-14 03:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2014-06-22 19:49 . 2008-04-14 03:41 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2014-06-15 11:13 . 2014-06-16 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2014-06-15 11:13 . 2014-06-15 11:13 -------- d-----w- c:\program files\Online Games Manager
2014-06-14 11:22 . 2014-06-14 11:22 -------- d-----w- c:\program files\ReflexiveArcade
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-16 . 4728A2BF7FD18C858772158689ECDAC2 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"helpsvc"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 11:08 AM 472320]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [12/23/2010 8:06 AM 5120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/27/2013 12:00 AM 1691480]
S3 cpuz135;cpuz135;\??\c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [?]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C;\??\e:\ntiolib.sys --> e:\NTIOLib.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-17 19:37 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-04 20:15]
.
2014-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-22 17:50]
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-22 17:50]
.
2014-07-08 c:\windows\Tasks\Opera scheduled Autoupdate 1404226715.job
- c:\program files\Opera\launcher.exe [2014-07-01 08:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-AvastUI - c:\program files\AVAST Software\Avast\AvastUI.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-07-08 12:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-329068152-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:70,db,ac,a3,4e,82,b0,68,c3,b9,55,0e,f4,73,4f,33,bb,f1,f1,c0,ae,
08,cf,a4,9a,40,57,0f,9a,cf,df,bf,74,a9,55,3d,64,6f,b8,2c,8a,9d,48,08,a6,bd,\
"rkeysecu"=hex:7c,21,f9,09,3e,e1,ea,e6,d8,bf,82,be,ae,65,5d,11
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2014-07-08 12:58:52
ComboFix-quarantined-files.txt 2014-07-08 10:58
.
Pre-Run: 24,574,984,192 bytes free
Post-Run: 25,491,750,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A4D190D7E2164D0E87C9A41E489651BE
8F558EB6672622401DA993E1E865C861
mycity.rs/must-login.png
|