offline
- Etf_IS
- Novi MyCity građanin
- Pridružio: 22 Avg 2009
- Poruke: 8
|
ComboFix 09-08-22.06 - Mladen 23.08.2009 15:31.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.280 [GMT 2:00]
Running from: c:\documents and settings\Mladen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mladen\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090822-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\ex23567.dat"
"c:\windows\system32\drivers\DnsFilter.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\ex23567.dat
c:\windows\system32\drivers\DnsFilter.sys
.
--------------- FCopy ---------------
c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DDNSFILTER
-------\Legacy_DNSFILTER
-------\Service_ddnsfilter
-------\Service_DnsFilter
-------\Service_SfX
-------\Service_soqwx32
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.
2009-08-23 13:31 . 2001-08-23 10:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-23 13:31 . 2001-08-23 10:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-22 15:16 . 2009-08-22 15:16 -------- d--h--w- c:\windows\PIF
2009-08-20 13:46 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-20 13:46 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-31 21:07 . 2009-07-31 21:07 -------- d-----w- c:\windows\Sun
2009-07-31 21:06 . 2009-07-31 21:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-31 21:05 . 2009-07-31 21:05 -------- d-----w- c:\program files\Java
2009-07-31 21:05 . 2009-07-31 21:05 152576 ----a-w- c:\documents and settings\Mladen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-28 17:17 . 2009-07-28 17:17 -------- d-----w- c:\documents and settings\Mladen\Local Settings\Application Data\Ahead
2009-07-25 13:04 . 2009-07-30 15:37 -------- d-----w- C:\Downloads
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 12:33 . 2008-12-03 19:53 -------- d-----w- c:\documents and settings\Mladen\Application Data\Free Download Manager
2009-08-22 18:16 . 2009-02-19 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-17 16:10 . 2009-01-20 14:09 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-01-20 14:09 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-01-20 14:09 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-01-20 14:09 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-01-20 14:09 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-01-20 14:09 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-01-20 14:09 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-01-20 14:09 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-01-20 14:09 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-10 21:39 . 2008-10-19 21:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-21 17:24 . 2008-10-21 21:02 -------- d-----w- c:\program files\WinX DVD Player 3.0
2009-06-25 12:58 . 2009-06-25 12:57 -------- d-----w- c:\program files\Sybase
2009-06-25 12:57 . 2008-11-13 15:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 12:55 . 2008-11-13 15:05 -------- d-----w- c:\program files\Common Files\InstallShield
.
((((((((((((((((((((((((((((( SnapShot@2009-08-23_12.36.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-23 13:38 . 2009-08-23 13:38 16384 c:\windows\Temp\Perflib_Perfdata_80.dat
+ 2009-08-23 13:38 . 2009-08-23 13:38 16384 c:\windows\Temp\Perflib_Perfdata_478.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-4-3 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.1.2009 16:09 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.1.2009 16:09 20560]
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-19 08:46]
2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 10:51]
2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 10:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.teol.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = imp-klimat
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - c:\documents and settings\Mladen\Application Data\Mozilla\Firefox\Profiles\yz55w8w8.default\
FF - prefs.js: browser.search.selectedEngine - BS.Player Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-23 15:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-23 15:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 13:42
ComboFix2.txt 2009-08-23 12:39
Pre-Run: 3.173.314.560 bytes free
Post-Run: 3.109.322.752 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
207 --- E O F --- 2008-10-21 13:28
|
Kakvo je sada stanje?
), a zatim 
