offline
- vasa.93
- Moderator foruma
- Pridružio: 17 Dec 2007
- Poruke: 14824
- Gde živiš: Niš
|
ComboFix 08-09-04.09 - Mr.Vasa 2008-09-06 0:39:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1568 [GMT 2:00]
Running from: C:\Documents and Settings\Mr.Vasa\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mr.Vasa\Application Data\.#
C:\WINDOWS\backup.dll
C:\WINDOWS\msservice.exe
C:\WINDOWS\sys32.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.
2008-09-04 22:56 . 2008-09-04 22:56 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-09-04 22:56 . 2001-09-27 21:41 4,206,080 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 22:56 . 2001-09-27 21:41 2,017,280 --a------ C:\WINDOWS\system32\QuickTimeMusicalInstruments.qtx
2008-09-04 22:56 . 1997-08-21 14:44 345,600 --a------ C:\WINDOWS\system32\Qtim32.dll
2008-09-04 22:56 . 2001-09-27 20:41 287,232 --a------ C:\WINDOWS\system32\QuickTime.cpl
2008-09-04 22:56 . 1996-08-26 04:12 93,696 --a------ C:\WINDOWS\system32\Qtole32.dll
2008-09-04 22:56 . 2001-11-28 16:43 53,985 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-09-04 15:27 . 2008-09-04 15:44 <DIR> d-------- C:\Documents and Settings\Mr.Vasa\Application Data\TypingMaster7
2008-09-02 23:31 . 2008-09-02 23:31 <DIR> d-------- C:\Program Files\SweetIM
2008-09-02 23:31 . 2008-09-02 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-09-02 18:44 . 2008-04-14 05:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-02 18:44 . 2008-04-14 05:41 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-02 18:44 . 2008-04-14 00:09 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-02 18:44 . 2008-04-14 00:09 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-09-02 18:44 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-02 18:44 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-31 15:15 . 2008-08-31 15:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-23 12:23 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-23 12:10 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-22 19:58 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-08-22 19:58 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-08-10 14:53 . 2008-08-10 14:53 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-10 14:21 . 2008-08-10 14:21 <DIR> d-------- C:\Documents and Settings\Mr.Vasa\Application Data\ACD Systems
2008-08-10 14:20 . 2008-08-10 14:20 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-08-10 14:20 . 2008-08-10 14:20 <DIR> d-------- C:\Program Files\ACD Systems
2008-08-10 14:20 . 2008-08-10 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-09 21:04 . 2008-08-09 21:04 268 --ah----- C:\sqmdata11.sqm
2008-08-09 21:04 . 2008-08-09 21:04 244 --ah----- C:\sqmnoopt11.sqm
2008-08-09 20:21 . 2008-08-09 20:21 268 --ah----- C:\sqmdata10.sqm
2008-08-09 20:21 . 2008-08-09 20:21 244 --ah----- C:\sqmnoopt10.sqm
2008-08-09 20:20 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-08-09 13:59 . 2008-08-09 13:59 268 --ah----- C:\sqmdata09.sqm
2008-08-09 13:59 . 2008-08-09 13:59 244 --ah----- C:\sqmnoopt09.sqm
2008-08-07 16:33 . 2008-08-07 16:39 921,632 --a------ C:\PA7302.DAT
2008-08-07 16:31 . 2008-08-07 16:31 <DIR> d-------- C:\WINDOWS\PixArt
2008-08-07 16:31 . 2008-08-07 16:31 <DIR> d-------- C:\Program Files\Common Files\Pac7302
2008-08-07 16:31 . 2008-08-07 16:31 <DIR> d-------- C:\Program Files\Common Files\i-Look 317
2008-08-07 16:31 . 2007-06-14 18:34 457,856 --a------ C:\WINDOWS\system32\drivers\PAC7302.SYS
2008-08-07 16:31 . 2007-05-17 15:50 129,024 --a------ C:\WINDOWS\system32\SP7302.ax
2008-08-07 16:31 . 2006-10-12 11:57 14,336 --a------ C:\WINDOWS\system32\P7302USD.dll
2008-08-07 16:31 . 2006-11-20 09:04 6,656 --a------ C:\WINDOWS\system32\CoInst_070614.dll
2008-08-07 16:31 . 2007-07-05 10:37 566 --a------ C:\WINDOWS\system32\SP7302.ini
2008-08-07 16:31 . 2008-05-31 15:31 302 --a------ C:\WINDOWS\system32\Remover.ini
2008-08-07 16:23 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-07 16:23 . 2008-04-14 00:15 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-07 16:22 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-07 16:22 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 21:02 --------- d-----w C:\Documents and Settings\Mr.Vasa\Application Data\Orbit
2008-08-23 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-09 18:20 --------- d-----w C:\Program Files\Realtek
2008-08-07 14:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 09:50 --------- d-----w C:\Program Files\Windows Live
2008-08-07 09:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 11:23 --------- d-----w C:\Program Files\Java
2008-08-01 11:19 --------- d-----w C:\Program Files\Common Files\Java
2008-07-26 22:03 --------- d-----w C:\Program Files\Valve
2008-07-26 12:50 --------- d-----w C:\Documents and Settings\Mr.Vasa\Application Data\Avira
2008-07-23 16:13 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-23 12:29 --------- d-----w C:\Program Files\Sierra On-Line
2008-07-23 10:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-20 11:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 10:29 20 ----a-w C:\sccfg.sys
2008-07-19 17:28 --------- d-----w C:\Documents and Settings\Mr.Vasa\Application Data\Xilisoft Corporation
2008-07-19 12:09 --------- d-----w C:\Documents and Settings\Mr.Vasa\Application Data\Xfire
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-15 13:54 --------- d-----w C:\Documents and Settings\Mr.Vasa\Application Data\GrabPro
2008-07-12 12:22 --------- d-----w C:\Documents and Settings\Mr.Vasa\Application Data\Winamp
2008-07-11 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-11 15:16 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-11 11:44 --------- d-----w C:\Program Files\NCH Software
2008-07-11 11:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-09 18:18 --------- d-----w C:\Documents and Settings\Mr.Vasa\Application Data\Media Player Classic
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-01 15:45 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-26 20:09 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"nwiz"="nwiz.exe" [2007-06-29 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-23 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
--a------ 2008-05-23 20:56 178688 E:\Program Files\RegDoctor\RegDoctor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"E:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"E:\\Program Files\\Valve\\hl.exe"=
"E:\\Program Files\\Xfire\\xfire.exe"=
"E:\\SIERRA\\Half-Life\\hl.exe"=
"E:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Program Files\\NFS Underground 2\\speed2.exe"=
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-17 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-17 258305]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-17 41217]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 FT3296;USB FORCE RACER;C:\WINDOWS\system32\DRIVERS\FT3296.sys [ ]
S3 PAC7302;i-Look 317;C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Sys32 - c:\WINDOWS\Sys32.exe
HKLM-Run-HService - c:\WINDOWS\msservice.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-Spyware Doctor - E:\Program Files\Spyware Doctor\swdoctor.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mr.Vasa\Application Data\Mozilla\Firefox\Profiles\31a88j0h.default\
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - E:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF -: plugin - E:\Program Files\Firefox\plugins\npnul32.dll
FF -: plugin - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npdsplay.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - E:\Program Files\Opera\program\plugins\NPSWF32.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npwmsdrm.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 00:40:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-06 0:41:13
ComboFix-quarantined-files.txt 2008-09-05 22:41:03
Pre-Run: 2,867,494,912 bytes free
Post-Run: 2,859,737,088 bytes free
217 --- E O F --- 2008-08-23 13:39:59
|