offline
- nemamIme:P
- Novi MyCity građanin
- Pridružio: 10 Sep 2009
- Poruke: 24
|
ComboFix 09-09-28.01 - Admin 29.09.2009 21:56.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.894.282 [GMT 2:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-29 09:04 . 2009-09-29 09:04 -------- d-----w- c:\windows\Modio
2009-09-29 09:03 . 2009-09-29 09:03 -------- d-----w- c:\windows\PCTEL
2009-09-29 09:03 . 2003-11-25 03:26 308 ------w- c:\windows\system32\pthsp.dat
2009-09-29 09:03 . 2002-09-27 07:16 50040 ------w- c:\windows\system32\ptPTT.dat
2009-09-28 18:32 . 2009-09-28 18:32 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2009-09-28 18:32 . 2009-09-28 18:32 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2009-09-28 18:30 . 2009-09-28 18:30 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2009-09-28 18:28 . 2009-06-26 16:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-28 18:28 . 2009-06-26 16:18 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-28 18:28 . 2009-09-29 15:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-28 18:28 . 2009-09-28 18:29 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-28 17:24 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll
2009-09-19 16:17 . 2009-09-19 16:17 -------- d-----w- c:\program files\Virtual Trumpet
2009-09-19 16:14 . 2009-09-19 16:19 249856 ------w- c:\windows\Setup1.exe
2009-09-19 16:14 . 2009-09-19 16:19 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-16 16:03 . 2009-09-16 16:03 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-16 16:01 . 2009-09-16 17:20 -------- d-----w- c:\program files\Microsoft
2009-09-14 19:09 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2009-09-14 19:09 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2009-09-14 19:09 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll
2009-09-14 19:09 . 1998-11-13 11:11 307200 ----a-w- c:\windows\IsUn041a.exe
2009-09-14 18:53 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
2009-09-12 18:31 . 2009-09-12 20:50 -------- d-----w- c:\documents and settings\Admin\Application Data\BSplayer
2009-09-12 18:31 . 2009-09-12 18:31 -------- d-----w- c:\documents and settings\Admin\Application Data\BSplayer Pro
2009-09-11 15:28 . 2009-09-12 15:30 -------- d-----w- C:\Lop SD
2009-09-10 22:06 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-10 22:06 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-10 22:06 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-10 22:06 . 2009-09-10 22:06 -------- d-----w- c:\program files\Avira
2009-09-10 22:06 . 2009-09-10 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-10 19:41 . 2009-09-10 19:41 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-10 19:40 . 2009-09-10 19:40 -------- d-----w- C:\games
2009-09-10 19:40 . 2009-09-10 19:40 -------- d-----w- c:\program files\Solsoft
2009-09-09 10:35 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-09 10:05 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 20:55 . 2009-09-08 20:57 -------- d-----w- c:\program files\Multi Password Recovery
2009-09-08 14:04 . 2009-09-08 14:04 -------- d-----w- c:\documents and settings\Admin\Application Data\TeamViewer
2009-09-08 14:04 . 2009-09-08 14:05 -------- d-----w- c:\program files\TeamViewer
2009-09-08 14:04 . 2009-09-08 14:04 -------- d-----w- c:\documents and settings\Admin\temp
2009-09-07 20:02 . 2009-09-07 20:02 -------- d-----w- c:\program files\Polyhedric Software
2009-09-07 20:02 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe
2009-09-07 20:02 . 2009-09-07 20:02 -------- d-----w- c:\documents and settings\Admin\WINDOWS
2009-09-07 19:59 . 2009-09-07 19:59 -------- d-----w- c:\documents and settings\Admin\Application Data\fltk.org
2009-09-06 10:54 . 2009-09-06 11:07 -------- d-----w- c:\program files\NetTVPlus Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 19:55 . 2009-04-21 17:45 -------- d-----w- c:\documents and settings\Admin\Application Data\DNA
2009-09-29 18:05 . 2009-04-21 17:45 -------- d-----w- c:\program files\DNA
2009-09-29 09:00 . 2008-09-03 21:21 -------- d-----w- c:\program files\UIU
2009-09-16 18:18 . 2009-01-19 13:05 -------- d-----w- c:\program files\Opera
2009-09-16 17:42 . 2009-03-16 17:04 -------- d-----w- c:\documents and settings\Admin\Application Data\Windows Live Writer
2009-09-13 14:07 . 2009-07-24 12:33 -------- d-----w- c:\documents and settings\Admin\Application Data\Nokia
2009-09-12 21:01 . 2009-04-21 17:45 -------- d-----w- c:\documents and settings\Admin\Application Data\BitTorrent
2009-09-10 20:37 . 2005-10-03 19:44 -------- d-----w- c:\program files\Google
2009-09-10 20:02 . 2009-01-28 14:35 -------- d-----w- c:\program files\Valve
2009-09-09 10:01 . 2009-01-31 16:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-17 13:12 . 2005-10-03 20:53 39464 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 08:45 . 2009-08-15 08:45 -------- d-----w- c:\program files\MSBuild
2009-08-15 08:45 . 2009-08-15 08:45 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 08:42 . 2009-08-15 08:42 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2002-12-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2002-12-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2002-12-31 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 15:33 . 2008-10-04 11:29 41 ----a-w- c:\windows\popcinfo.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-21 321344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"19199:TCP"= 19199:TCP:BitComet 19199 TCP
"19199:UDP"= 19199:UDP:BitComet 19199 UDP
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1.9.2008 19:15 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [3.9.2008 23:50 8192]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11.9.2009 0:06 108289]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 9:13 34064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [16.3.2009 12:54 24652]
S3 BS_Flash;BS_Flash;c:\program files\BIOS\BIOS Flash\BS_Flash.sys [3.9.2008 5:00 3604]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ta7mzuo1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-29 22:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(:01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\msi.dll
.
Completion time: 2009-09-29 22:01
ComboFix-quarantined-files.txt 2009-09-29 20:01
ComboFix2.txt 2009-09-29 18:23
ComboFix3.txt 2009-09-29 11:03
ComboFix4.txt 2009-09-12 21:45
Pre-Run: 3.898.109.952 bytes free
Post-Run: 3.887.366.144 bytes free
166 --- E O F --- 2009-09-10 07:47
|