offline
- DeXteritY
- Novi MyCity građanin
- Pridružio: 15 Feb 2008
- Poruke: 12
- Gde živiš: Beograd
|
ComboFix 08-02-15.2 - mafioso 2008-02-17 3:45:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.637 [GMT 1:00]
Running from: C:\Documents and Settings\mafioso\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\mafioso\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\blank.htm
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\blank.htm
C:\WINDOWS\system32\OEMINFO.INI
C:\WINDOWS\system32\OEMLOGO.BMP
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-17 03:44 . 2008-02-17 03:46 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-17 03:15 . 2008-02-17 03:39 <DIR> d-------- C:\Program Files\Cool YouTube Downloader
2008-02-16 16:29 . 2008-02-16 16:29 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-16 16:29 . 2003-03-13 12:51 51,200 --a------ C:\WINDOWS\system32\camcodec.dll
2008-02-16 16:29 . 2003-03-13 12:51 1,461 --a------ C:\WINDOWS\system32\drivers\camcodec.inf
2008-02-16 16:25 . 2008-02-17 01:12 <DIR> d-------- C:\Program Files\CamStudio
2008-02-15 06:29 . 2008-02-15 06:31 <DIR> d-------- C:\Program Files\totalcmd
2008-02-15 06:29 . 2008-02-15 06:58 1,407 --a------ C:\WINDOWS\wincmd.ini
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-15 06:29 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-14 21:27 . 2008-02-14 21:27 <DIR> d-------- C:\Program Files\Your Freedom
2008-02-14 20:54 . 2008-02-14 21:09 <DIR> d-------- C:\Program Files\Etlin HTTP Proxy
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\PlayFirst
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-13 00:00 . 2008-02-13 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-12 01:48 . 2008-02-12 01:48 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\iWin
2008-02-12 01:47 . 2008-02-12 01:47 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 23:41 . 2008-02-11 23:41 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\Wireshark
2008-02-11 23:24 . 2008-02-11 23:24 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\gtk-2.0
2008-02-10 22:06 . 2007-12-07 03:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 22:06 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 22:06 . 2007-07-01 04:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 22:06 . 2007-12-07 03:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 22:06 . 2007-12-07 03:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 22:06 . 2007-12-07 03:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 22:06 . 2007-12-07 03:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 22:06 . 2007-12-07 03:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 22:06 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 16:44 . 2008-02-10 16:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 04:24 . 2008-02-10 04:24 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\vlc
2008-02-10 04:14 . 2008-02-10 04:14 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\ViStart
2008-02-10 04:11 . 2008-02-16 15:09 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\WinFlip
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\VisualTooltip
2008-02-10 04:11 . 2008-02-16 15:10 <DIR> d-------- C:\Program Files\ViStart
2008-02-10 04:11 . 2008-02-10 04:14 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\ViOrb
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\TrueTransparency
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\Styler
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Program Files\LClock
2008-02-10 04:11 . 2008-02-10 04:11 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\Styler
2008-02-10 04:11 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
2008-02-10 04:11 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
2008-02-10 04:11 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-02-10 04:11 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-02-10 04:07 . 2008-02-10 04:11 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-02-10 04:07 . 2008-02-10 04:11 <DIR> d-------- C:\VTPFiles
2008-02-10 04:07 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-02-10 04:07 . 2008-02-10 04:07 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-02-10 04:07 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-02-10 04:07 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-02-10 03:50 . 2008-02-12 18:33 <DIR> d-ahs---- C:\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
2008-02-10 03:44 . 2008-02-10 03:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-10 03:44 . 2008-02-10 03:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-10 01:21 . 2008-02-10 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-10 01:08 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-10 01:06 . 2008-02-10 01:06 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-10 01:05 . 2008-02-10 01:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-10 01:03 . 2008-02-10 01:03 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-10 01:02 . 2008-02-10 01:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-10 01:01 . 2008-02-10 01:01 <DIR> dr-h----- C:\MSOCache
2008-02-10 01:01 . 2008-02-14 03:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-09 22:48 . 2008-02-09 22:48 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-09 22:46 . 2008-02-09 22:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-09 22:45 . 2008-02-13 03:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-09 22:08 . 2008-02-09 22:08 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-09 22:08 . 2008-02-10 01:06 <DIR> d-------- C:\Program Files\MSBuild
2008-02-09 22:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-09 22:04 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-09 19:10 . 2008-02-09 19:10 <DIR> d-------- C:\Documents and Settings\mafioso\WINDOWS
2008-02-09 19:10 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-02-09 18:57 . 2007-02-28 10:55 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-02-09 18:57 . 2007-02-28 10:53 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-02-09 18:57 . 2007-02-28 10:15 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-02-09 16:59 . 2008-02-09 17:02 <DIR> d-------- C:\Program Files\BitComet
2008-02-09 16:59 . 2008-02-09 16:59 <DIR> d-------- C:\Downloads
2008-02-09 16:59 . 2008-02-09 16:59 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-09 16:15 . 2008-02-09 16:15 <DIR> d-------- C:\Documents and Settings\mafioso\Application Data\AntiVir PersonalEdition Premium
2008-02-09 15:30 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-09 15:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-09 15:30 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-09 15:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-09 15:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-09 15:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-09 04:08 . 2008-02-09 04:08 <DIR> d-------- C:\Program Files\Wireshark
2008-02-09 04:08 . 2008-02-09 04:08 <DIR> d-------- C:\Program Files\WinPcap
2008-02-09 04:06 . 2008-02-09 04:07 <DIR> d-------- C:\Program Files\Packet Tracer 4.1
2008-02-09 04:02 . 2008-02-09 04:05 <DIR> d-------- C:\CISCO_CCNA
2008-02-09 03:58 . 2008-02-09 03:58 <DIR> d-------- C:\Program Files\Ligos
2008-02-09 03:58 . 2000-06-23 14:05 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2008-02-09 03:58 . 2000-06-22 13:09 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-02-09 03:57 . 1998-10-29 19:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-09 03:55 . 2008-02-09 03:55 <DIR> d-------- C:\WINDOWS\speech
2008-02-09 03:55 . 2008-02-09 03:55 <DIR> d-------- C:\WINDOWS\Lhsp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 02:46 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-09 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 00:34 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-02-09 00:34 --------- d-----w C:\Program Files\Realtek AC97
2008-02-09 00:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-09 00:34 --------- d-----w C:\Program Files\AvRack
2008-02-09 00:30 --------- d-----w C:\Program Files\ATI Technologies
2008-02-09 00:24 --------- d-----w C:\Program Files\Intel
2008-02-09 00:08 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 13:17 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 05:56 329029]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-09 02:43 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
C:\Documents and Settings\mafioso\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-09 02:18:41 155648]
K-Meleon Loader.lnk - C:\Program Files\K-Meleon\loader.exe [2007-04-16 02:41:00 32768]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Vypress Chat StartUp.lnk - C:\WINDOWS\Installer\{32230531-F971-468F-9BD4-7C3369F3468B}\iconVCAdvertised.exe [2008-02-09 03:14:14 12390]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-02-09 02:43]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-09 02:43]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 01:01]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-17 03:46:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-17 3:47:00
ComboFix-quarantined-files.txt 2008-02-17 02:46:51
ComboFix2.txt 2008-02-15 18:49:24
.
2008-02-14 02:47:09 --- E O F ---
Dopuna: 17 Feb 2008 3:53
Nije nikakva frka... imam strpljenja na pretek. ))
|