offline
- bobm
- Novi MyCity građanin
- Pridružio: 09 Feb 2009
- Poruke: 14
|
ComboFix 09-09-03.02 - Marko 03.09.2009 23:33.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1604 [GMT 2:00]
Running from: c:\documents and settings\Marko\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Marko\Application Data\wiaserva.log
C:\restore
c:\windows\UA000079.DLL
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_glaide32
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 21:42 . 2008-12-03 17:32 -------- d-----w- c:\documents and settings\Marko\Application Data\skypePM
2009-09-03 21:42 . 2008-12-03 17:29 -------- d-----w- c:\documents and settings\Marko\Application Data\Skype
2009-09-03 21:26 . 2008-04-15 03:19 -------- d-----w- c:\documents and settings\Marko\Application Data\Azureus
2009-09-03 13:14 . 2008-09-10 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-02 21:00 . 2008-04-15 03:16 -------- d-----w- c:\program files\Azureus
2009-09-02 16:54 . 2008-04-12 17:02 -------- d-----w- c:\program files\Free Download Manager
2009-09-01 12:32 . 2008-11-10 14:45 2311472 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-23 20:07 . 2009-06-23 20:07 26 ----a-w- c:\windows\mtagree07011993t.dat
2008-04-12 17:07 . 2008-04-12 17:07 0 --sh--w- c:\windows\S3EBE3C18.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-12 949376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marko^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Marko\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marko^Start Menu^Programs^Startup^rncsys32.exe]
path=c:\documents and settings\Marko\Start Menu\Programs\Startup\rncsys32.exe
backup=c:\windows\pss\rncsys32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4/12/2008 6:56 PM 15424]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\documents and settings\Marko\Desktop\hw32_237\HWiNFO32.sys [2/11/2009 12:25 AM 16872]
R3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [12/31/2002 2:00 PM 55808]
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;c:\windows\system32\drivers\tiau5co.sys [11/5/2008 11:46 PM 57093]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [12/31/2002 2:00 PM 55808]
S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [4/12/2008 6:28 PM 28160]
S3 iTurns;iTurns;c:\windows\system32\drivers\iTurnsDriver.sys [11/28/2008 9:26 PM 10704]
S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [4/12/2008 6:28 PM 51200]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;c:\windows\system32\drivers\tiau5bt.sys [11/5/2008 11:46 PM 11775]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-09-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 07:59]
2009-09-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-12 13:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {89BEC66A-15EA-45E0-A479-AFD7E61616B0} = 77.105.0.18 77.105.0.19
FF - ProfilePath - c:\documents and settings\Marko\Application Data\Mozilla\Firefox\Profiles\3rqignbl.default\
FF - plugin: c:\documents and settings\Marko\Application Data\Mozilla\Firefox\Profiles\3rqignbl.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Marko\Application Data\Mozilla\Firefox\Profiles\3rqignbl.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-03 23:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-73586283-1060284298-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,fd,8c,98,99,1f,29,8c,c3,fa,b1,c2,c0,e8,09,ff,55,49,09,7a,9a,2a,ce,
27,34,29,9b,82,3f,b7,07,e8,c4,d3,75,7d,22,0b,d2,5b,3f,10,0f,6b,a8,ae,21,ab,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-73586283-1060284298-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:50,b6,ba,da,87,36,d9,35,28,d7,bd,e0,c9,8f,31,e1,43,fd,3a,1b,9f,
26,99,90,0b,d6,6d,5a,49,de,0b,a3,97,31,70,5e,ee,56,61,85,16,26,d6,9a,8c,fb,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1192)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-09-03 23:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 21:46
Pre-Run: 46.252.847.104 bytes free
Post-Run: 46.188.019.712 bytes free
177
|