ComboFix 08-09-04.09 - Vitez 2008-09-05 9:00:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT -7:00]
Running from: D:\Slaven\1234\4321.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.
2008-08-26 05:57 . 2008-09-04 12:04 <DIR> d-------- C:\Visnja
2008-08-25 07:47 . 2008-08-25 07:47 <DIR> d---s---- C:\Documents and Settings\Vitez\UserData
2008-08-24 06:58 . 2008-08-24 06:58 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-24 06:58 . 2008-08-24 06:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-24 06:58 . 2004-02-09 18:38 14,225,408 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-08-24 04:08 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-24 04:08 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-23 11:06 . 2008-08-27 14:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-23 11:06 . 2005-02-24 20:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmpEB280.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmpB2380.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp97380.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp66180.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp13280.FOT
2008-08-22 04:07 . 2008-08-22 04:07 1,409 --a------ C:\WINDOWS\system32\tmp07280.FOT
2008-08-19 04:32 . 2008-08-22 04:07 <DIR> d-------- C:\totalcmd
2008-08-19 04:32 . 2008-09-05 08:55 2,355 --a------ C:\WINDOWS\wincmd.ini
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF
2008-08-19 04:32 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF
2008-08-18 14:35 . 2008-08-18 14:35 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-16 14:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-16 13:01 . 2008-08-24 06:47 <DIR> d-------- C:\Documents and Settings\stefan
2008-08-11 19:18 . 2008-08-19 07:33 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-08-11 19:15 . 2008-08-22 04:13 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-11 19:14 . 2008-08-11 19:14 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-08-11 19:14 . 2008-08-11 19:17 244,901 --a------ C:\WINDOWS\hplj1010.his
2008-08-11 19:14 . 2008-08-11 19:17 17,959 --a------ C:\WINDOWS\hplj1010.ini
2008-08-11 19:00 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-11 19:00 . 2008-08-16 13:06 376 --a------ C:\WINDOWS\ODBC.INI
2008-08-11 18:56 . 2008-08-11 18:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-11 18:56 . 2008-08-11 18:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-08-11 18:53 . 2008-08-11 18:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-11 18:50 . 2008-08-11 18:50 <DIR> dr-h----- C:\MSOCache
2008-08-11 17:11 . 2008-08-25 07:47 <DIR> d-------- C:\Documents and Settings\Vitez
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 23:54 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"zzzHPSETUP"="F:\Setup.exe" [2002-10-18 635789489]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-05 09:11:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-05 9:13:31
ComboFix-quarantined-files.txt 2008-09-05 16:13:27
Pre-Run: 528,191,488 bytes free
Post-Run: 767,361,024 bytes free
94 --- E O F --- 2008-09-05 15:59:49
drugi komp LAN
|