offline
- klack90
- Građanin
- Pridružio: 14 Okt 2007
- Poruke: 87
- Gde živiš: U kuci
|
ComboFix 08-04-04.1 - Kozic 2008-04-06 11:15:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.979 [GMT 2:00]
Running from: C:\Documents and Settings\Kozic\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\0026BA8D.dat
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\system32\snku5483.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-05 14:42 . 2008-04-05 19:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 14:42 . 2008-04-05 14:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 13:37 . 2008-04-05 13:37 1,720,086 --a------ C:\WINDOWS\system32\TmpA8429687
2008-04-05 10:58 . 2008-04-05 11:30 17,408 --a------ C:\psapi.dll
2008-04-04 19:41 . 2008-04-04 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
2008-04-04 19:41 . 2007-02-13 07:42 14,848 --a------ C:\WINDOWS\system32\drivers\KMWDFilter.SYS
2008-04-04 19:40 . 2006-01-06 15:52 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-03 23:26 . 2008-04-03 23:26 <DIR> d-------- C:\Program Files\directx
2008-04-02 19:16 . 2008-04-02 19:16 24 --a------ C:\WINDOWS\ES_2_D1.prf
2008-04-02 19:16 . 2008-04-02 19:16 24 --a------ C:\WINDOWS\ES_1_D1.prf
2008-04-02 19:16 . 2008-04-02 19:16 24 --a------ C:\WINDOWS\AM_D0.PRF
2008-03-30 23:58 . 2008-03-30 23:58 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-30 23:58 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-03-30 19:47 . 2008-03-30 19:47 <DIR> d-------- C:\Downloads
2008-03-30 03:41 . 2008-03-30 03:41 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-03-28 05:26 . 2008-03-28 05:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-03-28 05:25 . 2008-03-28 05:25 <DIR> d-------- C:\Program Files\GRETECH
2008-03-28 05:25 . 2008-03-28 05:25 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\GRETECH
2008-03-27 08:45 . 2008-03-27 08:45 <DIR> d-------- C:\Logs
2008-03-26 07:35 . 2008-03-26 07:36 <DIR> d-------- C:\Program Files\Image-Line
2008-03-26 07:32 . 2008-03-26 07:32 <DIR> d-------- C:\Documents and Settings\Kozic\.borland
2008-03-26 04:29 . 2008-03-26 04:29 12,969 --a------ C:\WINDOWS\winsight.ini
2008-03-26 04:10 . 2008-03-26 04:10 13,030 --a------ C:\PDOXUSRS.NET
2008-03-26 04:00 . 2008-03-30 09:17 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-03-26 04:00 . 2008-03-26 04:00 <DIR> d-------- C:\Program Files\Borland
2008-03-26 03:42 . 2008-03-26 03:48 <DIR> d-------- C:\Program Files\URUSoft
2008-03-25 05:36 . 2008-03-25 05:36 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\Ashampoo
2008-03-25 05:36 . 2008-03-25 05:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-25 05:26 . 2008-03-25 05:27 <DIR> d-------- C:\Program Files\EasyBurning
2008-03-24 01:51 . 2005-09-08 04:02 3,072 --a------ C:\WINDOWS\system32\drivers\sfcure01.sys
2008-03-23 20:34 . 2008-03-23 20:34 <DIR> d-------- C:\Temp
2008-03-22 00:24 . 2008-03-22 00:24 <DIR> d-------- C:\Program Files\Alex Feinman
2008-03-21 19:07 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-21 19:07 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-21 19:07 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-21 19:07 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-03-21 19:07 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-21 19:07 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-21 19:07 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-03-21 19:07 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-21 19:07 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-03-21 19:06 . 2008-03-21 19:07 <DIR> d-------- C:\Program Files\Ahead
2008-03-20 20:15 . 2008-03-20 20:15 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-03-18 23:25 . 2008-03-18 23:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-18 23:24 . 2008-03-18 23:24 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-18 23:23 . 2008-04-05 15:16 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\Xfire
2008-03-18 23:22 . 2008-04-04 21:08 <DIR> d-------- C:\Program Files\Xfire
2008-03-18 22:46 . 2008-03-18 22:46 <DIR> d-------- C:\WINDOWS\wb
2008-03-18 16:31 . 2008-03-18 16:31 770,048 --a------ C:\WINDOWS\TMUninst.exe
2008-03-18 16:08 . 2008-03-18 16:08 120,320 --a------ C:\WINDOWS\system32\drivers\SSHDRV65.sys
2008-03-18 13:15 . 2008-03-18 15:27 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\SpieleEntwicklungsKombinat
2008-03-18 13:15 . 2008-03-18 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpieleEntwicklungsKombinat
2008-03-18 02:29 . 2008-03-28 06:09 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-18 01:46 . 2004-06-16 07:03 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-03-16 17:07 . 2008-03-18 01:42 <DIR> d-------- C:\Documents and Settings\Kozic\Penumbra.Black.Plague.Update.1.0.1-ViTALiTY
2008-03-16 16:19 . 2008-03-16 16:19 <DIR> d-------- C:\Program Files\OpenAL
2008-03-16 16:19 . 2008-03-20 20:35 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-16 16:19 . 2008-03-20 20:35 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-14 01:05 . 2008-03-14 01:05 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 15:21 . 2008-03-13 15:21 73 --a------ C:\WINDOWS\sec23.dat
2008-03-13 02:34 . 2008-03-13 02:34 <DIR> d-------- C:\Program Files\Nsasoft
2008-03-12 23:35 . 2008-03-12 23:35 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\FreeCall
2008-03-08 16:04 . 2008-03-08 16:04 <DIR> d-------- C:\Documents and Settings\Kozic\Application Data\Ubisoft
2008-03-08 16:04 . 2008-03-08 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-08 16:04 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-08 16:04 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-08 16:04 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-08 16:04 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-06 20:51 . 2008-03-06 20:51 5,694 --a------ C:\Sdicon32.ico
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 09:15 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Free Download Manager
2008-04-06 09:05 --------- d-----w C:\Program Files\NoAdware5.0
2008-04-05 23:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-05 22:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-05 22:18 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-05 11:47 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-04-05 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-04-05 11:43 --------- d-----w C:\Program Files\Sketch Master
2008-04-04 19:38 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Ulead Systems
2008-04-04 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-04 18:04 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-02 02:49 --------- d-----w C:\Documents and Settings\Kozic\Application Data\uTorrent
2008-03-30 22:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-30 20:06 22,328 ----a-w C:\Documents and Settings\Kozic\Application Data\PnkBstrK.sys
2008-03-30 07:13 --------- d-----w C:\Program Files\Autodesk
2008-03-29 12:29 --------- d-----w C:\Program Files\VirtualDJ
2008-03-26 04:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-25 18:19 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-25 02:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-24 22:42 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Winamp
2008-03-23 16:03 --------- d-----w C:\Program Files\LimeWire
2008-03-23 12:07 --------- d-----w C:\Documents and Settings\Kozic\Application Data\InstallShield
2008-03-21 17:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-19 02:22 --------- d-----w C:\Program Files\sysreset
2008-03-19 02:22 --------- d-----w C:\Documents and Settings\Kozic\Application Data\mIRC
2008-03-19 02:21 --------- d-----w C:\Program Files\WhereIsIt
2008-03-16 22:04 --------- d-----w C:\Documents and Settings\Kozic\Application Data\THQ
2008-03-06 15:45 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Autodesk
2008-03-03 22:03 --------- d-----w C:\Program Files\Eset
2008-03-01 19:27 --------- d-----w C:\Documents and Settings\Kozic\Application Data\LimeWire
2008-02-25 01:22 --------- d-----w C:\Program Files\aSkola
2008-02-22 00:41 --------- d-----w C:\Program Files\SubFind
2008-02-20 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-02-19 19:25 --------- d-----w C:\Program Files\Microsoft WSE
2008-02-14 21:21 --------- d-----w C:\Program Files\Free Download Manager
2008-02-14 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-02-10 19:40 --------- d-----w C:\Documents and Settings\Kozic\Application Data\Samsung
2008-02-08 18:18 --------- d-----w C:\Program Files\Windows Live
2008-01-21 13:47 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
.
------- Sigcheck -------
2006-01-13 04:03 360448 2a4818aea80acd2c95d7d92d2f3155f8 C:\WINDOWS\system32\drivers\tcpip.sys
2006-01-13 04:04 2187904 c3b84871dece94e335b96fafd756316c C:\WINDOWS\system32\ntoskrnl.exe
2006-01-13 03:46 1075200 2deaca71a7fd77205f59d48d76b2f565 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NoAdware5"="C:\Program Files\NoAdware5.0\NoAdware5.exe" [2007-01-12 13:17 1695744]
"Google Update"="C:\Documents and Settings\Kozic\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-18 22:52 51184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-13 19:02 2453551]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 23:56 86960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft"="svchost32.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 03:36 62054]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2006-01-13 03:49 388608 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 03:25 44544]
C:\Documents and Settings\Kozic\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
YouTube Uploader.lnk - C:\Documents and Settings\Kozic\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.wmv3"= wmv9vcm.dll
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"VIDC.ACDV"= ACDV.dll
"VIDC.FPS1"= frapsvid.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\sysreset\\mirc.exe"=
"D:\\Warcraft III\\war3.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\sysreset\\mirc.bet.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Cryptload\\Rollcage Stage II\\BIN\\Rollcage D3D.exe"=
"D:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:war3
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 18:11]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-03-18 16:08]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-02-13 07:42]
S3 FXDRV;FXDRV;E:\Fxdrv.sys []
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys [2006-03-10 15:03]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys [2006-03-10 15:03]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys [2006-03-10 15:03]
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys [2006-03-10 15:03]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 22:34]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 11:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 11:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 11:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 11:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 11:42]
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5210127c-c115-11dc-8678-0014858b792a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-06 11:16:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Kozic\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\NoAdware5.0\nutils.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NoAdware5.0\nutils.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\NoAdware5.0\nutils.dll
.
Completion time: 2008-04-06 11:17:22
ComboFix-quarantined-files.txt 2008-04-06 09:17:07
Pre-Run: 5,030,420,480 bytes free
Post-Run: 5,057,712,128 bytes free
Dopuna: 06 Apr 2008 18:07
Resio sam,reinstaliro sam windows,u svakom slucaju hvala,pozzz
|