Poslao: 17 Jun 2009 23:57
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
Pozdrav ,
treba mi potvrda da li mi se nije nesto zavuklo u komp , simptomi su cesto tjs precesto zapucavanje konekcije i nista ne pomaze osim disconnecta / connecta ili cak potpunog disableovanja mrezne (koristim wifi pppoe preko access pointa).. Nije da se secam bas najbolje ali cini mi se da mi se ova zapucavanja konekcije desavaju od kada sam instalirao Mp3 Rocket(Java program gde mi se mozda Vundo opet zavukao a imao sam i ranije problema sa njime) , a i zadnje je takodje bio instaliran Elite AntiKeylogger 3.0 ..Takodje se nekada desavaju i blaga usporavanja Windows-a pa cak i zapucavanje istog.. Ako vam nesto znaci ..
Uglavnom bio bih vam zahvalan na analizi ..
Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:15, on 17.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programs\DIVX\PLAYERS\KMPlayer\KMPlayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Calaramongos\Desktop\Folder\HT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1547161642-299502267-682003330-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Bakuta')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0454B51C-ED2D-4208-9791-8064AB6B8B46}: NameServer = 195.252.109.4 194.106.163.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0454B51C-ED2D-4208-9791-8064AB6B8B46}: NameServer = 195.252.109.4 194.106.163.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 6140 bytes
|
|
|
|
|
Poslao: 18 Jun 2009 11:44
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
Pozdrav ..
ComboFix Log:
ComboFix 09-06-17.02 - Calaramongos 18.06.2009 11:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1014.612 [GMT 2:00]
Running from: c:\documents and settings\Calaramongos\Desktop\Folder\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Desktop_.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.
2009-06-14 15:21 . 2009-01-21 09:52 155648 ----a-w- c:\windows\system32\igfxCoIn_v5029.dll
2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\documents and settings\Calaramongos\Shared
2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\documents and settings\Calaramongos\Incomplete
2009-06-14 12:38 . 2009-06-15 13:31 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\MP3Rocket
2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\program files\MP3 Rocket
2009-06-03 14:12 . 2009-06-03 16:09 -------- d-----w- c:\documents and settings\Bakuta\Contacts
2009-06-02 17:46 . 2009-06-03 10:19 -------- d-----w- c:\program files\Common Files\stardock
2009-06-01 17:20 . 2009-06-01 17:20 -------- d-----w- c:\documents and settings\RS\Application Data\Search Settings
2009-06-01 17:19 . 2009-06-01 17:19 -------- d-----w- c:\documents and settings\Bakuta\Application Data\Search Settings
2009-06-01 17:19 . 2009-06-01 17:19 -------- d-----w- c:\documents and settings\RS\Local Settings\Application Data\Mozilla
2009-05-24 17:44 . 2009-05-24 17:44 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Identities
2009-05-24 15:59 . 2009-05-24 16:01 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Adobe
2009-05-24 15:35 . 2009-05-24 15:35 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Mozilla
2009-05-20 08:16 . 2009-05-20 08:16 42960 ----a-w- c:\documents and settings\Danijel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 12:20 . 2009-03-05 13:22 -------- d-----w- c:\program files\BearShare
2009-06-02 18:02 . 2009-03-06 13:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-28 09:08 . 2009-03-05 13:23 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-21 20:54 . 2009-03-06 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-21 14:22 . 2009-04-26 11:51 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Skype
2009-05-21 14:02 . 2009-04-26 11:54 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\skypePM
2009-05-18 19:00 . 2009-05-18 19:00 -------- d-----w- c:\program files\Google
2009-05-18 19:00 . 2009-03-05 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-17 19:58 . 2009-05-17 19:58 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Renegade Minds
2009-05-12 21:36 . 2009-03-05 12:54 42960 ----a-w- c:\documents and settings\Calaramongos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 21:28 . 2009-05-12 21:28 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Publish Providers
2009-05-12 21:28 . 2009-05-12 21:00 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Sony
2009-05-12 20:54 . 2009-05-12 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-05-12 20:48 . 2009-05-12 20:48 -------- d-----w- c:\program files\MSBuild
2009-05-12 20:48 . 2009-05-12 20:48 116040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-12 20:44 . 2009-05-12 20:44 -------- d-----w- c:\program files\Reference Assemblies
2009-05-12 20:31 . 2009-05-12 19:35 52770576 ----a-w- c:\documents and settings\Calaramongos\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-05-12 19:35 . 2009-05-12 19:35 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Sony Setup
2009-05-07 15:31 . 2009-03-06 13:35 -------- d-----w- c:\program files\Common Files\Nero
2009-05-07 15:30 . 2009-04-02 19:49 -------- d-----w- c:\program files\BearShare Applications
2009-05-07 11:59 . 2009-05-07 11:09 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\TeamViewer
2009-05-07 11:09 . 2009-05-07 11:09 -------- d-----w- c:\program files\TeamViewer
2009-05-04 12:24 . 2009-05-04 12:24 -------- d-----w- c:\program files\YouTube Downloader
2009-04-29 21:19 . 2009-04-29 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-04-29 21:16 . 2009-04-29 21:16 -------- d-----w- c:\program files\IVT Corporation
2009-04-29 21:11 . 2009-03-05 13:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-29 20:36 . 2009-04-29 16:31 -------- d-----w- c:\documents and settings\Danijel\Application Data\Skype
2009-04-26 16:36 . 2009-03-05 13:21 -------- d-----w- c:\program files\Mv2Player
2009-04-26 11:54 . 2009-04-26 11:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\program files\Skype
2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\program files\Common Files\Skype
2009-04-17 20:38 . 2009-04-17 20:38 42960 ----a-w- c:\documents and settings\RS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-27 18:36 . 2009-03-06 13:47 290816 ----a-w- c:\windows\system32\TubeFinder.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-03-05 278264]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-05 1797880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-4-29 1183744]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5.3.2009 15:24 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5.3.2009 15:24 31504]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 13:07 61424]
S3 Ipnatlaawcp;Ipnatlaawcp; [x]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 13:54 97136]
.
Contents of the 'Scheduled Tasks' folder
2009-06-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 21:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-18 11:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2009-06-18 11:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 09:39
Pre-Run: 17.099.464.704 bytes free
Post-Run: 18.444.189.696 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
163
|
|
|
|
|
Poslao: 19 Jun 2009 02:20
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
ComboFix 09-06-17.02 - Calaramongos 19.06.2009 2:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1014.559 [GMT 2:00]
Running from: c:\documents and settings\Calaramongos\Desktop\Folder\ComboFix.exe
Command switches used :: c:\documents and settings\Calaramongos\Desktop\Folder\CFScript.txt.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
/wow section - STAGE 32A
The system cannot find the path specified.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\CALARA~1\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Calaramongos\Local Settings\Temp\catchme.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Ipnatlaawcp
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.
2009-06-14 15:21 . 2009-01-21 09:52 155648 ----a-w- c:\windows\system32\igfxCoIn_v5029.dll
2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\documents and settings\Calaramongos\Shared
2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\documents and settings\Calaramongos\Incomplete
2009-06-14 12:38 . 2009-06-15 13:31 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\MP3Rocket
2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\program files\MP3 Rocket
2009-06-03 14:12 . 2009-06-03 16:09 -------- d-----w- c:\documents and settings\Bakuta\Contacts
2009-06-02 17:46 . 2009-06-03 10:19 -------- d-----w- c:\program files\Common Files\stardock
2009-06-01 17:20 . 2009-06-01 17:20 -------- d-----w- c:\documents and settings\RS\Application Data\Search Settings
2009-06-01 17:19 . 2009-06-01 17:19 -------- d-----w- c:\documents and settings\Bakuta\Application Data\Search Settings
2009-06-01 17:19 . 2009-06-01 17:19 -------- d-----w- c:\documents and settings\RS\Local Settings\Application Data\Mozilla
2009-05-24 17:44 . 2009-05-24 17:44 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Identities
2009-05-24 15:59 . 2009-05-24 16:01 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Adobe
2009-05-24 15:35 . 2009-05-24 15:35 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Mozilla
2009-05-20 08:16 . 2009-05-20 08:16 42960 ----a-w- c:\documents and settings\Danijel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 12:20 . 2009-03-05 13:22 -------- d-----w- c:\program files\BearShare
2009-06-02 18:02 . 2009-03-06 13:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-28 09:08 . 2009-03-05 13:23 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-21 20:54 . 2009-03-06 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-21 14:22 . 2009-04-26 11:51 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Skype
2009-05-21 14:02 . 2009-04-26 11:54 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\skypePM
2009-05-18 19:00 . 2009-05-18 19:00 -------- d-----w- c:\program files\Google
2009-05-18 19:00 . 2009-03-05 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-17 19:58 . 2009-05-17 19:58 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Renegade Minds
2009-05-12 21:36 . 2009-03-05 12:54 42960 ----a-w- c:\documents and settings\Calaramongos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 21:28 . 2009-05-12 21:28 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Publish Providers
2009-05-12 21:28 . 2009-05-12 21:00 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Sony
2009-05-12 20:54 . 2009-05-12 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-05-12 20:48 . 2009-05-12 20:48 -------- d-----w- c:\program files\MSBuild
2009-05-12 20:48 . 2009-05-12 20:48 116040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-12 20:44 . 2009-05-12 20:44 -------- d-----w- c:\program files\Reference Assemblies
2009-05-12 20:31 . 2009-05-12 19:35 52770576 ----a-w- c:\documents and settings\Calaramongos\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-05-12 19:35 . 2009-05-12 19:35 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Sony Setup
2009-05-07 15:31 . 2009-03-06 13:35 -------- d-----w- c:\program files\Common Files\Nero
2009-05-07 15:30 . 2009-04-02 19:49 -------- d-----w- c:\program files\BearShare Applications
2009-05-07 11:59 . 2009-05-07 11:09 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\TeamViewer
2009-05-07 11:09 . 2009-05-07 11:09 -------- d-----w- c:\program files\TeamViewer
2009-05-04 12:24 . 2009-05-04 12:24 -------- d-----w- c:\program files\YouTube Downloader
2009-04-29 21:19 . 2009-04-29 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-04-29 21:16 . 2009-04-29 21:16 -------- d-----w- c:\program files\IVT Corporation
2009-04-29 21:11 . 2009-03-05 13:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-29 20:36 . 2009-04-29 16:31 -------- d-----w- c:\documents and settings\Danijel\Application Data\Skype
2009-04-26 16:36 . 2009-03-05 13:21 -------- d-----w- c:\program files\Mv2Player
2009-04-26 11:54 . 2009-04-26 11:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\program files\Skype
2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\program files\Common Files\Skype
2009-04-17 20:38 . 2009-04-17 20:38 42960 ----a-w- c:\documents and settings\RS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-27 18:36 . 2009-03-06 13:47 290816 ----a-w- c:\windows\system32\TubeFinder.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-03-05 278264]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-05 1797880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-4-29 1183744]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5.3.2009 15:24 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5.3.2009 15:24 31504]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 13:07 61424]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 13:54 97136]
.
Contents of the 'Scheduled Tasks' folder
2009-06-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 21:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-19 02:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3448-)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2009-06-19 2:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 00:18
ComboFix2.txt 2009-06-18 09:39
Pre-Run: 18.369.597.440 bytes free
Post-Run: 18.400.026.624 bytes free
163
|
|
|
|
|
|
Poslao: 19 Jun 2009 14:05
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Da to je sve, imas li nekih problema?
|
|
|
|
Poslao: 19 Jun 2009 14:14
|
offline
- MarioBB
- Građanin
- Pridružio: 27 Nov 2006
- Poruke: 129
- Gde živiš: Zrenjanin
|
Apsolutno nikakvih .. Izgleda Ok sve ..
Hvala na ulozenom trudu !
Pozdrav
|
|
|
|