Poslao: 22 Apr 2010 22:36
|
offline
- Pridružio: 07 Mar 2009
- Poruke: 33
|
Napisano: 22 Apr 2010 22:20
Opet se pokrenuo antispyware xp , a avast mi ovo saopstava
C:\WINDOWS\system32\drivers\cdrom.sys
ime malware-a: Win32:Cutwail-AH [Rtk]
i da sada mogu da pokrecem programe cini mi se (nakon sto sam deinstalirao combofix)
Dopuna: 22 Apr 2010 22:36
U pitanju je Malware: XP AntiSpyware
|
|
|
|
|
Poslao: 23 Apr 2010 12:48
|
offline
- Pridružio: 07 Mar 2009
- Poruke: 33
|
Napisano: 22 Apr 2010 23:07
ComboFix 10-04-21.01 - EC 22/04/10 22:55:35.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.563 [GMT 2:00]
Running from: c:\documents and settings\EC\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100422-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
c:\documents and settings\EC\Application Data\avdrn.dat
c:\documents and settings\EC\Recent\Thumbs.db
c:\documents and settings\EC\Start Menu\Programs\Startup\monxga32.exe
c:\windows\dcax32.dll
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ave.exe
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\wuaucldt.exe
c:\windows\system32\Drivers\oreans32.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\wuaucldt.exe
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{4570F90D-273F-4CBA-84B7-003E35D5A7B1}\RP368\A0213995.sys
.
((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.
2010-04-22 20:54 . 2010-04-22 20:54 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\avG
2010-04-22 15:09 . 2004-08-03 20:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-21 18:15 . 2010-04-21 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-14 14:15 . 2010-04-14 14:16 -------- d-----w- c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 18:14 . 2010-04-21 18:14 16 ----a-w- c:\documents and settings\EC\Application Data\kcmdte.dat
2010-04-21 18:13 . 2009-03-05 12:06 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2010-04-16 10:11 . 2008-02-14 10:10 -------- d-----w- c:\program files\Google
2010-04-14 14:11 . 2008-05-09 15:30 -------- d-----w- c:\documents and settings\Arhitektura\Application Data\DNA
2010-04-14 10:08 . 2008-05-09 15:30 -------- d-----w- c:\program files\DNA
2010-04-13 21:44 . 2008-01-17 11:18 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-12 17:15 . 2010-01-07 20:38 -------- d-----w- c:\documents and settings\EC\Application Data\Audacity
2010-03-27 13:35 . 2008-04-18 14:50 -------- d-----w- c:\program files\Common Files\Real
2010-03-19 17:32 . 2010-03-06 15:46 439816 ----a-w- c:\documents and settings\EC\Application Data\Real\Update\setup3.10\setup.exe
2010-03-17 11:34 . 2010-03-17 11:34 -------- d-----w- c:\program files\Common Files\Apple
2010-03-17 11:34 . 2010-03-17 11:33 -------- d-----w- c:\program files\QuickTime
2010-03-17 11:33 . 2010-03-17 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-16 13:11 . 2010-03-04 08:43 439816 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\setup.exe
2010-03-07 21:46 . 2008-09-04 15:37 116352 -c--a-w- c:\documents and settings\Arhitektura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-07 13:28 . 2007-08-25 10:56 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-07 13:24 . 2010-03-04 07:27 -------- d-----w- c:\program files\TeamViewer
2010-03-05 20:59 . 2010-03-05 20:55 20829680 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-05 20:55 . 2010-03-05 20:55 8405312 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-05 20:54 . 2010-03-05 20:54 149000 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-05 20:54 . 2010-03-05 20:54 10309448 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-05 20:52 . 2010-03-05 20:52 283280 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-05 20:52 . 2010-03-05 20:52 181768 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-05 20:52 . 2010-03-05 20:52 79368 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-05 20:52 . 2010-03-05 20:52 64000 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-05 20:52 . 2010-03-05 20:52 52288 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-05 20:52 . 2010-03-05 20:52 50688 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-05 20:52 . 2010-03-05 20:52 49152 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-05 20:52 . 2010-03-05 20:52 118784 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-04 07:28 . 2010-03-04 07:28 -------- d-----w- c:\documents and settings\EC\Application Data\TeamViewer
2010-03-02 16:44 . 2010-03-02 16:44 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
2010-01-31 17:19 . 2008-04-02 20:43 48928 ----a-w- c:\windows\system32\drivers\Tetris.sys
2008-01-19 16:16 . 2008-01-17 11:18 88 --sh--r- c:\windows\system32\058A633A32.sys
.
------- Sigcheck -------
[-] 2007-02-15 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"Google Update"="c:\documents and settings\EC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"SMSERIAL"="sm56hlpr.exe" [2000-11-22 462848]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PGUNNT c:\smclpav\SMCLpav.exe
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\LayOut\\LayOut.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/03/09 23:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/03/09 23:41 20560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [14/07/09 20:25 33792]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [02/04/08 22:43 48928]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/10/09 21:44 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/06/09 16:17 721904]
.
Contents of the 'Scheduled Tasks' folder
2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\EC\Application Data\Mozilla\Firefox\Profiles\r68pz6te.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - plugin: c:\documents and settings\EC\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npbittorrent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-syncman - c:\documents and settings\ec\wuaucldt.exe
HKCU-Run-Cresogotobuh - c:\windows\dcax32.dll
HKLM-Run-syncman - c:\windows\system32\wuaucldt.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-22 23:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(768-)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\browselc.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Awast Software\Avast4\aswUpdSv.exe
c:\program files\Awast Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Awast Software\Avast4\ashMaiSv.exe
c:\program files\Awast Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\sm56hlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-04-22 23:07:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-22 21:07
Pre-Run: 7.558.086.656 bytes free
Post-Run: 10.073.731.072 bytes free
- - End Of File - - 447435DBDF19C6DDD847703AD6C1ECF2
Dopuna: 22 Apr 2010 23:08
Toliko od mene za danas....umro sam na racunaru.
Dopuna: 23 Apr 2010 12:48
Ja sam tu, pa možemo da nastavimo, nadam se da nije problem što sam pauziro, jer sam bio baš umoran.
|
|
|
|
Poslao: 23 Apr 2010 17:07
|
offline
- Bogdan-Tc
- Anti Malware Fighter
Rank 1
- Pridružio: 04 Jan 2009
- Poruke: 2168
|
Ponovo pokreni ComboFix sa korisničkog naloga "Davorin" i postavi mi taj log.
|
|
|
|
Poslao: 23 Apr 2010 17:38
|
offline
- Pridružio: 07 Mar 2009
- Poruke: 33
|
ComboFix 10-04-21.01 - Davorin 23/04/10 17:32:04.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.632 [GMT 2:00]
Running from: c:\documents and settings\Davorin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100423-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.
2010-04-22 20:54 . 2010-04-22 20:54 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\avG
2010-04-22 15:09 . 2004-08-03 20:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-21 18:15 . 2010-04-21 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-14 14:15 . 2010-04-14 14:16 -------- d-----w- c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 10:43 . 2008-05-09 15:30 -------- d-----w- c:\documents and settings\Arhitektura\Application Data\DNA
2010-04-23 07:18 . 2008-05-09 15:30 -------- d-----w- c:\program files\DNA
2010-04-21 18:13 . 2009-03-05 12:06 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2010-04-16 10:11 . 2008-02-14 10:10 -------- d-----w- c:\program files\Google
2010-04-13 21:44 . 2008-01-17 11:18 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-27 13:35 . 2008-04-18 14:50 -------- d-----w- c:\program files\Common Files\Real
2010-03-17 11:34 . 2010-03-17 11:34 -------- d-----w- c:\program files\Common Files\Apple
2010-03-17 11:34 . 2010-03-17 11:33 -------- d-----w- c:\program files\QuickTime
2010-03-17 11:33 . 2010-03-17 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-16 13:11 . 2010-03-04 08:43 439816 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\setup.exe
2010-03-07 21:46 . 2008-09-04 15:37 116352 -c--a-w- c:\documents and settings\Arhitektura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-07 13:28 . 2007-08-25 10:56 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-07 13:24 . 2010-03-04 07:27 -------- d-----w- c:\program files\TeamViewer
2010-03-05 20:59 . 2010-03-05 20:55 20829680 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-05 20:55 . 2010-03-05 20:55 8405312 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-05 20:54 . 2010-03-05 20:54 149000 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-05 20:54 . 2010-03-05 20:54 10309448 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-05 20:52 . 2010-03-05 20:52 283280 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-05 20:52 . 2010-03-05 20:52 181768 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-05 20:52 . 2010-03-05 20:52 79368 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-05 20:52 . 2010-03-05 20:52 64000 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-05 20:52 . 2010-03-05 20:52 52288 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-05 20:52 . 2010-03-05 20:52 50688 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-05 20:52 . 2010-03-05 20:52 49152 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-05 20:52 . 2010-03-05 20:52 118784 ----a-w- c:\documents and settings\Arhitektura\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-02 16:44 . 2010-03-02 16:44 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
2010-01-31 17:19 . 2008-04-02 20:43 48928 ----a-w- c:\windows\system32\drivers\Tetris.sys
2008-01-19 16:16 . 2008-01-17 11:18 88 --sh--r- c:\windows\system32\058A633A32.sys
.
------- Sigcheck -------
[-] 2007-02-15 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-22_21.02.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 10:44 . 2010-04-23 10:44 16384 c:\windows\temp\Perflib_Perfdata_674.dat
+ 2010-04-23 15:26 . 2010-04-23 15:26 16384 c:\windows\temp\Perflib_Perfdata_2ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Davorin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"SMSERIAL"="sm56hlpr.exe" [2000-11-22 462848]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PGUNNT c:\smclpav\SMCLpav.exe
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\LayOut\\LayOut.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/03/09 23:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/03/09 23:41 20560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [14/07/09 20:25 33792]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [02/04/08 22:43 48928]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/10/09 21:44 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/06/09 16:17 721904]
.
Contents of the 'Scheduled Tasks' folder
2010-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Connection Wizard,ShellNext = hxxp://www.megaupload.com/toolbar2.0/?c=installed
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
FF - ProfilePath - c:\documents and settings\Davorin\Application Data\Mozilla\Firefox\Profiles\zw3zablm.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\Davorin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npbittorrent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1956)
c:\windows\system32\browselc.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-04-23 17:38:14
ComboFix-quarantined-files.txt 2010-04-23 15:38
ComboFix2.txt 2010-04-22 21:07
Pre-Run: 10.030.477.312 bytes free
Post-Run: 10.001.018.880 bytes free
- - End Of File - - 22DF6E3CAF2D7ADA08532AC97C5EDB00
|
|
|
|
|
Poslao: 23 Apr 2010 18:11
|
offline
- Pridružio: 07 Mar 2009
- Poruke: 33
|
C:\Qoobox\Quarantine\C\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk.vir -> C:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk ( 531 bytes )
|
|
|
|
|
|
|