offline
- Nyquist
- Građanin
- Pridružio: 20 Nov 2008
- Poruke: 102
- Gde živiš: Budva
|
Danas sam bio kod druga i uporno prijavljuje virus 32/Bizex.worm.dll na njegov komp koji nema neta.
Evo log:
ComboFix 09-01-21.04 - Shizofrenia 2009-01-23 18:19:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.126 [GMT 1:00]
Running from: c:\documents and settings\Shizofrenia\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: Sygate Personal Firewall Pro *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Shizofrenia\Favorites\Download programs.url
c:\documents and settings\Shizofrenia\Favorites\Games.url
c:\documents and settings\Shizofrenia\Favorites\Translator.url
c:\documents and settings\Shizofrenia\Favorites\Videos.url
c:\documents and settings\Shizofrenia\Start Menu\Programs\Adzgalore Games Collection
c:\documents and settings\Shizofrenia\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
c:\documents and settings\Shizofrenia\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk
c:\documents and settings\Shizofrenia\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk
c:\documents and settings\Shizofrenia\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk
c:\documents and settings\Shizofrenia\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk
c:\documents and settings\Shizofrenia\Start Menu\Programs\Download programs.url
c:\documents and settings\Shizofrenia\Start Menu\Programs\Translator.url
c:\documents and settings\Shizofrenia\Start Menu\Programs\Videos.url
c:\program files\Adzgalore Games Collection
c:\program files\Adzgalore Games Collection\BattlesOfHelicopters.exe
c:\program files\Adzgalore Games Collection\BobAndBill.exe
c:\program files\Adzgalore Games Collection\CrazyBlocks.exe
c:\program files\Adzgalore Games Collection\Lines.exe
c:\program files\Adzgalore Games Collection\uninstall.exe
c:\program files\Adzgalore Games Collection\VideoPool.exe
c:\windows\system32\Microsoft\backup.ftp
.
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-23 09:24 . 2009-01-23 09:24 <DIR> d-------- c:\windows\LastGood
2009-01-23 09:24 . 2009-01-23 09:24 <DIR> d-------- c:\program files\Symantec
2009-01-23 09:24 . 2009-01-23 09:24 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-23 09:24 . 2009-01-23 09:24 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-23 09:24 . 2009-01-23 09:24 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-23 09:24 . 2009-01-23 09:23 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-23 09:24 . 2009-01-23 09:24 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-23 09:24 . 2009-01-23 09:24 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-23 09:18 . 2009-01-23 09:18 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-23 09:18 . 2009-01-23 09:18 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-23 09:18 . 2009-01-23 09:19 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-23 09:18 . 2009-01-23 09:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-23 09:18 . 2009-01-23 09:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-23 09:17 . 2009-01-23 09:17 <DIR> d-------- c:\program files\NortonInstaller
2009-01-23 09:17 . 2009-01-23 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-23 08:53 . 2009-01-23 08:53 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-22 19:06 . 2009-01-22 19:06 <DIR> d-------- c:\program files\Uniblue
2009-01-22 19:06 . 2009-01-22 19:06 <DIR> d-------- c:\documents and settings\Shizofrenia\Application Data\Uniblue
2009-01-22 19:05 . 2009-01-22 19:06 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-01-21 19:51 . 2009-01-21 19:51 <DIR> d-------- c:\program files\ODEON
2009-01-21 19:07 . 2009-01-21 19:07 1,859,584 --a------ c:\windows\system32\FLSINST.DLL
2009-01-21 19:07 . 2009-01-21 19:07 4,263 --a------ c:\windows\system32\FLSINSTU.INI
2009-01-21 19:07 . 2008-08-19 10:53 1,115 --a------ c:\windows\setup.iss
2009-01-21 17:31 . 1999-05-10 13:16 29,246 -ra------ c:\windows\system32\DK2WN95.386
2009-01-21 17:31 . 2001-03-01 06:54 12,965 -ra------ c:\windows\system32\DK2DRVS.isu
2009-01-21 17:28 . 2009-01-21 17:28 <DIR> d-------- c:\program files\Common Files\DESkey
2009-01-21 17:28 . 2009-01-21 17:28 92,984 --a------ c:\windows\system32\DNClnt32.dll
2009-01-21 17:28 . 2009-01-21 17:28 92,984 --a------ c:\windows\system32\dkcpanel.exe
2009-01-21 17:28 . 2009-01-21 17:28 89,400 --a------ c:\windows\system32\DNCP32.DLL
2009-01-21 17:28 . 2009-01-21 17:28 64,312 --a------ c:\windows\system32\vercp32.dll
2009-01-21 17:28 . 2009-01-21 17:28 60,216 --a------ c:\windows\system32\DESkey32.cpl
2009-01-21 17:28 . 2009-01-21 17:28 14,856 --a------ c:\windows\system32\drivers\dkpccard.sys
2009-01-21 17:28 . 2009-01-21 17:28 11,576 --a------ c:\windows\system32\DKCLINST.DLL
2009-01-21 17:28 . 2009-01-21 17:28 9,227 --a------ c:\windows\system32\DNCP32.HLP
2009-01-21 17:28 . 2009-01-21 17:28 6,013 --a------ c:\windows\system32\DESkey32.hlp
2009-01-17 18:10 . 2009-01-17 18:35 <DIR> d-------- c:\documents and settings\Shizofrenia\Desktop(2)
2009-01-16 02:40 . 2009-01-16 03:08 285,548,739 --a------ C:\cs16full-v7.exe
2009-01-15 07:16 . 2009-01-15 07:16 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-29 04:06 . 2009-01-23 05:08 <DIR> d-------- c:\documents and settings\Shizofrenia\Application Data\skypePM
2008-12-29 04:06 . 2008-12-29 04:06 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-29 04:03 . 2009-01-23 05:09 <DIR> d-------- c:\documents and settings\Shizofrenia\Application Data\Skype
2008-12-29 04:02 . 2008-12-29 04:02 <DIR> d-------- c:\program files\Skype
2008-12-29 04:02 . 2008-12-29 04:02 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-29 04:00 . 2008-12-29 04:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 17:25 --------- d-----w c:\program files\mIRC
2009-01-23 08:04 --------- d-----w c:\documents and settings\Shizofrenia\Application Data\uTorrent
2009-01-21 18:07 --------- d-----w c:\program files\Nokia
2009-01-20 19:14 --------- d-----w c:\program files\TuneUp Utilities 2007
2009-01-20 04:18 --------- d-----w c:\program files\DivX
2009-01-19 18:19 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-19 18:16 --------- d-----w c:\program files\Common Files\Nokia
2009-01-16 02:09 --------- d-----w c:\program files\Valve
2009-01-10 16:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 18:05 42,496 ----a-w c:\windows\system32\ftp.exe
2009-01-05 11:43 --------- d-----w c:\documents and settings\Shizofrenia\Application Data\mIRC
2008-12-22 11:26 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-22 11:26 --------- d-----w c:\program files\Java
2008-12-14 04:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-14 00:32 --------- d-----w c:\program files\NJ Soft
2008-12-12 18:04 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-12 18:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-03 00:33 --------- d-----w c:\documents and settings\Shizofrenia\Application Data\Any Video Converter
2008-12-03 00:18 --------- d-----w c:\program files\Any Video Converter
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-10-23 12:51 284,160 ----a-w c:\windows\system32\gdi32.dll
2009-01-05 01:34 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-05 01:34 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-05 01:34 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-05 01:35 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-05 01:35 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-19 21:30 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2007-12-19 21:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-12-19 21:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007121920071220\index.dat
2007-12-19 21:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2008-04-14 01:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\dllcache\svchost.exe
2008-04-14 01:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\dllcache\ws2_32.dll
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2007-03-21 11:10 360704 e6b15bcc470953e600ef7aded3cab142 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\system32\drivers\tcpip.sys
2008-04-14 01:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\dllcache\winlogon.exe
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys
2008-04-14 01:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe
2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\dllcache\services.exe
2008-04-14 01:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe
2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\dllcache\lsass.exe
2008-04-14 01:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\dllcache\ctfmon.exe
2008-04-14 01:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 00:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe
2004-08-04 00:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\dllcache\userinit.exe
2008-04-14 01:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
2004-08-04 00:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\powrprof.dll
2004-08-04 00:56 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\dllcache\powrprof.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-03-21 1694208]
"Google Update"="c:\documents and settings\Shizofrenia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-24 949376]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-09-27 2635472]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"BearShare"="c:\program files\BearShare\BearShare.exe" [2006-07-26 3305472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2004-10-29 c:\windows\system32\nwiz.exe]
"Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 c:\windows\system32\mmrtkrnl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE7-11"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]
c:\documents and settings\Shizofrenia\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2008-04-03 36953]
AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2008-04-03 229450]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.078\SymEFA.sys [2009-01-23 308064]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2007-09-24 77312]
R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [2007-09-24 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [2007-09-24 5504]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.078\BHDrvx86.sys [2009-01-23 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.078\ccHPx86.sys [2009-01-23 361320]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080822.001\IDSxpx86.sys [2009-01-23 274808]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-09-24 15424]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.120\ccSvcHst.exe [2009-01-23 115560]
S1 dk2drv;DK2 WindowsNT Driver;\??\c:\windows\SYSTEM32\Drivers\dk2drv.sys --> c:\windows\SYSTEM32\Drivers\dk2drv.sys [?]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - BHDRVX86
*NewlyCreated* - CCHP
*NewlyCreated* - IDSXPX86
*NewlyCreated* - NAVENG
*NewlyCreated* - NAVEX15
*NewlyCreated* - NORTON_INTERNET_SECURITY
*NewlyCreated* - SRTSP
*NewlyCreated* - SRTSPX
*NewlyCreated* - SYMDNS
*NewlyCreated* - SYMEFA
*NewlyCreated* - SYMEVENT
*NewlyCreated* - SYMFW
*NewlyCreated* - SYMIDS
*NewlyCreated* - SYMNDIS
*NewlyCreated* - SYMREDRV
*NewlyCreated* - SYMTDI
*Deregistered* - SYMDNS
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f8cc6ee-24e0-11dd-89bc-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbc54acf-5333-11dd-8a2b-00038a000015}]
\Shell\AutoRun\command - D:\zerlsefl.exeqymubwzc.exe
\Shell\explore\Command - D:\zerlsefl.exeqymubwzc.exe
\Shell\open\Command - D:\zerlsefl.exeqymubwzc.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]
2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-57989841-839522115-1003.job
- c:\documents and settings\Shizofrenia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 01:37]
2009-01-23 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-09-24 05:41]
2009-01-20 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-09-24 05:41]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {189CE2CD-8722-4DC0-ACBF-6BD9E2400BE6} = 195.160.66.1
TCP: {40658BEC-272C-4BF9-8528-E4209D6F7C1C} = 195.66.160.1 195.66.160.2
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Shizofrenia\Application Data\Mozilla\Firefox\Profiles\6c4eduxq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-23 18:24:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.120\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.120\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\imon.dll
.
Completion time: 2009-01-23 18:29:37
ComboFix-quarantined-files.txt 2009-01-23 17:29:31
Pre-Run: 43,166,941,184 bytes free
Post-Run: 47,395,876,864 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
326 --- E O F --- 2008-12-21 04:01:37
|