Poslao: 27 Jan 2009 22:05
|
offline
- Pridružio: 25 Nov 2007
- Poruke: 296
|
ComboFix 09-01-21.04 - User 2009-01-27 21:58:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.577 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090127-0] *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\lvcoinst.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.
2009-01-27 21:07 . 2009-01-27 21:07 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-27 14:58 . 2009-01-27 14:58 <DIR> d-------- c:\program files\ZoneAlarmSB
2009-01-27 14:56 . 2009-01-27 14:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-27 14:56 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2009-01-27 14:56 . 2009-01-27 14:59 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-27 14:54 . 2009-01-27 16:08 <DIR> d-------- c:\windows\Internet Logs
2009-01-25 15:23 . 2009-01-25 15:23 <DIR> d-------- c:\documents and settings\User\Application Data\PowerChallenge
2009-01-25 12:28 . 2009-01-25 22:00 <DIR> d-------- c:\program files\Logitech
2009-01-25 12:28 . 2009-01-25 12:30 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-25 12:28 . 2009-01-25 12:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-01-24 20:29 . 2009-01-24 20:29 <DIR> d-------- c:\documents and settings\User\Application Data\Apple Computer
2009-01-24 17:37 . 2009-01-24 17:39 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-23 21:12 . 2009-01-23 21:12 <DIR> d-------- c:\windows\system32\xircom
2009-01-23 21:12 . 2009-01-23 21:12 <DIR> d-------- c:\program files\microsoft frontpage
2009-01-23 21:04 . 2009-01-23 21:04 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-23 21:01 . 2009-01-23 21:09 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-23 21:01 . 2009-01-23 21:01 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-23 20:39 . 2009-01-23 20:39 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall
2009-01-23 20:37 . 2008-07-17 22:02 <DIR> d-------- C:\Portable Windows Snapshot Maker v2.1.3 - www.freshwap.net
2009-01-23 14:02 . 2008-05-08 15:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-01-23 14:00 . 2008-10-03 11:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-01-23 13:59 . 2008-09-04 17:32 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-01-23 13:55 . 2004-03-02 17:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys
2009-01-23 13:55 . 2004-03-02 17:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-23 13:54 . 2009-01-23 13:54 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-23 13:54 . 2009-01-23 13:54 <DIR> d-------- c:\program files\Ahead
2009-01-23 13:54 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-23 13:54 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-23 13:54 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-23 13:54 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-23 13:54 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-23 13:54 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-01-23 11:07 . 2008-12-13 07:26 3,594,752 --------- c:\windows\system32\dllcache\mshtml.dll
2009-01-22 17:51 . 2009-01-22 17:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2009-01-22 17:37 . 2009-01-06 05:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2009-01-22 17:37 . 2009-01-22 17:37 <DIR> d-------- c:\documents and settings\Administrator
2009-01-22 14:44 . 2009-01-22 14:44 268 --ah----- C:\sqmdata14.sqm
2009-01-22 14:44 . 2009-01-22 14:44 244 --ah----- C:\sqmnoopt14.sqm
2009-01-22 14:35 . 2009-01-22 14:35 268 --ah----- C:\sqmdata13.sqm
2009-01-22 14:35 . 2009-01-22 14:35 244 --ah----- C:\sqmnoopt13.sqm
2009-01-22 14:28 . 2009-01-22 14:28 268 --ah----- C:\sqmdata12.sqm
2009-01-22 14:28 . 2009-01-22 14:28 244 --ah----- C:\sqmnoopt12.sqm
2009-01-22 14:26 . 2009-01-22 14:26 <DIR> d-------- c:\documents and settings\User\Application Data\TuneUp Software
2009-01-22 14:26 . 2009-01-22 14:26 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-22 14:26 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-22 14:25 . 2009-01-22 14:26 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2009-01-22 14:25 . 2009-01-22 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-22 06:22 . 2007-01-17 16:02 96,256 --a------ C:\wmpband.dll
2009-01-22 05:20 . 2009-01-22 05:20 376 --a------ c:\windows\ODBC.INI
2009-01-22 05:19 . 2009-01-22 05:19 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-22 05:18 . 2009-01-22 05:19 <DIR> d-------- c:\windows\SHELLNEW
2009-01-22 05:14 . 2004-08-03 22:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-22 05:13 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-01-22 03:02 . 2009-01-22 03:02 <DIR> d-------- c:\windows\system32\FxsTmp
2009-01-22 03:02 . 2009-01-22 03:02 <DIR> d-------- c:\windows\IIS Temporary Compressed Files
2009-01-22 03:02 . 2001-08-18 07:36 43,520 --a------ c:\windows\system32\fcachdll.dll
2009-01-22 03:02 . 2001-08-18 07:36 23,040 --a------ c:\windows\system32\regtrace.exe
2009-01-22 03:02 . 2001-07-21 23:23 21,791 --a------ c:\windows\system32\smtpctrs.ini
2009-01-22 03:02 . 2001-08-18 07:36 12,288 --a------ c:\windows\system32\smtpctrs.dll
2009-01-22 03:02 . 2001-07-21 23:23 8,002 --a------ c:\windows\system32\smtpctrs.h
2009-01-22 03:02 . 2001-08-18 07:36 7,168 --a------ c:\windows\system32\snprfdll.dll
2009-01-22 03:02 . 2001-08-18 07:36 5,632 --a------ c:\windows\system32\adsiisex.dll
2009-01-22 03:02 . 2001-07-21 23:23 1,037 --a------ c:\windows\system32\ntfsdrct.ini
2009-01-22 03:02 . 2001-07-21 23:23 773 --a------ c:\windows\system32\ntfsdrct.h
2009-01-22 03:02 . 2009-01-22 03:02 535 --a------ c:\windows\system32\mapisvc.inf
2009-01-22 02:59 . 2009-01-22 03:02 <DIR> d-------- c:\windows\system32\msmq
2009-01-22 02:59 . 2009-01-22 03:03 <DIR> d-------- C:\Inetpub
2009-01-22 02:10 . 2009-01-22 02:10 268 --ah----- C:\sqmdata11.sqm
2009-01-22 02:10 . 2009-01-22 02:10 244 --ah----- C:\sqmnoopt11.sqm
2009-01-22 01:41 . 2009-01-22 01:41 <DIR> d-------- C:\usr
2009-01-22 01:32 . 2009-01-22 01:32 268 --ah----- C:\sqmdata10.sqm
2009-01-22 01:32 . 2009-01-22 01:32 244 --ah----- C:\sqmnoopt10.sqm
2009-01-21 16:29 . 2009-01-21 16:29 268 --ah----- C:\sqmdata09.sqm
2009-01-21 16:29 . 2009-01-21 16:29 244 --ah----- C:\sqmnoopt09.sqm
2009-01-21 14:40 . 2009-01-21 14:40 268 --ah----- C:\sqmdata08.sqm
2009-01-21 14:40 . 2009-01-21 14:40 244 --ah----- C:\sqmnoopt08.sqm
2009-01-19 19:33 . 2009-01-24 22:15 <DIR> d-------- c:\documents and settings\User\Application Data\DameWare Development
2009-01-17 17:03 . 2009-01-25 17:00 6,635 --a------ c:\windows\langorig.ini
2009-01-11 18:34 . 2009-01-11 18:34 <DIR> d-------- c:\windows\Sun
2009-01-08 23:25 . 2009-01-08 23:25 <DIR> d-------- c:\program files\Java
2009-01-08 23:25 . 2009-01-08 23:25 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-08 23:25 . 2009-01-08 23:25 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-08 00:45 . 2009-01-08 00:45 <DIR> d-------- c:\program files\Techland
2009-01-08 00:40 . 2009-01-08 00:40 <DIR> d-------- c:\program files\DAEMON Tools
2009-01-08 00:40 . 2009-01-08 00:40 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-01-08 00:15 . 2009-01-08 00:15 <DIR> d-------- c:\documents and settings\User\Application Data\DAEMON Tools Pro
2009-01-08 00:15 . 2009-01-08 00:15 <DIR> d-------- c:\documents and settings\User\Application Data\DAEMON Tools
2009-01-08 00:14 . 2009-01-08 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-08 00:13 . 2009-01-08 23:04 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-08 00:09 . 2009-01-08 00:09 <DIR> d-------- c:\documents and settings\User\Application Data\DAEMON Tools Lite
2009-01-08 00:09 . 2009-01-08 00:09 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-07 06:43 . 2009-01-26 16:30 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-07 06:43 . 2009-01-15 17:48 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-07 04:15 . 2009-01-07 04:15 <DIR> d-------- c:\program files\GameHouse
2009-01-07 02:52 . 2009-01-07 02:52 268 --ah----- C:\sqmdata07.sqm
2009-01-07 02:52 . 2009-01-07 02:52 244 --ah----- C:\sqmnoopt07.sqm
2009-01-07 01:37 . 2009-01-10 00:13 <DIR> d-------- c:\documents and settings\User\Application Data\Uniblue
2009-01-07 01:07 . 2009-01-07 01:07 268 --ah----- C:\sqmdata06.sqm
2009-01-07 01:07 . 2009-01-07 01:07 244 --ah----- C:\sqmnoopt06.sqm
2009-01-07 00:53 . 2009-01-26 16:30 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-07 00:49 . 2009-01-07 00:49 <DIR> d-------- c:\documents and settings\User\Application Data\Leadertech
2009-01-07 00:49 . 2009-01-07 00:49 268 --ah----- C:\sqmdata05.sqm
2009-01-07 00:49 . 2009-01-07 00:49 244 --ah----- C:\sqmnoopt05.sqm
2009-01-07 00:48 . 2009-01-27 16:17 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-07 00:37 . 2009-01-07 00:37 <DIR> d-------- c:\program files\EA Games
2009-01-06 21:48 . 2009-01-06 21:48 268 --ah----- C:\sqmdata04.sqm
2009-01-06 21:48 . 2009-01-06 21:48 244 --ah----- C:\sqmnoopt04.sqm
2009-01-06 21:09 . 2009-01-06 21:09 268 --ah----- C:\sqmdata03.sqm
2009-01-06 21:09 . 2009-01-06 21:09 244 --ah----- C:\sqmnoopt03.sqm
2009-01-06 20:27 . 2009-01-06 20:27 <DIR> d-------- c:\program files\CCleaner
2009-01-06 20:25 . 2009-01-06 20:25 268 --ah----- C:\sqmdata02.sqm
2009-01-06 20:25 . 2009-01-06 20:25 244 --ah----- C:\sqmnoopt02.sqm
2009-01-06 20:11 . 2009-01-06 20:11 <DIR> d-------- c:\program files\Alwil Software
2009-01-06 20:00 . 2009-01-06 20:00 268 --ah----- C:\sqmdata00.sqm
2009-01-06 20:00 . 2009-01-06 20:00 244 --ah----- C:\sqmnoopt00.sqm
2009-01-06 08:58 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-06 08:45 . 2009-01-06 08:45 <DIR> d-------- c:\program files\KONAMI
2009-01-06 08:01 . 2009-01-06 08:01 1,172 --a------ c:\windows\mozver.dat
2009-01-06 07:43 . 2009-01-19 15:48 <DIR> d-------- c:\documents and settings\User\Contacts
2009-01-06 07:07 . 2009-01-06 07:07 <DIR> d-------- c:\documents and settings\User\Application Data\Talkback
2009-01-06 07:07 . 2009-01-06 07:07 0 --a------ c:\windows\nsreg.dat
2009-01-06 06:54 . 2004-09-29 21:36 15,360 --a------ c:\windows\system32\drivers\NetMotCM.sys
2009-01-06 06:52 . 2009-01-06 06:52 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-06 06:44 . 2009-01-06 06:45 2,102 --a------ C:\SMax.log.bak
2009-01-06 06:42 . 2009-01-06 06:42 <DIR> d-------- c:\windows\VirtualEar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 19:33 --------- d-----w c:\program files\Windows Sidebar
2009-01-06 04:59 --------- d-----w c:\program files\keys for programs
2009-01-06 04:59 --------- d-----w c:\program files\Alky for Applications
2009-01-06 04:55 --------- d-----w c:\program files\uTorrent
2009-01-06 04:54 --------- d-----w c:\program files\VistaExperience.org
2009-01-06 04:53 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-07 23:14 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-07 23:14 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-07 23:14 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-07 23:14 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-07 23:14 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"nwiz"="nwiz.exe" [2007-07-13 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [1/6/2009 6:13:18 AM 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 07:57 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 c:\program files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2007-09-26 21:15 1232384 c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2007-07-24 22:21 1269000 c:\program files\Uniblue\SpyEraser\SpyEraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII\\RpcSandraSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/6/2009 9:09:23 PM 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2009 9:09:23 PM 20560]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 4:31:54 PM 98328]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
2009-01-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2009-01-07 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-07-24 22:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5s111sm5.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 22:00:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Completion time: 2009-01-27 22:02:10
ComboFix-quarantined-files.txt 2009-01-27 21:02:05
ComboFix2.txt 2009-01-23 20:01:06
Pre-Run: 53.156.839.424 bytes free
Post-Run: 53,145,812,992 bytes free
256 --- E O F --- 2009-01-23 20:09:47
|
|
|
|
Poslao: 27 Jan 2009 22:09
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Pokretao si ComboFix i ranije.
Daj mi i prethodni log koji se nalazi na sledecoj lokaciji:
C:\QooBox\ComboFix2.txt
|
|
|
|
Poslao: 27 Jan 2009 22:12
|
offline
- Pridružio: 25 Nov 2007
- Poruke: 296
|
ComboFix 09-01-21.04 - User 2009-01-23 20:57:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.519 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning enabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Cache
.
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-23 20:39 . 2009-01-23 20:39 <DIR> d-------- c:\documents and settings\User\Application Data\Thinstall
2009-01-23 13:55 . 2004-03-02 17:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys
2009-01-23 13:55 . 2004-03-02 17:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-23 13:54 . 2009-01-23 13:54 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-23 13:54 . 2009-01-23 13:54 <DIR> d-------- c:\program files\Ahead
2009-01-23 13:54 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-23 13:54 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-23 13:54 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-23 13:54 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-23 13:54 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-23 13:54 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-01-23 11:36 . 2009-01-23 11:42 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-01-22 17:51 . 2009-01-22 17:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2009-01-22 17:37 . 2009-01-06 05:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2009-01-22 17:37 . 2009-01-22 17:37 <DIR> d-------- c:\documents and settings\Administrator
2009-01-22 14:44 . 2009-01-22 14:44 268 --ah----- C:\sqmdata14.sqm
2009-01-22 14:44 . 2009-01-22 14:44 244 --ah----- C:\sqmnoopt14.sqm
2009-01-22 14:35 . 2009-01-22 14:35 268 --ah----- C:\sqmdata13.sqm
2009-01-22 14:35 . 2009-01-22 14:35 244 --ah----- C:\sqmnoopt13.sqm
2009-01-22 14:28 . 2009-01-22 14:28 268 --ah----- C:\sqmdata12.sqm
2009-01-22 14:28 . 2009-01-22 14:28 244 --ah----- C:\sqmnoopt12.sqm
2009-01-22 14:26 . 2009-01-22 14:26 <DIR> d-------- c:\documents and settings\User\Application Data\TuneUp Software
2009-01-22 14:26 . 2009-01-22 14:26 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-22 14:26 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-22 14:25 . 2009-01-22 14:26 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2009-01-22 14:25 . 2009-01-22 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-22 06:22 . 2007-01-17 16:02 96,256 --a------ C:\wmpband.dll
2009-01-22 05:20 . 2009-01-22 05:20 376 --a------ c:\windows\ODBC.INI
2009-01-22 05:19 . 2009-01-22 05:19 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-22 05:18 . 2009-01-22 05:19 <DIR> d-------- c:\windows\SHELLNEW
2009-01-22 05:15 . 2006-10-04 15:06 1,197,294 --------- c:\windows\system32\dllcache\sysmain.sdb
2009-01-22 05:15 . 2006-10-04 15:06 764,868 --------- c:\windows\system32\dllcache\apph_sp.sdb
2009-01-22 05:15 . 2006-10-04 15:06 217,118 --------- c:\windows\system32\dllcache\apphelp.sdb
2009-01-22 05:14 . 2004-08-03 22:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-22 05:13 . 2006-09-26 02:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2009-01-22 03:02 . 2009-01-22 03:02 <DIR> d-------- c:\windows\system32\FxsTmp
2009-01-22 03:02 . 2009-01-22 03:02 <DIR> d-------- c:\windows\IIS Temporary Compressed Files
2009-01-22 03:02 . 2001-08-18 07:36 43,520 --a------ c:\windows\system32\fcachdll.dll
2009-01-22 03:02 . 2001-08-18 07:36 23,040 --a------ c:\windows\system32\regtrace.exe
2009-01-22 03:02 . 2001-07-21 23:23 21,791 --a------ c:\windows\system32\smtpctrs.ini
2009-01-22 03:02 . 2001-08-18 07:36 12,288 --a------ c:\windows\system32\smtpctrs.dll
2009-01-22 03:02 . 2001-07-21 23:23 8,002 --a------ c:\windows\system32\smtpctrs.h
2009-01-22 03:02 . 2001-08-18 07:36 7,168 --a------ c:\windows\system32\snprfdll.dll
2009-01-22 03:02 . 2001-08-18 07:36 5,632 --a------ c:\windows\system32\adsiisex.dll
2009-01-22 03:02 . 2001-07-21 23:23 1,037 --a------ c:\windows\system32\ntfsdrct.ini
2009-01-22 03:02 . 2001-07-21 23:23 773 --a------ c:\windows\system32\ntfsdrct.h
2009-01-22 03:02 . 2009-01-22 03:02 535 --a------ c:\windows\system32\mapisvc.inf
2009-01-22 02:59 . 2009-01-22 03:02 <DIR> d-------- c:\windows\system32\msmq
2009-01-22 02:59 . 2009-01-22 03:03 <DIR> d-------- C:\Inetpub
2009-01-22 02:10 . 2009-01-22 02:10 268 --ah----- C:\sqmdata11.sqm
2009-01-22 02:10 . 2009-01-22 02:10 244 --ah----- C:\sqmnoopt11.sqm
2009-01-22 01:41 . 2009-01-22 01:41 <DIR> d-------- C:\usr
2009-01-22 01:32 . 2009-01-22 01:32 268 --ah----- C:\sqmdata10.sqm
2009-01-22 01:32 . 2009-01-22 01:32 244 --ah----- C:\sqmnoopt10.sqm
2009-01-21 16:29 . 2009-01-21 16:29 268 --ah----- C:\sqmdata09.sqm
2009-01-21 16:29 . 2009-01-21 16:29 244 --ah----- C:\sqmnoopt09.sqm
2009-01-21 14:40 . 2009-01-21 14:40 268 --ah----- C:\sqmdata08.sqm
2009-01-21 14:40 . 2009-01-21 14:40 244 --ah----- C:\sqmnoopt08.sqm
2009-01-19 19:33 . 2009-01-19 19:33 <DIR> d-------- c:\documents and settings\User\Application Data\DameWare Development
2009-01-17 17:03 . 2009-01-22 17:44 6,087 --a------ c:\windows\langorig.ini
2009-01-11 18:34 . 2009-01-11 18:34 <DIR> d-------- c:\windows\Sun
2009-01-08 23:25 . 2009-01-08 23:25 <DIR> d-------- c:\program files\Java
2009-01-08 23:25 . 2009-01-08 23:25 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-08 23:25 . 2009-01-08 23:25 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-08 00:45 . 2009-01-08 00:45 <DIR> d-------- c:\program files\Techland
2009-01-08 00:40 . 2009-01-08 00:40 <DIR> d-------- c:\program files\DAEMON Tools
2009-01-08 00:40 . 2009-01-08 00:40 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-01-08 00:15 . 2009-01-08 00:15 <DIR> d-------- c:\documents and settings\User\Application Data\DAEMON Tools Pro
2009-01-08 00:15 . 2009-01-08 00:15 <DIR> d-------- c:\documents and settings\User\Application Data\DAEMON Tools
2009-01-08 00:14 . 2009-01-08 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-08 00:13 . 2009-01-08 23:04 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-08 00:09 . 2009-01-08 00:09 <DIR> d-------- c:\documents and settings\User\Application Data\DAEMON Tools Lite
2009-01-08 00:09 . 2009-01-08 00:09 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-07 06:43 . 2009-01-15 17:48 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-07 06:43 . 2009-01-15 17:48 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-07 04:15 . 2009-01-07 04:15 <DIR> d-------- c:\program files\GameHouse
2009-01-07 02:52 . 2009-01-07 02:52 268 --ah----- C:\sqmdata07.sqm
2009-01-07 02:52 . 2009-01-07 02:52 244 --ah----- C:\sqmnoopt07.sqm
2009-01-07 01:37 . 2009-01-10 00:13 <DIR> d-------- c:\documents and settings\User\Application Data\Uniblue
2009-01-07 01:07 . 2009-01-07 01:07 268 --ah----- C:\sqmdata06.sqm
2009-01-07 01:07 . 2009-01-07 01:07 244 --ah----- C:\sqmnoopt06.sqm
2009-01-07 00:53 . 2009-01-15 17:48 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-07 00:49 . 2009-01-07 00:49 <DIR> d-------- c:\documents and settings\User\Application Data\Leadertech
2009-01-07 00:49 . 2009-01-07 00:49 268 --ah----- C:\sqmdata05.sqm
2009-01-07 00:49 . 2009-01-07 00:49 244 --ah----- C:\sqmnoopt05.sqm
2009-01-07 00:48 . 2009-01-22 15:22 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-07 00:37 . 2009-01-07 00:37 <DIR> d-------- c:\program files\EA Games
2009-01-06 21:48 . 2009-01-06 21:48 268 --ah----- C:\sqmdata04.sqm
2009-01-06 21:48 . 2009-01-06 21:48 244 --ah----- C:\sqmnoopt04.sqm
2009-01-06 21:09 . 2009-01-06 21:09 268 --ah----- C:\sqmdata03.sqm
2009-01-06 21:09 . 2009-01-06 21:09 244 --ah----- C:\sqmnoopt03.sqm
2009-01-06 20:27 . 2009-01-06 20:27 <DIR> d-------- c:\program files\CCleaner
2009-01-06 20:25 . 2009-01-06 20:25 268 --ah----- C:\sqmdata02.sqm
2009-01-06 20:25 . 2009-01-06 20:25 244 --ah----- C:\sqmnoopt02.sqm
2009-01-06 20:11 . 2009-01-06 20:11 <DIR> d-------- c:\program files\Alwil Software
2009-01-06 20:00 . 2009-01-06 20:00 268 --ah----- C:\sqmdata00.sqm
2009-01-06 20:00 . 2009-01-06 20:00 244 --ah----- C:\sqmnoopt00.sqm
2009-01-06 08:58 . 2004-08-04 08:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-06 08:45 . 2009-01-06 08:45 <DIR> d-------- c:\program files\KONAMI
2009-01-06 08:01 . 2009-01-06 08:01 1,172 --a------ c:\windows\mozver.dat
2009-01-06 07:43 . 2009-01-19 15:48 <DIR> d-------- c:\documents and settings\User\Contacts
2009-01-06 07:07 . 2009-01-06 07:07 <DIR> d-------- c:\documents and settings\User\Application Data\Talkback
2009-01-06 07:07 . 2009-01-06 07:07 0 --a------ c:\windows\nsreg.dat
2009-01-06 06:54 . 2004-09-29 21:36 15,360 --a------ c:\windows\system32\drivers\NetMotCM.sys
2009-01-06 06:52 . 2009-01-06 06:52 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-06 06:44 . 2009-01-06 06:45 2,102 --a------ C:\SMax.log.bak
2009-01-06 06:42 . 2009-01-06 06:42 <DIR> d-------- c:\windows\VirtualEar
2009-01-06 06:42 . 2009-01-08 00:51 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-01-06 06:42 . 2009-01-06 06:42 <DIR> d-------- c:\program files\Analog Devices
2009-01-06 06:42 . 2001-09-12 00:20 1,285,632 --a------ c:\windows\system32\SMMedia.dll
2009-01-06 06:42 . 2001-10-05 00:50 991,232 --a------ c:\windows\system32\virtear.dll
2009-01-06 06:42 . 2001-09-19 22:47 765,952 --a------ c:\windows\system\crlds3d.dll
2009-01-06 06:42 . 2004-04-27 02:49 381,056 --a------ c:\windows\system32\drivers\senfilt.sys
2009-01-06 06:42 . 2002-09-21 03:53 235,100 --a------ c:\windows\system32\drivers\MidiSyn.sys
2009-01-06 06:42 . 2003-08-20 04:36 65,536 --a------ c:\windows\system32\Audio3d.dll
2009-01-06 06:42 . 2003-06-16 17:32 49,152 --a------ c:\windows\system32\DSndUp.exe
2009-01-06 06:42 . 2002-04-18 00:05 45,056 --a------ c:\windows\system32\CleanUp.exe
2009-01-06 06:42 . 2001-09-12 00:20 30,208 --a------ c:\windows\system32\wdmioctl.dll
2009-01-06 06:41 . 2009-01-08 00:43 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-01-06 06:15 . 2009-01-06 06:15 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-06 06:15 . 2009-01-06 06:15 <DIR> d-------- c:\program files\Windows Live
2009-01-06 06:15 . 2007-10-03 04:00 586 --a------ C:\msndisable.reg
2009-01-06 06:14 . 2009-01-22 04:47 <DIR> d-------- C:\Reflective Icons
2009-01-06 06:14 . 2009-01-06 06:14 <DIR> d-------- c:\program files\Tiger System Preferences v2
2009-01-06 06:14 . 2009-01-06 06:14 <DIR> d-------- c:\program files\SiSoftware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 19:33 --------- d-----w c:\program files\Windows Sidebar
2009-01-06 04:59 --------- d-----w c:\program files\keys for programs
2009-01-06 04:59 --------- d-----w c:\program files\Alky for Applications
2009-01-06 04:55 --------- d-----w c:\program files\uTorrent
2009-01-06 04:54 --------- d-----w c:\program files\VistaExperience.org
2009-01-06 04:53 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-07 23:14 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-07 23:14 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-07 23:14 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-07 23:14 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-07 23:14 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
2007-10-27 08:27 360704 a11391be25035570ae4b8970920f2c74 c:\windows\system32\drivers\tcpip.sys
2008-08-14 10:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
2008-08-14 10:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
2008-08-14 10:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
2008-08-14 15:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
2007-10-27 08:32 2223616 95e8b55443bd91dab5632924d2616a1e c:\windows\system32\ntkrnlpa.exe
2008-08-14 11:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
2008-08-14 10:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
2008-08-14 11:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
2007-10-27 08:26 2346752 24fcd8fb0c6bd0e5f3b1203769948336 c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2007-07-13 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2004-08-03 c:\windows\system32\mqrt.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-27 c:\windows\system32\advpack.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-01-06 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 07:57 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2007-09-26 21:15 1232384 c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2007-07-24 22:21 1269000 c:\program files\Uniblue\SpyEraser\SpyEraser.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII\\RpcSandraSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-06 111184]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-06 20560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2009-01-07 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-07-24 22:21]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {002444E4-5E78-4DBD-8468-79E4A7D2D66F} = 77.78.192.10
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5s111sm5.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 20:59:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Completion time: 2009-01-23 21:01:03
ComboFix-quarantined-files.txt 2009-01-23 20:01:00
Pre-Run: 55.630.581.760 bytes free
Post-Run: 55,609,094,144 bytes free
271
|
|
|
|
Poslao: 27 Jan 2009 22:15
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Na prvi pogled ne vidim nista sporno u logu, ali cu detaljnu analizu morati da ostavim za sutra posto sada moram na spavanje (ustajem u 5 za na posao).
|
|
|
|
Poslao: 28 Jan 2009 20:13
|
offline
- Pridružio: 25 Nov 2007
- Poruke: 296
|
ok vazi druze hvala ti na svemu
Dopuna: 28 Jan 2009 20:12
Dopuna: 28 Jan 2009 20:13
na prvi pogled je na prvi pogled
|
|
|
|
Poslao: 28 Jan 2009 20:17
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
1. Pise da je genericka detekcija, sto znaci da Avast pojma nema sta je to, ali da njemu po nekim osobinama lici na trojanca.
2. Jesi li ili nisi instalirao taj NSAuditor? Ako jesi, onda valjda znas koji je to tip programa i zasto bi Avast mogao da pomisli da je to trojanac.
Sto se tice loga, cist je.
|
|
|
|
Poslao: 28 Jan 2009 20:25
|
offline
- Pridružio: 25 Nov 2007
- Poruke: 296
|
Ne znam krenuo sam da otvorim taj program cim ga je okrio deinstalirao sam NSAuditor
|
|
|
|
Poslao: 28 Jan 2009 20:28
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
NSAuditor je program za proveru sigurnosti mreze.
On testira mrezu na slabosti isto onako kako bi to radili botovi i crvi.
AV programi nisu toliko inteligentni da mogu da razlikuju ovakav program od bota ili crva, pa dolazi do laznih uzbuna.
|
|
|
|
|
|