godunski Beograd
Član broj: 43618 Poruke: 77 *.dynamic.sbb.rs.
|
Logovi:
SmitFraudFix v2.309
Scan done at 21:56:35,03, pet 04.04.2008
Run from C:\Documents and Settings\Svetionik\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Svetionik
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Svetionik\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SVETIO~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CBC229D5-2E7C-4DA5-9D2A-57C2045781A9}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:39, on 4.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Aqua Dock] C:\Program Files\Aqua Dock\Aqua Dock.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10498 bytes
ComboFix 08-04-03.5 - Svetionik 2008-04-04 22:02:30.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1745 [GMT 2:00]
Running from: C:\Documents and Settings\Svetionik\Desktop\ComboFix.exe
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\ndistapii.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NDISTAPII
-------\Service_ndistapii
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.
2008-04-04 21:59 . 2008-04-04 21:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-04 21:56 . 2008-04-04 21:56 5,748 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 15:56 . 2008-04-03 15:56 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-03 12:47 . 2007-11-06 09:06 131,672 --a------ C:\WINDOWS\system32\drivers\Uim_IM.sys
2008-04-03 12:47 . 2007-11-06 09:06 32,080 --a------ C:\WINDOWS\system32\drivers\UimBus.sys
2008-04-03 12:47 . 2007-11-06 09:06 11,568 --a------ C:\WINDOWS\system32\drivers\UimFIO.sys
2008-04-03 12:46 . 2008-04-03 12:47 <DIR> d-------- C:\Program Files\Paragon Software
2008-04-03 12:46 . 2008-01-21 17:43 4,244,744 --a------ C:\WINDOWS\system32\qtp-mt334.dll
2008-04-03 12:46 . 2008-01-21 17:43 247,560 --a------ C:\WINDOWS\system32\prgiso.dll
2008-04-03 12:46 . 2007-11-06 09:06 39,472 --a------ C:\WINDOWS\system32\drivers\hotcore3.sys
2008-04-03 12:46 . 2008-01-21 17:43 13,576 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-04-01 13:50 . 2008-04-03 07:50 2,672 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-01 13:50 . 2008-04-03 07:50 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\6E84F1F761.sys
2008-03-31 16:29 . 2007-09-18 12:46 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-31 16:21 . 2001-08-23 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-31 16:20 . 2001-08-23 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-31 16:19 . 2004-08-04 00:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-31 16:17 . 2008-03-31 16:17 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-31 16:17 . 2008-03-31 16:17 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-31 16:17 . 2008-03-31 16:17 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-31 16:17 . 2008-03-31 16:17 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-31 16:17 . 2008-03-31 16:17 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-31 16:17 . 2008-03-31 16:17 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-31 15:57 . 2001-08-23 12:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-03-31 15:57 . 2001-08-23 12:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-03-31 15:57 . 2001-08-23 12:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-03-31 15:57 . 2001-08-23 12:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-03-31 13:34 . 2008-04-01 14:03 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-29 09:36 . 2008-04-02 09:07 357 --a------ C:\WINDOWS\wininit.ini
2008-03-29 08:57 . 2008-03-29 08:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-29 08:57 . 2008-03-29 08:57 2,549 --a------ C:\WINDOWS\unins000.dat
2008-03-29 08:43 . 2008-04-02 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-23 15:30 . 2008-03-23 15:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 14:47 . 2008-03-23 14:47 <DIR> d---s---- C:\Documents and Settings\Svetionik\UserData
2008-03-23 02:00 . 2008-03-23 02:00 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-22 15:25 . 2008-03-22 15:25 <DIR> d-------- C:\Documents and Settings\Svetionik\Application Data\LGSync
2008-03-22 15:20 . 2008-03-22 15:20 <DIR> d-------- C:\Program Files\LG Electronics
2008-03-22 15:20 . 2005-06-24 19:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-03-22 15:20 . 2005-05-26 12:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-03-22 15:19 . 2005-09-26 23:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
2008-03-22 15:19 . 2000-05-22 01:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-03-22 15:19 . 2005-10-04 11:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-03-22 15:19 . 2005-06-28 23:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll
2008-03-22 15:18 . 2008-03-22 15:19 <DIR> d-------- C:\Program Files\LGE GSM PC Sync
2008-03-17 16:13 . 2008-03-17 16:13 <DIR> d-------- C:\Program Files\PopCap Games
2008-03-17 16:13 . 2008-03-31 17:51 10 --a------ C:\WINDOWS\popcinfo.dat
2008-03-16 08:38 . 2008-03-16 08:38 <DIR> d-------- C:\Documents and Settings\Svetionik\Application Data\Nokia Multimedia Player
2008-03-14 11:56 . 2008-03-14 11:56 1,646 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-14 08:01 . 2008-03-31 14:53 247 --a------ C:\WINDOWS\WINCMD.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 19:53 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\Skype
2008-04-04 19:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-03 11:26 --------- d-----w C:\Program Files\FlashGet
2008-04-03 10:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 09:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-01 12:52 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\Corel
2008-04-01 12:03 --------- d-----w C:\Program Files\TC PowerPack
2008-04-01 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-04-01 11:43 --------- d-----w C:\Program Files\Corel
2008-03-31 08:01 3,001 --sha-w C:\Documents and Settings\Svetionik\ppUser.dat
2008-03-22 21:20 --------- d-----w C:\Program Files\LIVEUPDATE
2008-03-13 07:04 --------- d-----w C:\Program Files\SWiSHmax
2008-03-08 19:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-07 10:33 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\Nokia
2008-03-06 18:21 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\BSplayer PRO
2008-03-03 12:52 --------- d-----w C:\Program Files\WhereIsIt
2008-03-02 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-02 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-29 20:31 --------- d-----w C:\Program Files\Winamp
2008-02-28 17:35 --------- d-----w C:\Program Files\INTEX Video Power
2008-02-28 11:46 --------- d-----w C:\Program Files\Skype
2008-02-27 16:46 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\SampleView
2008-02-27 06:18 --------- d-----w C:\Program Files\SP36691
2008-02-26 05:16 --------- d-----w C:\Program Files\Vimicro
2008-02-21 07:40 --------- d-----w C:\Program Files\Java
2008-02-21 07:34 --------- d-----w C:\Program Files\Common Files\Java
2008-02-20 18:35 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\Bitstream
2008-02-19 20:21 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\PC Suite
2008-02-19 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-18 07:16 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-02-17 21:52 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\ABBYY
2008-02-17 21:40 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\Nero
2008-02-17 21:38 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-17 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-17 21:34 --------- d-----w C:\Program Files\Nero
2008-02-17 20:47 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-02-17 20:44 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\URSoft
2008-02-17 19:58 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\ESET
2008-02-17 19:57 --------- d-----w C:\Program Files\ESET
2008-02-17 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-02-17 16:55 --------- d-----w C:\Program Files\System Cleaner
2008-02-17 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-17 16:39 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\EPSON
2008-02-17 16:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-17 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-02-17 16:28 --------- d-----w C:\Program Files\epson
2008-02-17 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-02-17 16:15 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\Contrast
2008-02-17 16:06 --------- d-----w C:\Program Files\Contrast
2008-02-17 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Contrast
2008-02-17 15:43 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\Talkback
2008-02-17 15:42 --------- d-----w C:\Program Files\DIFX
2008-02-17 15:41 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-17 15:41 --------- d-----w C:\Program Files\Nokia
2008-02-17 15:41 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-17 15:41 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-17 15:32 --------- d-----w C:\Program Files\Innovative Solutions
2008-02-17 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-02-17 14:33 --------- d-----w C:\Program Files\Macrogaming
2008-02-17 14:32 --------- d-----w C:\Program Files\MSN Messenger
2008-02-17 14:30 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\Thunderbird
2008-02-17 14:25 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-17 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-17 14:22 --------- d-----w C:\Program Files\VideoLAN
2008-02-17 14:22 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\vlc
2008-02-17 14:20 --------- d-----w C:\Program Files\Webteh
2008-02-17 14:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-17 14:06 --------- d-----w C:\Program Files\ACD Systems
2008-02-17 14:05 --------- d-----w C:\Program Files\PhotoBrush
2008-02-17 14:02 --------- d-----w C:\Program Files\ImTOO
2008-02-17 14:00 --------- d-----w C:\Program Files\Google
2008-02-17 13:57 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-02-17 13:57 --------- d-----w C:\Program Files\GIF Movie Gear
2008-02-17 13:55 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-02-17 13:55 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\FastStone
2008-02-17 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-17 13:49 --------- d-----w C:\Program Files\CyberLink
2008-02-17 13:48 --------- d-----w C:\Program Files\DVD Shrink
2008-02-17 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-17 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-17 13:40 --------- d-----w C:\Program Files\Common Files\Protexis
2008-02-17 13:40 --------- d-----w C:\Program Files\Common Files\Corel
2008-02-17 13:33 --------- d-----w C:\Program Files\TigerColor
2008-02-17 13:32 --------- d-----w C:\Program Files\DAMN NFO Viewer
2008-02-17 13:29 --------- d-----w C:\Program Files\Aqua Dock
2008-02-17 13:27 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-02-17 13:27 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-02-17 13:27 --------- d-----w C:\Documents and Settings\Svetionik\Application Data\ACD Systems
2008-02-17 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-02-17 13:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-17 12:06 --------- d-----w C:\Program Files\Microsoft Works
2008-02-17 12:05 --------- d-----w C:\Program Files\MSBuild
2008-02-17 12:05 --------- d-----w C:\Program Files\Microsoft Office 2007
2008-02-17 12:04 --------- d-----w C:\Program Files\Microsoft Office 2003
2008-02-17 11:47 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-17 11:47 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-17 11:47 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-17 11:26 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-02-17 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-02-17 11:18 --------- d-----w C:\Program Files\QuickTime
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 12:02 103712]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 09:12 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 18:47 827392]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 17:34 177456]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"GrooveMonitor"="C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [2003-12-13 19:17 61440]
"Aqua Dock"="C:\Program Files\Aqua Dock\Aqua Dock.exe" [2003-11-01 14:58 386560]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 12:02 103712]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 09:21 1443072]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-23 12:13 61440]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 17:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 18:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 12:23 697976]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-24 13:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-24 13:27 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-24 13:27 137752]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 18:36 872448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"MSVideo8"= VfWWDM32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-11-06 09:06]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 13:54]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 22:09:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\msdmo.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
.
**************************************************************************
.
Completion time: 2008-04-04 22:11:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 20:11:06
Pre-Run: 16,505,311,232 bytes free
Post-Run: 14,304,485,376 bytes free
|