Prvi put kad sam skenirao AVG je našao trojanca u Temp, a ComboFix mi je restartovao komp, tako da je našao nešto, pa sam posle ponovio skeniranje, samo sa isključenim AVG-om i sad se nije restartovao, evo ga log. I dalje AVG nalazi onaj rootkit, ali ima drugo ime svaki put posle ovog skeniranja sa ComboFix-om.
ComboFix 08-12-04.05 - Stefan 2008-12-05 14:02:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1566 [GMT 1:00]
Running from: c:\documents and settings\Stefan\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.
2008-12-05 14:02 . 2008-12-05 14:02 <DIR> d-------- C:\ComboFix0
2008-12-04 16:46 . 2008-12-04 16:46 <DIR> d-------- c:\windows\system32\drivers\log
2008-12-04 16:45 . 2008-12-04 18:39 <DIR> d-------- C:\Rustbfix
2008-12-03 21:08 . 2008-12-03 21:08 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\LimeWire
2008-12-02 21:30 . 2008-12-02 21:30 <DIR> d-------- c:\windows\system32\Adobe
2008-12-02 00:02 . 2008-12-02 00:02 <DIR> d-------- c:\documents and settings\Stefan\Application Data\ACD Systems
2008-11-30 20:20 . 2008-11-30 20:20 <DIR> d-------- c:\documents and settings\Stefan\Contacts
2008-11-30 15:27 . 2008-11-30 15:27 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2008-11-30 15:27 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2008-11-30 15:27 . 2008-11-30 16:36 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2008-11-30 15:27 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2008-11-30 15:26 . 2008-11-30 15:26 <DIR> d-------- c:\program files\Samsung
2008-11-29 00:44 . 2008-12-05 13:26 <DIR> d-------- c:\documents and settings\Stefan\Application Data\Winamp
2008-11-29 00:44 . 2008-11-29 00:44 <DIR> d-------- c:\documents and settings\Stefan\Application Data\Malwarebytes
2008-11-29 00:44 . 2008-12-04 22:48 <DIR> d-------- c:\documents and settings\Stefan\Application Data\LimeWire
2008-11-29 00:44 . 2008-11-29 00:44 <DIR> d-------- c:\documents and settings\Stefan\Application Data\InfraRecorder
2008-11-29 00:44 . 2008-11-29 00:44 <DIR> d-------- c:\documents and settings\Stefan\Application Data\Foxit
2008-11-29 00:44 . 2008-11-29 00:44 <DIR> d-------- c:\documents and settings\Stefan\Application Data\Digsby
2008-11-29 00:44 . 2008-11-29 00:44 <DIR> d-------- c:\documents and settings\Stefan\Application Data\Activision
2008-11-29 00:41 . 2008-11-29 00:44 <DIR> d-------- c:\documents and settings\Stefan\Application Data\AVGTOOLBAR
2008-11-29 00:39 . 2008-11-29 00:39 <DIR> d-------- c:\documents and settings\Stefan\Application Data\Launchy
2008-11-29 00:39 . 2008-12-04 15:33 <DIR> d-------- c:\documents and settings\Stefan
2008-11-28 19:59 . 2008-11-28 19:59 3,207,168 --a------ c:\windows\system32\GZKKPGWXXTAI
2008-11-27 23:38 . 2008-11-27 23:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo
2008-11-27 01:20 . 2008-06-30 17:16 234,640 --a------ c:\windows\system32\drivers\afwcore.sys
2008-11-27 01:19 . 2008-11-27 01:25 <DIR> d-------- c:\windows\system32\Filt
2008-11-27 01:19 . 2008-11-27 01:19 <DIR> d-------- c:\program files\Agnitum
2008-11-27 01:19 . 2008-07-11 15:41 673,920 --a------ c:\windows\system32\drivers\SandBox.sys
2008-11-27 01:19 . 2008-06-30 17:16 30,864 --a------ c:\windows\system32\drivers\afw.sys
2008-11-27 01:19 . 2007-09-07 17:45 49 --a------ c:\windows\transp.gif
2008-11-27 01:18 . 2008-11-27 01:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Agnitum
2008-11-26 01:56 . 2008-11-26 01:56 250 --a------ c:\windows\gmer.ini
2008-11-26 01:52 . 2008-11-26 01:52 142,096 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-25 19:43 . 2008-12-04 21:20 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-25 19:43 . 2008-11-25 19:47 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-25 19:41 . 2008-12-04 21:20 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-25 19:09 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-25 19:09 . 2008-12-02 14:21 376 --a------ c:\windows\ODBC.INI
2008-11-25 19:07 . 2008-11-25 19:07 <DIR> d-------- c:\program files\Microsoft Works
2008-11-25 19:07 . 2008-11-25 19:07 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-11-25 19:07 . 2008-11-25 19:07 <DIR> d-------- c:\program files\Common Files\L&H
2008-11-25 19:06 . 2008-11-25 19:07 <DIR> d-------- c:\windows\SHELLNEW
2008-11-25 19:06 . 2008-11-25 19:06 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-23 13:23 . 2008-11-27 01:13 <DIR> d-------- c:\program files\Total Uninstall 5
2008-11-23 13:23 . 2008-11-23 13:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Martau
2008-11-23 12:49 . 2008-02-22 12:30 334,792 --a------ c:\windows\system32\_AxShlEx.dll
2008-11-23 12:47 . 2008-11-23 12:47 <DIR> d-------- c:\program files\Alcohol Soft
2008-11-23 12:44 . 2008-11-24 20:40 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-22 17:29 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-22 17:15 . 2008-11-22 17:16 <DIR> d-------- c:\program files\LimeWire
2008-11-22 16:31 . 2008-11-22 23:42 <DIR> d-------- c:\documents and settings\Aleksandra\Contacts
2008-11-22 16:07 . 2008-11-22 16:07 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\Malwarebytes
2008-11-22 13:29 . 2008-11-22 13:29 <DIR> d-------- c:\program files\SR7.Stop
2008-11-22 13:29 . 2008-11-22 13:29 <DIR> d-------- c:\program files\sd4hide
2008-11-21 13:05 . 2008-11-21 13:05 2,188 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-11-21 01:33 . 2008-11-21 01:33 <DIR> d-------- c:\program files\Desktop Perpetuum Mobile
2008-11-20 22:32 . 2008-11-20 22:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Codemasters
2008-11-20 22:31 . 2008-11-20 22:31 109,080 --a------ c:\windows\system32\OpenAL32.dll
2008-11-20 15:37 . 2008-11-20 15:37 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-11-20 15:30 . 2008-04-26 16:14 42,672 --------- c:\windows\system32\wbsys.dll
2008-11-20 15:24 . 2008-11-20 15:24 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-11-20 14:36 . 2008-11-20 15:24 <DIR> d-------- c:\program files\Stardock
2008-11-20 14:36 . 2008-11-20 14:36 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}
2008-11-19 23:41 . 2008-11-19 23:41 <DIR> d-------- c:\program files\Acronis
2008-11-19 23:41 . 2008-11-19 23:41 134,272 --a------ c:\windows\system32\drivers\snman380.sys
2008-11-19 15:43 . 2008-11-19 15:43 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Acronis
2008-11-19 15:43 . 2008-11-19 15:43 <DIR> d-------- c:\documents and settings\Administrator
2008-11-19 15:37 . 2008-11-19 23:41 <DIR> d-------- c:\program files\Common Files\Acronis
2008-11-19 15:37 . 2008-11-19 15:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis
2008-11-19 15:37 . 2008-11-19 23:41 971,168 --a------ c:\windows\system32\drivers\tdrpm140.sys
2008-11-19 15:37 . 2008-11-19 23:41 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2008-11-19 15:37 . 2008-11-19 23:41 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2008-11-18 23:51 . 2008-11-18 23:51 <DIR> d-------- c:\program files\OpenAL
2008-11-18 23:51 . 2008-11-20 22:31 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-11-18 22:28 . 2008-11-18 22:28 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-18 22:28 . 2004-08-04 02:07 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-18 22:26 . 2008-11-25 19:36 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-18 22:26 . 2008-11-18 22:27 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-18 14:56 . 2008-11-18 14:57 <DIR> d-------- c:\program files\DAMN NFO Viewer
2008-11-17 23:55 . 2008-11-17 23:55 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\Comodo
2008-11-17 23:52 . 2008-11-17 23:52 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\MySpace
2008-11-17 23:46 . 2008-11-17 23:46 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\Launchy
2008-11-17 23:46 . 2008-11-17 23:46 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\AVGTOOLBAR
2008-11-17 23:46 . 2008-11-22 16:31 <DIR> d-------- c:\documents and settings\Aleksandra
2008-11-17 23:34 . 2008-12-03 20:32 172 --a------ c:\windows\wininit.ini
2008-11-17 22:55 . 2008-11-17 22:55 <DIR> d-------- c:\program files\Common Files\eSellerate
2008-11-17 21:57 . 2008-12-05 13:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-17 21:34 . 2008-12-05 13:23 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-17 21:34 . 2008-11-17 21:34 <DIR> d-------- c:\program files\AVG
2008-11-17 21:34 . 2008-11-17 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-17 21:34 . 2008-11-17 21:50 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-17 21:34 . 2008-11-17 21:50 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-17 21:34 . 2008-11-17 21:34 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-11-17 21:34 . 2008-11-17 21:34 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-17 15:52 . 2008-11-17 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-17 14:11 . 2008-12-04 22:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-17 14:11 . 2008-11-17 14:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-17 14:11 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 14:11 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-16 23:29 . 2008-11-16 23:29 <DIR> d-------- c:\program files\MySpace
2008-11-16 22:57 . 2008-11-16 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby
2008-11-16 22:31 . 2008-11-17 14:18 <DIR> d-------- c:\program files\RegSupreme Pro
2008-11-16 21:38 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-16 21:38 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-16 21:38 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-16 21:31 . 2008-11-16 21:32 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-11-16 21:31 . 2008-11-16 21:31 <DIR> d-------- c:\program files\ACD Systems
2008-11-16 21:31 . 2008-11-16 21:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-11-16 19:45 . 2008-11-16 19:45 <DIR> d-------- c:\program files\Raxco
2008-11-16 19:45 . 2008-11-16 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco
2008-11-16 19:45 . 2008-08-28 13:16 71,184 --a------ c:\windows\system32\drivers\DefragFS.sys
2008-11-16 17:25 . 2008-11-16 17:26 <DIR> d-------- c:\program files\InfraRecorder
2008-11-16 17:25 . 2008-11-25 21:28 <DIR> d-------- c:\program files\7-Zip
2008-11-16 16:49 . 2008-11-16 16:49 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-16 16:49 . 2008-11-16 16:49 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-16 16:49 . 2008-11-16 16:49 <DIR> d-------- c:\program files\MSBuild
2008-11-16 16:48 . 2008-11-16 17:10 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-16 16:48 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-16 16:48 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-16 16:48 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-16 16:48 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-16 16:48 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-16 16:48 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-16 16:48 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-16 16:45 . 2008-11-16 16:45 <DIR> d-------- c:\program files\MSXML 6.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 14:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 22:23 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-11-15 22:23 106,496 ----a-w c:\windows\system32\ATL71.DLL
2008-11-15 22:23 --------- d-----w c:\program files\Nikon
2008-11-15 22:23 --------- d-----w c:\program files\Common Files\Nikon
2008-11-15 22:23 --------- d-----w c:\program files\Common Files\muvee Technologies
2008-11-15 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2008-11-15 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\Nikon
2008-11-15 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2008-11-15 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\designjet
2008-11-15 22:13 --------- d-----w c:\program files\Logitech
2008-11-15 22:13 --------- d-----w c:\program files\Common Files\Logitech
2008-11-15 22:06 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-15 22:06 --------- d-----w c:\program files\Altiris
2008-11-15 22:00 --------- d-----w c:\program files\My Company Name
2008-11-15 21:57 15,600 ----a-w c:\windows\gdrv.sys
2008-11-15 21:53 --------- d-----w c:\program files\Realtek
2008-11-15 21:51 315,392 ----a-w c:\windows\HideWin.exe
2008-11-15 21:49 --------- d-----w c:\program files\Intel
2008-11-15 21:44 --------- d-----w c:\program files\microsoft frontpage
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 20:12 222,488 ----a-w c:\windows\system32\snapapi.dll
2008-09-09 12:49 230,152 ----a-w c:\windows\system32\PDBoot.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-05_13.56.23.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-05 12:26:43 72,108 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-05 12:59:16 72,108 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-05 12:26:43 444,358 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-05 12:59:17 444,358 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-02-19 418632]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-07-15 883528]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-08-05 435528]
c:\documents and settings\Stefan\Start Menu\Programs\Startup\
digsby.lnk - c:\program files\Digsby\digsby.exe [2008-10-10 137728]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-11-16 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"d:\\Igrice\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-17 12936]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2008-11-19 134272]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\DRIVERS\tdrpm140.sys [2008-11-19 971168]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-17 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-17 90632]
R1 SandBox;SandBox;c:\windows\system32\DRIVERS\SandBox.sys [2008-11-27 673920]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2008-11-27 1238344]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-17 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-17 231704]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-09-09 693512]
R3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]
R3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2008-11-27 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-11-27 234640]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2008-11-27 33408]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-09-09 906504]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.freegamepick.com/?game_title=AdventureMatch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Stefan\Application Data\Mozilla\Firefox\Profiles\3d4g5rgm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yustart.com/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-05 14:04:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-05 14:04:55
ComboFix-quarantined-files.txt 2008-12-05 13:04:53
ComboFix2.txt 2008-12-05 12:56:59
Pre-Run: 29.339.832.320 bytes free
Post-Run: 29,328,990,208 bytes free
260 --- E O F --- 2008-12-02 13:18:59