ma sve sam to vec radio nego evo ga combofix log
ComboFix 08-10-09.06 - home 2008-10-10 10:12:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.640 [GMT 2:00]
Running from: C:\Documents and Settings\home\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
.
2008-10-09 21:24 . 2008-10-09 21:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-09 08:42 . 2008-10-09 14:46 250 --a------ C:\WINDOWS\gmer.ini
2008-10-08 20:23 . 2008-10-08 20:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-08 18:28 . 2008-10-08 18:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 18:28 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-08 18:28 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 12:29 . 2008-10-09 11:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 21:18 . 2008-10-04 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-10-03 10:06 . 2008-10-03 10:06 <DIR> d-------- C:\WINDOWS\Logs
2008-10-03 08:59 . 2008-10-03 08:59 <DIR> d-------- C:\Program Files\KONAMI
2008-10-02 18:07 . 2008-10-02 18:07 <DIR> d-------- C:\Documents and Settings\home\Application Data\Malwarebytes
2008-10-02 18:07 . 2008-10-02 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 14:25 . 2008-10-10 09:49 24,414 ---hs---- C:\WINDOWS\system32\disk.ico
2008-09-23 22:09 . 2008-10-01 15:01 <DIR> d-------- C:\Program Files\DC++
2008-09-18 18:32 . 2008-09-18 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 16:01 68,768 ----a-w C:\WINDOWS\system32\mmsystem.dll
2008-10-04 19:27 --------- d-----w C:\Program Files\GameHouse Games Collection
2008-10-04 16:53 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-27 12:37 --------- d-----w C:\Documents and Settings\home\Application Data\Winamp
2008-09-23 20:55 --------- d-----w C:\Program Files\LimeWire
2008-09-20 21:38 --------- d-----w C:\Documents and Settings\home\Application Data\Wildfire
2008-09-01 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 20:30 --------- d-----w C:\Documents and Settings\home\Application Data\Mount&Blade
2008-08-17 14:21 --------- d-----w C:\Program Files\Pro Evolution Soccer 2008
2008-08-16 18:55 --------- d-----w C:\Program Files\Samsung
2008-08-16 18:30 --------- d-----w C:\Program Files\Analog Devices
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2007-06-26 15:18 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-09-27 12:28 163,840 --sh--w C:\WINDOWS\system32\notepod.exe
2005-10-10 07:49 163,840 --sh--w C:\WINDOWS\system32\rsvp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 165784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2004-09-05 847872]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-07 282624]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2003-09-17 212992]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 36352]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 1071472]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
Media Key.lnk - C:\Program Files\Media Key\MagicKey.exe [2006-08-07 159744]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
Remote Control.lnk - C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe [2006-08-07 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"C:\\Program Files\\valve\\hl.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\valve\\hltv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12856]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 8576]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 686080]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 40448]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abeb5c28-f79a-11dc-91b8-000e5c3a2bcd}]
\Shell\Auto\command - G:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\sv7f5quf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-10 10:24:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\imon.dll
.
Completion time: 2008-10-10 10:27:40
ComboFix-quarantined-files.txt 2008-10-10 08:27:24
Pre-Run: 79.733.923.840 bytes free
Post-Run: 79,720,222,720 bytes free
139 --- E O F --- 2008-09-10 10:04:51