c:\windows\system32\logonui.exe . . . is infected!!!Dole sam okacio logo fajl combofix-a i Hijacka
ComboFix 10-01-04.01 - Administrator 01/06/2010 7:38.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1504 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\users\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://au.download.j+|Cv+@J:NGD_DQ{zcxLJS@
c:\windows\system32\logonui.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 05:53 . 2010-01-06 05:53 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes
2010-01-06 05:53 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 05:53 . 2010-01-06 05:53 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes
2010-01-06 05:53 . 2010-01-06 05:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 05:53 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 05:51 . 2010-01-06 05:52 -------- d-----w- c:\program files\RogueRemover FREE
2010-01-06 05:50 . 2010-01-06 06:17 -------- d-----w- c:\users\Administrator\Application Data\Software Informer
2010-01-06 05:50 . 2010-01-06 05:50 -------- d-----w- c:\program files\Software Informer
2010-01-06 03:42 . 2001-08-17 01:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-06 03:42 . 2008-04-13 12:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-06 00:32 . 2010-01-06 00:32 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Adobe
2010-01-05 23:13 . 2010-01-06 01:49 -------- d-----w- c:\users\Administrator\DoctorWeb
2010-01-05 22:50 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2010-01-05 21:58 . 2010-01-05 21:58 -------- d-----w- c:\users\Default User\Local Settings\Application Data\Microsoft Help
2010-01-05 21:42 . 2010-01-05 21:42 -------- d-----w- c:\program files\MSXML 4.0
2010-01-05 21:08 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe
2010-01-05 21:07 . 2010-01-05 21:07 -------- d-----w- c:\program files\Realtek
2010-01-05 21:07 . 2010-01-05 21:07 315392 ----a-w- c:\windows\HideWin.exe
2010-01-05 21:07 . 2007-07-26 09:09 520192 ------r- c:\windows\RtlExUpd.dll
2010-01-05 08:24 . 2009-10-29 07:45 17408 ------w- c:\windows\system32\dllcache\corpol.dll
2010-01-05 08:24 . 2009-10-29 07:45 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-01-05 08:23 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2010-01-05 08:23 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2010-01-05 08:21 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-01-05 08:21 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-01-05 08:21 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2010-01-05 08:20 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-05 08:20 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-05 08:16 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-01-05 08:16 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-01-05 08:15 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-01-05 08:15 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2010-01-05 08:15 . 2009-06-03 19:09 1291264 ------w- c:\windows\system32\dllcache\quartz.dll
2010-01-05 08:14 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2010-01-05 08:14 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2010-01-05 08:14 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2010-01-05 08:14 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2010-01-05 08:14 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-01-05 08:14 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-01-05 08:14 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-01-05 08:08 . 2009-10-13 10:38 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2010-01-05 08:07 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-01-05 08:07 . 2008-12-16 12:30 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-01-05 08:06 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-01-05 07:57 . 2009-09-06 07:09 126976 ------w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-01-05 07:48 . 2009-05-21 18:46 268288 ------w- c:\windows\system32\dllcache\httpext.dll
2010-01-05 07:25 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-01-05 07:24 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-05 07:24 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-05 07:24 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-05 07:24 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-05 07:24 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-05 07:24 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-01-05 07:24 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-01-05 07:24 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-05 07:24 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-05 07:17 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-01-05 07:05 . 2009-09-11 14:13 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
2010-01-05 07:05 . 2009-06-25 08:41 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2010-01-05 07:05 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2010-01-05 07:05 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2010-01-05 07:05 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2010-01-05 07:03 . 2009-07-31 04:24 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-01-05 07:03 . 2009-07-31 04:24 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-01-05 07:01 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-05 06:46 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-05 06:46 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-05 06:46 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-05 06:31 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-05 06:31 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-05 06:30 . 2009-08-13 15:02 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-01-05 03:32 . 2010-01-05 03:32 0 ----a-w- c:\windows\nsreg.dat
2010-01-05 03:32 . 2010-01-05 03:32 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Mozilla
2010-01-05 03:18 . 2010-01-05 21:27 -------- d-----w- c:\users\Administrator\Tracing
2010-01-05 03:17 . 2010-01-05 21:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-05 03:16 . 2010-01-05 03:16 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-05 03:16 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-01-05 03:16 . 2010-01-05 03:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-05 03:15 . 2010-01-05 03:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-05 03:14 . 2010-01-05 03:17 -------- d-----w- c:\program files\Microsoft
2010-01-05 03:14 . 2010-01-05 03:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-05 02:48 . 2010-01-05 02:48 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-05 01:55 . 2007-05-02 08:00 546976 ----a-w- c:\windows\system32\drivers\ar5211.sys
2010-01-05 01:47 . 2010-01-05 01:47 -------- d-----w- c:\program files\ASUS
2010-01-05 00:18 . 2008-04-13 13:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-01-05 00:18 . 2008-04-13 11:09 142592 ------w- c:\windows\system32\drivers\aec.sys
2010-01-05 00:18 . 2008-04-13 13:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-01-05 00:18 . 2008-04-13 13:09 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-01-05 00:18 . 2008-04-13 13:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-01-05 00:18 . 2008-04-13 13:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-01-05 00:18 . 2008-04-13 13:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-01-05 00:18 . 2008-04-13 13:09 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-01-05 00:18 . 2008-04-13 13:09 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-01-05 00:18 . 2008-04-13 13:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-01-05 00:18 . 2008-04-13 13:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-01-05 00:17 . 2001-08-17 02:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-01-05 00:17 . 2010-01-05 22:51 -------- d-----w- c:\windows\system32\RTCOM
2010-01-05 00:17 . 2008-04-13 17:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-01-05 00:17 . 2008-04-13 12:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-01-05 00:17 . 2008-03-21 10:35 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-01-05 00:17 . 2010-01-05 00:17 -------- d-----w- c:\program files\Alwil Software
2010-01-05 00:17 . 2008-04-13 13:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-01-05 00:17 . 2008-04-13 13:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-01-05 00:17 . 2008-04-13 13:06 13952 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-01-05 00:17 . 2008-04-13 13:06 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-01-05 00:16 . 2010-01-05 00:16 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-05 00:15 . 2008-04-13 18:42 81920 ----a-w- c:\windows\system32\usbui.dll
2010-01-05 00:15 . 2001-08-17 02:51 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-01-05 00:11 . 2009-03-08 09:10 34816 ----a-w- c:\windows\system32\irclass.dll
2010-01-05 00:07 . 2007-12-05 09:30 4632576 ------r- c:\windows\system32\drivers\RtkHDAud.sys
2010-01-05 00:07 . 2007-11-20 10:15 1826816 ------r- c:\windows\SkyTel.exe
2010-01-05 00:07 . 2007-11-07 09:31 1191936 ------r- c:\windows\RtlUpd.exe
2010-01-05 00:07 . 2007-03-23 11:19 9715200 ------r- c:\windows\RTLCPL.exe
2010-01-05 00:07 . 2006-07-21 08:14 86016 ------r- c:\windows\SoundMan.exe
2010-01-05 00:07 . 2007-11-30 10:42 16858624 ------r- c:\windows\RTHDCPL.exe
2010-01-05 00:07 . 2007-06-28 08:44 2165760 ------r- c:\windows\MicCal.exe
2010-01-05 00:07 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe
2010-01-05 00:06 . 2007-03-09 08:56 1163616 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2010-01-05 00:06 . 2006-10-26 07:08 50752 ----a-w- c:\windows\agrsmdel.exe
2010-01-05 00:06 . 2006-10-05 06:10 9216 ----a-w- c:\windows\system32\agrsmsvc.exe
2010-01-05 00:06 . 2006-09-11 08:34 13312 ----a-w- c:\windows\system32\agrscoin.dll
2010-01-05 00:06 . 2008-10-31 02:14 117888 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2010-01-05 00:06 . 2008-07-17 03:35 9728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-01-05 00:04 . 2010-01-05 00:04 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\GHISLER
2010-01-05 00:00 . 2006-06-19 03:37 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 01:42 . 2010-01-04 14:32 -------- d-----w- c:\program files\Mv2Player
2010-01-05 21:58 . 2010-01-04 14:35 -------- d-----w- c:\users\All Users\Application Data\Microsoft Help
2010-01-05 21:47 . 2010-01-04 14:33 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-05 21:28 . 2010-01-04 14:23 -------- d-----w- c:\users\Administrator\Application Data\Skype
2010-01-05 21:07 . 2010-01-04 14:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 03:16 . 2010-01-04 13:43 -------- d-----w- c:\program files\Windows Live
2010-01-05 02:48 . 2010-01-05 00:11 70448 ----a-w- c:\users\Default User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 02:31 . 2010-01-04 13:59 -------- d-----w- c:\program files\SpeedFan
2010-01-05 01:57 . 2010-01-05 01:57 -------- d-----w- c:\program files\Atheros
2010-01-05 01:51 . 2010-01-04 14:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-05 01:45 . 2010-01-04 13:41 -------- d-----w- c:\program files\7-Zip
2010-01-05 00:11 . 2010-01-04 13:36 15184 ----a-w- c:\users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 23:57 . 2010-01-04 23:57 32768 ----a-w- c:\windows\~DF7082.tmp
2010-01-04 15:14 . 2010-01-04 13:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-04 15:08 . 2010-01-04 15:08 -------- d-----w- c:\users\All Users\Application Data\Atheros
2010-01-04 15:01 . 2010-01-04 15:01 -------- d-----w- c:\program files\Microsoft Works
2010-01-04 14:59 . 2010-01-04 14:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-04 14:47 . 2010-01-04 14:47 -------- d-----w- c:\program files\MSXML 6.0
2010-01-04 14:42 . 2010-01-04 13:51 -------- d-----w- c:\program files\Microsoft.NET
2010-01-04 14:40 . 2010-01-04 14:40 -------- d-----w- c:\program files\SQLXML 4.0
2010-01-04 14:40 . 2010-01-04 14:40 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-01-04 14:35 . 2010-01-04 14:35 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-01-04 14:32 . 2010-01-04 14:32 -------- d-----w- c:\users\All Users\Application Data\CyberLink
2010-01-04 14:32 . 2010-01-04 14:32 -------- d-----w- c:\program files\CyberLink
2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\program files\Webteh
2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\program files\FLV Player
2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\program files\Yahoo!
2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\users\All Users\Application Data\Yahoo! Companion
2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\users\Administrator\Application Data\Yahoo!
2010-01-04 14:30 . 2010-01-04 14:30 -------- d-----w- c:\users\Administrator\Application Data\Media Player Classic
2010-01-04 14:30 . 2010-01-04 14:30 -------- d-----w- c:\program files\Recode Media
2010-01-04 14:30 . 2010-01-04 14:30 -------- d-----w- c:\program files\XVid;-)
2010-01-04 14:29 . 2010-01-04 14:29 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-04 14:29 . 2010-01-04 14:29 737280 ----a-w- c:\windows\iun6002.exe
2010-01-04 14:27 . 2010-01-04 14:27 -------- d-----w- c:\program files\Opera
2010-01-04 14:26 . 2010-01-04 14:26 -------- d-----w- c:\program files\Morton Benson
2010-01-04 14:26 . 2010-01-04 14:26 -------- d-----w- c:\program files\MagicDisc
2010-01-04 14:25 . 2010-01-04 14:25 -------- d-----w- c:\program files\totalcmd
2010-01-04 14:15 . 2010-01-04 14:15 -------- d-----w- c:\program files\Microsoft FrontPage
2010-01-04 14:09 . 2010-01-04 14:09 -------- d-----w- c:\program files\AMD
2010-01-04 14:09 . 2010-01-04 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-04 14:08 . 2010-01-04 14:08 -------- d-----w- c:\program files\ATI
2010-01-04 14:04 . 2010-01-04 14:04 295 ----a-w- c:\windows\system32\StartAU.cmd
2010-01-04 14:03 . 2010-01-04 13:50 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-04 14:01 . 2010-01-04 14:01 -------- d-----w- c:\program files\ATI Technologies
2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\program files\CCFile
2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\program files\XnView
2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\program files\Winamp
2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\users\Administrator\Application Data\Winamp
2010-01-04 14:00 . 2010-01-04 13:59 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-01-04 14:00 . 2010-01-04 14:00 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-01-04 14:00 . 2010-01-04 14:00 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\users\Administrator\Application Data\TuneUp Software
2010-01-04 13:59 . 2010-01-04 13:59 -------- d-----w- c:\users\All Users\Application Data\TuneUp Software
2010-01-04 13:59 . 2010-01-04 13:59 -------- d-----r- c:\program files\Skype
2010-01-04 13:59 . 2010-01-04 13:59 -------- d-----w- c:\users\All Users\Application Data\Skype
2010-01-04 13:52 . 2010-01-04 13:52 -------- d-----w- c:\program files\PDFCreator
2010-01-04 13:52 . 2010-01-04 13:52 -------- d-----w- c:\program files\Notepad++
2010-01-04 13:52 . 2010-01-04 13:52 -------- d-----w- c:\program files\Nero
2010-01-04 13:51 . 2010-01-04 13:51 -------- d-----w- c:\program files\Nero Burning ROM Portable
2010-01-04 13:51 . 2010-01-04 13:51 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-04 13:42 . 2010-01-04 13:42 -------- d-----w- c:\program files\Driver Magician
2010-01-04 13:42 . 2010-01-04 13:42 -------- d-----w- c:\program files\CCleaner
2010-01-04 13:42 . 2010-01-04 13:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-04 13:41 . 2010-01-04 13:41 -------- d-----w- c:\program files\System
2010-01-04 13:39 . 2010-01-04 13:39 -------- d---a-w- c:\program files\Utilities
2010-01-04 13:37 . 2010-01-04 13:37 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-04 13:33 . 2010-01-04 13:36 40 ----a-w- c:\users\Administrator\SetupS.reg
2010-01-04 13:33 . 2010-01-04 13:36 0 ----a-w- c:\users\Administrator\SetupS.cmd
2010-01-04 13:33 . 2010-01-04 13:33 40 ----a-w- c:\windows\system32\config\systemprofile\SetupS.reg
2010-01-04 13:33 . 2010-01-04 13:33 0 ----a-w- c:\windows\system32\config\systemprofile\SetupS.cmd
2010-01-04 13:33 . 2010-01-04 13:31 40 ----a-w- c:\users\Default User\SetupS.reg
2010-01-04 13:33 . 2010-01-04 13:31 0 ----a-w- c:\users\Default User\SetupS.cmd
2010-01-04 13:32 . 2010-01-04 13:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 13:32 . 2010-01-04 13:32 -------- d-----w- c:\program files\Java
2010-01-04 13:29 . 2010-01-04 13:29 68936 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-04 13:28 . 2010-01-04 13:28 -------- d-----w- c:\program files\MSBuild
2010-01-04 13:28 . 2010-01-04 13:28 -------- d-----w- c:\program files\Reference Assemblies
2010-01-04 13:26 . 2010-01-04 13:26 -------- d-----w- c:\program files\Windows Sidebar
2010-01-04 13:25 . 2010-01-04 13:25 -------- d-----w- c:\program files\Alky for Applications
2010-01-04 13:21 . 2010-01-04 13:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-04 13:21 . 2010-01-04 13:21 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-29 07:45 . 2009-03-08 09:12 841216 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2009-03-08 09:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2009-03-08 09:03 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-13 10:38 . 2009-03-08 09:02 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 03:42 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 03:42 79872 ----a-w- c:\windows\system32\raschap.dll
.
------- Sigcheck -------
[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-03-08 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe
[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2009-03-08 09:09 37376 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/5/2010 4:16 AM 54752]
S0 ahci6xx;ahci6xx;c:\windows\system32\drivers\ahci6xx.sys [3/8/2009 10:36 AM 123392]
S0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [3/8/2009 10:36 AM 9096]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\windows\Temp\RarSFX1\kerneld.wnt --> c:\windows\Temp\RarSFX1\kerneld.wnt [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/22/2005 9:01 PM 2799808]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 10:36]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\2qiyfclt.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.rs
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-fsm - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 07:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\windows\Temp\RarSFX1\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1088)
c:\windows\system32\wdigest.dll
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2010-01-06 07:41:58
ComboFix-quarantined-files.txt 2010-01-06 06:41
ComboFix2.txt 2010-01-06 04:19
Pre-Run: 11,207,720,960 bytes free
Post-Run: 11,206,823,936 bytes free
- - End Of File - - BA60CBF4F693563A0452A9C42A2447F0
---------------------------------------------------------------------------------------------------------------------------------------
***********************************************************************************************************
---------------------------------------------------------------------------------------------------------------------------------------
***********************************************************************************************************
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:49:06, on 1/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21148)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Software Informer\softinfo.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Users\Administrator\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 3609 bytes
lukas19
