|
|
bdemers
regular
Reg'd: Mon
Posts: 33
|
Re: infrom.exe Trojan Horse
Sat Mar 22 2008 06:21 PM
|
|
|
ComboFix 08-03-22.1 - Owner 2008-03-22 9:51:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.232 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-18 21:27 . 2008-03-20 17:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-18 21:26 . 2008-03-18 21:26 <DIR> d-------- C:\Program Files\DNA
2008-03-18 21:26 . 2008-03-18 21:27 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-18 21:26 . 2008-03-20 17:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-03-15 10:42 . 2008-03-15 10:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-15 00:45 . 2008-03-15 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-15 00:45 . 2007-05-30 05:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-03-13 18:35 . 2008-03-13 18:35 <DIR> d-------- C:\Program Files\JoshMadison
2008-03-11 23:41 . 2008-03-11 23:41 1,319 --a------ C:\UnitConverter.ini
2008-02-27 21:09 . 2008-03-15 00:31 22,528 --a------ C:\WINNT\system32\drivers\nhcDriver.sys
2008-02-27 21:08 . 2008-02-27 21:08 <DIR> d-------- C:\Program Files\Notebook Hardware Control
2008-02-27 15:06 . 2002-12-26 20:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-27 15:06 . 2002-12-26 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-02-27 00:14 . 2008-03-06 22:39 <DIR> d--h----- C:\BJPrinter
2008-02-27 00:14 . 2004-06-09 20:33 86,016 --a------ C:\WINNT\system32\CNMCP58.exe
2008-02-26 23:32 . 2008-02-26 23:32 1,158 --a------ C:\WINNT\mozver.dat
2008-02-26 22:48 . 2008-02-26 22:48 <DIR> d-------- C:\Program Files\Intel
2008-02-26 21:53 . 2008-02-26 23:16 <DIR> d-------- C:\Program Files\SpeedFan
2008-02-26 21:53 . 2008-02-26 21:53 45 --a------ C:\WINNT\system32\initdebug.nfo
2008-02-25 17:42 . 2008-02-25 17:42 <DIR> d-------- C:\Program Files\Western Digital
2008-02-25 17:26 . 2008-02-25 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Memeo
2008-02-25 16:17 . 2008-02-25 16:17 <DIR> d-------- C:\Program Files\DIFX
2008-02-25 16:16 . 2008-02-25 16:16 <DIR> d----c--- C:\WINNT\system32\DRVSTORE
2008-02-25 16:16 . 2008-02-25 17:42 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-02-25 16:16 . 2008-02-25 17:41 364,544 --a------ C:\WINNT\system32\WDBtnMgr.exe
2008-02-25 16:16 . 2006-09-07 22:16 10,112 --a------ C:\WINNT\system32\drivers\wdcsam.sys
2008-02-25 16:06 . 2004-08-03 23:59 43,136 --a------ C:\WINNT\system32\drivers\sbp2port.sys
2008-02-25 16:06 . 2004-08-03 23:59 43,136 --a------ C:\WINNT\system32\dllcache\sbp2port.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 18:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-15 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 18:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-15 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-15 17:55 --------- d-----w C:\Program Files\ewido anti-malware
2008-02-27 06:42 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-27 06:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 05:43 --------- d-----w C:\Program Files\Gateway
2008-02-25 02:34 --------- d-----w C:\Program Files\AIM
2008-02-25 02:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-02-18 06:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 18:21 --------- d-----w C:\Program Files\MSECache
2008-01-11 05:53 44,544 ----a-w C:\WINNT\system32\dllcache\pngfilt.dll
2007-03-08 07:11 1,867,695 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2006-05-31 19:34 56,216 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-18 21:26 287040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 02:21 90112]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-22 14:10 290816]
"AS00_Gear511"="C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2006-01-20 14:14 1122412]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-03 17:33 2629632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINNT\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINNT\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.0.6.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LimeWire 4.0.6.lnk
backup=C:\WINNT\pss\LimeWire 4.0.6.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-10-03 17:50 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINNT\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
C:\Program Files\FilmLoop Player\FilmLoopService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
--a------ 2002-05-06 13:12 65536 C:\WINNT\GWMDMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi]
--a------ 2002-06-12 16:23 27648 C:\WINNT\GWMDMpi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-09-16 08:43 274432 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINNT\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2001-08-23 11:23 45056 C:\WINNT\system32\ico.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Multi-function Keyboard]
--a------ 2001-08-28 10:13 98361 C:\WINNT\GWHotKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-06 10:52 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2002-12-26 20:47 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\spydoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2001-11-14 15:02 413696 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2001-11-14 15:03 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2008-02-25 17:41 364544 C:\WINNT\system32\WDBtnMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"ewido security suite control"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"SSScsiSV"=3 (0x3)
"SPTISRV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PrismXL"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"AresChatServer"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Gateway\\HPA\\gwmenu.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
R2 RioPNP;RioPNP;C:\WINNT\system32\drivers\RioPNP.sys [2000-06-06 09:29]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINNT\system32\AWINDIS5.SYS [2002-04-11 17:43]
R3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINNT\system32\DRIVERS\wg511nd5.sys [2005-07-25 16:48]
R3 pelmouse;Mouse Suite Driver;C:\WINNT\system32\DRIVERS\pelmouse.sys [2001-01-09 16:49]
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINNT\system32\DRIVERS\pelusblf.sys [2001-10-08 11:46]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINNT\system32\DRIVERS\wdcsam.sys [2006-09-07 22:16]
S2 TGIOEBJH;TGIOEBJH;C:\WINNT\system32\tgioebjh.hqz []
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 16:57:00 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-03-22 16:50:30 C:\WINNT\Tasks\User_Feed_Synchronization-{BCF09352-0836-419B-957E-F7E0274A374A}.job"
- C:\WINNT\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 09:57:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TGIOEBJH]
"ImagePath"="\??\C:\WINNT\system32\tgioebjh.hqz"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\System32\NavLogon.dll
.
Completion time: 2008-03-22 9:59:13
ComboFix-quarantined-files.txt 2008-03-22 16:58:49
ComboFix2.txt 2008-02-20 21:22:10
ComboFix3.txt 2008-02-19 04:50:55
.
2008-02-19 05:24:47 --- E O F ---
|
|
|
|
1 registered and 32 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
