|
-
June 25th, 2007, 08:05 AM
#16
ok, here is the log from combofix
ComboFix 07-06-18.2
"Angela" - 2007-06-25 12:49:15 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\secure32.html
C:\WINDOWS\system32\etkiaheclc.dat
C:\WINDOWS\system32\etkiaheclc.exe
C:\WINDOWS\system32\etkiaheclc_nav.dat
C:\WINDOWS\system32\etkiaheclc_navps.dat
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\paytime.exe
((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))
2007-06-25 12:48 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 19:02 <DIR> d-------- C:\DOCUME~1\ANGELA~1.ANG\APPLIC~1\VideoEgg
2007-06-24 14:38 <DIR> d-------- C:\HJT
2007-05-25 16:21 <DIR> d-------- C:\Program Files\SopCast
2007-05-25 12:43 307,200 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-25 15:22:04 -------- d-----w C:\DOCUME~1\ANGELA~1.ANG\APPLIC~1\SopCast
2007-05-25 11:58:37 -------- d-----w C:\DOCUME~1\ANGELA~1.ANG\APPLIC~1\MSN6
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-01 06:26:01 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-28 14:10:54 -------- d-----w C:\Program Files\VTTV
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 15:54]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2003-12-12 19:31]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:09]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-24 17:50]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 C:\WINDOWS\soundman.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-25 07:55]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 17:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-10-11 10:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Spooler"=2 (0x2)
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 12:54:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-25 12:55:03
C:\ComboFix-quarantined-files.txt ... 2007-06-25 12:55
--- E O F ---
I did notice while it was running that it found the file in question ... but it has now vanished from the startup in msconfig ... does this mean it got fixed?
I have no idea how to give you the exact path to the file as previously requested as it was never found where msconfig said it was 
c:\windows\system32\etkiaheclc.exe etkiaheclc
^ ^ ^ ^ that is where msconfig said it was.
Virtual Paitent
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
