MyCity » Ambulanta -> Arhiva Ambulante » Service: Windows Driver Foundation - hex sumnjiv proces

Service: Windows Driver Foundation - hex sumnjiv proces

Napisano na dan: 19.6.2008

Service: Windows Driver Foundation - hex sumnjiv proces

Sledeća strana

Pagination

Odgovori

][v][ A T R I X™ Poslao: 19 Jun 2008 19:08 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:23:20, on 19/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\WinFlip\WinFlip.exe D:\Program Files\Unlocker\UnlockerAssistant.exe D:\Program Files\Drive Space Indicator\DrvSpace.exe D:\Program Files\LClock\LClock.exe D:\WINDOWS\tsnpstd3.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe D:\WINDOWS\system32\CTHELPER.EXE D:\WINDOWS\system32\ctfmon.exe D:\Program Files\ViStart\ViStart.exe D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe D:\Program Files\DynDNS Updater\DynTray.exe D:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe D:\Program Files\BORGChat\BORGChat.exe D:\Program Files\Psi\psi.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\DynDNS Updater\DynUpSvc.exe D:\Program Files\Styler\Styler.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\vghd\VirtuaGirl_downloader.exe D:\Program Files\MICROSTAR\Bluetooth Software\btsendto_explorer.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Program Files\Windows Live\Messenger\usnsvc.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [WINFLIP] D:\Program Files\WinFlip\WinFlip.exe O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H O4 - HKLM\..\Run: [DriveSpace] D:\Program Files\Drive Space Indicator\DrvSpace.exe O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ViStart] D:\Program Files\ViStart\ViStart O4 - HKCU\..\Run: [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [ViStart] D:\Program Files\ViStart\ViStart (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: BORGChat.lnk = D:\Program Files\BORGChat\BORGChat.exe O4 - Startup: Psi.lnk = D:\Program Files\Psi\psi.exe O4 - Startup: Styler.lnk = ? O4 - Startup: VirtuaGirl HD.LNK = D:\Program Files\vghd\vghd.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DynDNS Updater Tray Icon.lnk = D:\Program Files\DynDNS Updater\DynTray.exe O4 - Global Startup: Trojan Guarder Gold Version.lnk = D:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F321A863-657D-4907-8CD6-237599F3DB1C}: NameServer = 192.168.254.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: DynDNS Updater - Unknown owner - D:\Program Files\DynDNS Updater\DynUpSvc.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing) -- End of file - 8945 bytes Dopuna: 19 Jun 2008 19:08 hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

Profil

bobby Poslao: 19 Jun 2008 19:20 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Taj niz brojki nije nista cudan, to je hex zapis stringa. Ukoliko se prevede u string, glasi: SystemRoot%\system32\svchost.exe -k WudfServiceGroup `D:\Program Files\Trend Micro\HijackThis\HijackThis.exe` U uputstvu za otvaranje teme u Ambulanti pise da treba preimenovati HijackThis.exe, kao i folder HijackThis, posto se odredjeni procesi skrivaju ukoliko primete ovo ime na listi procesa. Preimenuj, pa postavi novi log.

Profil

][v][ A T R I X™ Poslao: 19 Jun 2008 23:30 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Heh nije mi palo na pamet da ga prevodim Obicno asocira na neke exploite, malware itd.. Evo i rename-ovanog HT loga: Citat: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:28:47, on 19/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\WinFlip\WinFlip.exe D:\Program Files\Unlocker\UnlockerAssistant.exe D:\Program Files\Drive Space Indicator\DrvSpace.exe D:\Program Files\LClock\LClock.exe D:\WINDOWS\tsnpstd3.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe D:\WINDOWS\system32\CTHELPER.EXE D:\WINDOWS\system32\ctfmon.exe D:\Program Files\ViStart\ViStart.exe D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe D:\Program Files\DynDNS Updater\DynTray.exe D:\Program Files\BORGChat\BORGChat.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\DynDNS Updater\DynUpSvc.exe D:\Program Files\Psi\psi.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Styler\Styler.exe D:\Program Files\vghd\VirtuaGirl_downloader.exe D:\Program Files\MICROSTAR\Bluetooth Software\btsendto_explorer.exe D:\Program Files\Windows Live\Messenger\usnsvc.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\rsvp.exe E:\GOTTHARD\Gotthard_Lipservice_by_Ragehead\Gotthard_Lipservice_by Ragehead\volimzenegole.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [WINFLIP] D:\Program Files\WinFlip\WinFlip.exe O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H O4 - HKLM\..\Run: [DriveSpace] D:\Program Files\Drive Space Indicator\DrvSpace.exe O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ViStart] D:\Program Files\ViStart\ViStart O4 - HKCU\..\Run: [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [ViStart] D:\Program Files\ViStart\ViStart (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: BORGChat.lnk = D:\Program Files\BORGChat\BORGChat.exe O4 - Startup: Psi.lnk = D:\Program Files\Psi\psi.exe O4 - Startup: Styler.lnk = ? O4 - Startup: VirtuaGirl HD.LNK = D:\Program Files\vghd\vghd.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DynDNS Updater Tray Icon.lnk = D:\Program Files\DynDNS Updater\DynTray.exe O4 - Global Startup: Trojan Guarder Gold Version.lnk = D:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F321A863-657D-4907-8CD6-237599F3DB1C}: NameServer = 192.168.254.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: DynDNS Updater - Unknown owner - D:\Program Files\DynDNS Updater\DynUpSvc.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing) -- End of file - 8858 bytes Thanks!

Profil

bobby Poslao: 21 Jun 2008 01:30 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kazi mi sta ti je Drive Space Indicator? Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

][v][ A T R I X™ Poslao: 21 Jun 2008 21:42 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Neki tool sto dolazi uz Black XP. Evo isao sam da uzmem log za combo fix: https://www.mycity.rs/must-login.png ComboFix 08-06-20.4 - Stamster 2008-06-21 20:20:38.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.874.1.1033.18.667 [GMT 2:00] Running from: D:\Documents and Settings\klijent\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\system32\sys_dll.dll . ((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))) . 2008-06-20 20:17 . 2008-06-20 20:17 <DIR> d-------- D:\Program Files\Macromedia 2008-06-20 20:17 . 2008-06-20 20:19 <DIR> d-------- D:\Program Files\Common Files\Macromedia 2008-06-20 20:16 . 2008-06-20 20:16 <DIR> d-------- D:\WINDOWS\Downloaded Installations 2008-06-20 02:25 . 2008-06-20 02:25 <DIR> d-------- D:\Program Files\Guitar Pro 5 2008-06-19 18:23 . 2008-06-19 18:23 <DIR> d-------- D:\Program Files\Trend Micro 2008-06-18 10:47 . 2008-06-21 07:31 17,932 --a------ D:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000002-80611102}.rfx 2008-06-18 10:47 . 2008-06-21 07:31 17,932 --a------ D:\WINDOWS\system32\BMXState-{00000001-00000000-00000008-00001102-00000002-80611102}.rfx 2008-06-18 10:47 . 2008-06-21 07:31 1,080 --a------ D:\WINDOWS\system32\settingsbkup.sfm 2008-06-18 10:47 . 2008-06-21 07:31 1,080 --a------ D:\WINDOWS\system32\settings.sfm 2008-06-18 10:47 . 2008-06-21 07:31 24 --a------ D:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000002-80611102}.dat 2008-06-18 10:47 . 2008-06-21 07:31 24 --a------ D:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000002-80611102}.dat 2008-06-18 09:38 . 2008-06-21 19:02 3,376,514 --a------ D:\WINDOWS\{00000001-00000000-00000008-00001102-00000002-80611102}.CDF 2008-06-18 09:38 . 2008-06-21 19:02 3,376,514 --a------ D:\WINDOWS\{00000001-00000000-00000008-00001102-00000002-80611102}.BAK 2008-06-18 09:37 . 2008-06-21 07:31 29,808 --a------ D:\WINDOWS\system32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000002-80611102}.rfx 2008-06-18 09:37 . 2008-06-21 07:31 29,808 --a------ D:\WINDOWS\system32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000002-80611102}.rfx 2008-06-18 09:35 . 2008-06-18 09:35 <DIR> d-------- D:\WINDOWS\system32\Data 2008-06-18 09:34 . 2008-06-18 09:35 <DIR> d-------- D:\Program Files\Creative 2008-06-18 09:34 . 2008-06-20 20:16 <DIR> d-------- D:\Program Files\Common Files\InstallShield 2008-06-18 09:34 . 1999-12-17 01:00 6,752 --------- D:\WINDOWS\system32\PFMODNT.SYS 2008-06-18 02:53 . 2008-05-07 07:12 1,288,192 --------- D:\WINDOWS\system32\dllcache\quartz.dll 2008-06-18 02:52 . 2008-06-13 13:05 272,128 --------- D:\WINDOWS\system32\dllcache\bthport.sys 2008-06-18 02:52 . 2008-05-08 16:02 203,136 --------- D:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-02 14:46 . 2008-06-18 05:24 664 --a------ D:\WINDOWS\system32\d3d9caps.dat 2008-06-02 06:51 . 2008-06-02 06:51 <DIR> d-------- D:\WINDOWS\Sun 2008-06-02 06:46 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-06-02 06:45 . 2008-06-02 06:46 <DIR> d-------- D:\Program Files\Java 2008-06-02 06:43 . 2008-06-02 06:43 <DIR> d-------- D:\Program Files\Common Files\Java 2008-06-02 05:30 . 2008-06-02 05:30 <DIR> d-------- D:\Program Files\Trojan Guarder Gold Version 2008-06-01 23:31 . 2008-06-01 23:31 <DIR> d-------- D:\Program Files\Avira 2008-06-01 23:31 . 2008-06-01 23:31 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira 2008-05-30 05:20 . 2008-05-30 05:20 518 --a------ D:\WINDOWS\system32\wul.cfg 2008-05-27 00:52 . 2008-05-27 00:52 <DIR> d-------- D:\Documents and Settings\klijent\Application Data\dvdcss 2008-05-24 04:15 . 2008-05-24 04:15 <DIR> d-------- D:\WINDOWS\system32\xircom 2008-05-24 04:15 . 2008-05-24 04:15 <DIR> d-------- D:\Program Files\microsoft frontpage 2008-05-24 04:00 . 2008-05-24 04:02 <DIR> d-------- D:\WINDOWS\ServicePackFiles 2008-05-24 03:58 . 2006-12-29 00:31 19,569 --a------ D:\WINDOWS\002869_.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-21 17:08 --------- d-----w D:\Documents and Settings\klijent\Application Data\Skype 2008-06-21 17:03 --------- d-----w D:\Program Files\WinFlip 2008-06-21 17:03 --------- d-----w D:\Documents and Settings\klijent\Application Data\skypePM 2008-06-21 17:02 --------- d-----w D:\Program Files\ViStart 2008-06-21 17:02 --------- d-----w D:\Program Files\Drive Space Indicator 2008-06-21 05:21 --------- d-----w D:\Program Files\DupKiller 2008-06-21 03:04 --------- d-----w D:\Program Files\Mozilla Thunderbird 2008-06-18 07:35 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-06-13 11:05 272,128 ------w D:\WINDOWS\system32\drivers\bthport.sys 2008-06-01 21:27 --------- d-----w D:\Program Files\Final Draft 7 2008-06-01 07:47 --------- d-----w D:\Program Files\Last.fm 2008-05-26 20:48 --------- d-----w D:\Program Files\vghd 2008-05-23 19:08 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-14 11:20 --------- d-----w D:\Program Files\HashTab Shell Extension 2008-05-13 04:06 --------- d-----w D:\Program Files\Sun 2008-05-09 00:54 --------- d-----w D:\Documents and Settings\klijent\Application Data\.purple 2008-05-08 14:02 203,136 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:12 1,288,192 ----a-w D:\WINDOWS\system32\quartz.dll 2008-05-02 07:05 --------- d-----w D:\Program Files\DynDNS Updater 2008-05-02 07:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\DynDNS 2008-04-30 20:12 55,424 ----a-w D:\WINDOWS\system32\drivers\VBoxDrv.sys 2008-04-30 20:12 42,048 ----a-w D:\WINDOWS\system32\drivers\VBoxUSBMon.sys 2008-04-27 06:24 86,528 ----a-w D:\WINDOWS\bnetunin.exe 2008-04-27 06:24 61,440 ----a-w D:\WINDOWS\diabswun.exe 2008-04-26 01:59 --------- d-----w D:\Program Files\Microsoft Silverlight 2008-04-25 02:48 --------- d-----w D:\Documents and Settings\klijent\Application Data\vghd 2008-04-23 20:16 3,591,680 ------w D:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:40 625,664 ------w D:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 70,656 ------w D:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:39 13,824 ------w D:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w D:\WINDOWS\system32\dllcache\ieakui.dll 2008-04-14 03:55 1,804 ----a-w D:\WINDOWS\system32\dcache.bin 2008-04-14 03:46 329,728 ----a-w D:\WINDOWS\system32\netsetup.exe 2008-04-14 03:43 92,424 ----a-w D:\WINDOWS\system32\rdpdd.dll 2008-04-14 03:43 87,176 ----a-w D:\WINDOWS\system32\rdpwsx.dll 2008-04-14 03:43 299,520 ----a-w D:\WINDOWS\system32\drmclien.dll 2008-04-14 03:43 12,168 ----a-w D:\WINDOWS\system32\tsddd.dll 2008-04-14 03:41 98,304 ----a-w D:\WINDOWS\system32\actxprxy.dll 2008-04-14 03:40 53,279 ----a-w D:\WINDOWS\system32\odbcji32.dll 2008-04-14 03:40 4,126 ----a-w D:\WINDOWS\system32\msdxmlc.dll 2008-04-14 03:40 3,584 ----a-w D:\WINDOWS\system32\msafd.dll 2008-04-14 03:40 102,912 ----a-w D:\WINDOWS\system32\dpcdll.dll 2008-04-14 03:40 102,912 ------w D:\WINDOWS\system32\dllcache\dpcdll.dll 2008-04-13 23:00 1,845,632 ----a-w D:\WINDOWS\system32\win32k.sys 2008-04-13 22:57 2,188,928 ----a-w D:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 22:49 146,048 ----a-w D:\WINDOWS\system32\dllcache\portcls.sys 2008-04-13 22:46 141,056 ----a-w D:\WINDOWS\system32\dllcache\ks.sys 2008-04-13 22:15 60,160 ----a-w D:\WINDOWS\system32\dllcache\drmk.sys 2008-04-13 22:15 49,408 ----a-w D:\WINDOWS\system32\dllcache\stream.sys 2008-04-13 22:15 17,664 ----a-w D:\WINDOWS\system32\watchdog.sys 2008-04-13 22:15 10,624 ----a-w D:\WINDOWS\system32\dllcache\gameenum.sys 2008-04-13 22:13 9,728 ------w D:\WINDOWS\system32\comsdupd.exe 2008-04-13 22:13 12,800 ----a-w D:\WINDOWS\system32\spiisupd.exe 2008-04-13 22:01 7,424 ----a-w D:\WINDOWS\system32\kd1394.dll 2008-04-13 22:01 2,065,792 ----a-w D:\WINDOWS\system32\ntkrnlpa.exe 2008-04-13 22:00 61,440 ----a-w D:\WINDOWS\system32\msvcrt40.dll 2008-04-13 21:45 76,800 ------w D:\WINDOWS\system32\msshavmsg.dll 2008-04-13 21:09 438,784 ----a-w D:\WINDOWS\system32\xpob2res.dll 2008-04-13 21:09 2,897,920 ----a-w D:\WINDOWS\system32\xpsp2res.dll 2008-04-13 21:09 187,392 ----a-w D:\WINDOWS\system32\xpsp1res.dll 2008-04-13 21:07 208,384 ----a-w D:\WINDOWS\system32\rsaenh.dll 2008-04-13 21:07 138,752 ----a-w D:\WINDOWS\system32\dssenh.dll 2008-04-13 20:57 79,872 ----a-w D:\WINDOWS\system32\msxml6r.dll 2008-04-13 20:57 79,872 ------w D:\WINDOWS\system32\dllcache\msxml6r.dll 2008-04-13 20:56 94,208 ----a-w D:\WINDOWS\system32\odbcint.dll 2008-04-13 20:56 12,288 ----a-w D:\WINDOWS\system32\odbcp32r.dll 2008-04-13 20:56 12,288 ----a-w D:\WINDOWS\system32\mscpx32r.dll 2008-04-13 20:54 20,480 ----a-w D:\WINDOWS\system32\msorc32r.dll 2008-04-13 20:51 733,696 ----a-w D:\WINDOWS\system32\qedwipes.dll 2008-04-13 20:39 4,096 ----a-w D:\WINDOWS\system32\dsprpres.dll 2008-04-13 20:33 63,488 ----a-w D:\WINDOWS\system32\browselc.dll 2008-04-13 20:33 549,376 ----a-w D:\WINDOWS\system32\shdoclc.dll 2008-04-13 20:18 1,647,616 ----a-w D:\WINDOWS\system32\winbrand.dll 2008-04-13 20:15 216,064 ----a-w D:\WINDOWS\system32\moricons.dll 2008-04-13 19:53 48,128 ----a-w D:\WINDOWS\system32\msprivs.dll 2008-04-13 19:52 48,128 ----a-w D:\WINDOWS\system32\inetres.dll 2008-04-13 19:09 884,736 ----a-w D:\WINDOWS\system32\msimsg.dll 2008-04-08 22:24 51,716 ----a-w D:\WINDOWS\system32\pdf995mon.dll 2008-04-08 22:24 249,856 ----a-w D:\WINDOWS\system32\pdfmona.dll 2008-03-25 08:20 219,936 ----a-w D:\WINDOWS\system32\msltus40.dll 2008-03-25 08:20 219,936 ------w D:\WINDOWS\system32\dllcache\msltus40.dll 2008-02-27 10:42 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((( snapshot@2008-06-02_ 7.55.27.59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 04:29:30 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-06-21 17:02:38 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 1994-12-05 01:11:00 53,552 ------w D:\WINDOWS\CTCCW.DLL + 2002-06-04 05:58:12 49,152 ----a-w D:\WINDOWS\CTDCRES.DLL + 1996-05-23 00:24:00 24,976 ------w D:\WINDOWS\CTRES.DLL + 2002-07-19 09:08:10 94,208 ----a-w D:\WINDOWS\DEVREG.DLL + 2005-08-30 13:18:10 114,688 ----a-w D:\WINDOWS\Downloaded Installations\Macromedia Dreamweaver 8\DW_Client_Installer.exe + 2005-08-30 13:18:12 2,003,176 ----a-w D:\WINDOWS\Downloaded Installations\Macromedia Dreamweaver 8\WindowsInstaller-KB884016-v2-x86.exe + 2008-06-13 11:05:51 272,128 ------w D:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-03-01 13:06:20 124,928 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 13:06:21 347,136 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 13:06:21 214,528 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 13:06:21 133,120 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 13:06:21 63,488 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:55:23 70,656 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 13:06:21 153,088 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 13:06:21 230,400 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 13:06:22 383,488 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 13:06:22 384,512 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 13:06:24 6,066,176 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 13:06:24 44,544 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 13:06:25 267,776 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:55:46 625,664 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 13:06:25 27,648 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 13:06:26 459,264 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 13:06:26 52,224 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 16:36:30 3,591,680 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 13:06:28 478,208 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 13:06:28 193,024 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 13:06:29 671,232 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 13:06:29 102,912 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 13:06:29 44,544 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 13:06:29 105,984 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 13:06:30 1,159,680 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 13:06:30 233,472 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 13:06:31 826,368 -c----w D:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll + 2002-06-04 05:45:38 20,480 ----a-w D:\WINDOWS\INRES.DLL + 2008-06-20 18:19:39 65,536 ----a-r D:\WINDOWS\Installer\{0837A661-FEC3-48B3-876C-91E7D32048A9}\DWARPPRODUCTICON.exe + 2008-06-20 18:17:14 65,536 ----a-r D:\WINDOWS\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\EMARPPRODUCTICON.exe - 2008-05-23 19:09:11 135,168 ----a-r D:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-06-18 01:04:56 135,168 ----a-r D:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-05-23 19:09:11 40,960 ----a-r D:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2008-06-18 01:04:56 40,960 ----a-r D:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2002-01-14 12:42:34 61,440 ----a-w D:\WINDOWS\MIDIDEF.EXE - 2000-08-31 06:00:00 28,160 ----a-w D:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,672 ----a-w D:\WINDOWS\Nircmd.exe + 2002-07-19 09:08:02 184,320 ----a-w D:\WINDOWS\PSCONV.EXE + 2002-07-19 09:07:52 176,128 ----a-w D:\WINDOWS\READREG.EXE + 2002-07-19 08:43:06 65,536 ----a-w D:\WINDOWS\system32\a3d.dll + 2002-07-19 09:07:34 53,248 ----a-w D:\WINDOWS\system32\AC3API.DLL - 2008-03-01 13:06:20 124,928 ----a-w D:\WINDOWS\system32\advpack.dll + 2008-04-23 04:16:28 124,928 ----a-w D:\WINDOWS\system32\advpack.dll + 2001-05-28 11:47:36 12,288 ----a-w D:\WINDOWS\system32\AHQCpURes.dll + 2002-07-19 08:54:10 110,592 ----a-w D:\WINDOWS\system32\COMMONFX.DLL + 2002-11-05 09:05:30 61,440 ----a-w D:\WINDOWS\system32\CTAGENT.DLL + 2002-07-19 08:54:22 106,496 ----a-w D:\WINDOWS\system32\CTASIO.DLL + 2002-07-19 09:07:26 113,273 ----a-w D:\WINDOWS\system32\CTBAS2W.DAT + 2002-07-19 09:02:24 113,373 ----a-w D:\WINDOWS\system32\ctbasicw.dat + 2002-07-19 08:56:50 44,055 ----a-w D:\WINDOWS\system32\ctdaught.dat + 2002-07-19 09:07:42 319,488 ----a-w D:\WINDOWS\system32\CTDEVCON.DLL + 2002-07-19 09:07:30 164,044 ----a-w D:\WINDOWS\system32\ctdlang.dat + 2002-07-19 08:53:54 106,496 ----a-w D:\WINDOWS\system32\CTDPROXY.DLL + 2002-07-19 08:54:40 36,864 ----a-w D:\WINDOWS\system32\CTEMUPIA.DLL + 2002-07-02 15:56:00 24,576 ----a-w D:\WINDOWS\system32\CTHELPER.EXE + 1995-07-13 00:01:00 26,768 ------w D:\WINDOWS\system32\CTL3D.DLL + 2002-07-19 08:54:16 155,648 ----a-w D:\WINDOWS\system32\CTOSUSER.DLL + 2002-07-19 08:55:42 643,072 ----a-w D:\WINDOWS\system32\CTSBLFX.DLL + 2002-07-19 09:07:48 28,672 ----a-w D:\WINDOWS\system32\CTSPKHLP.DLL + 2002-07-19 08:59:32 179,669 ----a-w D:\WINDOWS\system32\ctstatic.dat + 1995-08-30 00:02:00 82,432 ------w D:\WINDOWS\system32\CTWFLT32.DLL + 2002-07-19 09:02:18 220,509 ----a-w D:\WINDOWS\system32\Data\CT0060W.DAT + 2002-07-19 09:02:18 220,713 ----a-w D:\WINDOWS\system32\Data\CTP0060W.DAT + 2002-07-19 09:02:20 220,713 ----a-w D:\WINDOWS\system32\Data\CTP0061W.DAT + 2002-07-19 09:02:18 220,713 ----a-w D:\WINDOWS\system32\Data\CTP0100W.DAT + 2002-07-19 09:02:20 220,713 ----a-w D:\WINDOWS\system32\Data\CTP0101W.DAT + 2002-07-19 09:02:18 220,713 ----a-w D:\WINDOWS\system32\Data\CTP0102W.DAT + 2002-07-19 09:02:20 220,713 ----a-w D:\WINDOWS\system32\Data\CTP0103W.DAT + 2002-07-19 09:02:20 220,713 ----a-w D:\WINDOWS\system32\Data\CTP0105W.DAT + 2002-07-19 09:02:20 221,643 ----a-w D:\WINDOWS\system32\Data\CTP0221W.DAT + 2002-07-19 09:02:20 221,643 ----a-w D:\WINDOWS\system32\Data\CTP0222W.DAT + 2002-07-19 09:02:14 219,051 ----a-w D:\WINDOWS\system32\Data\CTP1140W.DAT + 2002-07-19 09:02:14 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4620W.DAT + 2002-07-19 09:02:16 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4670W.DAT + 2002-07-19 09:02:14 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4760W.DAT + 2002-07-19 09:02:16 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4780W.DAT + 2002-07-19 09:02:16 217,875 ----a-w D:\WINDOWS\system32\Data\CTP4790W.DAT + 2002-07-19 09:02:16 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4830W.DAT + 2002-07-19 09:02:16 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4831W.DAT + 2002-07-19 09:02:16 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4832W.DAT + 2002-07-19 09:02:18 217,875 ----a-w D:\WINDOWS\system32\Data\CTP4840W.DAT + 2002-07-19 09:02:14 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4850W.DAT + 2002-07-19 09:02:16 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4870W.DAT + 2002-07-19 09:02:16 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4871W.DAT + 2002-07-19 09:02:16 218,391 ----a-w D:\WINDOWS\system32\Data\CTP4872W.DAT + 2002-07-19 09:02:18 217,875 ----a-w D:\WINDOWS\system32\Data\CTP4890W.DAT + 2002-07-19 09:02:18 217,875 ----a-w D:\WINDOWS\system32\Data\CTP4891W.DAT + 2002-07-19 09:02:18 217,875 ----a-w D:\WINDOWS\system32\Data\CTP4893W.DAT + 2002-07-19 09:02:20 220,509 ----a-w D:\WINDOWS\system32\Data\CTPDXW.DAT + 2002-07-19 09:02:14 219,051 ----a-w D:\WINDOWS\system32\Data\CTPM002W.DAT + 2002-07-19 09:07:26 211,126 ----a-w D:\WINDOWS\system32\Data\CTSBAS2W.DAT + 2002-07-19 09:02:22 218,391 ----a-w D:\WINDOWS\system32\Data\CTSBASW.DAT + 2001-08-17 20:36:10 98,304 ----a-w D:\WINDOWS\system32\dllcache\a3d.dll - 2008-03-01 13:06:20 124,928 ------w D:\WINDOWS\system32\dllcache\advpack.dll + 2008-04-23 04:16:28 124,928 ------w D:\WINDOWS\system32\dllcache\advpack.dll - 2008-03-01 13:06:21 347,136 ------w D:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-23 04:16:28 347,136 ------w D:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 13:06:21 214,528 ------w D:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-23 04:16:28 214,528 ------w D:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-03-01 13:06:21 133,120 ------w D:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-23 04:16:28 133,120 ------w D:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 13:06:21 63,488 ------w D:\WINDOWS\system32\dllcache\icardie.dll + 2008-04-23 04:16:28 63,488 ------w D:\WINDOWS\system32\dllcache\icardie.dll - 2008-03-01 13:06:21 153,088 ------w D:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-04-23 04:16:28 153,088 ------w D:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 13:06:21 230,400 ------w D:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-04-23 04:16:28 230,400 ------w D:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-03-01 13:06:22 383,488 ------w D:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-04-23 04:16:28 383,488 ------w D:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 13:06:22 384,512 ------w D:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-04-23 04:16:28 384,512 ------w D:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 13:06:24 6,066,176 ------w D:\WINDOWS\system32\dllcache\ieframe.dll + 2008-04-23 04:16:28 6,066,176 ------w D:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 13:06:24 44,544 ------w D:\WINDOWS\system32\dllcache\iernonce.dll + 2008-04-23 04:16:28 44,544 ------w D:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 13:06:25 267,776 ------w D:\WINDOWS\system32\dllcache\iertutil.dll + 2008-04-23 04:16:28 267,776 ------w D:\WINDOWS\system32\dllcache\iertutil.dll - 2008-03-01 13:06:25 27,648 ------w D:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-23 04:16:28 27,648 ------w D:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-03-01 13:06:26 459,264 ------w D:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-04-23 04:16:28 459,264 ------w D:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 13:06:26 52,224 ------w D:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-04-23 04:16:28 52,224 ------w D:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 13:06:28 478,208 ------w D:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-23 04:16:28 478,208 ------w D:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 13:06:28 193,024 ------w D:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-23 04:16:28 193,024 ------w D:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 13:06:29 671,232 ------w D:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-23 04:16:28 671,232 ------w D:\WINDOWS\system32\dllcache\mstime.dll - 2008-03-01 13:06:29 102,912 ------w D:\WINDOWS\system32\dllcache\occache.dll + 2008-04-23 04:16:28 102,912 ------w D:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 13:06:29 44,544 ------w D:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-23 04:16:28 44,544 ------w D:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-03-01 13:06:29 105,984 ------w D:\WINDOWS\system32\dllcache\url.dll + 2008-04-23 04:16:28 105,984 ------w D:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 13:06:30 1,159,680 ------w D:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-23 04:16:29 1,159,680 ------w D:\WINDOWS\system32\dllcache\urlmon.dll - 2008-03-01 13:06:30 233,472 ------w D:\WINDOWS\system32\dllcache\webcheck.dll + 2008-04-23 04:16:29 233,472 ------w D:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 13:06:31 826,368 ------w D:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-23 04:16:29 826,368 ------w D:\WINDOWS\system32\dllcache\wininet.dll + 2002-07-19 08:46:28 127,948 ----a-w D:\WINDOWS\system32\drivers\ctac32k.sys + 2002-07-19 08:47:52 837,548 ----a-w D:\WINDOWS\system32\drivers\ctaud2k.sys + 2002-07-19 08:48:04 195,432 ----a-w D:\WINDOWS\system32\drivers\ctoss2k.sys + 2002-07-19 08:48:08 11,068 ----a-w D:\WINDOWS\system32\drivers\ctprxy2k.sys + 2002-07-19 08:48:22 213,860 ----a-w D:\WINDOWS\system32\drivers\ctsfm2k.sys + 2002-07-19 08:48:32 156,604 ----a-w D:\WINDOWS\system32\drivers\emupia2k.sys + 2002-07-24 11:52:26 998,004 ----a-w D:\WINDOWS\system32\drivers\ha10kx2k.sys - 2008-03-01 13:06:21 347,136 ----a-w D:\WINDOWS\system32\dxtmsft.dll + 2008-04-23 04:16:28 347,136 ----a-w D:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 13:06:21 214,528 ----a-w D:\WINDOWS\system32\dxtrans.dll + 2008-04-23 04:16:28 214,528 ----a-w D:\WINDOWS\system32\dxtrans.dll + 2001-07-11 08:51:00 77,824 ----a-w D:\WINDOWS\system32\EAXAC3.DLL - 2008-03-01 13:06:21 133,120 ------w D:\WINDOWS\system32\extmgr.dll + 2008-04-23 04:16:28 133,120 ------w D:\WINDOWS\system32\extmgr.dll - 2008-06-01 21:29:34 329,096 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT + 2008-06-21 05:22:42 330,688 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT - 2008-03-01 13:06:21 63,488 ----a-w D:\WINDOWS\system32\icardie.dll + 2008-04-23 04:16:28 63,488 ----a-w D:\WINDOWS\system32\icardie.dll - 2008-02-29 08:55:23 70,656 ------w D:\WINDOWS\system32\ie4uinit.exe + 2008-04-22 07:39:58 70,656 ------w D:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 13:06:21 153,088 ------w D:\WINDOWS\system32\ieakeng.dll + 2008-04-23 04:16:28 153,088 ------w D:\WINDOWS\system32\ieakeng.dll - 2008-03-01 13:06:21 230,400 ------w D:\WINDOWS\system32\ieaksie.dll + 2008-04-23 04:16:28 230,400 ------w D:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ------w D:\WINDOWS\system32\ieakui.dll + 2008-04-20 05:07:51 161,792 ------w D:\WINDOWS\system32\ieakui.dll - 2008-03-01 13:06:22 383,488 ----a-w D:\WINDOWS\system32\ieapfltr.dll + 2008-04-23 04:16:28 383,488 ----a-w D:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 13:06:22 384,512 ------w D:\WINDOWS\system32\iedkcs32.dll + 2008-04-23 04:16:28 384,512 ------w D:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 13:06:24 6,066,176 ----a-w D:\WINDOWS\system32\ieframe.dll + 2008-04-23 04:16:28 6,066,176 ----a-w D:\WINDOWS\system32\ieframe.dll - 2008-03-01 13:06:24 44,544 ------w D:\WINDOWS\system32\iernonce.dll + 2008-04-23 04:16:28 44,544 ------w D:\WINDOWS\system32\iernonce.dll - 2008-03-01 13:06:25 267,776 ----a-w D:\WINDOWS\system32\iertutil.dll + 2008-04-23 04:16:28 267,776 ----a-w D:\WINDOWS\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w D:\WINDOWS\system32\ieudinit.exe + 2008-04-22 07:39:58 13,824 ----a-w D:\WINDOWS\system32\ieudinit.exe + 1998-10-20 14:05:42 54,784 ------w D:\WINDOWS\system32\INETWH32.DLL - 2008-03-01 13:06:25 27,648 ------w D:\WINDOWS\system32\jsproxy.dll + 2008-04-23 04:16:28 27,648 ------w D:\WINDOWS\system32\jsproxy.dll + 2001-09-21 15:08:36 49,152 ----a-w D:\WINDOWS\system32\KILLAPPS.EXE + 1995-01-13 12:10:00 149,504 ------w D:\WINDOWS\system32\MFCANS32.DLL + 1995-01-13 12:10:00 108,032 ------w D:\WINDOWS\system32\MFCUIA32.DLL - 2008-05-09 21:35:04 16,863,864 ----a-w D:\WINDOWS\system32\MRT.exe + 2008-05-29 23:35:11 17,486,968 ----a-w D:\WINDOWS\system32\MRT.exe - 2008-03-01 13:06:26 459,264 ----a-w D:\WINDOWS\system32\msfeeds.dll + 2008-04-23 04:16:28 459,264 ----a-w D:\WINDOWS\system32\msfeeds.dll - 2008-03-01 13:06:26 52,224 ----a-w D:\WINDOWS\system32\msfeedsbs.dll + 2008-04-23 04:16:28 52,224 ----a-w D:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 16:36:30 3,591,680 ----a-w D:\WINDOWS\system32\mshtml.dll + 2008-04-23 20:16:30 3,591,680 ----a-w D:\WINDOWS\system32\mshtml.dll - 2008-03-01 13:06:28 478,208 ----a-w D:\WINDOWS\system32\mshtmled.dll + 2008-04-23 04:16:28 478,208 ----a-w D:\WINDOWS\system32\mshtmled.dll - 2008-03-01 13:06:28 193,024 ------w D:\WINDOWS\system32\msrating.dll + 2008-04-23 04:16:28 193,024 ------w D:\WINDOWS\system32\msrating.dll - 2008-03-01 13:06:29 671,232 ------w D:\WINDOWS\system32\mstime.dll + 2008-04-23 04:16:28 671,232 ------w D:\WINDOWS\system32\mstime.dll - 2008-03-01 13:06:29 102,912 ------w D:\WINDOWS\system32\occache.dll + 2008-04-23 04:16:28 102,912 ------w D:\WINDOWS\system32\occache.dll + 2002-07-19 08:54:50 135,168 ----a-w D:\WINDOWS\system32\OPENAL32.DLL + 2002-07-19 08:55:00 110,592 ----a-w D:\WINDOWS\system32\PIAPROXY.DLL - 2008-03-01 13:06:29 44,544 ----a-w D:\WINDOWS\system32\pngfilt.dll + 2008-04-23 04:16:28 44,544 ----a-w D:\WINDOWS\system32\pngfilt.dll + 2001-06-28 09:05:52 36,864 ----a-w D:\WINDOWS\system32\REGPLIB.EXE + 2001-08-17 12:19:28 6,912 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\ctlfacem.sys + 2001-08-17 22:36:12 4,096 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\ctwdm32.dll + 2001-08-17 22:36:14 256,512 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\devcon32.dll + 2001-08-17 22:36:42 24,064 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\devldr32.exe + 2008-04-13 22:15:16 60,160 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\drmk.sys + 2001-08-17 12:19:26 283,904 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\emu10k1m.sys + 2008-04-13 22:46:38 141,056 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\ks.sys + 2008-04-14 03:41:58 4,096 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\ksuser.dll + 2008-04-13 22:49:42 146,048 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\portcls.sys + 2001-08-17 22:36:30 495,616 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\sblfx.dll + 2001-08-17 22:36:32 51,200 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\sfman32.dll + 2001-08-17 12:19:34 36,480 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\sfmanm.sys + 2008-04-13 22:15:16 49,408 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\stream.sys + 2008-04-14 03:42:46 23,552 ----a-w D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\wdmaud.drv + 2008-04-13 22:15:30 10,624 ----a-w D:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\gameenum.sys + 1998-06-05 00:00:00 84,992 ------w D:\WINDOWS\system32\SFCVRT32.DLL + 1998-01-07 23:00:00 1,048,576 ------w D:\WINDOWS\system32\SFMAN.DAT - 2001-08-17 22:36:32 51,200 ----a-w D:\WINDOWS\system32\sfman32.dll + 2001-08-17 12:35:46 36,864 ----a-w D:\WINDOWS\system32\sfman32.dll + 2002-07-19 08:56:12 270,336 ----a-w D:\WINDOWS\system32\SFMS32.DLL - 2007-08-10 18:46:18 17,272 ------w D:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w D:\WINDOWS\system32\spmsg.dll - 2008-03-01 13:06:29 105,984 ----a-w D:\WINDOWS\system32\url.dll + 2008-04-23 04:16:28 105,984 ----a-w D:\WINDOWS\system32\url.dll - 2008-03-01 13:06:30 1,159,680 ----a-w D:\WINDOWS\system32\urlmon.dll + 2008-04-23 04:16:29 1,159,680 ----a-w D:\WINDOWS\system32\urlmon.dll - 2008-03-01 13:06:30 233,472 ----a-w D:\WINDOWS\system32\webcheck.dll + 2008-04-23 04:16:29 233,472 ----a-w D:\WINDOWS\system32\webcheck.dll - 2008-03-01 13:06:31 826,368 ----a-w D:\WINDOWS\system32\wininet.dll + 2008-04-23 04:16:29 826,368 ----a-w D:\WINDOWS\system32\wininet.dll + 2000-05-10 23:00:00 90,112 ------w D:\WINDOWS\Updreg.EXE + 2008-06-21 02:22:22 1,233,920 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll + 2006-12-01 22:25:52 1,101,824 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 22:25:56 1,093,120 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 22:25:58 69,632 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 22:26:00 57,856 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 22:08:00 40,960 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 22:08:00 45,056 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 22:08:00 65,536 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 22:08:00 57,344 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 22:08:00 61,440 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 22:08:00 61,440 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 22:08:00 61,440 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 22:08:00 49,152 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 22:08:00 49,152 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 22:46:44 65,536 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "ViStart"="D:\Program Files\ViStart\ViStart" [ ] "VisualTaskTips"="D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-08-15 16:33 36352] "Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WINFLIP"="D:\Program Files\WinFlip\WinFlip.exe" [2007-11-02 20:18 462848] "UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 08:19 15872] "DriveSpace"="D:\Program Files\Drive Space Indicator\DrvSpace.exe" [2007-11-10 13:44 247949] "LClock"="D:\Program Files\LClock\LClock.exe" [2004-09-19 07:27 65536] "tsnpstd3"="D:\WINDOWS\tsnpstd3.exe" [2007-03-30 18:44 262144] "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 D:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360] "Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [2007-08-29 17:24 1232384] "ViStart"="D:\Program Files\ViStart\ViStart" [ ] "VisualTaskTips"="D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-08-15 16:33 36352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-04-23 06:16 124928 D:\WINDOWS\system32\advpack.dll] D:\Documents and Settings\klijent\Start Menu\Programs\Startup\ BORGChat.lnk - D:\Program Files\BORGChat\BORGChat.exe [4/1/2007 5:59:52 PM 1041920] Psi.lnk - D:\Program Files\Psi\psi.exe [10/14/2007 8:18:12 PM 8699392] Styler.lnk - D:\Documents and Settings\klijent\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2/28/2008 1:29:08 AM 15086] VirtuaGirl HD.LNK - D:\Program Files\vghd\vghd.exe [4/25/2008 4:48:47 AM 11773248] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - D:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe [1/16/2003 8:12:28 AM 360509] DynDNS Updater Tray Icon.lnk - D:\Program Files\DynDNS Updater\DynTray.exe [4/23/2008 6:57:00 PM 65536] Trojan Guarder Gold Version.lnk - D:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe [8/22/2006 3:48:46 PM 236032] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Psi\\psi.exe"= "D:\\Program Files\\BORGChat\\BORGChat.exe"= "D:\\Program Files\\FlashFXP\\FlashFXP.exe"= "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP::Disabled:@xpsp2res.dll,-22009 R0 nvcchflt;NVIDIA Disk Cache Filter Driver;D:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 17:21] R1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-04-30 22:12] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-04-30 22:12] R2 DynDNS Updater;DynDNS Updater;D:\Program Files\DynDNS Updater\DynUpSvc.exe [2008-04-23 18:57] S2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . Contents of the 'Scheduled Tasks' folder "2008-06-20 16:57:33 D:\WINDOWS\Tasks\User_Feed_Synchronization-{F43B9E74-FE6D-4B48-8F9E-E773654F61FF}.job" - D:\WINDOWS\system32\msfeedssync.exe . *********************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 20:22:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" "ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc] "ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00" "ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00" . Completion time: 2008-06-21 20:22:45 ComboFix-quarantined-files.txt 2008-06-21 18:22:42 ComboFix2.txt 2008-06-02 06:01:09 ComboFix3.txt 2008-06-02 05:55:42 Pre-Run: 5,384,663,040 bytes free Post-Run: 6,079,672,320 bytes free 515 --- E O F --- 2008-06-21 01:02:37

Profil

bobby Poslao: 21 Jun 2008 22:18 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trojan Guarder Gold Version - ovaj program je sumnjiv. Neki ga proglasavaju Rogue programom (lazne uzbune itd). Razmisli o njegovoj deinstalaciji. Na kompu si imao bota. Meni sada izgleda kao da je sve OK. Kako se komp ponasa?

Profil

][v][ A T R I X™ Poslao: 22 Jun 2008 17:00 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da, to sam izvalio posle ovoga: [2008-06-21 22:54:00] Found Trojan!! Please register to remove it. [2008-06-21 22:53:56] [Guard Ghost starts watching!!] Za samo cetiri sekunde je satro nasao trojanca... a na scan memory kaze - No trojan found, takvom brzinom ne moze da skenira HDD vec samo memoriju Ali kljucno je please register... to remove nothing. Znaci tipicna patka od pgorama, ubio sam ga na toj masini. A za bota kazes - kako imaO? Komp se ponasa normalno, nego sam rutinski onaj hex video kao potencijalnu pretnju.... Thanks za odgovore and assistance!

Profil

bobby Poslao: 22 Jun 2008 17:45 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

][v][ A T R I X™ Poslao: 23 Jun 2008 22:55 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Done. Hvala na slikovitom objasnjenju iako nije bilo potrebe.... dovoljno je samo Combofix /u i ende Pozz!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Service: Windows Driver Foundation - hex sumnjiv proces

Ko je trenutno na forumu

Ukupno su 833 korisnika na forumu :: 6 registrovanih, 1 sakriven i 826 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, hyla, koom0001, Krusarac, mikrimaus, Sićko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by