offline
- Pridružio: 16 Avg 2007
- Poruke: 315
- Gde živiš: Srbija
|
Napisano: 13 Apr 2009 22:52
Evo sta kaze combofix. Samo da napomenem da je prvo ne4sto skinuo sa interneta, pa je nest6o instalirao i brisao u windows folderi i nekoliko puta sam morao da kliknem na dont send i na kraju je dao ovaj log fajl
ComboFix 09-04-13.A2 - Boban 2009-04-13 22:41.1 - NTFSx86
Running from: c:\documents and settings\Boban\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
The system cannot find the file temp1001.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.
Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Boban\Application Data\.#
c:\windows\6858.exe
c:\windows\7206.exe
c:\windows\9563.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\e.exe
c:\windows\qq.exe
c:\windows\system\msvbvm60.dll
c:\windows\system32\Bandook Folder
----- BITS: Possible infected sites -----
hxxp://tube28.net
hxxp://78.157.143.217
.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.
2009-04-13 20:45 . 2009-04-13 20:45 390728 ----a-w c:\windows\system32\DLTray.EXE
2009-04-12 21:41 . 2009-04-12 21:41 -------- d-----w C:\New Folder
2009-04-12 21:40 . 2009-04-12 21:40 -------- d-----w C:\virus
2009-04-11 17:37 . 2009-04-11 17:37 144535 ----a-w C:\KALKD.ZIP
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\Boban\Application Data\Malwarebytes
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 17:00 . 2009-03-31 17:00 -------- d-----w c:\program files\Common Files\EPSON
2009-03-31 17:00 . 2009-03-31 17:02 11249 ----a-w c:\windows\EPSTPLOG.BAK
2009-03-31 07:43 . 2009-03-31 07:43 -------- d-----w c:\program files\EpsonNet
2009-03-31 07:43 . 2009-03-31 07:43 -------- d-----w c:\documents and settings\All Users\Application Data\Epson
2009-03-30 18:09 . 2009-03-30 18:10 -------- d-----w C:\!SKOLA
2009-03-29 11:24 . 2009-03-29 11:24 -------- d-----w c:\program files\Smart Virus Remover
2009-03-22 17:24 . 2009-03-23 08:18 -------- d-----w c:\program files\SageTV
2009-03-18 14:08 . 2009-03-18 14:08 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2009-03-17 15:39 . 2009-03-29 11:26 -------- d-----w c:\program files\Multi Password Recovery
2009-03-17 14:06 . 2009-03-17 14:15 -------- d-----w c:\program files\MyLanViewer
2009-03-17 13:54 . 2009-03-17 13:54 -------- d-----w c:\documents and settings\Boban\Application Data\Uniblue
2009-03-16 17:49 . 2009-03-16 17:49 -------- d-----w c:\documents and settings\Boban\Application Data\FDRLab
2009-03-16 17:49 . 2009-03-16 17:49 -------- d-----w c:\program files\FDRLab
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\program files\AskBarDis
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\program files\Foxit Software
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\documents and settings\Boban\Application Data\Foxit
2009-03-16 10:07 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\HTML Executable
2009-03-16 10:07 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\Desktopicon
2009-03-16 09:30 . 2009-03-23 11:05 -------- d-----w c:\program files\Super Internet TV
2009-03-16 09:27 . 2009-03-16 09:27 -------- d-----w c:\documents and settings\Boban\Application Data\JLC's Software
2009-03-16 09:27 . 2009-03-16 10:39 -------- d-----w c:\program files\JLC's Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 20:45 . 2008-06-22 07:54 11336 ----a-w c:\windows\system32\DLServiceMsg.dll
2009-04-13 20:45 . 2008-06-22 07:54 714312 ----a-w c:\windows\system32\DLGPC.dll
2009-04-12 18:49 . 2008-08-19 13:24 -------- d-----w c:\documents and settings\Boban\Application Data\SolidDocuments
2009-04-12 13:35 . 2008-08-27 18:08 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-04-08 21:30 . 2008-01-21 17:53 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 21:27 . 2009-02-16 12:59 -------- d-----w c:\program files\Trojan Remover
2009-03-31 07:43 . 2008-01-09 05:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 11:31 . 2008-11-13 13:22 -------- d-----w c:\program files\Spy Cleaner Gold
2009-03-26 14:28 . 2008-12-27 13:59 -------- d-----w c:\program files\Easy GIF Animator
2009-03-25 21:02 . 2008-06-03 05:26 22463 ----a-w c:\windows\system32\epfwdata.bin
2009-03-23 08:21 . 2008-02-06 17:32 -------- d-----w c:\program files\Sony
2009-03-23 08:20 . 2008-01-29 10:24 -------- d-----w c:\program files\Eltima Software
2009-03-23 08:20 . 2008-01-29 10:25 -------- d-----w c:\documents and settings\Boban\Application Data\Eltima Software
2009-03-23 08:18 . 2008-01-09 20:08 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 08:11 . 2009-03-03 08:10 -------- d-----w c:\documents and settings\Boban\Application Data\Kingston
2009-03-17 14:12 . 2008-03-07 08:49 -------- d-----w c:\program files\Registry Clean Expert
2009-03-17 14:08 . 2008-01-11 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\RFA_Backups
2009-03-17 13:58 . 2009-03-17 13:53 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-17 13:44 . 2008-01-09 05:22 -------- d-----w c:\program files\ESET
2009-03-16 17:48 . 2008-05-29 07:51 -------- d-----w c:\documents and settings\Boban\Application Data\MegauploadToolbar
2009-03-12 20:24 . 2009-03-12 20:24 137728 ----a-w C:\M4gm.xls
2009-03-12 08:20 . 2009-03-12 08:20 -------- d-----w c:\program files\Tukero[X]Team
2009-03-10 14:02 . 2009-03-10 13:54 -------- d-----w c:\program files\Hide Start Button
2009-03-10 13:56 . 2009-03-10 13:56 -------- d-----w c:\program files\1st Security Agent
2009-03-10 13:34 . 2008-06-02 13:15 -------- d-----w c:\program files\Mgtweak
2009-03-07 08:48 . 2009-03-06 18:16 -------- d-----w c:\documents and settings\All Users\Application Data\Danware Data
2009-03-07 08:48 . 2009-03-06 18:16 -------- d-----w c:\program files\Danware Data
2009-03-04 08:46 . 2009-03-04 08:46 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ESET
2009-02-24 15:51 . 2009-02-24 15:51 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Teleca
2009-02-23 14:00 . 2009-02-23 14:00 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Sony Ericsson
2009-02-23 14:00 . 2009-02-23 14:00 -------- d-----w c:\documents and settings\LocalService\Application Data\Sony Ericsson
2009-02-22 12:09 . 2008-01-12 19:19 -------- d-----w c:\program files\Common Files\Adobe
2009-02-22 10:51 . 2009-02-22 10:51 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-22 10:51 . 2009-02-22 10:51 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-22 10:51 . 2009-02-22 10:50 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-22 10:51 . 2009-02-22 10:51 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-22 10:50 . 2009-02-22 10:50 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-22 10:45 . 2008-12-08 15:31 -------- d-----w c:\program files\dvdSanta
2009-02-22 10:44 . 2008-09-17 11:45 -------- d-----w c:\program files\Hamachi
2009-02-22 10:39 . 2008-05-27 07:11 -------- d-----w c:\program files\Enigma Software Group
2009-02-22 10:38 . 2008-02-18 14:33 -------- d-----w c:\program files\Real
2009-02-22 10:33 . 2008-01-21 17:59 -------- d-----w c:\program files\CoffeeCup Software
2009-02-22 10:29 . 2008-09-22 12:33 -------- d-----w c:\program files\gs
2009-02-22 10:22 . 2009-02-22 10:22 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-02-21 11:41 . 2008-05-11 07:34 -------- d-----w c:\documents and settings\Boban\Application Data\Thinstall
2009-02-21 11:30 . 2008-01-12 19:03 -------- d-----w c:\program files\WinHTTrack
2009-02-21 11:30 . 2009-02-17 16:09 -------- d-----w c:\program files\Modem Spy
2009-02-21 11:19 . 2009-02-21 11:19 -------- d-----w c:\program files\Yamicsoft
2009-02-17 16:09 . 2009-02-17 16:09 -------- d-----w c:\documents and settings\Boban\Application Data\Modem Spy
2009-02-17 15:58 . 2009-02-17 15:58 -------- d-----w c:\program files\Phone Spy
2009-02-16 13:07 . 2009-02-16 13:07 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-16 13:07 . 2009-02-16 12:59 -------- d-----w c:\documents and settings\Boban\Application Data\Simply Super Software
2009-02-16 13:05 . 2009-02-16 13:05 -------- d-----w c:\documents and settings\Boban\Application Data\URSoft
2009-02-15 13:56 . 2009-02-15 13:56 -------- d-----w c:\program files\NOD32view
2009-02-13 12:08 . 2009-02-13 12:08 56280 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-02-13 12:08 . 2009-02-13 12:08 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-02-13 12:08 . 2009-02-13 12:08 130952 ----a-w c:\windows\system32\drivers\epfw.sys
2009-02-13 12:07 . 2009-02-13 12:07 106208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-13 12:06 . 2009-02-13 12:06 113448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-02-09 15:25 . 2008-06-15 09:22 325003 ----a-w C:\TREEINFO.NCD
2009-02-03 15:34 . 2009-02-03 15:34 68 --sha-w c:\windows\system32\windzfa0.sys
2009-01-31 10:43 . 2009-01-31 10:42 13030 ----a-w C:\PDOXUSRS.NET
2009-01-14 10:29 . 2008-01-08 20:27 113304 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24E.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24D.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24C.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87C.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87A.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml879.tmp
2008-09-01 08:52 . 2008-09-01 08:52 128 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\fusioncache.dat
2008-07-25 13:22 . 2008-06-03 20:52 88 --sh--r c:\documents and settings\All Users\Application Data\428B7D0D81.sys
2008-07-25 13:22 . 2008-06-03 20:52 2984 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 13:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-25 6746112]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-13 2046120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.MPEGacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Device Lock]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-05-25 16:02 6746112 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-08 09:58 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PC Auto Shutdown"=c:\program files\PC Auto Shutdown\AutoShutdown.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"00saskda"="c:\program files\1st Security Agent\newlock.exe" saskda
"TrayFactory"=d:\! dobri programi\!RAZNO\PS Tray Factory 2.52\PSTrayFactory.exe /start
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Silicon Image\\SI3114\\SiITray.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\DLService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\WNt500x86\\RpcSandraSrv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 HWiNFO32;HWiNFO32 Kernel Driver; [x]
R2 klpsrvc;klpsrvc; [x]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
R3 ATE_PROCMON;ATE_PROCMON;d:\program files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969]
R3 block_reader;MPR DRV; [x]
R3 dwVSCD;NetOp Virtual Smart Card Driver;c:\windows\system32\DRIVERS\dwvscd.sys [2008-04-16 16696]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2007-05-03 55296]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 PORTMON;PORTMON; [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe [2008-09-01 98488]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-11-08 98840]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123); [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2008-09-14 225280]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-13 106208]
S1 NHostNT1;NetOp Driver 1 ver. 9.21 (2008329);c:\windows\System32\Drivers\NHOSTNT1.SYS [2008-11-24 102544]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2008-07-06 1453056]
S2 Device Lock;DeviceLock Service;c:\windows\system32\DLService.exe [2008-06-04 3130952]
S2 drhard;drhard; [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-13 727720]
S2 NetOp Host for NT Service;NetOp Helper ver. 9.21 (2008329);c:\program files\Danware Data\NetOp School\Student\NHOSTSVC.EXE [2008-11-24 1705896]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [2006-12-08 451072]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-22 603904]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S3 NHOSTNT3;NetOp Driver 3 ver. 9.21 (2008329) (NHOSTNT3);c:\windows\System32\Drivers\NHOSTNT3.SYS [2008-11-24 10280]
--- Other Services/Drivers In Memory ---
*Deregistered* - DeviceLockDriver0
*Deregistered* - DeviceLockDriverHlpExtG3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bef8e80-5f92-11dd-a962-001802f3ee32}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdb7ffb-97a0-11dd-ab1a-001802f3ee32}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 17:28]
2009-04-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-28 03:39]
2008-08-03 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 14:28]
2009-04-13 c:\windows\Tasks\OFF.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:56]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
SafeBoot-DeviceLockDriver0.sys
SafeBoot-DeviceLockDriverHlpExtG3.sys
SafeBoot-DLDriver.sys
SafeBoot-DLDriverHlp.sys
SafeBoot-DLDriverKbd0.sys
MSConfigStartUp-nodenable - c:\program files\eset\nodenable.exe
MSConfigStartUp-NodLogin - c:\program files\ESET\ESET Smart Security\nodlogin.exe
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: + Offline &Explorer: Download the link
IE: + Offline E&xplorer: Download the current page
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f25ef1eeb96d429e96eefb6082dd5c95
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f25ef1eeb96d429e96eefb6082dd5c95
IE: Prevedi sa Di recnikom - d:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\
FF - component: c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Boban\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 22:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E628ABE-25B0-7959-18B5-B5F2BAB81FE5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panclfcefkdjlbbabbfkekfnebmkibgh"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,
6a,65,66,61,67,65,65,00,fc
"oahdnggiehbahillfkklckihjgbofc"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,6a,
65,66,61,67,65,65,00,ff
[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9435EE08-ADD3-A534-31C1-CE2382557008}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakljmmedmndhcoabi"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"hamlhhoibinpocak"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"gajkigojcnlgaa"=hex:6a,61,6e,66,6c,68,6d,6a,62,6e,6b,62,6a,66,66,6f,66,69,6b,
6f,00,02
[HKEY_LOCAL_MACHINE\software\Classes\N94827103]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="S"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(5044)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\DLTray.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
d:\xampp\mysql\bin\mysqld-nt.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe
c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Completion time: 2009-04-13 22:48 - machine was rebooted [Boban]
ComboFix-quarantined-files.txt 2009-04-13 20:48
Pre-Run: 53,233,238,016 bytes free
Post-Run: 53,235,613,696 bytes free
906
Dopuna: 15 Apr 2009 12:31
Bobby moze li pomoc
|
