MyCity » Ambulanta -> Arhiva Ambulante » Spyware guard 2009

Spyware guard 2009

Napisano na dan: 24.1.2009

Strana:
1
2

Spyware guard 2009

Pagination

Prethodna strana

Odgovori

Strana:
1
2

Gibli Poslao: 24 Jan 2009 13:48 Idi na vrh
offline Gibli Zaslužni građanin Pridružio: 04 Mar 2005 Poruke: 520 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U dnu ekrana za update pise Last start: Update files are corrupted Mogu posle probati da ga reinstaliram.

Profil

helen1 Poslao: 24 Jan 2009 13:49 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Reinstaliraj ga.

Profil

Gibli Poslao: 24 Jan 2009 16:28 Idi na vrh
offline Gibli Zaslužni građanin Pridružio: 04 Mar 2005 Poruke: 520 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probao sam da ga reinstaliram ali nije pomoglo.

Profil

helen1 Poslao: 24 Jan 2009 17:37 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini: [Link mogu videti samo ulogovani korisnici] i pokreni ga, on bi trebalo da skloni sve ostatke Nortona. Preporucujem ti da deinstaliras Spyhunter. Iskljuci Antivirus ponovo. Otvoriti Notepad i iskopirati sledeci tekst: `DirLook:: C:\d6f4b6fb4a6a2bca5a2139e925793b Driver:: Usbeserts` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Gibli Poslao: 26 Jan 2009 09:57 Idi na vrh
offline Gibli Zaslužni građanin Pridružio: 04 Mar 2005 Poruke: 520 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moracemo da nastavimo prekosutra jer trenutno nemam pristup tom racunaru. Dopuna: 26 Jan 2009 9:57 ComboFix mi je pre restart prijavio sledece: Posto je ComboFix zavrsio posao onda sam se setio da deinstaliram SpyHunter, ali nece. Evo i loga: ComboFix 09-01-21.04 - Stanica1 2009-01-26 9:32:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.317 [GMT 1:00] Running from: c:\uros\C-F.exe Command switches used :: c:\uros\CFScript.txt AV: Kaspersky Internet Security On-access scanning disabled (Outdated) FW: Kaspersky Internet Security disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\CrucialSoft Ltd c:\windows\system32\drivers\TDSSijso.sys c:\windows\system32\TDSSckvy.dll c:\windows\system32\TDSSedwn.dll c:\windows\system32\TDSSeuaq.dll c:\windows\system32\TDSSfhvv.log c:\windows\system32\TDSShphc.dll c:\windows\system32\TDSSierd.dat c:\windows\system32\TDSSnhvw.dll c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSurgi.dll c:\windows\system32\TDSSuyka.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv.sys -------\Legacy_TDSSserv.sys -------\Service_Usbeserts ((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 ))))))))))))))))))))))))))))))) . 2009-01-26 09:17 . 2009-01-26 09:17 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-26 09:16 . 2009-01-26 09:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-01-24 13:34 . 2008-10-03 11:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2009-01-24 10:22 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-01-24 10:22 . 2008-06-24 17:23 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll 2009-01-24 10:21 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-24 10:21 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-24 10:21 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-24 10:21 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-24 10:20 . 2008-04-11 19:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-01-24 10:20 . 2008-12-11 12:57 333,184 -----c--- c:\windows\system32\dllcache\srv.sys 2009-01-24 10:20 . 2008-10-15 17:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-01-24 10:15 . 2008-12-12 18:33 3,060,224 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-01-24 10:14 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-24 10:14 . 2008-05-01 15:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-01-24 10:13 . 2008-09-04 17:42 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-01-24 10:12 . 2009-01-26 09:23 <DIR> d--h----- c:\windows\$hf_mig$ 2009-01-23 16:57 . 2008-01-10 06:20 257,024 -----c--- c:\windows\system32\dllcache\infocomm.dll 2009-01-23 16:56 . 2008-06-20 11:45 360,320 -----c--- c:\windows\system32\dllcache\tcpip.sys 2009-01-23 16:56 . 2008-06-20 18:41 245,248 -----c--- c:\windows\system32\dllcache\mswsock.dll 2009-01-23 16:56 . 2006-08-16 12:58 100,352 -----c--- c:\windows\system32\dllcache\6to4svc.dll 2009-01-23 16:28 . 2008-09-15 12:57 1,846,016 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-01-23 16:27 . 2008-08-14 10:51 138,368 -----c--- c:\windows\system32\dllcache\afd.sys 2009-01-23 16:01 . 2009-01-23 16:01 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-01-23 16:01 . 2009-01-23 16:01 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-01-23 16:00 . 2009-01-23 16:00 <DIR> d-------- c:\program files\Kaspersky Lab 2009-01-23 16:00 . 2009-01-26 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-23 16:00 . 2009-01-26 09:39 221,216 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-01-23 16:00 . 2009-01-26 09:38 1,836 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-01-23 16:00 . 2009-01-26 09:36 32 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-23 16:00 . 2009-01-26 09:36 32 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-23 15:58 . 2009-01-23 15:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-01-23 15:46 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-23 15:45 . 2004-08-04 00:56 239,616 --------- c:\windows\system32\wstrenderer.ax 2009-01-23 15:45 . 2004-08-04 00:56 164,352 --------- c:\windows\system32\wstpager.ax 2009-01-23 15:45 . 2004-08-04 00:56 96,768 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2009-01-23 15:45 . 2004-08-04 00:56 53,248 --------- c:\windows\system32\vbicodec.ax 2009-01-23 15:45 . 2004-08-04 00:56 10,752 --------- c:\windows\system32\smtpapi.dll 2009-01-23 15:45 . 2004-08-04 00:56 9,728 --------- c:\windows\system32\rwnh.dll 2009-01-23 15:45 . 2004-08-03 22:59 9,728 --------- c:\windows\system32\comsdupd.exe 2009-01-23 15:37 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll 2009-01-23 15:36 . 2004-07-17 11:40 19,528 --a------ c:\windows\002447_.tmp 2009-01-23 15:35 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-01-23 15:26 . 2009-01-23 15:49 <DIR> d-------- C:\d6f4b6fb4a6a2bca5a2139e925793b 2009-01-20 11:11 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Skype 2009-01-20 10:24 . 2008-07-23 14:12 7,851,704 --a------ c:\temp\spyhunterS.exe 2009-01-20 10:24 . 2008-07-18 16:40 1,076,384 --a------ c:\temp\def.dat 2009-01-20 10:24 . 2008-07-18 17:20 643,072 --a------ c:\temp\Common.dll 2009-01-20 10:12 . 2009-01-26 09:32 <DIR> d-------- C:\uros 2009-01-20 08:39 . 2009-01-20 08:39 <DIR> d-------- c:\program files\Enigma Software Group 2009-01-19 15:34 . 2009-01-20 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-15 17:22 . 2009-01-15 17:22 <DIR> d-------- c:\documents and settings\Stanica1\Application Data\skypePM 2009-01-15 17:22 . 2009-01-15 17:22 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-01-15 17:20 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Skype(2) 2009-01-15 17:20 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Google 2009-01-05 12:21 . 2009-01-05 12:21 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-01-05 12:04 . 2009-01-05 12:29 <DIR> d-------- c:\program files\NOS 2009-01-05 12:04 . 2009-01-05 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-26 08:39 --------- d-----w c:\documents and settings\Stanica1\Application Data\Skype 2009-01-26 08:21 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-23 14:56 --------- d-----w c:\program files\MSN Messenger 2009-01-23 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-01-23 14:19 81,984 ----a-w c:\windows\system32\bdod.bin 2009-01-23 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995 2009-01-15 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-01-05 11:13 --------- d-----w c:\program files\Common Files\Adobe 2008-12-24 14:54 --------- d-----w c:\documents and settings\Stanica1\Application Data\U3 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2006-04-11 10:42 44 -c--a-w c:\program files\launcher.ini 2006-04-11 10:42 23 -c--a-w c:\program files\QTW.TPR 2006-04-11 10:42 1,171 -c--a-w c:\program files\TPRTech.INI 2005-07-14 09:15 17,536 -c--a-w c:\documents and settings\Stanica1\Application Data\GDIPFONTCACHEV1.DAT 2004-11-07 11:57 41,571 -c--a-w c:\program files\mozilla firefox\components\jar50.dll 2004-11-07 11:57 48,221 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll 2004-11-07 11:57 158,821 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\d6f4b6fb4a6a2bca5a2139e925793b ---- 2009-01-23 15:29 93 --a------ c:\d6f4b6fb4a6a2bca5a2139e925793b\i386\update\update.log ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-18 14:32:13 450,560 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll + 2007-12-18 14:32:13 417,792 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB944338-v2\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB944338-v2\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\updspapi.dll + 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll + 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll + 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll + 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll + 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll - 2005-08-06 16:47:35 7,168 -c--a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2009-01-26 08:19:39 8,192 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2005-08-06 16:47:33 32,768 -c--a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll + 2009-01-26 08:19:41 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll - 2005-08-06 16:47:28 716,800 -c--a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2009-01-26 08:19:49 720,896 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2005-08-06 16:47:28 299,008 -c--a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2009-01-26 08:19:41 299,008 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2005-08-06 16:47:35 32,768 -c--a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll + 2009-01-26 08:19:46 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll - 2005-08-06 16:47:37 299,008 -c--a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-01-26 08:19:44 303,104 ----a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll - 2005-08-06 16:47:33 1,290,240 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll + 2009-01-26 08:19:47 1,294,336 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll - 2005-08-06 16:47:33 1,699,840 -c--a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll + 2009-01-26 08:19:39 1,703,936 ----a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll - 2005-08-06 16:47:33 86,016 -c--a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2009-01-26 08:19:48 90,112 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2005-08-06 16:47:34 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll + 2009-01-26 08:19:44 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll - 2005-08-06 16:47:33 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2009-01-26 08:19:42 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2005-08-06 16:47:33 64,000 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll + 2009-01-26 08:19:42 66,560 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll - 2005-08-06 16:47:34 368,640 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll + 2009-01-26 08:19:46 372,736 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll - 2005-08-06 16:47:34 241,664 -c--a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll + 2009-01-26 08:19:49 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll - 2005-08-06 16:47:34 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2009-01-26 08:19:45 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2005-08-06 16:47:34 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-01-26 08:19:42 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2005-08-06 16:47:34 77,824 -c--a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2009-01-26 08:19:43 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll - 2005-08-06 16:47:34 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2009-01-26 08:19:47 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2005-08-06 16:47:36 819,200 -c--a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2009-01-26 08:19:38 819,200 ----a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2005-08-06 16:47:34 57,344 -c--a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2009-01-26 08:19:41 57,344 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2005-08-06 16:47:34 569,344 -c--a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2009-01-26 08:19:40 573,440 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2005-08-06 16:47:34 1,245,184 -c--a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-01-26 08:19:48 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2005-08-06 16:47:35 2,039,808 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll + 2009-01-26 08:19:43 2,052,096 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll - 2005-08-06 16:47:35 1,335,296 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll + 2009-01-26 08:19:45 1,339,392 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - 2005-08-06 16:47:34 1,216,512 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-01-26 08:19:50 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-01-26 08:20:06 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9bbb5221\CustomMarshalers.dll + 2009-01-26 08:21:00 3,379,200 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_96515389\mscorlib.dll + 2009-01-26 08:20:44 1,466,368 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e4d060f5\System.Design.dll + 2009-01-26 08:20:09 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d7187441\System.Drawing.Design.dll + 2009-01-26 08:20:50 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cfae740f\System.Drawing.dll + 2009-01-26 08:20:23 3,014,656 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_45cc8fc3\System.Windows.Forms.dll + 2009-01-26 08:20:37 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_747003cf\System.Xml.dll + 2009-01-26 08:20:04 1,953,792 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e416bed1\System.dll + 2005-08-06 16:48:20 3,289,088 ------w c:\windows\assembly\temp\0HM7G9MN4H\mscorlib.dll + 2005-08-06 16:48:35 2,994,176 ------w c:\windows\assembly\temp\2ZKXMFCPIN\System.Windows.Forms.dll + 2005-08-06 16:47:34 1,216,512 ------w c:\windows\assembly\temp\ABGL2RG5QF\System.dll + 2005-08-06 16:47:34 466,944 ------w c:\windows\assembly\temp\EF0PARSHQJ\System.Drawing.dll + 2005-08-06 16:47:35 1,335,296 ------w c:\windows\assembly\temp\ENGPYNG9IR\System.Xml.dll + 2005-08-06 16:47:34 368,640 ------w c:\windows\assembly\temp\ING1AVCHIR\System.Management.dll + 2005-08-06 16:47:34 323,584 ------w c:\windows\assembly\temp\IVO5ENO5Q3\System.Runtime.Remoting.dll + 2005-08-06 16:47:34 131,072 ------w c:\windows\assembly\temp\IVSPQV4L6F\System.Runtime.Serialization.Formatters.Soap.dll + 2005-08-06 16:48:30 835,584 ------w c:\windows\assembly\temp\KLUJK9ER89\System.Drawing.dll + 2005-08-06 16:48:28 1,929,216 ------w c:\windows\assembly\temp\UBWPMB4XAF\System.dll + 2005-08-06 16:47:35 2,039,808 ------w c:\windows\assembly\temp\YJOXYJCXE7\System.Windows.Forms.dll + 2005-08-06 16:48:39 2,076,672 ------w c:\windows\assembly\temp\YN4HM7WH6V\System.Xml.dll + 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys + 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-01-26 08:17:10 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe - 2003-02-20 17:19:32 253,952 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2004-07-15 00:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2003-02-20 17:19:34 20,480 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe + 2004-07-15 00:49:18 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe - 2003-02-20 17:19:38 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe + 2004-07-15 00:49:26 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - 2003-02-20 17:19:36 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2004-07-15 00:49:22 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2003-02-20 17:09:08 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2004-07-14 23:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2003-02-21 08:20:44 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe + 2004-07-15 10:23:28 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe - 2003-02-21 08:21:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-07-15 10:23:44 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll - 2003-02-20 17:06:20 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll + 2004-07-14 23:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll + 2003-10-08 13:30:14 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe - 2003-02-21 05:24:38 7,168 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll + 2004-07-15 13:31:00 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll - 2003-02-21 05:24:40 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll + 2004-07-15 13:31:04 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll - 2003-02-20 17:09:40 196,608 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe + 2004-07-14 23:35:30 196,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe - 2003-02-21 05:26:36 716,800 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll + 2004-07-15 13:28:58 720,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll - 2003-02-21 05:26:38 299,008 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll + 2004-07-15 13:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll - 2003-02-21 05:25:04 49,152 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe + 2004-07-15 13:28:50 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe - 2003-02-21 05:25:04 49,152 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe + 2004-07-15 13:28:50 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe - 2003-02-20 17:09:12 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll + 2004-07-14 23:32:44 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll - 2003-02-20 17:09:12 233,472 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll + 2004-07-14 23:32:46 233,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll - 2003-02-20 17:06:32 311,296 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2004-07-14 23:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2003-02-20 17:09:16 98,304 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2004-07-14 23:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2003-02-21 05:26:34 2,088,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2004-07-15 13:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2003-02-20 17:09:18 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll + 2004-07-14 23:33:22 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll - 2003-02-20 17:09:18 81,920 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll + 2004-07-14 23:33:24 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll - 2003-02-20 17:07:34 2,494,464 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2004-07-14 23:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2003-02-20 17:08:32 2,482,176 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2004-07-14 23:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2004-08-10 15:20:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe - 2003-02-20 17:09:30 90,112 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll + 2004-07-14 23:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll - 2003-02-21 05:26:46 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll + 2004-07-15 13:28:48 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll - 2003-02-20 17:09:34 319,488 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll + 2004-07-14 23:35:04 319,488 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll - 2003-02-21 05:26:38 1,290,240 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll + 2004-07-15 13:32:00 1,294,336 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll - 2003-02-21 05:25:42 299,008 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll + 2004-07-15 13:31:14 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll - 2003-02-21 05:26:42 1,699,840 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll + 2004-07-15 13:29:02 1,703,936 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll - 2003-02-21 05:26:44 86,016 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll + 2004-07-15 13:28:54 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll - 2003-02-21 05:26:46 1,216,512 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2004-07-15 13:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2003-02-21 05:26:50 466,944 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll + 2004-07-15 13:28:58 466,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll - 2003-02-21 05:26:50 241,664 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll + 2004-07-15 13:28:56 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll - 2003-02-20 17:09:36 64,000 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll + 2004-07-14 23:35:12 66,560 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll - 2003-02-21 05:26:52 368,640 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll + 2004-07-15 13:31:58 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll - 2003-02-21 05:26:54 241,664 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll + 2004-07-15 13:31:12 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll - 2003-02-21 05:26:56 323,584 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll + 2004-07-15 13:28:58 323,584 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll - 2003-02-21 05:26:56 131,072 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll + 2004-07-15 13:31:54 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll - 2003-02-21 05:26:58 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2004-07-15 13:28:52 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll - 2003-02-21 05:27:00 126,976 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll + 2004-07-15 13:28:54 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll - 2003-02-21 05:27:02 1,245,184 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2004-07-15 13:29:00 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2003-02-21 05:27:06 819,200 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll + 2004-07-15 13:28:58 819,200 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll - 2003-02-21 05:24:18 57,344 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll + 2004-07-15 13:28:52 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll - 2003-02-21 05:27:06 569,344 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll + 2004-07-15 13:31:16 573,440 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll - 2003-02-21 05:27:08 2,039,808 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll + 2004-07-15 13:32:02 2,052,096 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll - 2003-02-21 05:27:10 1,335,296 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll + 2004-07-15 13:29:00 1,339,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll + 2004-06-22 12:51:38 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe - 2003-02-21 08:20:38 737,280 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe + 2004-07-15 10:23:20 737,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe - 2003-02-21 03:04:18 1,032,192 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll + 2004-07-15 07:15:14 1,032,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll - 2003-02-20 18:10:40 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll + 2004-07-15 01:11:56 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll - 2004-08-03 23:56:42 100,352 ----a-w c:\windows\system32\6to4svc.dll + 2006-08-16 11:58:05 100,352 ----a-w c:\windows\system32\6to4svc.dll - 2004-08-03 23:56:42 1,016,832 ----a-w c:\windows\system32\browseui.dll + 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\system32\browseui.dll - 2004-08-03 23:56:42 150,528 ----a-w c:\windows\system32\cdfview.dll + 2008-10-16 10:37:02 151,040 ----a-w c:\windows\system32\cdfview.dll - 2009-01-24 11:01:43 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-26 08:31:37 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-24 11:01:43 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-01-26 08:31:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-01-24 11:01:43 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-01-26 08:31:37 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2004-08-03 23:56:42 1,053,696 ----a-w c:\windows\system32\danim.dll + 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\system32\danim.dll + 2008-10-16 10:37:04 1,023,488 -c----w c:\windows\system32\dllcache\browseui.dll + 2008-10-16 10:37:02 151,040 -c----w c:\windows\system32\dllcache\cdfview.dll + 2008-10-16 10:37:02 1,054,208 -c----w c:\windows\system32\dllcache\danim.dll + 2008-06-20 22:11:12 148,992 -c----w c:\windows\system32\dllcache\dnsapi.dll + 2008-10-16 10:37:02 357,888 -c----w c:\windows\system32\dllcache\dxtmsft.dll + 2008-10-16 10:37:02 205,312 -c----w c:\windows\system32\dllcache\dxtrans.dll + 2008-07-07 20:32:22 253,952 -c----w c:\windows\system32\dllcache\es.dll + 2008-10-16 10:37:02 55,808 -c----w c:\windows\system32\dllcache\extmgr.dll + 2008-10-23 13:01:36 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll + 2008-10-15 09:45:01 18,432 -c----w c:\windows\system32\dllcache\iedw.exe + 2008-10-16 10:37:02 251,392 -c----w c:\windows\system32\dllcache\iepeers.dll + 2008-10-16 10:37:02 96,256 -c----w c:\windows\system32\dllcache\inseng.dll + 2007-12-18 14:40:58 450,560 -c----w c:\windows\system32\dllcache\jscript.dll + 2008-10-16 10:37:03 16,384 -c----w c:\windows\system32\dllcache\jsproxy.dll + 2008-06-10 00:31:06 103,936 -c----w c:\windows\system32\dllcache\logagent.exe + 2008-10-16 10:37:03 449,024 -c----w c:\windows\system32\dllcache\mshtmled.dll + 2008-10-16 10:37:02 146,432 -c----w c:\windows\system32\dllcache\msrating.dll + 2008-10-16 10:37:02 532,480 -c----w c:\windows\system32\dllcache\mstime.dll + 2008-10-16 10:37:02 39,424 -c----w c:\windows\system32\dllcache\pngfilt.dll + 2008-05-07 05:18:48 1,287,680 -c----w c:\windows\system32\dllcache\quartz.dll - 2001-08-23 12:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys + 2008-10-16 10:37:03 1,494,528 -c----w c:\windows\system32\dllcache\shdocvw.dll + 2008-10-16 10:37:03 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll + 2008-06-20 14:22:08 225,920 -c----w c:\windows\system32\dllcache\tcpip6.sys + 2008-10-16 10:37:04 615,936 -c----w c:\windows\system32\dllcache\urlmon.dll + 2007-12-18 14:40:58 417,792 -c----w c:\windows\system32\dllcache\vbscript.dll + 2008-10-16 10:37:03 659,456 -c----w c:\windows\system32\dllcache\wininet.dll + 2008-06-10 17:18:18 1,053,696 -c----w c:\windows\system32\dllcache\WMNetmgr.dll + 2008-11-07 17:32:20 2,109,440 -c----w c:\windows\system32\dllcache\WMVCore.dll - 2004-08-03 23:56:44 148,480 ----a-w c:\windows\system32\dnsapi.dll + 2008-06-20 22:11:12 148,992 ----a-w c:\windows\system32\dnsapi.dll - 2004-08-03 22:10:38 274,304 ------w c:\windows\system32\drivers\bthport.sys + 2008-06-13 13:10:50 272,128 ------w c:\windows\system32\drivers\bthport.sys - 2004-08-03 22:15:18 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys - 2001-08-23 12:00:00 200,064 -c--a-w c:\windows\system32\drivers\RMCast.sys + 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys - 2004-08-03 22:14:42 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys + 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys - 2004-08-03 22:07:46 223,616 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2008-06-20 14:22:08 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys - 2004-08-03 23:56:44 357,888 ----a-w c:\windows\system32\dxtmsft.dll + 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dxtmsft.dll - 2004-08-03 23:56:44 201,728 ----a-w c:\windows\system32\dxtrans.dll + 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dxtrans.dll - 2004-08-03 23:56:44 243,200 ----a-w c:\windows\system32\es.dll + 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll - 2004-08-03 23:56:44 55,808 ------w c:\windows\system32\extmgr.dll + 2008-10-16 10:37:02 55,808 ------w c:\windows\system32\extmgr.dll - 2004-08-03 23:56:44 278,016 ----a-w c:\windows\system32\gdi32.dll + 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll - 2004-08-03 23:56:44 249,344 ----a-w c:\windows\system32\iepeers.dll + 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\iepeers.dll - 2004-08-03 23:56:44 678,400 ----a-w c:\windows\system32\inetcomm.dll + 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll - 2004-08-03 23:56:44 257,024 ----a-w c:\windows\system32\inetsrv\infocomm.dll + 2008-01-10 05:20:21 257,024 ----a-w c:\windows\system32\inetsrv\infocomm.dll - 2009-01-24 11:15:04 171,422 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-01-26 08:35:50 171,422 ----a-w c:\windows\system32\inetsrv\MetaBase.bin - 2004-08-03 23:56:44 96,256 ----a-w c:\windows\system32\inseng.dll + 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\inseng.dll - 2004-08-03 23:56:44 450,560 ----a-w c:\windows\system32\jscript.dll + 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\jscript.dll - 2004-08-03 23:56:44 15,872 ----a-w c:\windows\system32\jsproxy.dll + 2008-10-16 10:37:03 16,384 ----a-w c:\windows\system32\jsproxy.dll - 2004-08-03 23:56:52 103,936 ----a-w c:\windows\system32\logagent.exe + 2008-06-10 00:31:06 103,936 ----a-w c:\windows\system32\logagent.exe - 2004-08-03 23:56:44 73,728 ----a-w c:\windows\system32\mscms.dll + 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll - 2003-02-20 17:06:24 155,648 ----a-w c:\windows\system32\mscoree.dll + 2004-07-14 23:24:50 155,648 ----a-w c:\windows\system32\mscoree.dll - 2003-02-20 16:43:38 16,896 -c--a-w c:\windows\system32\mscorier.dll + 2004-07-14 22:34:06 16,896 ----a-w c:\windows\system32\mscorier.dll - 2004-08-03 23:56:44 3,003,392 ----a-w c:\windows\system32\mshtml.dll + 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\system32\mshtml.dll - 2004-08-03 23:56:44 448,512 ----a-w c:\windows\system32\mshtmled.dll + 2008-10-16 10:37:03 449,024 ----a-w c:\windows\system32\mshtmled.dll - 2004-08-03 23:56:44 146,432 ----a-w c:\windows\system32\msrating.dll + 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\msrating.dll - 2004-08-03 23:56:44 530,432 ----a-w c:\windows\system32\mstime.dll + 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\mstime.dll - 2004-08-03 23:56:46 245,248 ----a-w c:\windows\system32\mswsock.dll + 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll - 2004-08-03 23:56:46 1,236,480 ----a-w c:\windows\system32\msxml3.dll + 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll - 2002-02-04 00:52:54 1,230,336 ----a-w c:\windows\system32\msxml4.dll + 2008-09-30 15:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll - 2004-08-03 23:56:46 332,288 ----a-w c:\windows\system32\netapi32.dll + 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll - 2004-08-03 21:59:02 2,015,232 ----a-w c:\windows\system32\ntkrnlpa.exe + 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe - 2004-08-03 22:18:32 2,148,352 ----a-w c:\windows\system32\ntoskrnl.exe + 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe - 2009-01-23 15:44:15 64,106 ----a-w c:\windows\system32\perfc009.dat + 2009-01-26 08:19:25 64,106 ----a-w c:\windows\system32\perfc009.dat - 2009-01-23 15:44:15 410,476 ----a-w c:\windows\system32\perfh009.dat + 2009-01-26 08:19:25 410,476 ----a-w c:\windows\system32\perfh009.dat - 2004-08-03 23:56:46 39,424 ----a-w c:\windows\system32\pngfilt.dll + 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\pngfilt.dll - 2004-08-03 23:56:46 1,287,680 ----a-w c:\windows\system32\quartz.dll + 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll - 2004-08-03 23:56:46 1,483,264 ----a-w c:\windows\system32\shdocvw.dll + 2008-10-16 10:37:03 1,494,528 ----a-w c:\windows\system32\shdocvw.dll - 2004-08-03 23:56:46 473,600 ----a-w c:\windows\system32\shlwapi.dll + 2008-10-16 10:37:03 474,112 ----a-w c:\windows\system32\shlwapi.dll - 2004-08-03 23:56:46 246,302 ----a-w c:\windows\system32\strmdll.dll + 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll + 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe - 2004-08-03 23:56:48 601,088 ----a-w c:\windows\system32\urlmon.dll + 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\urlmon.dll - 2004-08-03 23:56:48 417,792 ----a-w c:\windows\system32\vbscript.dll + 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\vbscript.dll - 2004-08-03 23:56:48 656,384 ----a-w c:\windows\system32\wininet.dll + 2008-10-16 10:37:03 659,456 ----a-w c:\windows\system32\wininet.dll - 2004-08-03 23:56:48 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll + 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll - 2004-08-03 23:57:04 2,105,344 ----a-w c:\windows\system32\wmvcore.dll + 2008-11-07 17:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll + 2008-10-15 14:00:41 351,744 ------w c:\windows\system32\xpsp3res.dll + 2009-01-26 08:37:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1bc.dat + 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll + 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2008-09-02 15:04 398768 --a------ c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 401496] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2005-08-25 17679400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-23 4841472] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-10-06 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2003-09-23 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "wave2"= vacumd.dll "mixer1"= vacumd.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon iR1200-1300 Status Window.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon iR1200-1300 Status Window.LNK backup=c:\windows\pss\Canon iR1200-1300 Status Window.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2002-01-08 01:24 401496 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2004-09-13 15:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2005-10-06 17:03 278528 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] --a------ 2008-07-24 16:07 363591 c:\program files\Plaxo\3.14.0.44\PlaxoHelper_en.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2005-10-16 16:01 155648 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2005-08-25 22:00 17679400 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a--c--- 2002-04-24 04:02 12288 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a--c--- 2004-12-02 09:34 37888 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec Core LC"=2 (0x2) "navapsvc"=2 (0x2) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 VirtualAudioCable;Virtual Audio Cable;c:\windows\system32\drivers\vackmd.sys [2005-08-29 24064] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [2006-01-20 22497] S4 RapidPortM2;RapidPortM2;\??\c:\windows\System32\Drivers\CAPM2LP.SYS --> c:\windows\System32\Drivers\CAPM2LP.SYS [?] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: aol.com\free DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version", c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id", c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub", c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties"); . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-01-26 09:38:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\vacumd.dll - - - - - - - > 'lsass.exe'(1048-) c:\windows\system32\vacumd.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\ScsiAccess.EXE c:\program files\MSN Messenger\usnsvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-01-26 9:42:58 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-26 08:42:54 ComboFix2.txt 2009-01-24 11:17:33 Pre-Run: 3,642,183,680 bytes free Post-Run: 3,618,541,568 bytes free 664 --- E O F --- 2009-01-26 08:23:30

Profil

helen1 Poslao: 26 Jan 2009 13:14 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program RootRepeal na Desktop. Raspakuj RootRepeal.zip u neki folder. Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Priloži dobijeni izveštaj uz poruku korišćenjem opcije Prikači fajl.

Profil

Gibli Poslao: 27 Jan 2009 17:31 Idi na vrh
offline Gibli Zaslužni građanin Pridružio: 04 Mar 2005 Poruke: 520 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pri pokretanju javlja Error-invalid PR image found. Evo i reporta: [Link mogu videti samo ulogovani korisnici] ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/01/27 17:23 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xEDDA1000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8B81000 Size: 8192 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xEC2CE000 Size: 45056 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\system32\config\system.LOG Status: Size mismatch (API: 20480, Raw: 24576) Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av1.tmp Status: Allocation size mismatch (API: 5570560, Raw: 0) Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av211.tmp Status: Allocation size mismatch (API: 17072128, Raw: 0) Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av5.tmp Status: Allocation size mismatch (API: 5570560, Raw: 0) Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av5F.tmp Status: Allocation size mismatch (API: 17244160, Raw: 0) Path: C:\Documents and Settings\Stanica1\Local Settings\Application Data\Microsoft\Messenger\mika@refot.com\SharingMetadata\Logs\Dfsr00005.log Status: Size mismatch (API: 346915, Raw: 346780) SSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee021224 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0217f8 #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee023234 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee022be6 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02099a #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024bc6 #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0215f8 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020ddc #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020fdc #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee022ef6 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0250ce #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0210f2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02115a #: 084 Function Name: NtFsControlFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee022da8 #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02466a #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee022a42 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020afc #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0213fc #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024bf0 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee021348 #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0211c2 #: 161 Function Name: NtQueryMultipleValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020ec6 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020ca4 #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0248d2 #: 193 Function Name: NtReplaceKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02061c #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee023abe #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02077e #: 206 Function Name: NtResumeThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024fa0 #: 207 Function Name: NtSaveKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02041a #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0230d6 #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0216f6 #: 237 Function Name: NtSetSecurityObject Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024764 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024c1a #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020b52 #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024cfe #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024e2a #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024596 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0214c8 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02153a

Profil

helen1 Poslao: 27 Jan 2009 18:57 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslednji logovi su OK. Uradi jos ovo: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Poz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Spyware guard 2009

Ko je trenutno na forumu

Ukupno su 1275 korisnika na forumu :: 144 registrovanih, 9 sakrivenih i 1122 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, 4thFlavian, ajo baba, Alooo, amadeus, Apok, Aristotle2002, Asteker, Avalon015, Azzo, bagor10, bakovaca, banebeograd, bankulen, bgs, Bivan, bladesu, Bob.Rock, Bobrock1, Bojan198527, bojank, bojankrstc, bojcistv, bokisha253, Boris90, Borski1977, Brana01, branko7, Brankojle, casual03, cemix, Cian, Cicumile, cinoeye, Crazzer, crnogorac, Dambi, darcaud, dejanbenkovic, Denaya, Dioniss, Djota1, Doca, doom83, Dorcolac, draganl, dragon_hv, Duh sa sekirom, esko_hz, famoso, feanor, Feller, FOX, GAGI, gagidjuric, gobrad, gomago, goran.vvv, h8propaganda, HrcAk47, Incognito, Iskander, Istman, Jezekijel, jon istvan, kojotuzamku, Kolimator, Kriglord, kybonacci, Lelemood, Lester Freamon, ljubo70, LostInSpaceandTime, Mackomen, Manjane, matejman, mercedesamg, MGBRBG, Mi lao shu, Mig 29, mile.ilic75, miljannis, Miloš Popović, mir, mir juzni, MiroslavD, MK10, N.e.m.a.nj.a., nebojsag, neko iz mase, nemkea71, nenooo, oldtimer, Orc, Paklenica, Panter, panzerwaffe, Penzula, peradetlić, Pilence, Polemarchoi, Polifon, prikolica, Primus17, RAKITNICA, RD84, Romibrat, S94, samo opusteno, sap, sasovsky, savaskytec, sekretar, Shadow soldier, shlauf, Simulink11000, Sir Budimir, Sky diver 29, SlaKoj, sony771, SOVO515, Sr.Stat., srle45, stegonosa, strelac07, suton, synergia, tanakadzo, TBoy, varda, vargas, vidra1, Vrač, Wrangler, XBMC, zdrebac, zhuki8, ZlatniRez, zmajognjeniivan, Zoca, zodiac94, Zorge, zziko, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by