offline
- veljko-94
- Zaslužni građanin
- Pridružio: 29 Jul 2008
- Poruke: 615
- Gde živiš: Zemun
|
ComboFix 09-01-21.04 - veljko™ 2009-01-26 22:35:05.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1515 [GMT 1:00]
Running from: c:\documents and settings\veljko™\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\veljko™\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\docume~1\VELJKO~1\LOCALS~1\temp\winelxb.exe
c:\windows\system32\vdriver.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\VELJKO~1\LOCALS~1\temp\winelxb.exe
c:\windows\system32\vdriver.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Nero
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-25 10:35 . 2006-03-17 15:49 368,640 --a------ c:\windows\system32\twnlib4.dll
2009-01-25 10:34 . 2009-01-25 10:35 <DIR> d-------- c:\program files\Nero 9
2009-01-25 10:05 . 2009-01-25 10:05 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-25 10:05 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-25 00:24 . 2009-01-25 00:24 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-24 12:14 . 2009-01-24 12:04 <DIR> d-------- C:\NST
2009-01-24 12:04 . 2009-01-24 12:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-01-23 22:47 . 2009-01-23 22:47 <DIR> d-------- c:\program files\Print3D Corporation
2009-01-23 22:47 . 2009-01-23 22:47 <DIR> d-------- c:\documents and settings\veljko™\Application Data\progeSOFT
2009-01-23 22:47 . 2009-01-23 22:47 <DIR> d-------- c:\documents and settings\All Users\progeSOFT
2009-01-23 22:47 . 2008-11-11 09:13 2,981,888 --a------ c:\windows\Print3DLib.dll
2009-01-23 22:47 . 2008-11-10 11:42 2,445,312 --a------ c:\windows\MeshLib.dll
2009-01-23 22:47 . 2008-11-10 11:19 2,412,544 --a------ c:\windows\CADViewerLib.dll
2009-01-23 22:47 . 2008-11-10 11:42 1,941,504 --a------ c:\windows\VTKLib.dll
2009-01-23 22:47 . 2008-11-10 11:24 1,236,992 --a------ c:\windows\SYCIO.dll
2009-01-23 22:47 . 2008-11-10 11:23 1,028,096 --a------ c:\windows\SYCGeo.dll
2009-01-23 22:47 . 2008-11-10 11:22 1,007,616 --a------ c:\windows\RPToolkit.dll
2009-01-23 22:47 . 2008-11-10 11:17 950,272 --a------ c:\windows\3DSLib.dll
2009-01-23 22:47 . 2008-11-10 11:23 483,328 --a------ c:\windows\SYCGUI.dll
2009-01-23 22:47 . 2008-11-10 11:26 143,360 --a------ c:\windows\ZipLib.dll
2009-01-23 22:47 . 2008-11-10 11:21 106,496 --a------ c:\windows\NetLib.dll
2009-01-23 22:47 . 2008-10-20 19:59 2,186 --a------ c:\windows\print3d.dat
2009-01-23 22:46 . 2009-01-23 22:46 <DIR> d-------- c:\program files\progeSOFT
2009-01-23 22:26 . 2009-01-24 11:24 34 --a------ c:\documents and settings\veljko™\jagex_runescape_preferences.dat
2009-01-23 22:26 . 2009-01-24 11:24 34 --a------ c:\documents and settings\veljko™\jagex_runescape_preferences.dat
2009-01-23 22:25 . 2009-01-23 22:25 <DIR> d-------- c:\windows\.jagex_cache_32
2009-01-23 21:18 . 2008-04-25 19:41 218,624 --a------ c:\windows\system32\uxtheme.dll.backup
2009-01-23 13:11 . 2009-01-23 13:11 <DIR> d-------- c:\documents and settings\veljko™\Application Data\KompoZer
2009-01-23 12:34 . 2009-01-25 11:50 <DIR> d-------- c:\program files\AutoCAD 2009
2009-01-23 11:25 . 2005-10-14 22:42 46,592 --a------ c:\windows\system32\hpzll43a.dll
2009-01-23 11:24 . 2009-01-23 11:24 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-23 11:24 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-23 11:24 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-23 11:19 . 2005-03-14 12:03 278,584 --a------ c:\windows\system32\HPZidr12.dll
2009-01-23 11:19 . 2005-03-14 12:05 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-01-23 11:19 . 2005-03-08 11:55 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-01-23 11:19 . 2005-03-14 12:05 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-01-23 11:19 . 2005-03-14 13:39 65,536 --a------ c:\windows\system32\HPZinw12.exe
2009-01-23 11:19 . 2005-03-08 11:55 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-01-23 11:18 . 2009-01-23 11:24 103,216 --a------ c:\windows\hpoins08.dat
2009-01-23 11:18 . 2005-09-10 00:28 98,304 --a------ c:\windows\system32\hpzjsn01.dll
2009-01-23 11:18 . 2006-01-24 22:03 4,445 --------- c:\windows\hpomdl08.dat
2009-01-23 10:21 . 2009-01-23 10:22 <DIR> d-------- C:\tmp
2009-01-23 10:06 . 2009-01-23 10:12 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Vista Start Menu
2009-01-22 10:15 . 2009-01-22 10:15 <DIR> d-------- c:\documents and settings\veljko™\.borland
2009-01-22 10:15 . 2009-01-22 10:15 <DIR> d-------- c:\documents and settings\veljko™\.borland
2009-01-22 10:13 . 2009-01-22 10:13 <DIR> d-------- c:\program files\Delphi7SE
2009-01-22 09:43 . 2009-01-22 09:43 <DIR> d-------- c:\program files\VS Revo Group
2009-01-21 22:39 . 2008-02-22 17:20 676,224 --a------ c:\windows\system32\OGACheckControl.dll
2009-01-21 22:25 . 2009-01-21 22:25 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-01-21 22:24 . 2009-01-21 22:34 <DIR> d-------- c:\program files\MSECACHE
2009-01-21 19:22 . 2009-01-21 19:22 <DIR> d-------- c:\program files\NeoSmart Technologies
2009-01-20 10:52 . 2009-01-20 10:52 <DIR> d-------- c:\windows\vf_hip
2009-01-20 10:52 . 2009-01-20 11:45 <DIR> d-------- c:\program files\Hide IP Platinum
2009-01-20 10:52 . 2009-01-20 10:52 32 --a------ c:\windows\go
2009-01-20 10:49 . 2009-01-20 10:49 <DIR> d-------- c:\program files\Hide IP NG
2009-01-20 10:49 . 2009-01-20 10:49 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Hide IP NG
2009-01-20 10:11 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-20 10:11 . 2007-10-11 11:10 30,008 --a------ c:\windows\system32\drivers\ET5Drv.sys
2009-01-20 10:11 . 2009-01-23 10:22 24,944 --a------ c:\windows\system32\drivers\GVTDrv.sys
2009-01-20 03:02 . 2009-01-20 12:20 <DIR> d-------- C:\Warcraft III
2009-01-19 08:12 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-19 08:12 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-19 08:11 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-19 08:11 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-19 07:08 . 2009-01-19 07:08 <DIR> d-------- C:\Downloads
2009-01-18 17:07 . 2009-01-18 17:08 4,839 --a------ c:\windows\BricoPackFoldersDelete.cmd
2009-01-18 16:59 . 2009-01-18 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-18 15:04 . 2009-01-18 15:04 <DIR> d-------- c:\program files\AVG
2009-01-18 10:47 . 2009-01-18 10:47 <DIR> d-------- c:\windows\Packs
2009-01-17 18:13 . 2009-01-17 18:13 <DIR> d-------- C:\Zorana™
2009-01-17 16:00 . 2009-01-17 16:00 <DIR> d-------- c:\windows\system32\Futuremark
2009-01-17 16:00 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys
2009-01-17 16:00 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
2009-01-17 16:00 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys
2009-01-17 16:00 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
2009-01-17 12:16 . 2009-01-17 12:17 <DIR> d-------- c:\program files\Talisman 2
2009-01-17 09:18 . 2009-01-17 09:19 <DIR> d-------- c:\program files\Autodesk
2009-01-16 20:01 . 2009-01-16 20:01 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Corel
2009-01-16 19:59 . 2009-01-16 19:59 <DIR> d-------- c:\program files\Common Files\Protexis
2009-01-16 19:37 . 2009-01-16 20:03 2,828 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-16 19:37 . 2009-01-16 19:37 8 -r-hs---- c:\documents and settings\All Users\Application Data\174A0243AE.sys
2009-01-16 19:36 . 2009-01-16 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-16 14:51 . 2009-01-16 14:51 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-15 06:53 . 2009-01-15 06:53 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-01-15 06:53 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-15 06:53 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-15 03:25 . 2009-01-21 13:22 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Download Manager
2009-01-14 23:28 . 2009-01-14 23:28 <DIR> d-------- c:\program files\uTorrent
2009-01-14 23:28 . 2009-01-26 21:42 <DIR> d-------- c:\documents and settings\veljko™\Application Data\uTorrent
2009-01-14 09:09 . 2009-01-26 20:59 <DIR> d-------- C:\Fraps
2009-01-14 09:09 . 2009-01-26 15:26 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-14 05:08 . 2009-01-15 04:28 <DIR> d-------- c:\documents and settings\veljko™\Application Data\CoreFTP
2009-01-12 00:31 . 2009-01-13 22:02 <DIR> d-------- c:\program files\Web Page Maker
2009-01-12 00:31 . 2009-01-12 00:31 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Web Page Maker
2009-01-11 22:41 . 2008-06-30 16:30 188,547 --a------ C:\wubildr
2009-01-11 22:41 . 2008-06-30 16:30 8,192 --a------ C:\wubildr.mbr
2009-01-11 13:48 . 2009-01-11 13:49 <DIR> d-------- c:\program files\GStudio7
2009-01-09 20:27 . 2009-01-09 20:27 <DIR> d---s---- c:\documents and settings\veljko™\UserData
2009-01-09 20:27 . 2009-01-09 20:27 <DIR> d---s---- c:\documents and settings\veljko™\UserData
2009-01-09 20:21 . 2009-01-09 20:26 <DIR> d-------- c:\program files\Virtual Earth 3D
2009-01-08 21:14 . 2009-01-08 21:14 <DIR> d-------- c:\program files\Object Desktop
2009-01-08 21:14 . 2009-01-08 21:14 <DIR> d-------- c:\program files\Common Files\Stardock
2009-01-08 21:14 . 2000-10-20 01:05 25,088 --a------ c:\windows\system32\msxml3a.dll
2009-01-08 20:41 . 2009-01-08 20:52 <DIR> d-------- c:\windows\7SP_Files
2009-01-08 20:41 . 2008-04-14 05:42 140,288 --a------ c:\windows\system32\OLD8F.tmp
2009-01-06 15:02 . 2009-01-06 15:02 <DIR> d-------- c:\program files\Stylet Click & Term 1.0
2009-01-06 14:54 . 2009-01-06 14:54 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-01-06 14:49 . 2008-07-10 17:28 50,200 --a------ c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-01-06 14:48 . 2009-01-06 14:48 <DIR> d-------- c:\windows\system32\RsFx
2009-01-06 14:48 . 2008-07-10 17:28 79,896 --a------ c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-01-06 14:35 . 2009-01-06 14:45 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-05 11:21 . 2009-01-05 11:21 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Flock
2009-01-05 10:40 . 2009-01-05 10:40 <DIR> d-------- c:\program files\eMule
2009-01-05 10:36 . 2009-01-05 10:36 <DIR> d-------- c:\program files\NamiRobot
2009-01-05 10:05 . 2004-12-19 23:00 111,104 --a------ c:\windows\system32\uharc.exe
2009-01-05 10:05 . 2004-09-03 23:43 199 --a------ c:\windows\system32\paypal.url
2009-01-05 10:05 . 2005-01-28 01:49 111 --a------ c:\windows\system32\winx.url
2009-01-05 09:59 . 2009-01-05 09:59 <DIR> d-------- c:\program files\Tablic
2009-01-05 09:59 . 2009-01-05 09:59 249,856 --------- c:\windows\Setup1.exe
2009-01-05 09:59 . 2009-01-05 09:59 73,216 --a------ c:\windows\ST6UNST.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 20:11 --------- d-----w c:\program files\Garena
2009-01-26 20:00 --------- d-----w c:\program files\Opera
2009-01-26 20:00 --------- d-----w c:\program files\Maxthon2
2009-01-26 20:00 --------- d-----w c:\program files\7-Zip
2009-01-25 09:36 --------- d-----w c:\program files\FrostWire
2009-01-25 09:32 --------- d-----w c:\program files\JetAudio
2009-01-25 09:23 --------- d-----w c:\program files\PowerISO
2009-01-24 11:54 --------- d-----w c:\program files\Common Files\Adobe
2009-01-23 11:36 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-23 09:06 --------- d-----w c:\program files\Vista Start Menu
2009-01-22 09:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 21:31 --------- d-----w c:\program files\MSBuild
2009-01-21 20:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-21 19:51 --------- d-----w c:\program files\Google
2009-01-20 09:11 --------- d-----w c:\program files\GIGABYTE
2009-01-20 09:10 16,608 ----a-w c:\windows\gdrv.sys
2009-01-19 04:14 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-17 08:28 --------- d-----w c:\documents and settings\veljko™\Application Data\Autodesk
2009-01-15 03:22 --------- d-----w c:\program files\CoreFTP
2009-01-14 22:27 --------- d-----w c:\documents and settings\veljko™\Application Data\BitTorrent
2009-01-14 04:06 --------- d-----w c:\documents and settings\veljko™\Application Data\FileZilla
2009-01-11 20:31 --------- d-----w c:\program files\CCleaner
2009-01-11 07:37 --------- d-----w c:\program files\AutoCAD 2007
2009-01-11 07:35 832 ----a-w c:\program files\Google - Shortcut.lnk
2009-01-10 17:55 43,968 ----a-w c:\windows\system32\drivers\eusk3usb.sys
2009-01-06 13:55 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-01-06 13:48 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-06 13:40 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-06 08:06 --------- d-----w c:\program files\Flock
2009-01-04 16:22 --------- d-----w c:\program files\SpeedFan
2009-01-04 15:19 --------- d-----w c:\program files\Ultra DVD Creator
2009-01-04 15:17 --------- d-----w c:\program files\Total Commander XP
2009-01-04 15:16 --------- d-----w c:\program files\Ahead
2009-01-04 15:15 --------- d-----w c:\program files\CorelDraw X3 Portable
2009-01-04 12:56 --------- d-----w c:\program files\Rockstar Games
2009-01-03 08:52 --------- d-----w c:\program files\ViStart
2009-01-02 18:07 --------- d-----w c:\program files\Intel
2009-01-01 18:02 --------- d-----w c:\documents and settings\veljko™\Application Data\ImgBurn
2008-12-30 12:42 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-30 07:07 --------- d-----w c:\program files\RocketDock
2008-12-29 11:45 --------- d-----w c:\documents and settings\veljko™\Application Data\ViStart
2008-12-27 19:24 --------- d-----w c:\program files\Yahoo!
2008-12-27 10:10 --------- d-----w c:\documents and settings\veljko™\Application Data\FrostWire
2008-12-25 12:08 --------- d-----w c:\program files\AnswerWorks 4.0
2008-12-25 08:07 --------- d--h--r c:\documents and settings\veljko™\Application Data\SecuROM
2008-12-24 17:18 --------- d-----w c:\documents and settings\veljko™\Application Data\Media Player Classic
2008-12-24 09:19 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-23 16:55 --------- d-----w c:\program files\Defraggler
2008-12-23 16:24 --------- d-----w c:\program files\Styler
2008-12-23 16:24 --------- d-----w c:\documents and settings\veljko™\Application Data\Styler
2008-12-23 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-23 09:45 --------- d-----w c:\documents and settings\veljko™\Application Data\Mount&Blade
2008-12-23 09:40 --------- d-----w c:\program files\Mount&Blade
2008-12-21 12:24 --------- d-----w c:\program files\NetLimiter 2 Monitor
2008-12-21 12:24 --------- d-----w c:\documents and settings\veljko™\Application Data\Locktime
2008-12-21 12:24 --------- d-----w c:\documents and settings\All Users\Application Data\Locktime
2008-12-21 11:10 --------- d-----w c:\program files\Mini recnik
2008-12-21 11:04 --------- d-----w c:\program files\Free IP Switcher
2008-12-20 12:35 --------- d-----w c:\program files\Smart Projects
2008-12-19 20:38 --------- d-----w c:\program files\DScaler
2008-12-19 20:13 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-12-19 16:47 --------- d-----w c:\program files\Ad Muncher
2008-12-19 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Ad Muncher
2008-12-19 15:45 --------- d-----w c:\documents and settings\veljko™\Application Data\Activision
2008-12-19 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Activision
2008-12-18 21:48 --------- d-----w c:\program files\The KMPlayer
2008-12-18 20:58 --------- d-----w c:\documents and settings\veljko™\Application Data\Skype
2008-12-18 20:57 --------- d-----w c:\documents and settings\veljko™\Application Data\DAEMON Tools
2008-12-18 20:56 --------- d-----w c:\documents and settings\veljko™\Application Data\Launchy
2008-12-18 20:56 --------- d-----w c:\documents and settings\LocalService\Application Data\Acronis
2008-12-18 20:51 --------- d-----w c:\documents and settings\veljko™\Application Data\Sony
2008-12-18 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-12-18 20:18 --------- d-----w c:\documents and settings\veljko™\Application Data\Sports Interactive
2008-12-18 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-12-18 20:14 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-18 20:07 --------- d-----w c:\program files\Winamp
2008-12-18 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Acronis
2008-12-18 19:27 441,760 ----a-w c:\windows\system32\drivers\timntr.sys
2008-12-18 19:27 44,384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-12-18 19:27 368,544 ----a-w c:\windows\system32\drivers\tdrpman.sys
2008-12-18 19:27 129,248 ----a-w c:\windows\system32\drivers\snapman.sys
2008-12-18 19:27 --------- d-----w c:\program files\Common Files\Acronis
2008-12-18 19:27 --------- d-----w c:\program files\Acronis
2008-12-18 19:26 --------- d-----w c:\documents and settings\veljko™\Application Data\BearShare
2008-12-18 19:25 --------- d-----w c:\program files\Real Alternative
2008-12-18 19:25 --------- d-----w c:\program files\Common Files\Skype
2008-12-18 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-18 19:24 --------- d-----w c:\program files\Launchy
2008-12-18 19:24 --------- d-----w c:\program files\Common Files\COWON
2008-12-18 19:23 --------- d-----w c:\program files\JetPhoto Studio 2007
2008-12-18 19:23 --------- d-----w c:\program files\Java
2008-12-18 19:23 --------- d-----w c:\program files\Common Files\Java
2008-12-18 19:23 --------- d-----w c:\program files\AskSBar
2008-12-18 19:17 --------- d-----w c:\documents and settings\veljko™\Application Data\Azureus
2008-12-18 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-12-18 19:02 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-18 19:00 --------- d-----w c:\documents and settings\veljko™\Application Data\OpenOffice.org
2008-12-18 19:00 --------- d-----w c:\documents and settings\veljko™\Application Data\Dev-Cpp
2008-12-18 18:47 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-18 18:45 --------- d-----w c:\program files\Common Files\Macrovision Shared
.
------- Sigcheck -------
2004-08-04 00:26 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-14 05:42 1143808 7b7758a3228282cb28fdfd53228b3dee c:\windows\ServicePackFiles\i386\wininet.dll
2008-04-14 05:42 1143808 7b7758a3228282cb28fdfd53228b3dee c:\windows\system32\wininet.dll
2008-04-14 05:42 3195904 076dc8e559181061a5a5884cb1a67567 c:\windows\explorer.exe
2004-08-04 00:26 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 05:42 3195904 076dc8e559181061a5a5884cb1a67567 c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-04 00:26 111104 4126d27cece4471e00e425411f7306b5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-04-14 05:42 103424 8f78669b44816cb38376f85730c7e411 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-04-14 05:42 103424 8f78669b44816cb38376f85730c7e411 c:\windows\system32\wuauclt.exe
2008-04-14 05:42 103424 8f78669b44816cb38376f85730c7e411 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-26_21.46.33.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-26 21:37:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_a00.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-12-18 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-12-18 20:23 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\live\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5788672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-04-29 21:58 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck xmnt2002 /bat=c:\windows\TEMP\PQ_BATCH.PQB /win=c:\windows /dbg=c:\WINDOWS\TEMP\PQ_DEBUG.TXT /ver=262144 /prd=PartitionMagic\0autocheck autochk *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
c:\program files\ViStart\ViStart [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 22:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-10-30 20:07 140568 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-10-30 20:11 909208 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 02:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASuite]
--a------ 2008-05-24 21:26 457728 d:\lupo pensuite v6.70 full\Launcher\ASuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-18 18:56 342848 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopX]
--a------ 2006-08-01 00:23 530944 c:\progra~1\OBJECT~1\DesktopX\DesktopX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
--a------ 2007-07-26 15:05 20480 c:\program files\GIGABYTE\ET5Pro\ETcall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
--a------ 2007-12-14 11:46 236040 c:\program files\GIGABYTE\GEST\run.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-01-17 18:04 133104 c:\documents and settings\veljko™\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 02:34 5788672 d:\live\Windows Live\Messenger\MSNMSGR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2009-01-05 14:53 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 c:\program files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 13:11 21738792 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-18 22:25 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-10-30 20:06 2595616 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar]
--a------ 2006-01-21 12:41 118784 c:\program files\Vista Rainbar\Rainmeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-10-08 21:19 2145792 c:\program files\Vista Start Menu\VistaStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 c:\program files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 c:\program files\WinFast\WFDTV\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"NVSvc"=2 (0x2)
"GEST Service"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"idsvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"nlsvc"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"SQLWriter"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"mi-raysat_3dsMax2009_32"=2 (0x2)
"gusvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"e:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\PROGRA~1\\COMMON~1\\Stardock\\SDMCP.exe"=
"c:\\WINDOWS\\system32\\RecovReboot.exe"=
"c:\\Documents and Settings\\veljko™\\Desktop\\ComboFix.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\live\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\DOCUME~1\\VELJKO~1\\LOCALS~1\\Temp\\qmkm.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-12-18 100368]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-12-18 41680]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\kkjpp.sys --> c:\windows\system32\drivers\kkjpp.sys [?]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2008-12-27 81360]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\VELJKO~1\LOCALS~1\Temp\RRI76.tmp --> c:\docume~1\VELJKO~1\LOCALS~1\Temp\RRI76.tmp [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2008-12-18 9446]
S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-12-18 47624]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-18 603904]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASC3360PR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-01-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28]
2009-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-838170752-839522115-1003.job
- c:\documents and settings\veljko []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: &UʹÓÃÄÉÃ×»úÆ÷ÈËÏÂÔز¢ÊÕ²Ø - c:\program files\NamiRobot\Data\du.html
IE: &U???????????? - c:\program files\NamiRobot\Data\du.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\documents and settings\veljko™\Application Data\Mozilla\Firefox\Profiles\e5ru52ze.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blingmysearch.com/bms/google/veljko
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 22:37:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\VELJKO~1\LOCALS~1\Temp\RRI76.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-57989841-838170752-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:62,45,97,56,e7,e7,78,94,26,a3,d2,8d,0d,58,ea,5b,9a,b6,39,81,42,
23,d3,82,bf,32,51,1f,8d,02,01,84,ca,59,21,63,84,9c,d4,c0,84,7b,54,9c,fd,21,\
"rkeysecu"=hex:20,cb,01,6d,ee,4a,06,14,18,b5,54,c7,6d,a9,de,39
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1940)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
- - - - - - - > 'lsass.exe'(1996)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\docume~1\VELJKO~1\LOCALS~1\temp\qmkm.exe
c:\docume~1\VELJKO~1\LOCALS~1\temp\winwhxmbx.exe
.
**************************************************************************
.
Completion time: 2009-01-26 22:41:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-26 21:41:14
ComboFix2.txt 2009-01-26 20:47:35
Pre-Run: 5,632,434,176 bytes free
Post-Run: 5,513,564,160 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
532
Evo cf loga ovo drugo cu postaviti sutra jer sada nece ni da mi se skine
Nastavljamo sutra ako se slazes?
Dopuna: 27 Jan 2009 10:10
Skinuo sam dr.webcuireit prko druguos os jernije hteo sam xp-a.Ali nece da udje u safe mod prikaze na trenutak plavi ekran(BSOD)?Sada cu poceti skeniranje u normalnom modu jer drugacije ne moe?
Dopuna: 27 Jan 2009 10:11
Nece da udje u safe mod izbacuje plavi ekran na trenutak pa se restartuje??Poceo sam skeniranje iz normal moad
Dopuna: 27 Jan 2009 10:37
evo i tog loga samo nije iz safe moda jer on neradi?
gigen.exe;c:\documents and settings\veljko™\local settings\temp;Trojan.PWS.Multi.21;Deleted.;
winglrj.exe;c:\documents and settings\veljko™\local settings\temp;Trojan.Spambot.3378;Deleted.;
winmjlnr.exe;c:\documents and settings\veljko™\local settings\temp;Trojan.Proxy.origin;Incurable.Moved.;
msnmsgr.exe;d:\live\windows live\messenger;Win32.Sector.9;Cured.;
uninstall.exe;C:\Dev-Cpp;Win32.Sector.9;Cured.;
addr2line.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
ar.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
as.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
c++.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
c++filt.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
cpp.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
dlltool.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
g++.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
gcc.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
gdb.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
gprof.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
ld.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
make.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
mingw32-c++.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
mingw32-g++.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
mingw32-gcc.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
mingw32-make.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
nm.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
objcopy.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
objdump.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
ranlib.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
readelf.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
rm.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
size.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
strings.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
strip.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
windres.exe;C:\Dev-Cpp\bin;Win32.Sector.9;Cured.;
cc1.exe;C:\Dev-Cpp\libexec\gcc\mingw32\3.4.2;Win32.Sector.9;Cured.;
cc1plus.exe;C:\Dev-Cpp\libexec\gcc\mingw32\3.4.2;Win32.Sector.9;Cured.;
collect2.exe;C:\Dev-Cpp\libexec\gcc\mingw32\3.4.2;Win32.Sector.9;Cured.;
ar.exe;C:\Dev-Cpp\mingw32\bin;Win32.Sector.9;Cured.;
as.exe;C:\Dev-Cpp\mingw32\bin;Win32.Sector.9;Cured.;
dlltool.exe;C:\Dev-Cpp\mingw32\bin;Win32.Sector.9;Cured.;
ld.exe;C:\Dev-Cpp\mingw32\bin;Win32.Sector.9;Cured.;
nm.exe;C:\Dev-Cpp\mingw32\bin;Win32.Sector.9;Cured.;
ranlib.exe;C:\Dev-Cpp\mingw32\bin;Win32.Sector.9;Cured.;
strip.exe;C:\Dev-Cpp\mingw32\bin;Win32.Sector.9;Cured.;
arw.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
cpp.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
dlltool.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
gcc.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
gdbpasw.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
grep.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
ldw.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
ppc386.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
stripw.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
upx.exe;C:\Dev-Pas\Bin;Win32.Sector.9;Cured.;
Tetris.exe;C:\Dev-Pas\Examples\Tetris;Win32.Sector.9;Cured.;
GrLauncher.exe;C:\Documents and Settings\veljko™\Application Data\GRETECH\GomPlayer;Win32.Sector.9;Cured.;
ComboFix.exe;C:\Documents and Settings\veljko™\Desktop;Win32.Sector.9;Cured.;
VELJKO.exe;C:\Documents and Settings\veljko™\Desktop;Win32.Sector.9;Cured.;
Setup.exe;C:\Documents and Settings\veljko™\Desktop\veljko\Adobe InDesign CS4\Adobe CS4;Win32.Sector.9;Cured.;
AIRApplicationRunner.exe;C:\Documents and Settings\veljko™\Desktop\veljko\Adobe InDesign CS4\Adobe CS4\payloads\AdobeAMP-mul;Win32.Sector.9;Cured.;
WindowsInstaller-KB893803-v2-x86.exe;C:\Documents and Settings\veljko™\Desktop\veljko\Adobe InDesign CS4\Adobe CS4\redist;Win32.Sector.9;Cured.;
WindowsServer2003-KB898715-ia64-enu.exe;C:\Documents and Settings\veljko™\Desktop\veljko\Adobe InDesign CS4\Adobe CS4\redist;Win32.Sector.9;Cured.;
WindowsServer2003-KB898715-x64-enu.exe;C:\Documents and Settings\veljko™\Desktop\veljko\Adobe InDesign CS4\Adobe CS4\redist;Win32.Sector.9;Cured.;
WindowsServer2003-KB898715-x86-enu.exe;C:\Documents and Settings\veljko™\Desktop\veljko\Adobe InDesign CS4\Adobe CS4\redist;Win32.Sector.9;Cured.;
WindowsXP-KB898715-x64-enu.exe;C:\Documents and Settings\veljko™\Desktop\veljko\Adobe InDesign CS4\Adobe CS4\redist;Win32.Sector.9;Cured.;
xpidl.exe;C:\Documents and Settings\veljko™\Desktop\veljko\KompoZer 0.7.10;Win32.Sector.9;Cured.;
gfwlivesetupmin.exe;C:\Documents and Settings\veljko™\Desktop\veljko\programi;Win32.Sector.9;Cured.;
Vista Live Shell Pack 2.0 - Blue.exe;C:\Documents and Settings\veljko™\Desktop\veljko\programi;Win32.Sector.9;Cured.;
HEADZOTS.exe;C:\Documents and Settings\veljko™\Desktop\veljko\programi\headzots;Win32.Sector.9;Cured.;
ccsetup215.exe;C:\Documents and Settings\veljko™\Desktop\veljko\programi\nevazni programi;Win32.Sector.9;Cured.;
daemon347.exe;C:\Documents and Settings\veljko™\Desktop\veljko\programi\nevazni programi;Win32.Sector.9;Cured.;
MediaBrowser.exe;C:\Documents and Settings\veljko™\Desktop\veljko\programi\nevazni programi;Win32.Sector.9;Cured.;
Setup.exe;C:\Documents and Settings\veljko™\Desktop\veljko\programi\nevazni programi;Win32.Sector.9;Cured.;
setupeng.exe;C:\Documents and Settings\veljko™\Desktop\veljko\programi\nevazni programi;Win32.Sector.9;Cured.;
dfsetup105.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary;Win32.Sector.9;Cured.;
FISSetup.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary;Win32.Sector.9;Cured.;
iQuantum Styler.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary;Win32.Sector.9;Cured.;
iQuantum wallpapers.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary;Win32.Sector.9;Cured.;
iQuantum XP.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary;Win32.Sector.9;Cured.;
rcsetup121.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary;Win32.Sector.9;Cured.;
xfire_installer_35250.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary;Win32.Sector.9;Cured.;
ViStart OneStep.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\kl\Vista Transformation Pack\Vista Transformation Pack ver.1 by mitc;Win32.Sector.9;Cured.;
ViOrb OneStep.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\kl\Vista Transformation Pack\Vista Transformation Pack ver.1 by mitc;Win32.Sector.9;Cured.;
RainbarEn.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\kl\Vista Transformation Pack\Vista Transformation Pack ver.1 by mitc;Win32.Sector.9;Cured.;
ViStart.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Seven ViStart_By_Renan J;Win32.Sector.9;Cured.;
Fonts.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\SevenVG Refresh Theme for Windows XP by Vishal Gupta\Fonts;Win32.Sector.9;Cured.;
Then Run Me.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\SevenVG Refresh Theme for Windows XP by Vishal Gupta\Styler Toolbar;Win32.Sector.9;Cured.;
Theme.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\SevenVG Refresh Theme for Windows XP by Vishal Gupta\Theme;Win32.Sector.9;Cured.;
Fonts.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\SevenVG Theme for Windows XP by Vishal Gupta\Fonts;Win32.Sector.9;Cured.;
Then Run Me.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\SevenVG Theme for Windows XP by Vishal Gupta\Styler Toolbar;Win32.Sector.9;Cured.;
Theme.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\SevenVG Theme for Windows XP by Vishal Gupta\Theme;Win32.Sector.9;Cured.;
WindowsSe7en.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Se7en Transformation Pack;Win32.Sector.9;Cured.;
clock.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Se7en Transformation Pack\Vienna_Transformation\Gadgets;Win32.Sector.9;Cured.;
dock.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Se7en Transformation Pack\Vienna_Transformation\Gadgets;Win32.Sector.9;Cured.;
launcher.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Se7en Transformation Pack\Vienna_Transformation\Gadgets;Win32.Sector.9;Cured.;
Vienna Explorer.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Se7en Transformation Pack\Vienna_Transformation\Vienna Explo;Win32.Sector.9;Cured.;
Dock.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Se7en Transformation Pack\Vienna_Transformation\Windows 7 Pi;Win32.Sector.9;Cured.;
logonui.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Seven - Final\Português - Brasil\Logon\Windows 7 Logon;Win32.Sector.9;Cured.;
ViOrbv2.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Seven - Final\Português - Brasil\ViOrb;Win32.Sector.9;Cured.;
ViStart.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Seven - Final\Português - Brasil\Vistart com Skin;Win32.Sector.9;Cured.;
ViStart.exe;C:\Documents and Settings\veljko™\Desktop\veljko\temporary\Windows Seven - Final\Português - Brasil\Vistart com Skin\ViStart;Win32.Sector.9;Cured.;
|
Skini ComboFix sa jedne od sledecih adresa na Desktop:
i 
