|
|
Poslao: 26 Jul 2009 20:58
|
offline
- biloxi
- Novi MyCity građanin
- Pridružio: 15 Jul 2009
- Poruke: 25
|
ComboFix 09-07-25.08 - Bojan Suvajac 07/26/2009 20:39.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.530 [GMT 2:00]
Running from: c:\documents and settings\Bojan Suvajac\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bojan Suvajac\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\windows\system32\$NtUninstallKB9\alg.exe"
"c:\windows\system32\$NtUninstallKB9\update.exe"
"c:\windows\system32\vsnpstd3.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bojan Suvajac\Application Data\addons.dat
c:\windows\system32\$NtUninstallKB9\alg.exe
c:\windows\system32\$NtUninstallKB9\update.exe
c:\windows\system32\vsnpstd3.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.
2009-07-26 16:26 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 16:26 . 2009-07-26 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 16:26 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 10:54 . 2009-07-26 10:54 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-07-24 20:09 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-24 20:07 . 2009-07-24 20:07 -------- d-----w- c:\program files\Panda Security
2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2009-07-21 09:20 . 2009-07-21 19:21 -------- d-----w- C:\Adcda2
2009-07-17 08:58 . 2009-07-26 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-17 08:58 . 2009-07-17 08:58 -------- d-----w- c:\program files\Lavasoft
2009-07-17 08:52 . 2009-07-17 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 08:52 . 2009-07-17 08:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 16:53 . 2009-07-15 16:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-15 15:55 . 2009-07-15 16:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 12:00 . 2009-07-15 12:00 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IECompatCache
2009-07-15 10:47 . 2009-07-15 10:47 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\PrivacIE
2009-07-15 10:45 . 2009-07-15 10:45 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IETldCache
2009-07-15 10:27 . 2009-07-15 10:27 -------- d-----w- c:\windows\ie8updates
2009-07-15 10:22 . 2009-07-15 10:22 -------- dc-h--w- c:\windows\ie8
2009-07-15 10:12 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-15 10:11 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 10:11 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 09:58 . 2009-07-17 13:26 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2009-07-14 09:05 . 2009-07-14 09:05 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\ESET
2009-07-14 09:04 . 2009-07-14 09:04 -------- d-----w- c:\program files\ESET
2009-07-09 12:26 . 2009-07-09 12:26 -------- d-----w- c:\program files\directx
2009-07-09 12:15 . 2009-07-09 12:15 -------- d-----w- c:\program files\TDK
2009-07-06 11:26 . 2009-07-01 16:22 52224 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
2009-07-06 11:26 . 2009-07-01 16:22 114688 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\npmozax.dll
2009-07-04 08:48 . 2009-07-04 09:10 -------- d-----w- c:\program files\UltraISO
2009-07-03 10:00 . 2009-07-03 10:02 -------- d-----w- c:\program files\Urban Jungle
2009-07-01 12:36 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-01 12:36 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-30 09:32 . 2004-09-09 16:36 20661 ----a-w- c:\program files\config.dat
2009-06-30 09:22 . 2004-02-25 04:41 12528 ----a-w- c:\program files\SECDRV.SYS
2009-06-30 09:22 . 2004-10-08 17:51 3985408 ------w- c:\program files\fifa2005.exe
2009-06-30 09:21 . 2006-08-08 14:41 -------- d-----w- c:\program files\Support
2009-06-30 09:21 . 2004-10-10 10:48 -------- d-----w- c:\program files\data
2009-06-29 09:21 . 2009-06-30 08:58 -------- d-----w- c:\program files\Elltube
2009-06-27 16:18 . 2009-06-27 16:18 -------- d-----w- c:\program files\UlisesSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 08:43 . 2009-06-25 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-21 19:20 . 2009-07-21 09:21 566784 ----a-w- c:\windows\~de74bc.tmp
2009-07-17 12:58 . 2002-08-29 01:41 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-15 11:12 . 2009-06-03 09:20 2320640 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-15 09:29 . 2009-06-14 08:49 -------- d-----w- c:\program files\Winamp
2009-07-14 14:03 . 2009-05-10 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-14 09:04 . 2009-05-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-13 19:33 . 2009-05-20 16:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-06 11:03 . 2009-05-11 09:23 -------- d-----w- c:\program files\Microsoft
2009-06-27 16:44 . 2009-05-11 16:47 -------- d-----w- c:\program files\CODTR
2009-06-26 09:01 . 2009-06-26 09:01 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-26 09:00 . 2009-06-26 09:00 -------- d-----w- c:\program files\MSECache
2009-06-25 14:08 . 2009-05-10 15:22 69232 ----a-w- c:\documents and settings\Bojan Suvajac\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 14:00 . 2009-06-25 14:00 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 10:28 . 2009-06-25 10:19 6028 ----a-w- c:\windows\system32\drivers\kwflower.log
2009-06-25 10:26 . 2009-06-25 10:19 2965 ----a-w- c:\windows\system32\drivers\kwfupper.log
2009-06-25 10:20 . 2009-06-25 10:20 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Kerio
2009-06-23 10:43 . 2009-05-12 18:03 -------- d-----w- c:\program files\EA GAMES
2009-06-23 09:20 . 2009-06-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2009-06-22 16:17 . 2009-06-22 16:17 -------- d-----w- c:\program files\Na_Kosovo_ravno
2009-06-18 21:20 . 2009-06-17 10:29 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\DNA
2009-06-18 20:29 . 2009-05-20 17:22 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Dev-Cpp
2009-06-17 16:26 . 2009-06-17 13:02 -------- d-----w- c:\program files\Google
2009-06-17 06:27 . 2009-06-17 06:26 -------- d-----w- c:\program files\18 Wheels of Steel Convoy
2009-06-16 11:32 . 2009-06-04 13:30 -------- d-----w- c:\program files\18 WoS Pedal to the Metal
2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-14 13:10 . 2009-06-14 13:10 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-14 13:10 . 2009-06-14 13:10 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-06-14 13:10 . 2009-06-14 13:10 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-06-14 13:06 . 2009-05-13 11:14 -------- d-----w- c:\program files\Sony Ericsson
2009-06-07 14:56 . 2009-06-07 14:55 -------- d-----w- c:\program files\Dream Match Tennis Pro
2009-06-07 14:27 . 2009-06-07 14:24 -------- d-----w- c:\program files\VIRTUA TENNIS
2009-06-04 13:15 . 2009-06-02 16:36 -------- d-----w- c:\program files\18 WoS Across America
2009-06-03 07:38 . 2009-06-03 07:38 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-03 07:38 . 2009-06-03 07:38 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-02 16:36 . 2009-05-24 16:54 -------- d-----w- c:\program files\InstallShield Installation Information
2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\program files\Ligos
2009-06-01 14:56 . 2009-06-01 14:56 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-06-01 14:56 . 2009-06-01 14:56 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-05-28 14:51 . 2009-05-28 14:50 -------- d-----w- c:\program files\Ahead
2009-05-28 14:50 . 2009-05-28 14:50 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-27 20:42 . 2009-05-27 20:41 -------- d-----w- c:\program files\CDex_150
2009-05-24 17:28 . 2009-05-24 17:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 20:43 . 2009-05-22 20:43 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-05-22 20:43 . 2009-05-22 20:43 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-05-22 20:43 . 2009-05-22 20:43 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-21 10:44 . 2009-05-21 10:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-20 16:51 . 2009-05-20 16:53 38200 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-19 19:35 . 2009-05-19 19:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 19:34 . 2009-05-19 19:34 152576 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-02-06 12:23 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2008-07-01 06:56 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 18:11 . 2009-05-13 18:11 0 ----a-w- c:\windows\nsreg.dat
2009-05-13 16:09 . 2009-05-13 16:09 720896 ----a-w- c:\windows\iun6002.exe
2009-05-10 15:00 . 2009-05-10 14:11 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TR13DVRF.DAT
2009-05-10 14:12 . 2009-05-10 14:12 558142 ----a-w- c:\windows\java\Packages\5Z3TB97D.ZIP
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TBTFJVZ1.DAT
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\WCTRT7J7.DAT
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\BP3PJPJR.DAT
2009-05-10 14:12 . 2009-05-10 14:12 155995 ----a-w- c:\windows\java\Packages\3B9N5R1V.ZIP
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\NVB3TB79.DAT
2009-05-10 14:09 . 2009-05-10 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-16 01:53 . 2009-05-13 18:10 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\$NtUninstallKB9 ----
2009-07-26 10:08 . 2009-07-26 18:35 7312 ---ha-w- c:\windows\system32\$NtUninstallKB9\logg.dat
2002-08-29 01:41 . 2009-07-26 18:39 93669 ---ha-w- c:\windows\system32\$NtUninstallKB9\alg.exe
2002-08-29 01:41 . 2009-07-26 18:39 93669 ---ha-w- c:\windows\system32\$NtUninstallKB9\update.exe
------- Sigcheck -------
[7] 2004-08-03 22:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\system32\user32.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-03 22:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll
[7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ie8\wininet.dll
[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\dllcache\wininet.dll
[7] 2004-08-03 22:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\winlogon.exe
[7] 2004-08-03 20:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-03 21:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\system32\ntoskrnl.exe
[-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\explorer.exe
[7] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-03 22:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\system32\ctfmon.exe
[7] 2004-08-03 22:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\system32\comres.dll
[7] 2004-08-03 22:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\system32\comctl32.dll
[7] 2001-08-23 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2002-08-29 01:41 921600 76B90BD220F1B1CC9E183C6B1AE9FBB4 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[7] 2004-08-03 22:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-26_16.16.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-26 17:48 . 2009-07-26 17:48 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2009-07-26 10:08 . 2009-07-26 18:35 7312 c:\windows\system32\$NtUninstallKB9\logg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 40448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2002-12-27 774213]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-12-27 315392]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-13 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"Yodm3D"=c:\documents and settings\Bojan Suvajac\Desktop\Ubuntu_XP_by_ShamusHand\3D Desktop\yodm3D\Yodm3D.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Na_Kosovo_ravno\\Na Kosovo ravno\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:*:Disabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Disabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Disabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Disabled:@xpsp2res.dll,-22002
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/24/2009 10:09 PM 28544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/3/2009 9:38 AM 604416]
S2 gupdate1c9ef4c2f326b9a;Google Update Service (gupdate1c9ef4c2f326b9a);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 3:04 PM 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/14/2009 3:10 PM 13224]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [5/13/2009 1:14 PM 11648]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 10:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04]
2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Settings,ProxyServer = 421.420.422:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: I&zvezi u program Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319744&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - RapidSerbia 2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319744&SearchSource=2&q=
FF - component: c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-26 20:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
c:\program files\Internet Explorer\iexplore.exe [1772] 0x85739350
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2009-07-26 20:49
ComboFix-quarantined-files.txt 2009-07-26 18:48
ComboFix2.txt 2009-07-26 16:20
Pre-Run: 11,199,897,600 bytes free
Post-Run: 11,173,396,480 bytes free
338 --- E O F --- 2009-05-10 15:26
|
|
|
|
Poslao: 26 Jul 2009 21:22
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Upload-uj file: c:\windows\system32CmdLineExt.dll
http://www.mycity.rs/ambulanta-upload.php
Proveri da li postoje ova dva file-a (ne treba upload):
c:\windows\system32\$NtUninstallKB9\alg.exe
c:\windows\system32\$NtUninstallKB9\update.exe
|
|
|
|
|
Poslao: 28 Jul 2009 11:54
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Upload-ovao si ovaj file:
c:\windows\system32\CmdLineExt.dll
Mene zanima ovaj:
c:\windows\system32CmdLineExt.dll
Vidiš li razliku?
File se nalazi u Windows folderu i zove se system32CmdLineExt.dll .
Čekam novi upload...
|
|
|
|
|
|
Poslao: 28 Jul 2009 14:37
|
offline
- biloxi
- Novi MyCity građanin
- Pridružio: 15 Jul 2009
- Poruke: 25
|
ComboFix 09-07-27.04 - Bojan Suvajac 07/28/2009 14:19.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.672 [GMT 2:00]
Running from: c:\documents and settings\Bojan Suvajac\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bojan Suvajac\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\$NtUninstallKB9
c:\windows\system32\$NtUninstallKB9\logg.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.
2009-07-26 16:26 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 16:26 . 2009-07-26 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 16:26 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 10:54 . 2009-07-26 10:54 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-07-24 20:09 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-24 20:07 . 2009-07-24 20:07 -------- d-----w- c:\program files\Panda Security
2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2009-07-21 09:20 . 2009-07-21 19:21 -------- d-----w- C:\Adcda2
2009-07-17 08:58 . 2009-07-26 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-17 08:58 . 2009-07-17 08:58 -------- d-----w- c:\program files\Lavasoft
2009-07-17 08:52 . 2009-07-17 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 08:52 . 2009-07-17 08:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 16:53 . 2009-07-15 16:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-15 15:55 . 2009-07-15 16:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 12:00 . 2009-07-15 12:00 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IECompatCache
2009-07-15 10:47 . 2009-07-15 10:47 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\PrivacIE
2009-07-15 10:45 . 2009-07-15 10:45 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IETldCache
2009-07-15 10:27 . 2009-07-15 10:27 -------- d-----w- c:\windows\ie8updates
2009-07-15 10:22 . 2009-07-15 10:22 -------- dc-h--w- c:\windows\ie8
2009-07-15 10:12 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-15 10:11 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 10:11 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 09:58 . 2009-07-17 13:26 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2009-07-14 09:05 . 2009-07-14 09:05 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\ESET
2009-07-14 09:04 . 2009-07-14 09:04 -------- d-----w- c:\program files\ESET
2009-07-09 12:26 . 2009-07-09 12:26 -------- d-----w- c:\program files\directx
2009-07-09 12:15 . 2009-07-09 12:15 -------- d-----w- c:\program files\TDK
2009-07-06 11:26 . 2009-07-01 16:22 52224 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
2009-07-06 11:26 . 2009-07-01 16:22 114688 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\npmozax.dll
2009-07-04 08:48 . 2009-07-04 09:10 -------- d-----w- c:\program files\UltraISO
2009-07-03 10:00 . 2009-07-03 10:02 -------- d-----w- c:\program files\Urban Jungle
2009-07-01 12:36 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-01 12:36 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-30 09:32 . 2004-09-09 16:36 20661 ----a-w- c:\program files\config.dat
2009-06-30 09:22 . 2004-02-25 04:41 12528 ----a-w- c:\program files\SECDRV.SYS
2009-06-30 09:22 . 2004-10-08 17:51 3985408 ------w- c:\program files\fifa2005.exe
2009-06-30 09:21 . 2006-08-08 14:41 -------- d-----w- c:\program files\Support
2009-06-30 09:21 . 2004-10-10 10:48 -------- d-----w- c:\program files\data
2009-06-29 09:21 . 2009-06-30 08:58 -------- d-----w- c:\program files\Elltube
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 08:43 . 2009-06-25 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-21 19:20 . 2009-07-21 09:21 566784 ----a-w- c:\windows\~de74bc.tmp
2009-07-17 12:58 . 2002-08-29 01:41 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-15 11:12 . 2009-06-03 09:20 2320640 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-15 09:29 . 2009-06-14 08:49 -------- d-----w- c:\program files\Winamp
2009-07-14 14:03 . 2009-05-10 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-14 09:04 . 2009-05-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-13 19:33 . 2009-05-20 16:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-06 11:03 . 2009-05-11 09:23 -------- d-----w- c:\program files\Microsoft
2009-06-27 16:44 . 2009-05-11 16:47 -------- d-----w- c:\program files\CODTR
2009-06-27 16:18 . 2009-06-27 16:18 -------- d-----w- c:\program files\UlisesSoft
2009-06-26 09:01 . 2009-06-26 09:01 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-26 09:00 . 2009-06-26 09:00 -------- d-----w- c:\program files\MSECache
2009-06-25 14:08 . 2009-05-10 15:22 69232 ----a-w- c:\documents and settings\Bojan Suvajac\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 14:00 . 2009-06-25 14:00 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 10:28 . 2009-06-25 10:19 6028 ----a-w- c:\windows\system32\drivers\kwflower.log
2009-06-25 10:26 . 2009-06-25 10:19 2965 ----a-w- c:\windows\system32\drivers\kwfupper.log
2009-06-25 10:20 . 2009-06-25 10:20 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Kerio
2009-06-23 10:43 . 2009-05-12 18:03 -------- d-----w- c:\program files\EA GAMES
2009-06-23 09:20 . 2009-06-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2009-06-22 16:17 . 2009-06-22 16:17 -------- d-----w- c:\program files\Na_Kosovo_ravno
2009-06-18 21:20 . 2009-06-17 10:29 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\DNA
2009-06-18 20:29 . 2009-05-20 17:22 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Dev-Cpp
2009-06-17 16:26 . 2009-06-17 13:02 -------- d-----w- c:\program files\Google
2009-06-17 06:27 . 2009-06-17 06:26 -------- d-----w- c:\program files\18 Wheels of Steel Convoy
2009-06-16 11:32 . 2009-06-04 13:30 -------- d-----w- c:\program files\18 WoS Pedal to the Metal
2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-14 13:10 . 2009-06-14 13:10 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-14 13:10 . 2009-06-14 13:10 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-06-14 13:10 . 2009-06-14 13:10 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-06-14 13:06 . 2009-05-13 11:14 -------- d-----w- c:\program files\Sony Ericsson
2009-06-07 14:56 . 2009-06-07 14:55 -------- d-----w- c:\program files\Dream Match Tennis Pro
2009-06-07 14:27 . 2009-06-07 14:24 -------- d-----w- c:\program files\VIRTUA TENNIS
2009-06-04 13:15 . 2009-06-02 16:36 -------- d-----w- c:\program files\18 WoS Across America
2009-06-03 07:38 . 2009-06-03 07:38 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-03 07:38 . 2009-06-03 07:38 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-02 16:36 . 2009-05-24 16:54 -------- d-----w- c:\program files\InstallShield Installation Information
2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\program files\Ligos
2009-06-01 14:56 . 2009-06-01 14:56 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-06-01 14:56 . 2009-06-01 14:56 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-05-24 17:28 . 2009-05-24 17:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 20:43 . 2009-05-22 20:43 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-05-22 20:43 . 2009-05-22 20:43 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-05-22 20:43 . 2009-05-22 20:43 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-21 10:44 . 2009-05-21 10:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-20 16:51 . 2009-05-20 16:53 38200 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-19 19:35 . 2009-05-19 19:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 19:34 . 2009-05-19 19:34 152576 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-02-06 12:23 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2008-07-01 06:56 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 18:11 . 2009-05-13 18:11 0 ----a-w- c:\windows\nsreg.dat
2009-05-13 16:09 . 2009-05-13 16:09 720896 ----a-w- c:\windows\iun6002.exe
2009-05-10 15:00 . 2009-05-10 14:11 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TR13DVRF.DAT
2009-05-10 14:12 . 2009-05-10 14:12 558142 ----a-w- c:\windows\java\Packages\5Z3TB97D.ZIP
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TBTFJVZ1.DAT
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\WCTRT7J7.DAT
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\BP3PJPJR.DAT
2009-05-10 14:12 . 2009-05-10 14:12 155995 ----a-w- c:\windows\java\Packages\3B9N5R1V.ZIP
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\NVB3TB79.DAT
2009-05-10 14:09 . 2009-05-10 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-16 01:53 . 2009-05-13 18:10 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[7] 2004-08-03 22:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\system32\user32.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-03 22:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll
[7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ie8\wininet.dll
[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\dllcache\wininet.dll
[7] 2004-08-03 22:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\winlogon.exe
[7] 2004-08-03 20:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-03 21:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\system32\ntoskrnl.exe
[-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\explorer.exe
[7] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-03 22:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\system32\ctfmon.exe
[7] 2004-08-03 22:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\system32\comres.dll
[7] 2004-08-03 22:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\system32\comctl32.dll
[7] 2001-08-23 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2002-08-29 01:41 921600 76B90BD220F1B1CC9E183C6B1AE9FBB4 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[7] 2004-08-03 22:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-26_16.16.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-28 12:10 . 2009-07-28 12:10 16384 c:\windows\Temp\Perflib_Perfdata_72c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 40448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2002-12-27 774213]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-12-27 315392]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-13 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"Yodm3D"=c:\documents and settings\Bojan Suvajac\Desktop\Ubuntu_XP_by_ShamusHand\3D Desktop\yodm3D\Yodm3D.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Na_Kosovo_ravno\\Na Kosovo ravno\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:*:Disabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Disabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Disabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Disabled:@xpsp2res.dll,-22002
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/24/2009 10:09 PM 28544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/3/2009 9:38 AM 604416]
S2 gupdate1c9ef4c2f326b9a;Google Update Service (gupdate1c9ef4c2f326b9a);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 3:04 PM 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/14/2009 3:10 PM 13224]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [5/13/2009 1:14 PM 11648]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 10:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2BEE6818-80CE-52F9-4A3B-4A96100BABC0}]
c:\windows\system32\$NtUninstallKB9\update.exe s
.
Contents of the 'Scheduled Tasks' folder
2009-07-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04]
2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Settings,ProxyServer = 421.420.422:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: I&zvezi u program Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319744&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - RapidSerbia 2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319744&SearchSource=2&q=
FF - component: c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-28 14:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1092)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-07-28 14:27
ComboFix-quarantined-files.txt 2009-07-28 12:26
ComboFix2.txt 2009-07-26 18:49
ComboFix3.txt 2009-07-26 16:20
Pre-Run: 11,148,128,256 bytes free
Post-Run: 11,121,922,048 bytes free
323 --- E O F --- 2009-05-10 15:26
|
|
|
|
|