MyCity » Ambulanta -> Arhiva Ambulante » samo jedna kratka analiza

samo jedna kratka analiza

Napisano na dan: 25.7.2008

Strana:
1
2

samo jedna kratka analiza

Sledeća strana

Pagination

Odgovori

Strana:
1
2

MeT Poslao: 25 Jul 2008 14:44 Idi na vrh
offline MeT Novi MyCity građanin Pridružio: 25 Jul 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uletio mi je virtumondo i sad bi htio bit siguran da je crko pa ako moze samo pregled. hvala Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:39:28, on 25.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe D:\Programi\miranda\miranda32.exe C:\Program Files\uTorrent\uTorrent.exe D:\Programi\Copy of mIRC\mirc.exe C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\WINDOWS\TBPanel.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\StatBar.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\System32\TuneUpDefragService.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Program Files\Winamp\Winamp.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MeT's IE O2 - BHO: (no name) - {3002F0D6-AB49-475E-A666-148741D0EAFA} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StatBar] C:\StatBar.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{AC0A37D0-E2AF-4924-BFBD-2904A374AB11}: NameServer = 85.114.32.7,85.114.32.8 O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O21 - SSODL: wnslvxtf - {209E0883-7E22-4CC6-962D-FC87186D27BC} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 6332 bytes

Profil

bobby Poslao: 25 Jul 2008 15:03 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo MeT, Tragova Vundoa jos ima, pa bih te zamolio da nam kazes prvo cime si to cistio racunar, a onda cemo videti kako cemo dalje.

Profil

MeT Poslao: 25 Jul 2008 15:08 Idi na vrh
offline MeT Novi MyCity građanin Pridružio: 25 Jul 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! VirtumundoBeGone.exe FxVMonde.exe Spybot - Search & Destroy

Profil

bobby Poslao: 25 Jul 2008 15:25 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jako losa situacija kada treba analizirati log ukoliko nema vise pocetnih vektora. Daleko bi bilo lakse i sigurnije da si se nama obratio od samog pocetka, pa da tacno vidimo infekciju. Zamolio bih te da se sledeci put (zlu ne trebalo) obratis nama pre nego sto sam krenes nesto da cistis. Probacemo da izvucemo jos koju informaciju na sledeci nacin: Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

MeT Poslao: 26 Jul 2008 20:47 Idi na vrh
offline MeT Novi MyCity građanin Pridružio: 25 Jul 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-26.1 - MeT 2008-07-26 20:39:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2493 [GMT 2:00] Running from: C:\Documents and Settings\MeT\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - WINDOWS: deleted 0 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\adaway.lic C:\WINDOWS\eefp.exe C:\WINDOWS\system32\CJQWvyay.ini C:\WINDOWS\system32\CJQWvyay.ini2 C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\mmyyipkx.ini C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pattlkpr.ini C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 ))))))))))))))))))))))))))))))) . 2008-07-26 18:17 . 2008-07-26 18:17 <DIR> d-------- C:\Program Files\Common Files\Vbox 2008-07-26 14:20 . 2005-07-30 03:55 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax 2008-07-26 14:19 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2008-07-26 14:19 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2008-07-25 19:51 . 2008-07-26 19:33 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-25 19:50 . 2008-07-25 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2008-07-25 16:48 . 2008-07-25 16:48 <DIR> d-------- C:\MxDownload 2008-07-25 16:48 . 2008-07-25 16:48 0 --a------ C:\WINDOWS\system32\cid_store.dat 2008-07-25 16:03 . 2008-07-25 16:03 2,282,496 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-07-25 11:36 . 2008-07-25 11:37 <DIR> d-------- C:\Program Files\Unlocker 2008-07-25 11:04 . 2008-07-25 11:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-07-25 11:04 . 2008-07-25 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-07-25 11:03 . 2008-07-25 11:06 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-25 00:50 . 2008-07-25 00:50 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-25 00:25 . 2008-07-25 00:25 18,944 --a------ C:\WINDOWS\system32\homie.dll 2008-07-25 00:25 . 2008-07-25 00:25 18,944 --a------ C:\WINDOWS\system32\dombho.dll 2008-07-25 00:24 . 2008-07-25 00:24 18,944 --a------ C:\WINDOWS\system32\hombho.dll 2008-07-25 00:23 . 2008-07-25 00:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-25 00:23 . 2008-07-25 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-24 22:12 . 2008-07-25 11:04 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Canon 2008-07-24 18:03 . 2008-07-24 18:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-24 18:01 . 2008-07-24 18:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-07-24 17:56 . 2008-07-24 17:56 <DIR> d-------- C:\VundoFix Backups 2008-07-24 14:10 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg 2008-07-24 14:10 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-07-24 14:03 . 2008-07-24 14:03 <DIR> d-------- C:\Program Files\ESET 2008-07-24 14:03 . 2008-07-24 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-07-24 13:24 . 2008-07-24 13:25 <DIR> d-------- C:\Program Files\Atomic Alarm Clock 2008-07-24 12:56 . 2008-07-24 12:57 1,395 --a------ C:\ping.exe.lnk 2008-07-24 01:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-24 00:32 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Cabos 2008-07-24 00:31 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Shared 2008-07-24 00:31 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Incomplete 2008-07-24 00:30 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\.limewire 2008-07-24 00:27 . 2008-07-24 01:01 <DIR> d-------- C:\Program Files\Java 2008-07-24 00:26 . 2008-07-24 00:26 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-24 00:23 . 2008-07-24 00:23 <DIR> d-------- C:\Program Files\Cabos 2008-07-23 23:16 . 2008-07-23 23:16 <DIR> d-------- C:\Program Files\SendSpace 2008-07-23 23:03 . 2008-07-23 23:03 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-07-23 22:58 . 2008-07-23 22:58 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Comodo 2008-07-23 22:58 . 2008-07-23 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-07-23 19:53 . 2008-07-23 19:53 94,848 --a------ C:\WINDOWS\system32\xkpiyymm.dll 2008-07-23 17:58 . 2008-07-22 11:13 211 --a------ C:\boot.ini.comodofirewall 2008-07-23 17:57 . 2008-07-24 13:57 <DIR> d-------- C:\Program Files\Comodo 2008-07-23 16:21 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll 2008-07-23 16:21 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll 2008-07-23 16:19 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-07-23 16:17 . 2008-07-23 16:17 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Publish Providers 2008-07-23 16:14 . 2008-07-26 16:53 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Sony 2008-07-23 16:12 . 2008-07-23 16:12 <DIR> d-------- C:\Program Files\Vstplugins 2008-07-23 16:12 . 2008-07-23 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-07-23 16:11 . 2008-07-23 16:11 <DIR> d-------- C:\Program Files\Sony Setup 2008-07-23 16:11 . 2008-07-23 16:11 <DIR> d-------- C:\Program Files\Sony 2008-07-23 16:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-07-23 16:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-07-23 16:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-07-23 16:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-07-23 16:04 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-07-23 16:04 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-07-23 16:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-23 16:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-23 16:04 . 2008-07-23 22:55 1,388 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-23 16:03 . 2008-07-23 16:05 <DIR> d-------- C:\Documents and Settings\MeT\SmitfraudFix 2008-07-23 14:14 . 2008-07-23 14:14 <DIR> d-------- C:\Fraps 2008-07-23 13:59 . 2008-07-23 13:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-07-23 13:41 . 2008-07-23 07:34 86,016 --a------ C:\WINDOWS\grswptdl.exe 2008-07-23 13:41 . 2008-07-23 13:41 65,536 ---hs---- C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe 2008-07-23 13:37 . 2008-07-23 13:37 <DIR> d-------- C:\Program Files\VideoLAN 2008-07-23 13:22 . 2008-01-14 14:52 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll 2008-07-22 19:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-22 18:01 . 2008-07-22 18:01 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-07-22 18:01 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-07-22 18:01 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-07-22 17:57 . 2008-07-22 17:57 <DIR> d-------- C:\Program Files\ffdshow 2008-07-22 17:57 . 2008-06-22 20:33 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-07-22 17:57 . 2008-06-22 20:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-07-22 17:57 . 2008-06-22 20:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-07-22 17:41 . 2008-07-22 17:41 <DIR> d-------- C:\Program Files\Game Cam 2008-07-22 17:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-07-22 17:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-07-22 17:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-07-22 14:10 . 2008-07-22 14:10 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-07-22 14:10 . 2008-07-22 14:10 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-07-22 14:10 . 2006-10-30 14:13 2,182,016 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-07-22 14:10 . 2006-10-30 14:11 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-07-22 14:10 . 2006-10-30 13:27 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-07-22 13:05 . 2008-07-26 19:29 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-22 12:16 . 2008-07-22 12:16 <DIR> d-------- C:\Program Files\SlySoft 2008-07-22 12:16 . 2008-07-22 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-07-22 12:16 . 2008-07-22 12:16 57,344 --a------ C:\WINDOWS\system32\binkp2x.dll 2008-07-22 12:16 . 2008-07-22 12:16 49,152 --a------ C:\WINDOWS\system32\brwsvc.dll 2008-07-22 12:16 . 2008-07-22 12:16 20,480 --a------ C:\WINDOWS\system32\nt32int.dll 2008-07-22 12:16 . 2008-07-22 12:16 0 ---hs---- C:\WINDOWS\SCA55DB0A.tmp 2008-07-22 12:12 . 2008-07-22 12:12 <DIR> d-------- C:\Program Files\Nero 2008-07-22 12:12 . 2008-07-22 12:13 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-07-22 11:29 . 2008-07-23 23:22 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Bioshock 2008-07-22 11:29 . 2008-07-22 11:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-07-22 00:17 . 2003-07-25 02:40 335,872 --a------ C:\StatBar.exe 2008-07-22 00:17 . 2003-07-25 02:40 60,463 --a------ C:\StatBar.hlp 2008-07-22 00:17 . 2003-07-25 02:40 377 --a------ C:\StatBar.cnt 2008-07-22 00:07 . 2008-07-22 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2008-07-22 00:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-22 00:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\ScanSoft 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\ScanSoft 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-07-22 00:04 . 2008-07-22 00:04 412 --a------ C:\WINDOWS\MAXLINK.INI 2008-07-22 00:03 . 2008-07-22 00:03 <DIR> d-------- C:\Program Files\Common Files\CANON 2008-07-21 20:55 . 2008-07-21 20:55 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-07-21 20:40 . 2008-07-21 20:40 <DIR> d-------- C:\Program Files\Alwil Software 2008-07-21 20:40 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-07-21 20:40 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-07-21 20:36 . 2008-07-21 20:36 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Styler 2008-07-21 20:36 . 2008-07-21 20:36 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Skype 2008-07-21 20:36 . 2008-07-21 20:36 <DIR> dr-h----- C:\Documents and Settings\MeT\Application Data\SecuROM 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\vlc 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\ViStart 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Thunderbird 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Thinstall 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\TeraCopy 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Super-Cow 2008-07-21 20:34 . 2008-07-21 20:34 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Xentient . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-26 16:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-26 15:04 --------- d-----w C:\Documents and Settings\MeT\Application Data\MxBoost 2008-07-24 22:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-22 15:41 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-21 22:07 --------- d-----w C:\Program Files\Canon 2008-07-21 19:15 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-21 19:14 --------- d--h--w C:\Program Files\CanonBJ 2008-07-21 19:11 --------- d-----w C:\Program Files\MSBuild 2008-07-21 19:10 --------- d-----w C:\Program Files\Reference Assemblies 2008-07-21 19:09 --------- d-----w C:\Program Files\MSXML 6.0 2008-07-21 18:32 --------- d-----w C:\Program Files\Maxthon2 2008-07-21 18:13 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-07-21 17:56 --------- d-----w C:\Program Files\IVT Corporation 2008-07-21 17:56 --------- d-----w C:\Documents and Settings\MeT\Application Data\Logitech 2008-07-21 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-07-21 17:55 --------- d-----w C:\Program Files\Logitech 2008-07-21 17:55 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-07-21 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-07-21 17:54 --------- d-----w C:\Program Files\NGONVOD116369 2008-07-21 17:53 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-21 17:53 --------- d-----w C:\Program Files\Realtek 2008-07-21 17:52 --------- d-----w C:\Documents and Settings\MeT\Application Data\InstallShield 2008-07-21 17:50 15,600 ----a-w C:\WINDOWS\gdrv.sys 2008-07-21 17:50 --------- d-----w C:\Program Files\Intel 2008-07-21 17:30 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-21 17:26 --------- d-----w C:\Program Files\Windows Media Connect 2 . ------- Sigcheck ------- 2007-12-07 05:01 816128 e1d790ea12ee89d2a282faa45c8ae68f C:\WINDOWS\system32\wininet.dll 2007-12-07 05:01 816128 e1d790ea12ee89d2a282faa45c8ae68f C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\explorer.exe 2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-21 18:21 1134592] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "StatBar"="C:\StatBar.exe" [2003-07-25 02:40 335872] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2008-07-21 20:06 823296] "Gainward"="C:\WINDOWS\TBPanel.exe" [2008-01-09 09:33 2189864] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 11:51 13508608] "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-01-09 11:51 1626112 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\MeT\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-21 19:55:31 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] 2006-07-23 01:49 5376 C:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^MeT^Start Menu^Programs^Startup^SDK Tray Menu.lnk] path=C:\Documents and Settings\MeT\Start Menu\Programs\Startup\SDK Tray Menu.lnk backup=C:\WINDOWS\pss\SDK Tray Menu.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -ra------ 2007-05-25 08:07 1953792 C:\WINDOWS\system32\xRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a48063] --a------ 2008-07-23 19:53 94848 C:\WINDOWS\system32\xkpiyymm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] --a------ 2007-04-03 18:50 1603152 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] --a------ 2007-04-03 18:00 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-01-09 11:51 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2007-02-04 12:02 79400 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "D:\\Programi\\Copy of mIRC\\mirc.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "D:\\Programi\\miranda\\miranda32.exe"= "D:\\GameS\\!fps\\cod\\CoDMP.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 15:00] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 15:00] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-21 20:20] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc70a10c-5757-11dd-bb82-806d6172696f}] \Shell\AutoRun\command - F:\CDSETUP.EXE . Contents of the 'Scheduled Tasks' folder 2008-07-26 C:\WINDOWS\Tasks\1-Click Maintenance.job - cQGAj^FB<< s !4C:\Program Files\TuneUp Utilities 2008\OneClick.exe/schedulestartMeT,Runs 1-Click Maintenance at specified times0 [] . - - - - ORPHANS REMOVED - - - - BHO-{3002F0D6-AB49-475E-A666-148741D0EAFA} - (no file) ShellExecuteHooks-{6230596F-3A44-4CDF-815B-372FA03C75D6} - (no file) SSODL-wnslvxtf-{209E0883-7E22-4CC6-962D-FC87186D27BC} - (no file) . ------- Supplementary Scan ------- . O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{AC0A37D0-E2AF-4924-BFBD-2904A374AB11}: NameServer = 85.114.32.7,85.114.32.8 ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-26 20:42:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\NetLimiter\nl_lsp.dll -> C:\WINDOWS\system32\nl_msgc.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************ . Completion time: 2008-07-26 20:44:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-26 18:44:04 Pre-Run: 1,675,767,808 bytes free Post-Run: 1,678,159,872 bytes free 307

Profil

bobby Poslao: 26 Jul 2008 22:40 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! MeT, posalji mi na proveru sledece fajlove: C:\WINDOWS\system32\homie.dll C:\WINDOWS\system32\dombho.dll C:\WINDOWS\system32\hombho.dll C:\ping.exe.lnk C:\WINDOWS\system32\xkpiyymm.dll C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe Spakuj ih u jedan ZIP i uploaduj preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Javi ovde u temi kada odradis upload.

Profil

MeT Poslao: 27 Jul 2008 12:04 Idi na vrh
offline MeT Novi MyCity građanin Pridružio: 25 Jul 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ping.exe.lnk ti ja mogu rec sta je, to mi je za pinganje susjeda u lanu eo, upload gotov

Profil

bobby Poslao: 27 Jul 2008 13:46 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\grswptdl.exe C:\WINDOWS\system32\homie.dll C:\WINDOWS\system32\dombho.dll C:\WINDOWS\system32\hombho.dll C:\WINDOWS\system32\xkpiyymm.dll C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a48063]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MeT Poslao: 27 Jul 2008 13:52 Idi na vrh
offline MeT Novi MyCity građanin Pridružio: 25 Jul 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-26.1 - MeT 2008-07-27 13:47:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2915 [GMT 2:00] Running from: C:\Documents and Settings\MeT\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\MeT\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe C:\WINDOWS\grswptdl.exe C:\WINDOWS\system32\dombho.dll C:\WINDOWS\system32\hombho.dll C:\WINDOWS\system32\homie.dll C:\WINDOWS\system32\xkpiyymm.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe C:\WINDOWS\grswptdl.exe C:\WINDOWS\system32\dombho.dll C:\WINDOWS\system32\hombho.dll C:\WINDOWS\system32\homie.dll C:\WINDOWS\system32\xkpiyymm.dll . ((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))) . 2008-07-26 21:53 . 2008-07-26 21:53 <DIR> d-------- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP 2008-07-26 21:28 . 2008-07-26 21:32 1,245 --a------ C:\WINDOWS\eReg.dat 2008-07-26 18:17 . 2008-07-26 18:17 <DIR> d-------- C:\Program Files\Common Files\Vbox 2008-07-26 14:19 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2008-07-26 14:19 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys 2008-07-25 19:51 . 2008-07-26 19:33 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-25 19:50 . 2008-07-25 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2008-07-25 16:48 . 2008-07-25 16:48 <DIR> d-------- C:\MxDownload 2008-07-25 16:48 . 2008-07-25 16:48 0 --a------ C:\WINDOWS\system32\cid_store.dat 2008-07-25 16:03 . 2008-07-25 16:03 2,282,496 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-07-25 11:36 . 2008-07-25 11:37 <DIR> d-------- C:\Program Files\Unlocker 2008-07-25 11:04 . 2008-07-25 11:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-07-25 11:04 . 2008-07-25 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-07-25 11:03 . 2008-07-25 11:06 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-25 00:50 . 2008-07-25 00:50 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-25 00:23 . 2008-07-25 00:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-25 00:23 . 2008-07-25 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-24 22:12 . 2008-07-25 11:04 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Canon 2008-07-24 18:03 . 2008-07-24 18:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-24 18:01 . 2008-07-24 18:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-07-24 17:56 . 2008-07-24 17:56 <DIR> d-------- C:\VundoFix Backups 2008-07-24 14:10 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg 2008-07-24 14:10 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-07-24 14:03 . 2008-07-24 14:03 <DIR> d-------- C:\Program Files\ESET 2008-07-24 14:03 . 2008-07-24 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-07-24 13:24 . 2008-07-24 13:25 <DIR> d-------- C:\Program Files\Atomic Alarm Clock 2008-07-24 12:56 . 2008-07-24 12:57 1,395 --a------ C:\ping.exe.lnk 2008-07-24 01:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-24 00:32 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Cabos 2008-07-24 00:31 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Shared 2008-07-24 00:31 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Incomplete 2008-07-24 00:30 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\.limewire 2008-07-24 00:27 . 2008-07-24 01:01 <DIR> d-------- C:\Program Files\Java 2008-07-24 00:26 . 2008-07-24 00:26 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-24 00:23 . 2008-07-24 00:23 <DIR> d-------- C:\Program Files\Cabos 2008-07-23 23:16 . 2008-07-23 23:16 <DIR> d-------- C:\Program Files\SendSpace 2008-07-23 23:03 . 2008-07-23 23:03 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-07-23 22:58 . 2008-07-23 22:58 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Comodo 2008-07-23 22:58 . 2008-07-23 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-07-23 17:58 . 2008-07-22 11:13 211 --a------ C:\boot.ini.comodofirewall 2008-07-23 17:57 . 2008-07-24 13:57 <DIR> d-------- C:\Program Files\Comodo 2008-07-23 16:21 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll 2008-07-23 16:21 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll 2008-07-23 16:19 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-07-23 16:17 . 2008-07-23 16:17 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Publish Providers 2008-07-23 16:14 . 2008-07-26 16:53 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Sony 2008-07-23 16:12 . 2008-07-23 16:12 <DIR> d-------- C:\Program Files\Vstplugins 2008-07-23 16:12 . 2008-07-23 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-07-23 16:11 . 2008-07-23 16:11 <DIR> d-------- C:\Program Files\Sony Setup 2008-07-23 16:11 . 2008-07-23 16:11 <DIR> d-------- C:\Program Files\Sony 2008-07-23 16:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-07-23 16:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-07-23 16:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-07-23 16:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-07-23 16:04 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-07-23 16:04 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-07-23 16:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-23 16:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-23 16:04 . 2008-07-23 22:55 1,388 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-23 16:03 . 2008-07-23 16:05 <DIR> d-------- C:\Documents and Settings\MeT\SmitfraudFix 2008-07-23 14:14 . 2008-07-23 14:14 <DIR> d-------- C:\Fraps 2008-07-23 13:59 . 2008-07-23 13:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-07-23 13:37 . 2008-07-23 13:37 <DIR> d-------- C:\Program Files\VideoLAN 2008-07-23 13:22 . 2008-01-14 14:52 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll 2008-07-22 19:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-22 18:01 . 2008-07-22 18:01 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-07-22 18:01 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-07-22 18:01 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-07-22 17:57 . 2008-07-22 17:57 <DIR> d-------- C:\Program Files\ffdshow 2008-07-22 17:57 . 2008-06-22 20:33 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-07-22 17:57 . 2008-06-22 20:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-07-22 17:57 . 2008-06-22 20:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-07-22 17:41 . 2008-07-22 17:41 <DIR> d-------- C:\Program Files\Game Cam 2008-07-22 17:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-07-22 17:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-07-22 17:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-07-22 14:10 . 2008-07-22 14:10 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-07-22 14:10 . 2008-07-22 14:10 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-07-22 14:10 . 2006-10-30 14:13 2,182,016 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-07-22 14:10 . 2006-10-30 14:11 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-07-22 14:10 . 2006-10-30 13:27 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-07-22 13:05 . 2008-07-26 19:29 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-22 12:16 . 2008-07-22 12:16 <DIR> d-------- C:\Program Files\SlySoft 2008-07-22 12:16 . 2008-07-22 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-07-22 12:16 . 2008-07-22 12:16 57,344 --a------ C:\WINDOWS\system32\binkp2x.dll 2008-07-22 12:16 . 2008-07-22 12:16 49,152 --a------ C:\WINDOWS\system32\brwsvc.dll 2008-07-22 12:16 . 2008-07-22 12:16 20,480 --a------ C:\WINDOWS\system32\nt32int.dll 2008-07-22 12:16 . 2008-07-22 12:16 0 ---hs---- C:\WINDOWS\SCA55DB0A.tmp 2008-07-22 12:12 . 2008-07-22 12:12 <DIR> d-------- C:\Program Files\Nero 2008-07-22 12:12 . 2008-07-22 12:13 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-07-22 11:29 . 2008-07-23 23:22 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Bioshock 2008-07-22 11:29 . 2008-07-22 11:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-07-22 00:17 . 2003-07-25 02:40 335,872 --a------ C:\StatBar.exe 2008-07-22 00:17 . 2003-07-25 02:40 60,463 --a------ C:\StatBar.hlp 2008-07-22 00:17 . 2003-07-25 02:40 377 --a------ C:\StatBar.cnt 2008-07-22 00:07 . 2008-07-22 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2008-07-22 00:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-22 00:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\ScanSoft 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\ScanSoft 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-07-22 00:04 . 2008-07-22 00:04 412 --a------ C:\WINDOWS\MAXLINK.INI 2008-07-22 00:03 . 2008-07-22 00:03 <DIR> d-------- C:\Program Files\Common Files\CANON 2008-07-21 20:55 . 2008-07-21 20:55 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-07-21 20:40 . 2008-07-21 20:40 <DIR> d-------- C:\Program Files\Alwil Software 2008-07-21 20:40 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-07-21 20:40 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-07-21 20:36 . 2008-07-21 20:36 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Styler 2008-07-21 20:36 . 2008-07-21 20:36 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Skype 2008-07-21 20:36 . 2008-07-21 20:36 <DIR> dr-h----- C:\Documents and Settings\MeT\Application Data\SecuROM 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\vlc 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\ViStart 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Thunderbird 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Thinstall 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\TeraCopy 2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Super-Cow 2008-07-21 20:34 . 2008-07-21 20:34 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Xentient 2008-07-21 20:33 . 2008-07-21 20:33 <DIR> d-------- C:\Program Files\uTorrent 2008-07-21 20:33 . 2008-07-26 19:30 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\uTorrent 2008-07-21 20:31 . 2008-07-21 20:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-21 20:31 . 2008-07-26 19:33 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-21 20:31 . 2008-07-21 20:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-27 09:17 --------- d-----w C:\Documents and Settings\MeT\Application Data\MxBoost 2008-07-26 19:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-24 22:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-22 15:41 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-21 22:07 --------- d-----w C:\Program Files\Canon 2008-07-21 19:15 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-21 19:14 --------- d--h--w C:\Program Files\CanonBJ 2008-07-21 19:11 --------- d-----w C:\Program Files\MSBuild 2008-07-21 19:10 --------- d-----w C:\Program Files\Reference Assemblies 2008-07-21 19:09 --------- d-----w C:\Program Files\MSXML 6.0 2008-07-21 18:32 --------- d-----w C:\Program Files\Maxthon2 2008-07-21 18:13 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-07-21 17:56 --------- d-----w C:\Program Files\IVT Corporation 2008-07-21 17:56 --------- d-----w C:\Documents and Settings\MeT\Application Data\Logitech 2008-07-21 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-07-21 17:55 --------- d-----w C:\Program Files\Logitech 2008-07-21 17:55 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-07-21 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-07-21 17:54 --------- d-----w C:\Program Files\NGONVOD116369 2008-07-21 17:53 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-07-21 17:53 --------- d-----w C:\Program Files\Realtek 2008-07-21 17:52 --------- d-----w C:\Documents and Settings\MeT\Application Data\InstallShield 2008-07-21 17:50 15,600 ----a-w C:\WINDOWS\gdrv.sys 2008-07-21 17:50 --------- d-----w C:\Program Files\Intel 2008-07-21 17:30 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-21 17:26 --------- d-----w C:\Program Files\Windows Media Connect 2 . ------- Sigcheck ------- 2007-12-07 05:01 816128 e1d790ea12ee89d2a282faa45c8ae68f C:\WINDOWS\system32\wininet.dll 2007-12-07 05:01 816128 e1d790ea12ee89d2a282faa45c8ae68f C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\explorer.exe 2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-26_20.43.58.34 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-26 19:53:45 155,648 ----a-w C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll - 2008-07-22 09:28:58 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2008-07-26 19:53:28 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2008-07-22 09:28:58 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2008-07-26 19:53:28 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2008-07-22 09:28:58 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2008-07-26 19:53:28 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2008-07-22 09:28:55 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:24 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:55 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:25 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:56 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:25 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:56 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:25 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:56 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:26 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:56 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:26 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:26 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:27 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:57 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:27 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:58 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-07-26 19:53:28 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-07-22 09:28:59 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2008-07-26 19:53:29 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2008-07-22 09:28:59 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2008-07-26 19:53:29 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2008-07-22 09:28:59 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2008-07-26 19:53:29 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2008-07-22 09:28:59 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2008-07-26 19:53:29 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2008-07-22 09:28:58 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-07-26 19:53:27 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-07-26 19:53:06 4,286 ----a-r C:\WINDOWS\Installer\{D4FEA244-A9BC-4727-8EA9-B369579F43CF}\ARPPRODUCTICON.exe - 2008-07-26 18:42:15 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT + 2008-07-27 09:16:35 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-21 18:21 1134592] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "StatBar"="C:\StatBar.exe" [2003-07-25 02:40 335872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2008-07-21 20:06 823296] "Gainward"="C:\WINDOWS\TBPanel.exe" [2008-01-09 09:33 2189864] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 11:51 13508608] "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 03:34 169984] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-01-09 11:51 1626112 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\MeT\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-21 19:55:31 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] 2006-07-23 01:49 5376 C:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^MeT^Start Menu^Programs^Startup^SDK Tray Menu.lnk] path=C:\Documents and Settings\MeT\Start Menu\Programs\Startup\SDK Tray Menu.lnk backup=C:\WINDOWS\pss\SDK Tray Menu.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -ra------ 2007-05-25 08:07 1953792 C:\WINDOWS\system32\xRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] --a------ 2007-04-03 18:50 1603152 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] --a------ 2007-04-03 18:00 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-01-09 11:51 86016 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2007-02-04 12:02 79400 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "D:\\Programi\\Copy of mIRC\\mirc.exe"= "C:\\Program Files\\Xfire\\xfire.exe"= "D:\\Programi\\miranda\\miranda32.exe"= "D:\\GameS\\!fps\\cod\\CoDMP.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 15:00] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 15:00] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-21 20:20] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc70a10c-5757-11dd-bb82-806d6172696f}] \Shell\AutoRun\command - F:\CDSETUP.EXE Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-07-26 C:\WINDOWS\Tasks\1-Click Maintenance.job - cQGAj^FB<< s !4C:\Program Files\TuneUp Utilities 2008\OneClick.exe/schedulestartMeT,Runs 1-Click Maintenance at specified times0 [] . - - - - ORPHANS REMOVED - - - - SSODL-wnslvxtf-{209E0883-7E22-4CC6-962D-FC87186D27BC} - (no file) ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-07-27 13:48:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\NetLimiter\nl_lsp.dll -> C:\WINDOWS\system32\nl_msgc.dll . Completion time: 2008-07-27 13:49:27 ComboFix-quarantined-files.txt 2008-07-27 11:49:08 ComboFix2.txt 2008-07-26 18:44:06 Pre-Run: 1,237,000,192 bytes free Post-Run: 1,225,572,352 bytes free 339

Profil

bobby Poslao: 27 Jul 2008 13:55 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Simptomi? Kako se komp sada ponasa?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » samo jedna kratka analiza

Ko je trenutno na forumu

Ukupno su 1103 korisnika na forumu :: 29 registrovanih, 5 sakrivenih i 1069 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, babaroga, bbogdan, Bickoooo, bojankrstc, ccoogg123, darkangel, Denaya, Georgius, hologram, ivica976, Krusarac, kybonacci, Lucije Kvint, mercedesamg, Mercury, milenko crazy north, Milos ZA, mkukoleca, opt1, proka89, samsung, Smiljke, virked, Vlada1389, voja64, wolf431, YugoSlav, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by