Prolem:unutra proverenih satova otvara cudne banere

Prolem:unutra proverenih satova otvara cudne banere

offline
  • rajkob 
  • Novi MyCity građanin
  • Pridružio: 13 Maj 2008
  • Poruke: 3

Logfile of HijackThis v1.99.1
Scan saved at 12:19:37, on 13.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Nikola\temp\TeamViewer3\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [e89bcbc2] rundll32.exe "C:\WINDOWS\system32\hitkmvak.dll",b
O4 - HKLM\..\Run: [BMeba8f85e] Rundll32.exe "C:\WINDOWS\system32\hcueefrm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...




Skini ComboFix sa jedne od sledecih adresa na Desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.

Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • rajkob 
  • Novi MyCity građanin
  • Pridružio: 13 Maj 2008
  • Poruke: 3

ComboFix 08-05-12.1 - Nikola 2008-05-13 18:32:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT 2:00]
Running from: C:\Documents and Settings\Nikola\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbigfste.ini
C:\WINDOWS\system32\cjmjjrdo.ini
C:\WINDOWS\system32\cpfnpyio.dll
C:\WINDOWS\system32\etsfgibb.dll
C:\WINDOWS\system32\hcueefrm.dll
C:\WINDOWS\system32\idyuiuqu.dll
C:\WINDOWS\system32\ihcguieo.dll
C:\WINDOWS\system32\ioeymwtr.dll
C:\WINDOWS\system32\kavmktih.ini
C:\WINDOWS\system32\ltvsjyvf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhbhheag.ini
C:\WINDOWS\system32\odrjjmjc.dll
C:\WINDOWS\system32\oikkqakc.ini
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\qijfktfo.dll
C:\WINDOWS\system32\rtwmyeoi.ini
C:\WINDOWS\system32\tguboqgl.ini
C:\WINDOWS\system32\uiatdywe.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\wgbmxtrm.ini
C:\WINDOWS\system32\yxjoynce.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-13 15:05 . 2008-05-13 18:37 49 --a------ C:\WINDOWS\transp.gif
2008-05-13 14:58 . 2008-05-13 14:58 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2008-05-13 14:58 . 2008-05-13 14:58 <DIR> d-------- C:\Program Files\Agnitum
2008-05-13 14:58 . 2008-05-13 18:37 150 --a------ C:\WINDOWS\ODBC.INI
2008-05-13 11:24 . 2008-05-13 11:24 <DIR> d-------- C:\VundoFix Backups
2008-05-13 11:15 . 2008-05-13 11:15 <DIR> d-------- C:\Documents and Settings\Nikola\temp
2008-05-13 11:15 . 2008-05-13 14:56 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\TeamViewer
2008-05-10 18:14 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-05-10 18:14 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-10 18:14 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-05-10 18:14 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-05-08 23:04 . 2008-05-08 23:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-08 14:31 . 2008-05-08 14:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-05-08 14:27 . 2008-05-08 14:27 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-08 14:12 . 2008-05-13 12:30 <DIR> d-------- C:\Program Files\Xfire
2008-05-08 14:12 . 2008-05-13 15:38 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Xfire
2008-05-08 12:13 . 2008-05-08 12:13 <DIR> d-------- C:\Program Files\Java
2008-05-08 12:13 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-08 12:10 . 2008-05-08 12:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-07 11:24 . 2008-05-07 11:24 <DIR> d-------- C:\Program Files\uTorrent
2008-05-07 11:24 . 2008-05-13 14:42 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\uTorrent
2008-05-06 09:46 . 2008-05-13 15:30 109,757 --a------ C:\WINDOWS\BMeba8f85e.xml
2008-05-05 18:13 . 2008-05-05 18:13 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Ubisoft
2008-05-05 18:12 . 2008-05-05 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-05 18:03 . 2008-05-05 18:03 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-05 18:03 . 2008-05-05 18:03 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\InstallShield
2008-05-05 17:12 . 2008-05-05 17:12 <DIR> d-------- C:\WINDOWS\Sun
2008-05-05 17:11 . 2008-05-05 17:11 <DIR> d-------- C:\Program Files\Sun
2008-05-05 16:29 . 2008-05-05 16:30 <DIR> d-------- C:\Documents and Settings\Nikola\Contacts
2008-05-05 16:28 . 2008-05-05 16:28 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-30 02:58 . 2008-04-30 02:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-27 12:45 . 2008-04-27 12:45 <DIR> d-------- C:\Program Files\directx
2008-04-27 11:27 . 2008-05-08 23:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-24 13:44 . 2008-04-24 13:44 38 --a------ C:\WINDOWS\avisplitter.INI
2008-04-20 19:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-20 19:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-20 19:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-20 19:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-20 19:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 16:37 196,608 ----a-w C:\WINDOWS\system32\drivers\nAdvanced.bin
2008-05-13 10:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-13 10:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-13 10:13 --------- d-----w C:\Program Files\ESET
2008-05-05 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\Nikola\Application Data\vlc
2008-03-30 15:28 --------- d-----w C:\Program Files\VideoLAN
2008-03-28 14:41 --------- d-----w C:\Program Files\KONAMI
2008-03-28 14:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-28 13:11 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-03-28 13:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-28 13:11 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-28 12:58 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-03-28 12:26 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-28 12:24 --------- d-----w C:\Program Files\Nero
2008-03-28 12:20 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-28 12:14 --------- d-----w C:\Program Files\HP
2008-03-28 11:59 --------- d-----w C:\Program Files\CCleaner
2008-03-28 11:57 --------- d-----w C:\Program Files\Lavalys
2008-03-28 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-28 11:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 11:46 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-03-28 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-03-28 11:36 --------- d-----w C:\Program Files\QuickTime
2008-03-28 11:22 --------- d-----w C:\Program Files\Bonjour
2008-03-28 11:19 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-28 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 11:07 --------- d-----w C:\Program Files\Microsoft Works
2008-03-28 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-27 15:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 15:20 --------- d--h--r C:\Documents and Settings\Nikola\Application Data\SecuROM
2008-03-27 15:19 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-27 15:13 --------- d-----w C:\Program Files\Electronic Arts
2008-03-27 14:15 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-27 14:14 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-27 14:13 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 14:10 --------- d-----w C:\Program Files\Realtek
2008-03-27 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-27 13:56 --------- d-----w C:\Program Files\My Company Name
2008-03-27 13:56 --------- d-----w C:\Program Files\ASUS
2008-03-27 13:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-27 13:44 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-03-27 13:44 --------- d-----w C:\Program Files\Realtek AC97
2008-03-27 13:44 --------- d-----w C:\Program Files\AvRack
2008-03-27 13:37 --------- d-----w C:\Program Files\Intel
2008-03-27 13:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-27 13:19 --------- d-----w C:\Program Files\microsoft frontpage
2004-02-27 02:57 32,768 ----a-w C:\Documents and Settings\Far Cry\FarCry.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 11:03 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 10:32 16132608 C:\WINDOWS\RTHDCPL.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 14:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-28 15:11 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2007-01-19 14:46 94720]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2007-01-23 13:54 335872]

C:\Documents and Settings\Nikola\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-30 02:58:44 2998608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurqro]
wvurqro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"D:\\Igre\\cod4\\iw3mp.exe"=
"D:\\Install\\za nidzu\\PES2008Patch1_10\\PES2008.exe"=
"D:\\Igre\\PES 08\\PES2008.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2007-01-23 17:31]
R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2007-01-19 14:46]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2007-01-19 14:46]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2007-01-19 14:47]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2007-01-19 14:46]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2007-01-19 14:46]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2007-01-19 14:47]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2007-01-19 14:46]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2007-01-19 14:46]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2007-01-19 14:46]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2007-01-19 14:46]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2007-01-19 14:46]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2007-01-19 14:46]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2007-01-19 14:47]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2007-01-19 14:47]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 11:03]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91dbc06c-fc05-11dc-ba7b-806d6172696f}]
\Shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-13 18:37:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-05-13 18:41:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 16:41:06

Pre-Run: 23,813,488,640 bytes free
Post-Run: 23,825,956,864 bytes free

239

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\BMeba8f85e.xml
C:\WINDOWS\system32\wvurqro.dll

Folder::
C:\Documents and Settings\Far Cry

Driver::
SetupNTGLM7X

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurqro]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • rajkob 
  • Novi MyCity građanin
  • Pridružio: 13 Maj 2008
  • Poruke: 3

ComboFix 08-05-12.1 - Nikola 2008-05-19 14:01:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.592 [GMT 2:00]
Running from: C:\Documents and Settings\Nikola\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nikola\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMeba8f85e.xml
C:\WINDOWS\system32\wvurqro.dll
C:\Documents and Settings\Far Cry :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BMeba8f85e.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X


((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 15:34 . 2008-05-18 15:34 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Nokia Multimedia Player
2008-05-16 20:06 . 2008-05-16 20:06 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\InstallShield
2008-05-16 08:25 . 2008-05-16 08:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-05-16 08:25 . 2008-02-01 15:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-05-16 08:25 . 2008-02-01 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-05-16 08:24 . 2008-05-16 08:24 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-16 08:01 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-16 08:01 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-16 08:01 . 2008-05-16 08:01 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-16 08:01 . 2008-05-16 08:01 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-16 07:43 . 2008-05-16 07:43 <DIR> d-------- C:\Program Files\DIFX
2008-05-16 07:43 . 2008-05-16 07:43 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-16 07:43 . 2008-05-16 08:24 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-16 07:43 . 2008-05-16 08:01 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\PC Suite
2008-05-16 07:43 . 2008-05-16 08:12 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Nokia
2008-05-16 07:43 . 2008-05-16 08:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-16 07:43 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-16 07:42 . 2008-05-16 07:42 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-16 07:42 . 2008-05-16 08:25 <DIR> d-------- C:\Program Files\Nokia
2008-05-16 07:42 . 2008-05-16 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-16 07:42 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-16 07:42 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-16 07:42 . 2008-02-01 15:17 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-16 07:42 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-05-16 07:42 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-05-16 07:42 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-05-16 07:42 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-05-15 09:14 . 2008-05-19 11:17 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-13 15:05 . 2008-05-19 13:56 49 --a------ C:\WINDOWS\transp.gif
2008-05-13 14:58 . 2008-05-13 14:58 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2008-05-13 14:58 . 2008-05-13 14:58 <DIR> d-------- C:\Program Files\Agnitum
2008-05-13 14:58 . 2008-05-19 13:56 150 --a------ C:\WINDOWS\ODBC.INI
2008-05-13 11:24 . 2008-05-13 11:24 <DIR> d-------- C:\VundoFix Backups
2008-05-13 11:15 . 2008-05-13 11:15 <DIR> d-------- C:\Documents and Settings\Nikola\temp
2008-05-13 11:15 . 2008-05-13 14:56 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\TeamViewer
2008-05-10 18:14 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-05-10 18:14 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-10 18:14 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-05-10 18:14 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-05-08 23:04 . 2008-05-08 23:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-08 14:31 . 2008-05-08 14:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-05-08 14:27 . 2008-05-08 14:27 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-08 14:12 . 2008-05-16 11:58 <DIR> d-------- C:\Program Files\Xfire
2008-05-08 14:12 . 2008-05-16 20:36 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Xfire
2008-05-08 12:13 . 2008-05-08 12:13 <DIR> d-------- C:\Program Files\Java
2008-05-08 12:13 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-08 12:10 . 2008-05-08 12:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-07 11:24 . 2008-05-07 11:24 <DIR> d-------- C:\Program Files\uTorrent
2008-05-07 11:24 . 2008-05-13 14:42 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\uTorrent
2008-05-05 18:13 . 2008-05-05 18:13 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Ubisoft
2008-05-05 18:12 . 2008-05-05 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-05 18:03 . 2008-05-05 18:03 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-05 17:12 . 2008-05-05 17:12 <DIR> d-------- C:\WINDOWS\Sun
2008-05-05 17:11 . 2008-05-05 17:11 <DIR> d-------- C:\Program Files\Sun
2008-05-05 16:29 . 2008-05-05 16:30 <DIR> d-------- C:\Documents and Settings\Nikola\Contacts
2008-05-05 16:28 . 2008-05-05 16:28 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-30 02:58 . 2008-04-30 02:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-27 12:45 . 2008-04-27 12:45 <DIR> d-------- C:\Program Files\directx
2008-04-27 11:27 . 2008-05-08 23:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-24 13:44 . 2008-04-24 13:44 38 --a------ C:\WINDOWS\avisplitter.INI
2008-04-20 19:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-20 19:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-20 19:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-20 19:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-20 19:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 08:39 196,608 ----a-w C:\WINDOWS\system32\drivers\nAdvanced.bin
2008-05-16 18:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 10:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-13 10:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-13 10:13 --------- d-----w C:\Program Files\ESET
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\Nikola\Application Data\vlc
2008-03-30 15:28 --------- d-----w C:\Program Files\VideoLAN
2008-03-28 14:41 --------- d-----w C:\Program Files\KONAMI
2008-03-28 14:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-28 13:11 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-03-28 13:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-28 13:11 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-28 12:58 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-03-28 12:26 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-28 12:24 --------- d-----w C:\Program Files\Nero
2008-03-28 12:20 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-28 12:14 --------- d-----w C:\Program Files\HP
2008-03-28 11:59 --------- d-----w C:\Program Files\CCleaner
2008-03-28 11:57 --------- d-----w C:\Program Files\Lavalys
2008-03-28 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-28 11:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 11:46 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-03-28 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-03-28 11:36 --------- d-----w C:\Program Files\QuickTime
2008-03-28 11:22 --------- d-----w C:\Program Files\Bonjour
2008-03-28 11:19 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-28 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 11:07 --------- d-----w C:\Program Files\Microsoft Works
2008-03-28 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-27 15:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 15:20 --------- d--h--r C:\Documents and Settings\Nikola\Application Data\SecuROM
2008-03-27 15:19 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-27 15:13 --------- d-----w C:\Program Files\Electronic Arts
2008-03-27 14:15 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-27 14:14 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-27 14:13 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 14:10 --------- d-----w C:\Program Files\Realtek
2008-03-27 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-27 13:56 --------- d-----w C:\Program Files\My Company Name
2008-03-27 13:56 --------- d-----w C:\Program Files\ASUS
2008-03-27 13:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-27 13:44 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-03-27 13:44 --------- d-----w C:\Program Files\Realtek AC97
2008-03-27 13:44 --------- d-----w C:\Program Files\AvRack
2008-03-27 13:37 --------- d-----w C:\Program Files\Intel
2008-03-27 13:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-27 13:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-06 09:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2004-02-27 02:57 32,768 ----a-w C:\Documents and Settings\Far Cry\FarCry.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-13_18.40.49.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 16:10:58 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-16 18:15:17 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-05-05 16:10:59 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-16 18:15:17 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-05-05 16:10:59 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-16 18:15:18 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-05-05 16:10:52 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:11 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:53 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:13 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:53 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:13 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:54 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:14 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:55 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:14 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:56 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:15 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:56 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:15 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:15 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:58 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:16 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:11:00 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:18 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:11:00 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-16 18:15:18 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-05-05 16:11:01 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-16 18:15:18 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-05-05 16:11:01 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-16 18:15:18 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-05-05 16:11:01 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-16 18:15:19 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-05-05 16:10:58 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-16 18:15:16 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-05-13 16:37:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 11:56:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 05:42:53 3,262 ----a-r C:\WINDOWS\Installer\{4F1DCA42-2030-437C-A94E-736692A499C1}\ARPPRODUCTICON.exe
+ 2008-05-16 06:24:50 10,134 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\ARPPRODUCTICON.exe
+ 2008-05-16 06:24:50 458,752 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-05-16 06:24:50 8,854 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
+ 2008-05-16 06:24:50 458,752 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-05-16 06:24:50 8,854 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\NewShortcut3_F30B5B541F7D4207BF3032ED8CAF6640.exe
+ 2008-05-16 06:24:50 8,854 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
+ 2008-05-16 05:43:23 15,086 ----a-r C:\WINDOWS\Installer\{9C05FA75-0337-4523-AA57-9D3511018887}\ARPPRODUCTICON.exe
+ 2008-05-16 06:25:12 3,262 ----a-r C:\WINDOWS\Installer\{A4E0CA0F-1903-440A-9B98-FEA6CB049999}\ARPPRODUCTICON.exe
+ 2008-05-16 05:43:02 10,134 ----a-r C:\WINDOWS\Installer\{AC599724-5755-48C1-ABE7-ABB857652930}\ARPPRODUCTICON.exe
+ 2005-01-25 06:33:00 1,049,088 ----a-w C:\WINDOWS\RegisteredPackages\{1D099D24-8FDF-46DD-9EA3-31D6E9A73E9F}\msxml3.dll
+ 2005-02-10 19:04:02 44,032 ----a-w C:\WINDOWS\RegisteredPackages\{1D099D24-8FDF-46DD-9EA3-31D6E9A73E9F}\msxml3r.dll
+ 2007-03-29 21:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll
- 2001-08-23 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msxml3r.dll
+ 2005-02-10 19:04:02 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msxml3r.dll
+ 2008-03-06 09:19:36 534,016 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2006-11-02 05:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-02 05:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
- 2006-04-11 13:26:38 82,944 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-15 20:29:52 76,544 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
- 2006-04-11 13:29:18 87,808 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-09-15 20:30:10 82,688 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2007-11-29 08:39:42 16,896 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmb.sys
+ 2007-11-29 08:32:38 48,128 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcls.dll
+ 2007-11-29 08:39:44 95,744 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcocls.dll
+ 2007-11-29 08:33:04 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\wdfcoinstaller01005.dll
+ 2007-11-29 08:39:52 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerfltj.sys
+ 2007-11-29 08:39:42 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerflt.sys
+ 2007-11-29 08:39:40 19,328 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmbo.sys
+ 2008-02-01 13:17:04 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdnsu_AB69B9857FBB820139A32719113E6DF4E761B11D\nmwcdcls.dll
+ 2008-02-01 13:17:12 138,112 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdnsu_AB69B9857FBB820139A32719113E6DF4E761B11D\nmwcdnsu.sys
+ 2008-02-01 13:17:06 8,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdnsuc_AB69B9857FBB820139A32719113E6DF4E761B11D\nmwcdnsuc.sys
+ 2007-09-17 13:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2008-03-06 09:19:36 534,016 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\PCCSWpdDriver.dll
+ 2008-03-06 09:14:58 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\WudfUpdate_01005.dll
- 2004-08-04 04:56:46 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2005-01-25 06:33:00 1,049,088 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2001-08-23 12:00:00 44,032 ----a-w C:\WINDOWS\system32\msxml3r.dll
+ 2005-02-10 19:04:02 44,032 ----a-w C:\WINDOWS\system32\msxml3r.dll
+ 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 14:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2006-12-04 12:37:58 1,317,648 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2006-10-05 02:31:10 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2008-05-12 14:19:47 63,392 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-17 15:29:30 63,392 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-12 14:19:47 404,298 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-17 15:29:30 404,298 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-08 19:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-04-18 23:02:30 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-08 19:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2006-04-11 13:30:44 93,752 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-15 21:30:16 87,040 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
- 2006-04-11 13:27:18 130,048 ----a-w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-15 21:30:06 142,848 ----a-w C:\WINDOWS\system32\WudfHost.exe
- 2006-04-11 13:26:44 158,208 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-15 20:29:54 163,840 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
- 2006-04-11 13:26:56 54,272 ----a-w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-15 21:30:16 55,296 ----a-w C:\WINDOWS\system32\WudfSvc.dll
- 2006-04-11 13:27:18 304,640 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2006-09-15 21:30:16 308,224 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2008-05-16 06:24:38 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-05-16 06:24:39 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 11:03 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 10:32 16132608 C:\WINDOWS\RTHDCPL.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 14:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-28 15:11 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2007-01-19 14:46 94720]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2007-01-23 13:54 335872]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"D:\\Igre\\cod4\\iw3mp.exe"=
"D:\\Install\\za nidzu\\PES2008Patch1_10\\PES2008.exe"=
"D:\\Igre\\PES 08\\PES2008.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2007-01-23 17:31]
R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2007-01-19 14:46]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 11:03]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2007-01-19 14:46]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2007-01-19 14:47]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2007-01-19 14:46]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2007-01-19 14:46]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2007-01-19 14:47]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2007-01-19 14:46]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2007-01-19 14:46]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2007-01-19 14:46]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2007-01-19 14:46]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2007-01-19 14:46]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2007-01-19 14:46]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2007-01-19 14:47]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2007-01-19 14:47]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-19 14:03:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-19 14:04:37
ComboFix-quarantined-files.txt 2008-05-19 12:03:54
ComboFix2.txt 2008-05-13 16:41:21

Pre-Run: 22,673,166,336 bytes free
Post-Run: 22,662,807,552 bytes free

345

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uploaduj file: C:\Documents and Settings\Far Cry\FarCry.exe

preko sledeće forme: http://www.mycity.rs/ambulanta-upload.php


Javi kad odradiš upload...

Ko je trenutno na forumu
 

Ukupno su 1353 korisnika na forumu :: 47 registrovanih, 4 sakrivenih i 1302 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., ajo baba, Alibaba1981, Andrija357, Areal84, bagor10, Brana01, bufanje, darkangel, Dorcolac, DPera, draganl, drimer, FileFinder, gasha, ikan, jackreacher011011, janbo, Karla, kikisp, Krvava Devetka, kuntalo, kybonacci, ljuba, Mcdado, mercedesamg, Milos ZA, milutin134, naki011, nemkea71, nextyamb, Pakito93, panzerwaffe, pein, raptorsi, Romibrat, skvara, Srle993, suton, Trpe Grozni, Vlada78, wolf431, YugoSlav, zbazin, zlaya011, Zoca