MyCity » Ambulanta -> Arhiva Ambulante » dosadni XPSecurityCenter

dosadni XPSecurityCenter

Napisano na dan: 9.8.2008
1

dosadni XPSecurityCenter
Sledeća strana Pagination

Idi na vrh

Poslao: 09 Avg 2008 14:18
Idi na vrh
offline
  • Pridružio: 24 Feb 2006
  • Poruke: 435

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:36 PM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ncfpsys.exe
C:\WINDOWS\system32\windll.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\lsass2.exe
C:\Windows\wkssvr.exe
C:\WINDOWS\crsr.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\phqghum.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lsass2.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\XPSecurityCenter\xpsecuritycenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\zerocool\Desktop\hiki\hiki.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [Password Protect USB 3.6.1] C:\WINDOWS\system32\ncfpsys.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\wkssvr.exe
O4 - HKLM\..\Run: [Windows Protector] windll.exe
O4 - HKLM\..\Run: [Dcom Helper2] lsass2.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] crsr.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [Adobe SpeedLaunch] phqghum.exe
O4 - HKLM\..\Run: [buritos] buritos.exe
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\xpsecuritycenter.exe" /hide
O4 - HKLM\..\RunServices: [Windows Protector] windll.exe
O4 - HKLM\..\RunServices: [Dcom Helper2] lsass2.exe
O4 - HKLM\..\RunServices: [Adobe SpeedLaunch] phqghum.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dcom Helper2] lsass2.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [Adobe SpeedLaunch] phqghum.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: karina.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe

--
End of file - 4879 bytes


XPSecurityCenter se pojavio niotkud i sad smeta li smeta...ne mogu ni da ga iskljucim, a na forumima citam da ljudi imaju problem i da ga izbrisu. Moze pomoc?

Poslao: 09 Avg 2008 14:41
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 09 Avg 2008 14:56
Idi na vrh
offline
  • Pridružio: 24 Feb 2006
  • Poruke: 435

ComboFix uopste nece da pokrene. Uopste ne reaguje na pokusaj da ga startujem.

Poslao: 09 Avg 2008 15:02
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zanimljivo. Sacekaj koji sekund da nesto pripremim, pa se javljam ponovo.

Dopuna: 09 Avg 2008 15:02

Probaj sada odavde da ga skines i pokrenes:
http://amf.mycity.rs/programs/mirrored/C_F_09082008.exe

Poslao: 09 Avg 2008 15:32
Idi na vrh
offline
  • Pridružio: 24 Feb 2006
  • Poruke: 435

ComboFix 08-08-08.07 - zerocool 2008-08-09 15:13:37.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.227 [GMT 2:00]
Running from: C:\Documents and Settings\zerocool\Desktop\cfix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\Documents and Settings\All Users\Desktop\XPSecurityCenter.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter
C:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter\XPSecurityCenter.lnk
C:\Documents and Settings\zerocool\Application Data\macromedia\Flash Player\#SharedObjects\XJMCXY7T\interclick.com
C:\Documents and Settings\zerocool\Application Data\macromedia\Flash Player\#SharedObjects\XJMCXY7T\interclick.com\ud.sol
C:\Documents and Settings\zerocool\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\zerocool\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\apeluzah.bat
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\deta.ban
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\epefoquzof.bin
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\osepuderuh.reg
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\owat.ban
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\pysemog.inf
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\qimaz.bat
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\unoq.pif
C:\Documents and Settings\zerocool\Local Settings\Temporary Internet Files\zegimom.dl
C:\Documents and Settings\zerocool\new.txt
C:\Program Files\XPSecurityCenter
C:\Program Files\XPSecurityCenter\data\daily.cvd
C:\Program Files\XPSecurityCenter\htmlayout.dll
C:\Program Files\XPSecurityCenter\install.exe
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\XPSecurityCenter\pthreadVC2.dll
C:\Program Files\XPSecurityCenter\un.ico
C:\Program Files\XPSecurityCenter\unzip32.dll
C:\Program Files\XPSecurityCenter\wscui.cpl
C:\Program Files\XPSecurityCenter\XP_SecurityCenter.cfg
C:\Program Files\XPSecurityCenter\XPSecurityCenter.dll
C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
C:\WINDOWS\buritos.exe
C:\WINDOWS\karina.dat
C:\WINDOWS\services.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\buritos.exe
C:\WINDOWS\system32\karina.dat
C:\WINDOWS\system32\lsass2.exe
C:\WINDOWS\system32\windll.exe
C:\WINDOWS\system32\winivstr.exe
C:\WINDOWS\wkssvr.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 15:12 . 2008-08-09 15:12 12,584 --a------ C:\Documents and Settings\zerocool\Application Data\obavycag.sys
2008-08-09 15:12 . 2008-08-09 15:12 10,523 --a------ C:\Documents and Settings\All Users\Application Data\ygecynyn.reg
2008-08-09 11:54 . 2008-08-09 11:54 19,656 --a------ C:\WINDOWS\yjylawymo.com
2008-08-09 11:54 . 2008-08-09 11:54 19,648 --a------ C:\Documents and Settings\All Users\Application Data\uhavuja.sys
2008-08-09 11:54 . 2008-08-09 11:54 19,604 --a------ C:\Documents and Settings\All Users\Application Data\cugagujese.vbs
2008-08-09 11:54 . 2008-08-09 11:54 19,455 --a------ C:\WINDOWS\system32\deva.pif
2008-08-09 11:54 . 2008-08-09 11:54 16,849 --a------ C:\WINDOWS\system32\hizigyxul.bin
2008-08-09 11:54 . 2008-08-09 11:54 15,337 --a------ C:\WINDOWS\liluqut.dll
2008-08-09 11:54 . 2008-08-09 11:54 15,003 --a------ C:\Documents and Settings\zerocool\Application Data\owadini.vbs
2008-08-09 11:54 . 2008-08-09 11:54 14,712 --a------ C:\WINDOWS\faco.inf
2008-08-09 11:54 . 2008-08-09 11:54 13,433 --a------ C:\WINDOWS\system32\opoq.ban
2008-08-09 11:54 . 2008-08-09 11:54 12,703 --a------ C:\Program Files\Common Files\exyjasac.reg
2008-08-09 11:54 . 2008-08-09 11:54 10,690 --a------ C:\WINDOWS\system32\bufotixyji.com
2008-08-09 11:54 . 2008-08-09 11:54 10,274 --a------ C:\WINDOWS\qory.dl
2008-08-09 11:43 . 2008-08-09 11:43 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-08 00:38 . 2008-08-08 00:38 19,713 --a------ C:\Program Files\Common Files\rabuh.scr
2008-08-07 01:33 . 2008-08-07 01:33 19,338 --a------ C:\WINDOWS\owytazica.dll
2008-08-07 01:33 . 2008-08-07 01:33 19,231 --a------ C:\WINDOWS\system32\polysiko.dll
2008-08-07 01:33 . 2008-08-07 01:33 18,453 --a------ C:\WINDOWS\esypuworip.ban
2008-08-07 01:33 . 2008-08-07 01:33 18,116 --a------ C:\WINDOWS\system32\goruwiropa.exe
2008-08-07 01:33 . 2008-08-07 01:33 17,860 --a------ C:\WINDOWS\nevyl._dl
2008-08-07 01:33 . 2008-08-07 01:33 15,853 --a------ C:\WINDOWS\system32\akykohobe.exe
2008-08-07 01:33 . 2008-08-07 01:33 13,915 --a------ C:\Documents and Settings\All Users\Application Data\ananuloji.scr
2008-08-07 01:33 . 2008-08-07 01:33 13,348 --a------ C:\WINDOWS\okylim.pif
2008-08-07 01:33 . 2008-08-07 01:33 11,833 --a------ C:\WINDOWS\system32\manyhat.lib
2008-08-07 01:33 . 2008-08-07 01:33 11,667 --a------ C:\Documents and Settings\zerocool\Application Data\upewuw.exe
2008-08-07 01:33 . 2008-08-07 01:33 11,171 --a------ C:\Documents and Settings\All Users\Application Data\xamuw.vbs
2008-08-07 01:33 . 2008-08-07 01:33 10,709 --a------ C:\WINDOWS\mamomuki.bat
2008-08-07 01:32 . 2008-08-06 23:34 195,921 --a------ C:\WINDOWS\system32\_scui.cpl
2008-08-07 01:27 . 2008-08-07 02:41 16,728 --a------ C:\WINDOWS\system32\Windll.dll
2008-08-06 18:35 . 2002-10-05 01:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-08-06 18:35 . 2002-10-06 20:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-08-06 18:35 . 2002-10-05 01:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-08-06 18:35 . 2002-10-05 01:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-08-06 14:51 . 2008-08-06 23:55 243,504 --a------ C:\WINDOWS\fail.exe
2008-08-06 14:51 . 2008-08-06 14:54 307 --a------ C:\WINDOWS\system32\r0lf.dat
2008-08-03 19:56 . 2008-08-03 19:56 243,504 --a------ C:\WINDOWS\nigr.exe
2008-08-03 19:54 . 2008-08-03 19:54 243,504 --a------ C:\WINDOWS\ngrs.exe
2008-08-01 11:55 . 2008-08-01 11:55 150 --a------ C:\WINDOWS\delself.bat
2008-08-01 11:49 . 2008-08-01 11:55 65,536 --a------ C:\WINDOWS\Setup_ver1.1631.0.exe
2008-08-01 11:02 . 2008-08-01 11:02 27,057 -r-hs---- C:\WINDOWS\crsr.exe
2008-07-31 19:56 . 2008-08-01 10:04 113,011 --a------ C:\WINDOWS\system32\windll32lol.exe
2008-07-31 19:56 . 2008-07-31 19:56 69,095 --a------ C:\WINDOWS\lolngr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 13:12 19,733 ----a-w C:\WINDOWS\ydyfowyba.com
2008-08-09 13:12 19,378 ----a-w C:\WINDOWS\ojijo.bin
2008-08-09 13:12 16,456 ----a-w C:\WINDOWS\sezyn.com
2008-08-09 13:12 16,017 ----a-w C:\WINDOWS\tedy.exe
2008-08-09 13:12 14,571 ----a-w C:\WINDOWS\adefejy.com
2008-08-09 13:12 11,259 ----a-w C:\WINDOWS\yjagacam.com
2008-08-09 09:54 19,043 ----a-w C:\Program Files\Common Files\wuqowafywa.ban
2008-08-09 09:54 17,782 ----a-w C:\Program Files\Common Files\uzyre._sy
2008-08-09 09:54 15,992 ----a-w C:\Program Files\Common Files\iwahenepug._dl
2008-08-09 09:54 15,887 ----a-w C:\Program Files\Common Files\aromuqog.inf
2008-08-09 09:54 15,117 ----a-w C:\Program Files\Common Files\jufumavoc.db
2008-08-09 09:54 13,922 ----a-w C:\Program Files\Common Files\fyjiq.inf
2008-08-06 23:33 11,874 ----a-w C:\Program Files\Common Files\mafu.ban
2008-08-06 23:27 --------- d-----w C:\Documents and Settings\zerocool\Application Data\uTorrent
2008-07-08 22:20 --------- d-----w C:\Documents and Settings\zerocool\Application Data\PlayFirst
2008-07-03 21:30 --------- d-----w C:\Documents and Settings\zerocool\Application Data\mIRC
2008-07-03 20:43 --------- d-----w C:\Program Files\mIRC
2008-07-03 20:40 --------- d-----w C:\Program Files\dellete
2008-07-03 07:54 --------- d-----w C:\Documents and Settings\zerocool\Application Data\LimeWire
2008-06-25 14:59 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-01-24 10:12 374 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb6334.dat
2008-01-24 10:11 555 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb8467.dat
2008-01-24 10:11 18,432 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb41.dat
2005-08-24 21:10 174,592 --sha-w C:\WINDOWS\system32\ncfpsys.exe
2004-08-03 22:56 195,072 --sh--r C:\WINDOWS\system32\phqghum.exe
.

------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Adobe SpeedLaunch"="phqghum.exe" [2004-08-04 00:56 195072 C:\WINDOWS\system32\phqghum.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 10:09 50256]
"WFXSwtch"="C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe" [2001-07-19 09:04 26624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 23:21 185896]
"Password Protect USB 3.6.1"="C:\WINDOWS\system32\ncfpsys.exe" [2005-08-24 23:10 174592]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-07-19 09:04 43520 C:\WINDOWS\system32\WFXSNT40.EXE]
"Adobe SpeedLaunch"="phqghum.exe" [2004-08-04 00:56 195072 C:\WINDOWS\system32\phqghum.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Adobe SpeedLaunch"="phqghum.exe" [2004-08-04 00:56 195072 C:\WINDOWS\system32\phqghum.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CleanSweep Smart Sweep-Internet Sweep.lnk - C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe [2007-11-01 14:19:25 221184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 KCIRDA;%KCIRDA.ServiceDesc%;C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2001-10-04 10:23]
R3 QDFSDRV;QDFSDRV;C:\WINDOWS\system32\drivers\qdfsdrv.sys [2001-07-26 12:17]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2001-10-11 08:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2669e613-8bc8-11dc-8f43-0007951fccfb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL batexe\progstart.bat
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe [2001-07-21 10:14]

2008-07-25 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE [2001-07-24 17:35]

2008-08-09 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 13:23]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Dcom Helper2 - lsass2.exe
HKLM-Run-etMonitor - C:\WINDOWS\etMon.exe
HKLM-Run-XP SecurityCenter - C:\Program Files\XPSecurityCenter\xpsecuritycenter.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-Windows Protector - windll.exe
HKLM-Run-Dcom Helper2 - lsass2.exe
HKLM-RunServices-Windows Protector - windll.exe
HKLM-RunServices-Dcom Helper2 - lsass2.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\zerocool\Application Data\Mozilla\Firefox\Profiles\gx5wm0rj.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 15:17:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Dcom Helper2 = lsass2.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-09 15:29:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 13:29:14
ComboFix2.txt 2008-05-17 20:32:38
ComboFix3.txt 2008-05-05 08:37:07
ComboFix4.txt 2008-02-02 18:57:27
ComboFix5.txt 2008-08-09 13:12:54

Pre-Run: 8,224,440,320 bytes free
Post-Run: 8,264,024,064 bytes free

237

Poslao: 09 Avg 2008 16:01
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Documents and Settings\zerocool\Application Data\obavycag.sys
C:\Documents and Settings\All Users\Application Data\ygecynyn.reg
C:\WINDOWS\yjylawymo.com
C:\Documents and Settings\All Users\Application Data\uhavuja.sys
C:\Documents and Settings\All Users\Application Data\cugagujese.vbs
C:\WINDOWS\system32\deva.pif
C:\WINDOWS\system32\hizigyxul.bin
C:\WINDOWS\liluqut.dll
C:\Documents and Settings\zerocool\Application Data\owadini.vbs
C:\WINDOWS\faco.inf
C:\WINDOWS\system32\opoq.ban
C:\Program Files\Common Files\exyjasac.reg
C:\WINDOWS\system32\bufotixyji.com
C:\WINDOWS\qory.dl
C:\WINDOWS\owytazica.dll
C:\WINDOWS\system32\polysiko.dll
C:\WINDOWS\esypuworip.ban
C:\WINDOWS\system32\goruwiropa.exe
C:\WINDOWS\nevyl._dl
C:\WINDOWS\system32\akykohobe.exe
C:\Documents and Settings\All Users\Application Data\ananuloji.scr
C:\WINDOWS\okylim.pif
C:\WINDOWS\system32\manyhat.lib
C:\Documents and Settings\zerocool\Application Data\upewuw.exe
C:\Documents and Settings\All Users\Application Data\xamuw.vbs
C:\WINDOWS\mamomuki.bat
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\Windll.dll
C:\WINDOWS\fail.exe
C:\WINDOWS\system32\r0lf.dat
C:\WINDOWS\nigr.exe
C:\WINDOWS\ngrs.exe
C:\WINDOWS\delself.bat
C:\WINDOWS\Setup_ver1.1631.0.exe
C:\WINDOWS\crsr.exe
C:\WINDOWS\system32\windll32lol.exe
C:\WINDOWS\lolngr.exe
C:\WINDOWS\ydyfowyba.com
C:\WINDOWS\ojijo.bin
C:\WINDOWS\sezyn.com
C:\WINDOWS\tedy.exe
C:\WINDOWS\adefejy.com
C:\WINDOWS\yjagacam.com
C:\Program Files\Common Files\wuqowafywa.ban
C:\Program Files\Common Files\uzyre._sy
C:\Program Files\Common Files\iwahenepug._dl
C:\Program Files\Common Files\aromuqog.inf
C:\Program Files\Common Files\jufumavoc.db
C:\Program Files\Common Files\fyjiq.inf
C:\Program Files\Common Files\mafu.ban
C:\WINDOWS\system32\ncfpsys.exe
C:\WINDOWS\system32\phqghum.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe SpeedLaunch"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe SpeedLaunch"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Adobe SpeedLaunch"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 09 Avg 2008 17:22
Idi na vrh
offline
  • Pridružio: 24 Feb 2006
  • Poruke: 435

ComboFix 08-08-08.07 - zerocool 2008-08-09 17:04:30.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247 [GMT 2:00]
Running from: C:\Documents and Settings\zerocool\Desktop\cfix.exe
Command switches used :: C:\Documents and Settings\zerocool\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\ananuloji.scr
C:\Documents and Settings\All Users\Application Data\cugagujese.vbs
C:\Documents and Settings\All Users\Application Data\uhavuja.sys
C:\Documents and Settings\All Users\Application Data\xamuw.vbs
C:\Documents and Settings\All Users\Application Data\ygecynyn.reg
C:\Documents and Settings\zerocool\Application Data\obavycag.sys
C:\Documents and Settings\zerocool\Application Data\owadini.vbs
C:\Documents and Settings\zerocool\Application Data\upewuw.exe
C:\Program Files\Common Files\aromuqog.inf
C:\Program Files\Common Files\exyjasac.reg
C:\Program Files\Common Files\fyjiq.inf
C:\Program Files\Common Files\iwahenepug._dl
C:\Program Files\Common Files\jufumavoc.db
C:\Program Files\Common Files\mafu.ban
C:\Program Files\Common Files\uzyre._sy
C:\Program Files\Common Files\wuqowafywa.ban
C:\WINDOWS\adefejy.com
C:\WINDOWS\crsr.exe
C:\WINDOWS\delself.bat
C:\WINDOWS\esypuworip.ban
C:\WINDOWS\faco.inf
C:\WINDOWS\fail.exe
C:\WINDOWS\liluqut.dll
C:\WINDOWS\lolngr.exe
C:\WINDOWS\mamomuki.bat
C:\WINDOWS\nevyl._dl
C:\WINDOWS\ngrs.exe
C:\WINDOWS\nigr.exe
C:\WINDOWS\ojijo.bin
C:\WINDOWS\okylim.pif
C:\WINDOWS\owytazica.dll
C:\WINDOWS\qory.dl
C:\WINDOWS\Setup_ver1.1631.0.exe
C:\WINDOWS\sezyn.com
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\akykohobe.exe
C:\WINDOWS\system32\bufotixyji.com
C:\WINDOWS\system32\deva.pif
C:\WINDOWS\system32\goruwiropa.exe
C:\WINDOWS\system32\hizigyxul.bin
C:\WINDOWS\system32\manyhat.lib
C:\WINDOWS\system32\ncfpsys.exe
C:\WINDOWS\system32\opoq.ban
C:\WINDOWS\system32\phqghum.exe
C:\WINDOWS\system32\polysiko.dll
C:\WINDOWS\system32\r0lf.dat
C:\WINDOWS\system32\Windll.dll
C:\WINDOWS\system32\windll32lol.exe
C:\WINDOWS\tedy.exe
C:\WINDOWS\ydyfowyba.com
C:\WINDOWS\yjagacam.com
C:\WINDOWS\yjylawymo.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ananuloji.scr
C:\Documents and Settings\All Users\Application Data\cugagujese.vbs
C:\Documents and Settings\All Users\Application Data\uhavuja.sys
C:\Documents and Settings\All Users\Application Data\xamuw.vbs
C:\Documents and Settings\All Users\Application Data\ygecynyn.reg
C:\Documents and Settings\zerocool\Application Data\obavycag.sys
C:\Documents and Settings\zerocool\Application Data\owadini.vbs
C:\Documents and Settings\zerocool\Application Data\upewuw.exe
C:\Program Files\Common Files\aromuqog.inf
C:\Program Files\Common Files\exyjasac.reg
C:\Program Files\Common Files\fyjiq.inf
C:\Program Files\Common Files\iwahenepug._dl
C:\Program Files\Common Files\jufumavoc.db
C:\Program Files\Common Files\mafu.ban
C:\Program Files\Common Files\uzyre._sy
C:\Program Files\Common Files\wuqowafywa.ban
C:\WINDOWS\adefejy.com
C:\WINDOWS\crsr.exe
C:\WINDOWS\delself.bat
C:\WINDOWS\esypuworip.ban
C:\WINDOWS\faco.inf
C:\WINDOWS\fail.exe
C:\WINDOWS\liluqut.dll
C:\WINDOWS\lolngr.exe
C:\WINDOWS\mamomuki.bat
C:\WINDOWS\nevyl._dl
C:\WINDOWS\ngrs.exe
C:\WINDOWS\nigr.exe
C:\WINDOWS\ojijo.bin
C:\WINDOWS\okylim.pif
C:\WINDOWS\owytazica.dll
C:\WINDOWS\qory.dl
C:\WINDOWS\Setup_ver1.1631.0.exe
C:\WINDOWS\sezyn.com
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\akykohobe.exe
C:\WINDOWS\system32\bufotixyji.com
C:\WINDOWS\system32\deva.pif
C:\WINDOWS\system32\goruwiropa.exe
C:\WINDOWS\system32\hizigyxul.bin
C:\WINDOWS\system32\manyhat.lib
C:\WINDOWS\system32\ncfpsys.exe
C:\WINDOWS\system32\opoq.ban
C:\WINDOWS\system32\phqghum.exe
C:\WINDOWS\system32\polysiko.dll
C:\WINDOWS\system32\r0lf.dat
C:\WINDOWS\system32\Windll.dll
C:\WINDOWS\system32\windll32lol.exe
C:\WINDOWS\tedy.exe
C:\WINDOWS\ydyfowyba.com
C:\WINDOWS\yjagacam.com
C:\WINDOWS\yjylawymo.com

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-09 11:43 . 2008-08-09 11:43 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-08 00:38 . 2008-08-08 00:38 19,713 --a------ C:\Program Files\Common Files\rabuh.scr
2008-08-06 18:35 . 2002-10-05 01:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-08-06 18:35 . 2002-10-06 20:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-08-06 18:35 . 2002-10-05 01:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-08-06 18:35 . 2002-10-05 01:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 23:27 --------- d-----w C:\Documents and Settings\zerocool\Application Data\uTorrent
2008-07-08 22:20 --------- d-----w C:\Documents and Settings\zerocool\Application Data\PlayFirst
2008-07-03 21:30 --------- d-----w C:\Documents and Settings\zerocool\Application Data\mIRC
2008-07-03 20:43 --------- d-----w C:\Program Files\mIRC
2008-07-03 20:40 --------- d-----w C:\Program Files\dellete
2008-07-03 07:54 --------- d-----w C:\Documents and Settings\zerocool\Application Data\LimeWire
2008-06-25 14:59 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-01-24 10:12 374 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb6334.dat
2008-01-24 10:11 555 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb8467.dat
2008-01-24 10:11 18,432 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb41.dat
.

------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 10:09 50256]
"WFXSwtch"="C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe" [2001-07-19 09:04 26624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 23:21 185896]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-07-19 09:04 43520 C:\WINDOWS\system32\WFXSNT40.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CleanSweep Smart Sweep-Internet Sweep.lnk - C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe [2007-11-01 14:19:25 221184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 KCIRDA;%KCIRDA.ServiceDesc%;C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2001-10-04 10:23]
R3 QDFSDRV;QDFSDRV;C:\WINDOWS\system32\drivers\qdfsdrv.sys [2001-07-26 12:17]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2001-10-11 08:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2669e613-8bc8-11dc-8f43-0007951fccfb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL batexe\progstart.bat
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe [2001-07-21 10:14]

2008-07-25 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE [2001-07-24 17:35]

2008-08-09 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 13:23]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Password Protect USB 3.6.1 - C:\WINDOWS\system32\ncfpsys.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 17:09:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-09 17:19:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 15:19:41
ComboFix2.txt 2008-08-09 13:29:30
ComboFix3.txt 2008-05-17 20:32:38
ComboFix4.txt 2008-05-05 08:37:07
ComboFix5.txt 2008-08-09 15:03:40

Pre-Run: 8,176,975,872 bytes free
Post-Run: 8,169,586,688 bytes free

229

Poslao: 09 Avg 2008 17:52
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ostalo je jos nesto malo.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Program Files\Common Files\rabuh.scr

Folder::
C:\Program Files\Enigma Software Group

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2669e613-8bc8-11dc-8f43-0007951fccfb}]

DirLook:
C:\Program Files\dellete


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 09 Avg 2008 18:24
Idi na vrh
offline
  • Pridružio: 24 Feb 2006
  • Poruke: 435

ComboFix 08-08-08.07 - zerocool 2008-08-09 18:14:09.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.231 [GMT 2:00]
Running from: C:\Documents and Settings\zerocool\Desktop\cfix.exe
Command switches used :: C:\Documents and Settings\zerocool\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\rabuh.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\rabuh.scr
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt
C:\Program Files\Enigma Software Group\SpyHunter\key.dat
C:\Program Files\Enigma Software Group\SpyHunter\scan.log
C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterInstance.lock
C:\Program Files\Enigma Software Group\SpyHunter\support.log

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-06 18:35 . 2002-10-05 01:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-08-06 18:35 . 2002-10-06 20:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-08-06 18:35 . 2002-10-05 01:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-08-06 18:35 . 2002-10-05 01:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 23:27 --------- d-----w C:\Documents and Settings\zerocool\Application Data\uTorrent
2008-07-08 22:20 --------- d-----w C:\Documents and Settings\zerocool\Application Data\PlayFirst
2008-07-03 21:30 --------- d-----w C:\Documents and Settings\zerocool\Application Data\mIRC
2008-07-03 20:43 --------- d-----w C:\Program Files\mIRC
2008-07-03 20:40 --------- d-----w C:\Program Files\dellete
2008-07-03 07:54 --------- d-----w C:\Documents and Settings\zerocool\Application Data\LimeWire
2008-06-25 14:59 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-01-24 10:12 374 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb6334.dat
2008-01-24 10:11 555 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb8467.dat
2008-01-24 10:11 18,432 ----a-w C:\Documents and Settings\zerocool\Application Data\internaldb41.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\dellete ----

2008-07-03 22:40 4277 --a------ C:\Program Files\dellete\mirc.ini
2008-07-03 22:40 355 --a------ C:\Program Files\dellete\urls.ini
2008-07-03 22:39 1135 --a------ C:\Program Files\dellete\servers.ini
2008-07-03 22:39 11 --a------ C:\Program Files\dellete\perform.ini
2008-07-01 13:29 1525 --a------ C:\Program Files\dellete\logs\#gayserbia.20080701.log
2008-07-01 13:29 13619 --a------ C:\Program Files\dellete\remote.ini
2008-07-01 13:28 624 --a------ C:\Program Files\dellete\logs\#gayserbia-lesbians.20080701.log
2008-05-11 17:00 16387 --a------ C:\Program Files\dellete\logs\#gayserbia-lesbians.20080501.log
2008-04-23 00:23 5294 --a------ C:\Program Files\dellete\logs\#gayserbia-lesbians.20080401.log
2008-02-15 21:40 40471 --a------ C:\Program Files\dellete\logs\#gayserbia.20080201.log
2008-02-15 21:40 17083 --a------ C:\Program Files\dellete\logs\#gayserbia-lesbians.20080201.log
2008-02-02 21:39 818 --a------ C:\Program Files\dellete\logs\ivy27.20080201.log
2008-02-02 13:00 849 --a------ C:\Program Files\dellete\logs\sexyokbg.20080201.log
2008-02-02 13:00 4645 --a------ C:\Program Files\dellete\logs\katjunchica.20080201.log
2008-02-02 12:45 449 --a------ C:\Program Files\dellete\logs\Khi_lover25.20080201.log
2008-02-02 12:36 1085 --a------ C:\Program Files\dellete\logs\bucko.20080201.log
2008-01-08 23:38 14798 --a------ C:\Program Files\dellete\logs\#gayserbia-lesbians.20080101.log
2008-01-08 00:56 4924 --a------ C:\Program Files\dellete\logs\oneya.20080101.log
2008-01-08 00:43 2534 --a------ C:\Program Files\dellete\logs\PticaNeka.20080101.log
2008-01-08 00:21 2411 --a------ C:\Program Files\dellete\logs\vrela.20080101.log
2008-01-07 23:34 161 --a------ C:\Program Files\dellete\logs\#gayserbia-kviz.20080101.log
2008-01-07 23:33 853 --a------ C:\Program Files\dellete\logs\#gayserbia.20080101.log
2007-12-04 21:25 973 --a------ C:\Program Files\dellete\logs\BlueUnion.20071201.log
2007-12-04 21:25 29645 --a------ C:\Program Files\dellete\logs\#gayserbia.20071201.log
2007-12-04 21:25 159 --a------ C:\Program Files\dellete\logs\katjunchica.20071201.log
2007-12-04 20:46 818 --a------ C:\Program Files\dellete\logs\Wednesday933.20071201.log
2007-12-04 20:46 4607 --a------ C:\Program Files\dellete\logs\#gayserbia-lesbians.20071201.log
2007-12-04 20:27 459 --a------ C:\Program Files\dellete\logs\Alf2.20071201.log
2007-12-03 16:25 694 --a------ C:\Program Files\dellete\logs\first_time.20071201.log
2007-12-03 15:43 147 --a------ C:\Program Files\dellete\logs\#dellete.20071201.log
2007-10-21 22:20 127 --a------ C:\Program Files\dellete\logs\RACABG.20071001.log
2007-10-21 22:18 441 --a------ C:\Program Files\dellete\logs\#dellete.20071001.log
2007-10-21 22:18 401 --a------ C:\Program Files\dellete\logs\#gayserbia.20071001.log
2007-10-21 22:18 2774 --a------ C:\Program Files\dellete\logs\#gayserbia-lesbians.20071001.log
2007-10-18 17:49 116828 --a------ C:\Program Files\dellete\logs\#gayserbia-kviz.20071001.log
2007-10-18 17:48 1752 --a------ C:\Program Files\dellete\logs\ivaa.20071001.log
2007-10-18 17:10 989 --a------ C:\Program Files\dellete\logs\ShreKboy.20071001.log
2007-09-13 17:19 2591 --a------ C:\Program Files\dellete\acros.hsh
2007-09-13 17:19 2083 --a------ C:\Program Files\dellete\wicky.20070901.log
2007-09-13 17:19 1215 --a------ C:\Program Files\dellete\#gayserbia-kviz.20070901.log
2007-09-13 17:19 0 --a------ C:\Program Files\dellete\AutoGreet.hsh
2007-09-13 17:19 0 --a------ C:\Program Files\dellete\acroschan.hsh
2007-09-13 17:18 394 --a------ C:\Program Files\dellete\ShreKboy.20070901.log
2007-09-13 17:15 13247 --a------ C:\Program Files\dellete\#gayserbia-lesbians.20070901.log
2007-09-13 17:09 1717 --a------ C:\Program Files\dellete\postblue.20070901.log
2007-09-13 17:07 2593 --a------ C:\Program Files\dellete\seen.ini
2007-09-13 16:46 509 --a------ C:\Program Files\dellete\#Professional-Script.20070901.log
2007-09-13 16:44 307 --a------ C:\Program Files\dellete\antispam.ini
2007-09-13 16:01 19131 --a------ C:\Program Files\dellete\Background.jpg
2007-09-13 15:55 956 --a------ C:\Program Files\dellete\#Professional-Script.UnderNet.20070901.log
2007-09-13 15:55 473 --a------ C:\Program Files\dellete\#dellete.UnderNet.20070901.log
2007-09-13 15:55 296 --a------ C:\Program Files\dellete\super_xx7.UnderNet.20070901.log
2007-09-13 15:41 1627 --a------ C:\Program Files\dellete\#Svet.PIK.20070901.log
2007-09-13 14:31 502 --a------ C:\Program Files\dellete\setting.ini
2007-08-07 13:40 613816 --a------ C:\Program Files\dellete\popups.ini
2007-08-07 13:40 3620 --a------ C:\Program Files\dellete\aping.mrc
2007-08-06 14:15 13195 --a------ C:\Program Files\dellete\aliases1.ini
2007-08-04 00:32 18597 --a------ C:\Program Files\dellete\ppop.mrc
2007-08-04 00:31 451 --a------ C:\Program Files\dellete\script2.mrc
2007-08-03 19:31 2324 --a------ C:\Program Files\dellete\clonescanner.mrc
2007-08-03 14:50 1759 --a------ C:\Program Files\dellete\Start.mrc
2007-08-03 14:44 33263 --a------ C:\Program Files\dellete\away.mrc
2007-08-03 00:36 227 --a------ C:\Program Files\dellete\tscan.ini
2007-08-02 20:58 384054 --a------ C:\Program Files\dellete\lagbkg.bmp
2007-08-02 17:35 104452 --a------ C:\Program Files\dellete\flood.mrc
2007-08-02 17:06 154 --a------ C:\Program Files\dellete\floodext.dll
2007-08-01 22:57 1059 --a------ C:\Program Files\dellete\join stats.txt
2007-08-01 22:52 613 --a------ C:\Program Files\dellete\Echo status.txt
2007-08-01 22:52 5900 --a------ C:\Program Files\dellete\whois.mrc
2007-08-01 22:46 332 --a------ C:\Program Files\dellete\connect i disconnect.txt
2007-08-01 22:40 120 --a------ C:\Program Files\dellete\Notice.mrc
2007-08-01 19:19 12342 --a------ C:\Program Files\dellete\tempcolour.bmp
2007-08-01 14:12 274 --a------ C:\Program Files\dellete\Join i Part.txt
2007-07-31 20:28 35686 --a------ C:\Program Files\dellete\msn.mrc
2007-07-31 20:22 1857 --a------ C:\Program Files\dellete\AutoJoin
2007-07-31 19:43 274 --a------ C:\Program Files\dellete\settings.ini
2007-07-30 23:20 3402 --a------ C:\Program Files\dellete\selfprot.mrc
2007-07-30 23:09 1069 --a------ C:\Program Files\dellete\TextPonavljac
2007-07-30 22:22 468 --a------ C:\Program Files\dellete\fp_set2.ini
2007-07-30 22:22 323 --a------ C:\Program Files\dellete\fp_set.ini
2007-07-30 20:14 16097 --a------ C:\Program Files\dellete\SecureQuery.mrc
2007-07-30 19:57 6578 --a------ C:\Program Files\dellete\netsplit.mrc
2007-07-30 19:41 5598 --a------ C:\Program Files\dellete\ncpreview.bmp
2007-07-30 19:41 174 --a------ C:\Program Files\dellete\16.bmp
2007-07-30 19:41 174 --a------ C:\Program Files\dellete\0.bmp
2007-07-30 19:40 15111 --a------ C:\Program Files\dellete\Soundsys.mrc
2007-07-30 17:31 49 --a------ C:\Program Files\dellete\Start music.mrc
2007-07-30 14:33 348 --a------ C:\Program Files\dellete\usermode.ini
2007-07-30 14:28 497 --a------ C:\Program Files\dellete\memos.ini
2007-07-30 14:28 242 --a------ C:\Program Files\dellete\memos.dat
2007-07-30 14:27 2349 --a------ C:\Program Files\dellete\IP Scanner.mrc
2007-07-30 14:20 0 --a------ C:\Program Files\dellete\chan.txt
2007-07-30 14:18 8628 --a------ C:\Program Files\dellete\flood_protection.GID
2007-07-30 01:33 178 --a------ C:\Program Files\dellete\UserServ.mrc
2007-07-30 00:39 747 --a------ C:\Program Files\dellete\TakeOver.mrc
2007-07-30 00:29 908 --a------ C:\Program Files\dellete\kick brojac.mrc
2007-07-30 00:28 6687 --a------ C:\Program Files\dellete\services.mrc
2007-07-30 00:14 3403 --a------ C:\Program Files\dellete\Password.mrc
2007-07-30 00:10 992 --a------ C:\Program Files\dellete\memo citac.txt
2007-07-30 00:08 1238 --a------ C:\Program Files\dellete\kick-counter.mrc
2007-07-29 23:45 2665 --a------ C:\Program Files\dellete\avoice
2007-07-29 23:38 9784 --a------ C:\Program Files\dellete\Scanner.mrc
2007-07-29 23:30 17606 --a------ C:\Program Files\dellete\waci.mrc
2007-07-29 23:27 2551 --a------ C:\Program Files\dellete\blacklist
2007-07-29 23:20 5241 --a------ C:\Program Files\dellete\BgCursors
2007-07-29 23:14 88022 --a------ C:\Program Files\dellete\chanprot.mrc
2007-07-29 23:13 13920 --a------ C:\Program Files\dellete\ccontrol.mrc
2007-07-29 22:59 59766 --a------ C:\Program Files\dellete\Essence.mrc
2007-07-29 22:53 216 --a------ C:\Program Files\dellete\waci.ini
2007-07-29 21:54 4286 --a------ C:\Program Files\dellete\Peak.txt
2007-07-29 19:39 976 --a------ C:\Program Files\dellete\About.mrc
2007-07-29 18:53 2890 --a------ C:\Program Files\dellete\NickInChat.wav
2007-07-29 18:53 2241 --a------ C:\Program Files\dellete\ReplacedStrings.txt
2007-07-29 18:53 13402 --a------ C:\Program Files\dellete\Gong.wav
2007-07-29 18:52 89600 --a------ C:\Program Files\dellete\Essence.dll
2007-07-29 18:52 6038 --a------ C:\Program Files\dellete\Essence.ini
2007-07-29 18:52 5776 --a------ C:\Program Files\dellete\Default.cfg
2007-07-29 18:52 5251 --a------ C:\Program Files\dellete\Default_OLD.cfg
2007-07-29 18:52 4466 --a------ C:\Program Files\dellete\Matrix.cfg
2007-07-29 18:52 4327 --a------ C:\Program Files\dellete\FireHell.cfg
2007-07-29 18:52 3715 --a------ C:\Program Files\dellete\Quiet.cfg
2007-07-29 18:52 3125 --a------ C:\Program Files\dellete\Basic.cfg
2007-07-29 18:52 16544 --a------ C:\Program Files\dellete\Beep.wav
2007-07-29 18:18 239040 --a------ C:\Program Files\dellete\welcome.mp3
2007-07-28 19:33 204 --a------ C:\Program Files\dellete\Invite`msg.txt
2007-07-28 19:15 625 --a------ C:\Program Files\dellete\script1.mrc
2007-07-28 18:59 6361 --a------ C:\Program Files\dellete\Auto lista.mrc
2007-07-28 18:58 100 --a------ C:\Program Files\dellete\part.txt
2007-07-28 18:41 2701 --a------ C:\Program Files\dellete\aliases.ini
2007-07-28 16:33 4118 --a------ C:\Program Files\dellete\Anti-idle.mrc
2007-07-28 16:29 686 --a------ C:\Program Files\dellete\netman.ini
2007-07-28 16:21 62132 --a------ C:\Program Files\dellete\tscan.mrc
2007-07-28 16:14 981 --a------ C:\Program Files\dellete\Statistika kanala.txt
2007-07-27 02:13 491 --a------ C:\Program Files\dellete\Nick.mrc
2007-07-27 02:13 240 --a------ C:\Program Files\dellete\Quit.mrc
2007-07-24 23:19 6069 --a------ C:\Program Files\dellete\badword.mrc
2007-07-24 21:40 3604 --a------ C:\Program Files\dellete\op-kontrol.mrc
2007-07-24 13:06 9 --a------ C:\Program Files\dellete\nsstyle.txt
2007-07-24 13:06 6 --a------ C:\Program Files\dellete\nsmsg.txt
2007-07-24 13:06 5 --a------ C:\Program Files\dellete\nsstatus.txt
2007-07-23 11:05 662 --a------ C:\Program Files\dellete\channel mass.txt
2007-07-22 20:01 6632 --a------ C:\Program Files\dellete\kickcounter.mrc
2007-07-22 12:00 628 --a------ C:\Program Files\dellete\badwords.conf
2007-07-21 17:59 13321 --a------ C:\Program Files\dellete\Nick - deop, kick, ban.txt
2007-07-18 23:55 1231 --a------ C:\Program Files\dellete\Nick zamena.txt
2007-06-19 21:56 725 --a------ C:\Program Files\dellete\P3.dat
2007-02-18 00:24 22191 --a------ C:\Program Files\dellete\Background1.jpg
2007-02-17 19:01 26117 --a------ C:\Program Files\dellete\PomocDrugima
2007-01-19 16:54 6872 --a------ C:\Program Files\dellete\gns.mrc
2007-01-19 16:53 2085 --a------ C:\Program Files\dellete\mediaplayer.mrc
2007-01-19 14:55 9846 --a------ C:\Program Files\dellete\tspreview.bmp
2007-01-19 14:11 378 --a------ C:\Program Files\dellete\iplookup.tld
2007-01-19 14:05 2568 --a------ C:\Program Files\dellete\introks.mrc
2006-12-31 16:11 42 --a------ C:\Program Files\dellete\aping.ini
2006-11-23 17:58 76271 --a------ C:\Program Files\dellete\ircintro.chm
2006-11-23 17:45 2076672 --a------ C:\Program Files\dellete\mirc.exe
2006-11-23 16:34 383541 --a------ C:\Program Files\dellete\mirc.chm
2006-11-01 16:21 3262 --a------ C:\Program Files\dellete\P.Script.ico
2006-10-31 20:44 0 --a------ C:\Program Files\dellete\fp_users.hsh
2006-10-28 14:37 3629 --a------ C:\Program Files\dellete\akcije.mrc
2006-10-23 23:14 7130 --a------ C:\Program Files\dellete\Net Scanner.mrc
2006-10-22 19:37 59 --a------ C:\Program Files\dellete\xscolorset.ini
2006-10-22 19:34 3232 --a------ C:\Program Files\dellete\Search System.mrc
2006-10-22 19:31 30745 --a------ C:\Program Files\dellete\Sketch.mrc
2006-10-22 19:31 1877 --a------ C:\Program Files\dellete\Timestamp styler.mrc
2006-10-22 19:21 2778 --a------ C:\Program Files\dellete\System Info.mrc
2006-10-22 19:13 2170 --a------ C:\Program Files\dellete\Text System.mrc
2006-10-22 18:53 30672 --a------ C:\Program Files\dellete\Memo Express.mrc
2006-10-21 22:10 2778 --a------ C:\Program Files\dellete\Ch.mrc
2006-10-21 22:02 8309 --a------ C:\Program Files\dellete\Autogreet.mrc
2006-10-21 19:11 390 --a------ C:\Program Files\dellete\kickmsg.txt
2006-10-21 19:11 117 --a------ C:\Program Files\dellete\reply
2006-10-21 15:42 11878 --a------ C:\Program Files\dellete\urlm.mrc
2006-10-21 15:21 2697 --a------ C:\Program Files\dellete\multinetinfo.mrc
2006-10-21 15:16 10545 --a------ C:\Program Files\dellete\weatherforecast.mrc
2006-10-21 14:46 3864 --a------ C:\Program Files\dellete\Auto Ooper.mrc
2006-10-21 14:40 10904 --a------ C:\Program Files\dellete\Seen System.mrc
2006-10-21 14:39 12143 --a------ C:\Program Files\dellete\Nick Completor.mrc
2006-10-21 14:27 12204 --a------ C:\Program Files\dellete\Ignore Manager.mrc
2006-10-21 13:54 6621 --a------ C:\Program Files\dellete\ftpadvertisement.mrc
2006-10-21 13:41 2527 --a------ C:\Program Files\dellete\dccinfo.mrc
2006-10-21 13:38 69 --a------ C:\Program Files\dellete\exclude
2006-10-21 13:38 67306 --a------ C:\Program Files\dellete\antispam.mrc
2006-10-21 12:36 14161 --a------ C:\Program Files\dellete\acros.mrc
2006-08-30 21:42 1278 --a------ C:\Program Files\dellete\Giftox.dll source.zip
2006-08-30 18:25 414208 --a------ C:\Program Files\dellete\Giftox.dll
2006-08-29 12:49 2330 --a------ C:\Program Files\dellete\Pscanner.mrc
2006-08-28 14:43 27766 --a------ C:\Program Files\dellete\cyb.ico
2006-08-24 19:25 897 --a------ C:\Program Files\dellete\AntiRutinskaKontrola.mrc
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\15.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\14.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\13.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\09.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\08.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\07.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\06.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\05.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\04.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\03.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\02.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\01.bmp
2006-08-24 19:22 374 --a------ C:\Program Files\dellete\00.bmp
2006-08-24 17:44 2034 --a------ C:\Program Files\dellete\Ip res and time & date.ini
2006-08-24 15:13 3849 --a------ C:\Program Files\dellete\Name.mrc
2006-08-24 15:12 1418 --a------ C:\Program Files\dellete\Love.mrc
2006-08-22 21:07 766 --a------ C:\Program Files\dellete\Winamp.ico
2006-08-22 21:03 5799 --a------ C:\Program Files\dellete\Persprots.mrc
2006-08-22 14:07 3262 --a------ C:\Program Files\dellete\ProfessionalScript.ico
2006-08-21 23:59 3262 --a------ C:\Program Files\dellete\Voice.ico
2006-08-21 18:18 5014 --a------ C:\Program Files\dellete\nv.mrc
2006-08-21 17:04 822 --a------ C:\Program Files\dellete\infotxt.bmp
2006-08-21 17:04 822 --a------ C:\Program Files\dellete\.bmp
2006-08-21 16:39 192 --a------ C:\Program Files\dellete\msgblock.ini
2006-08-21 13:52 2763 --a------ C:\Program Files\dellete\Pretrazivaci.mrc
2006-08-21 13:46 958 --a------ C:\Program Files\dellete\Domain.mrc
2006-08-21 13:03 7619 --a------ C:\Program Files\dellete\Fkeys.mrc
2006-08-20 22:21 8643 --a------ C:\Program Files\dellete\Brzi meni.mrc
2006-08-20 22:20 1226 --a------ C:\Program Files\dellete\dugacaktekst.mrc
2006-08-18 18:21 9737 --a------ C:\Program Files\dellete\Citaj logove.mrc
2006-08-18 17:40 10522 --a------ C:\Program Files\dellete\Findip.mrc
2006-08-18 17:38 5916 --a------ C:\Program Files\dellete\Chanspy.mrc
2006-08-18 17:25 5659 --a------ C:\Program Files\dellete\Msgblock.mrc
2006-08-18 16:03 87996 --a------ C:\Program Files\dellete\Protekcije kanala.mrc
2006-08-18 16:01 6631 --a------ C:\Program Files\dellete\Kick1.mrc
2006-08-18 15:54 11677 --a------ C:\Program Files\dellete\Ignoreman.mrc
2006-08-18 15:51 10425 --a------ C:\Program Files\dellete\floodzastite.mrc
2006-08-18 15:25 10036 --a------ C:\Program Files\dellete\earthv.mrc
2006-08-18 15:16 1433 --a------ C:\Program Files\dellete\xIPscan.mrc
2006-08-18 15:09 1280 --a------ C:\Program Files\dellete\PsyBNC.ini
2006-08-18 15:00 3940 --a------ C:\Program Files\dellete\Inviter.MRC
2006-08-18 03:20 3593 --a------ C:\Program Files\dellete\Calc.mrc
2006-08-18 03:17 12616 --a------ C:\Program Files\dellete\Auto Identifikacija.mrc
2006-08-18 03:13 3335 --a------ C:\Program Files\dellete\Tempconv.mrc
2006-08-18 03:12 14835 --a------ C:\Program Files\dellete\Wtime.mrc
2006-08-18 03:05 3141 --a------ C:\Program Files\dellete\Alarm.mrc
2006-08-18 02:54 2985 --a------ C:\Program Files\dellete\Emailsender.mrc
2006-08-18 02:53 11867 --a------ C:\Program Files\dellete\emailer.mrc
2006-08-18 02:29 2262 --a------ C:\Program Files\dellete\Personalinfo.mrc
2006-08-18 02:25 4920 --a------ C:\Program Files\dellete\Dictionary.mrc
2006-08-18 02:24 6106 --a------ C:\Program Files\dellete\Chanad.mrc
2006-08-18 02:18 4301 --a------ C:\Program Files\dellete\Translator.mrc
2006-08-18 02:17 14270 --a------ C:\Program Files\dellete\zlagbar.mrc
2006-08-18 00:04 26049 --a------ C:\Program Files\dellete\Chan.mrc
2006-08-17 18:07 11051 --a------ C:\Program Files\dellete\Netman.mrc
2006-08-16 22:33 1685 --a------ C:\Program Files\dellete\google.mrc
2006-08-16 16:22 822 --a------ C:\Program Files\dellete\infobck.bmp
2006-08-16 16:22 822 --a------ C:\Program Files\dellete\bckgrd.bmp
2006-08-16 13:59 2309 --a------ C:\Program Files\dellete\Kick2.mrc
2006-08-12 00:23 4602 --a------ C:\Program Files\dellete\acros readme.txt
2006-08-02 13:53 9734 --a------ C:\Program Files\dellete\gtzvote.mrc
2006-08-01 14:55 3819 --a------ C:\Program Files\dellete\proxyfinder.mrc
2006-07-06 02:31 28311 --a------ C:\Program Files\dellete\pomoc.mrc
2006-07-04 20:38 1150 --a------ C:\Program Files\dellete\skul.ico
2006-06-18 17:58 257536 --a------ C:\Program Files\dellete\dcx.dll
2006-02-28 03:06 2881 --a------ C:\Program Files\dellete\programz.mrc
2006-02-11 14:47 0 --a------ C:\Program Files\dellete\google.ini
2006-02-05 22:09 907 --a------ C:\Program Files\dellete\ppop.txt
2005-12-10 17:13 459 --a------ C:\Program Files\dellete\ircintro.mrc
2005-12-01 23:39 5430 --a------ C:\Program Files\dellete\Ip.ico
2005-12-01 23:39 13942 --a------ C:\Program Files\dellete\Time.ico
2005-12-01 23:39 13942 --a------ C:\Program Files\dellete\Calculator.ico
2005-11-29 21:44 421888 --a------ C:\Program Files\dellete\putty.exe
2005-11-14 15:50 58368 --a------ C:\Program Files\dellete\update.exe
2005-11-10 18:36 4758 --a------ C:\Program Files\dellete\Time.mrc
2005-09-03 19:04 5430 --a------ C:\Program Files\dellete\Weather.ico
2005-08-28 14:25 1350 --a------ C:\Program Files\dellete\Statistika.mrc
2005-08-22 18:20 24771 --a------ C:\Program Files\dellete\ghostkiler.mrc
2005-08-16 00:44 11822 --a------ C:\Program Files\dellete\Mass.mrc
2005-07-20 12:56 28470 --a------ C:\Program Files\dellete\button.bmp
2005-07-06 07:42 74 --a------ C:\Program Files\dellete\Part.mrc
2005-05-12 14:44 15746 --a------ C:\Program Files\dellete\msndialog.mrc
2005-04-22 19:43 6675 --a------ C:\Program Files\dellete\WeatherENG.mrc
2005-04-16 13:49 5259 --a------ C:\Program Files\dellete\Soundevents.mrc
2005-04-08 00:15 586514 --a------ C:\Program Files\dellete\findip.icl
2005-04-01 17:32 3259 --a------ C:\Program Files\dellete\msnauth2kxp.mrc
2005-04-01 15:18 0 --a------ C:\Program Files\dellete\groups.grp
2005-03-29 14:36 4349 --a------ C:\Program Files\dellete\msnfilercvd.mrc
2005-03-29 14:10 5078 --a------ C:\Program Files\dellete\msnfilesend.mrc
2005-03-25 19:13 1810 --a------ C:\Program Files\dellete\msnauth.mrc
2005-03-16 00:05 734 --a------ C:\Program Files\dellete\msnlog.mrc
2005-03-16 00:05 1658 --a------ C:\Program Files\dellete\msnnewver.mrc
2005-03-09 19:27 159406 --a------ C:\Program Files\dellete\Swear.ico
2005-03-09 19:27 159406 --a------ C:\Program Files\dellete\Personal Protection.ico
2005-03-09 19:27 159406 --a------ C:\Program Files\dellete\Flood.ico
2005-03-05 20:59 4286 --a------ C:\Program Files\dellete\Domain.ico
2005-03-03 21:59 5430 --a------ C:\Program Files\dellete\Nicklist.ico
2005-03-03 21:43 5430 --a------ C:\Program Files\dellete\huhsmile.ico
2005-03-03 21:43 5430 --a------ C:\Program Files\dellete\error.ico
2005-03-03 21:43 5430 --a------ C:\Program Files\dellete\Block.ico
2005-03-03 21:41 5430 --a------ C:\Program Files\dellete\Idle-setup.ico
2005-01-28 04:23 8192 --a------ C:\Program Files\dellete\CURSOR.DLL
2005-01-28 04:23 766 --a------ C:\Program Files\dellete\MOUSEred.CUR
2005-01-28 04:23 766 --a------ C:\Program Files\dellete\MOUSEblue.CUR
2005-01-28 04:23 766 --a------ C:\Program Files\dellete\MOUSE.CUR
2005-01-03 00:04 3331 --a------ C:\Program Files\dellete\MThanks.mrc
2004-12-30 06:33 2098 --a------ C:\Program Files\dellete\Kick.txt
2004-12-30 00:47 27652 --a------ C:\Program Files\dellete\Flood_protection.HLP
2004-12-25 09:26 2345 --a------ C:\Program Files\dellete\invitenotifier.mrc
2004-12-11 17:06 161862 --a------ C:\Program Files\dellete\NetMan.ico
2004-11-28 00:52 5430 --a------ C:\Program Files\dellete\Fkeys.ico
2004-11-21 23:48 18944 --a------ C:\Program Files\dellete\listfiles.dll
2004-09-29 02:47 127438 --a------ C:\Program Files\dellete\Temp.ico
2004-09-26 13:09 53760 --a------ C:\Program Files\dellete\views.mdx
2004-09-26 13:09 42496 --a------ C:\Program Files\dellete\mdx.dll
2004-09-20 19:38 161862 --a------ C:\Program Files\dellete\Dict.ico
2004-09-13 20:27 850 --a------ C:\Program Files\dellete\Weather.mrc
2004-09-02 17:25 2510 --a------ C:\Program Files\dellete\Help.txt
2004-07-29 19:34 161862 --a------ C:\Program Files\dellete\Translator.ico
2004-07-29 19:33 161862 --a------ C:\Program Files\dellete\World Time.ico
2004-07-03 11:13 3158 --a------ C:\Program Files\dellete\away.ico
2004-06-21 22:58 15875 --a------ C:\Program Files\dellete\temp.jpg
2004-06-01 04:51 244 --a------ C:\Program Files\dellete\CrashB's Settings.ini
2004-05-30 04:08 161862 --a------ C:\Program Files\dellete\Explorex.ico
2004-05-14 03:57 1450 --a------ C:\Program Files\dellete\readme.txt
2004-05-12 00:07 272 --a------ C:\Program Files\dellete\default.ini
2004-05-11 06:02 3126 --a------ C:\Program Files\dellete\12.bmp
2004-05-11 06:02 3126 --a------ C:\Program Files\dellete\11.bmp
2004-05-11 06:02 3126 --a------ C:\Program Files\dellete\10.bmp
2004-05-11 06:01 3126 --a------ C:\Program Files\dellete\9.bmp
2004-05-11 06:00 3126 --a------ C:\Program Files\dellete\8.bmp
2004-05-11 06:00 3126 --a------ C:\Program Files\dellete\7.bmp
2004-05-11 05:59 3126 --a------ C:\Program Files\dellete\5.bmp
2004-05-11 05:58 3126 --a------ C:\Program Files\dellete\4.bmp
2004-05-11 05:58 3126 --a------ C:\Program Files\dellete\3.bmp
2004-05-11 05:57 3126 --a------ C:\Program Files\dellete\2.bmp
2004-05-11 05:56 3126 --a------ C:\Program Files\dellete\1.bmp
2004-05-11 00:24 36790 --a------ C:\Program Files\dellete\Swamp DLL.zip
2004-04-24 16:07 161862 --a------ C:\Program Files\dellete\Fip.ico
2004-04-12 12:55 4286 --a------ C:\Program Files\dellete\WhiteBlue.cur
2004-04-10 13:50 4286 --a------ C:\Program Files\dellete\LightBlue.cur
2004-03-15 18:02 161862 --a------ C:\Program Files\dellete\E-mail.ico
2004-03-15 18:00 161862 --a------ C:\Program Files\dellete\Notify.ico
2004-03-15 18:00 161862 --a------ C:\Program Files\dellete\Name.ico
2004-03-07 00:52 15360 --a------ C:\Program Files\dellete\blah.dll
2004-03-06 21:09 161862 --a------ C:\Program Files\dellete\Search.ico
2003-12-27 16:05 10334 --a------ C:\Program Files\dellete\nicks.ico
2003-12-25 18:44 7918 --a------ C:\Program Files\dellete\txt.ico
2003-12-14 19:08 3126 --a------ C:\Program Files\dellete\6.bmp
2003-11-26 03:41 1406 --a------ C:\Program Files\dellete\cursor.ico
2003-11-20 17:08 18944 --a------ C:\Program Files\dellete\mDock61.dll
2003-11-13 22:25 0 --a------ C:\Program Files\dellete\tscanlog.txt
2003-11-13 22:18 48 --a------ C:\Program Files\dellete\urlm.ini
2003-11-13 22:18 0 --a------ C:\Program Files\dellete\urlm.txt
2003-11-08 10:17 0 --a------ C:\Program Files\dellete\urlm_.txt
2003-10-25 04:08 894 --a------ C:\Program Files\dellete\seen.ico
2003-09-30 17:25 3774 --a------ C:\Program Files\dellete\rprog.ico
2003-09-29 18:22 3774 --a------ C:\Program Files\dellete\notpadx.ico
2003-09-27 19:56 19456 --a------ C:\Program Files\dellete\band.dll
2003-09-06 06:00 3774 --a------ C:\Program Files\dellete\atnx.ico
2003-08-21 15:12 432254 --a------ C:\Program Files\dellete\Scan.ico
2003-08-08 04:22 2238 --a------ C:\Program Files\dellete\Alarm.ico
2003-07-27 07:15 161862 --a------ C:\Program Files\dellete\Chanad.ico
2003-06-10 02:08 3774 --a------ C:\Program Files\dellete\fsearchf.ico
2003-06-10 01:22 3774 --a------ C:\Program Files\dellete\aoperz.ico
2003-06-10 01:19 3774 --a------ C:\Program Files\dellete\Joins.ico
2003-06-10 01:12 3774 --a------ C:\Program Files\dellete\Sound.ico
2003-05-22 20:46 822 --a------ C:\Program Files\dellete\DoNotDel.bmp
2003-04-25 16:08 159406 --a------ C:\Program Files\dellete\Protekcije Kanala.ico
2003-04-25 16:00 159406 --a------ C:\Program Files\dellete\mailclient.ico
2003-04-25 15:58 159406 --a------ C:\Program Files\dellete\Love.ico
2003-04-25 15:55 159406 --a------ C:\Program Files\dellete\Nlc.ico
2003-04-25 15:52 159406 --a------ C:\Program Files\dellete\Caps-Flood-Clon.ico
2003-04-25 15:41 159406 --a------ C:\Program Files\dellete\Programs.ico
2003-04-25 15:31 159406 --a------ C:\Program Files\dellete\Scaners.ico
2003-03-06 05:27 0 --a------ C:\Program Files\dellete\channel.txt
2003-03-06 04:55 0 --a------ C:\Program Files\dellete\Notice.txt
2003-03-06 04:55 0 --a------ C:\Program Files\dellete\Mode.txt
2003-03-06 04:55 0 --a------ C:\Program Files\dellete\kickban.txt
2003-02-22 19:29 27019 --a------ C:\Program Files\dellete\bg.jpg
2003-02-18 05:52 42056 --a------ C:\Program Files\dellete\away_system.bmp
2003-02-17 15:23 0 --a------ C:\Program Files\dellete\Query.txt
2003-02-17 15:23 0 --a------ C:\Program Files\dellete\Page.txt
2003-02-07 02:43 159406 --a------ C:\Program Files\dellete\Ghost.ico
2003-01-30 04:13 51200 --a------ C:\Program Files\dellete\airc.dll
2003-01-07 23:17 159406 --a------ C:\Program Files\dellete\Invite.ico
2003-01-07 23:15 159406 --a------ C:\Program Files\dellete\Aid.ico
2003-01-07 23:13 159406 --a------ C:\Program Files\dellete\Control Panel.ico
2003-01-01 15:05 22798 --a------ C:\Program Files\dellete\msn2.ico
2002-12-22 00:18 2136 --a------ C:\Program Files\dellete\mircscripts.jpg
2002-12-20 17:39 4150 --a------ C:\Program Files\dellete\info.ico
2002-11-18 00:25 16694 --a------ C:\Program Files\dellete\fav.ico
2002-11-14 18:03 442 --a------ C:\Program Files\dellete\killmsg.txt
2002-11-14 18:03 0 --a------ C:\Program Files\dellete\ignore
2002-11-12 18:34 32870 --a------ C:\Program Files\dellete\map.jpg
2002-11-12 18:33 4633 --a------ C:\Program Files\dellete\earthv-sockets.mrc
2002-11-11 21:15 3329 --a------ C:\Program Files\dellete\EarthView-Readme.txt
2002-11-11 19:47 9689 --a------ C:\Program Files\dellete\countries.ini
2002-10-19 17:21 246 --a------ C:\Program Files\dellete\tshelp.txt
2002-09-29 21:30 25226 --a------ C:\Program Files\dellete\Pc.ico
2002-09-25 14:00 62130 --a------ C:\Program Files\dellete\offline.wav
2002-09-25 13:57 58722 --a------ C:\Program Files\dellete\online.wav
2002-09-25 13:46 11080 --a------ C:\Program Files\dellete\netsplitx.wav
2002-09-25 12:48 25044 --a------ C:\Program Files\dellete\-v.wav
2002-09-25 12:47 21046 --a------ C:\Program Files\dellete\+v.wav
2002-09-25 11:50 38032 --a------ C:\Program Files\dellete\conestablished.wav
2002-09-25 01:08 55558 --a------ C:\Program Files\dellete\lol7.wav
2002-09-14 18:07 55188 --a------ C:\Program Files\dellete\back.wav
2002-09-14 18:07 49676 --a------ C:\Program Files\dellete\away.wav
2002-08-27 23:28 80248 --a------ C:\Program Files\dellete\lol9.MP3
2002-08-14 23:12 4608 --a------ C:\Program Files\dellete\mircustom.dll
2002-08-09 16:24 17542 --a------ C:\Program Files\dellete\ppop.ico
2002-07-31 23:10 34494 --a------ C:\Program Files\dellete\Personal Info.ico
2002-07-28 16:38 766 --a------ C:\Program Files\dellete\Acros.ico
2002-07-28 12:25 5694 --a------ C:\Program Files\dellete\warn.ico
2002-07-28 11:27 2238 --a------ C:\Program Files\dellete\Ignore.ico
2002-07-25 00:20 64365 --a------ C:\Program Files\dellete\lol8.MP3
2002-07-24 19:02 212 --a------ C:\Program Files\dellete\xscolor.ini
2002-07-12 22:03 4150 --a------ C:\Program Files\dellete\nickserv.ico
2002-07-10 19:29 4150 --a------ C:\Program Files\dellete\chanserv.ico
2002-06-17 01:09 34304 --a------ C:\Program Files\dellete\CTL_GEN.MDX
2002-06-17 01:09 26112 --a------ C:\Program Files\dellete\bars.mdx
2002-06-17 01:09 19968 --a------ C:\Program Files\dellete\dialog.mdx
2002-06-11 18:44 766 --a------ C:\Program Files\dellete\msdx.ico
2002-06-11 18:40 3774 --a------ C:\Program Files\dellete\winzx.ico
2002-06-11 18:31 3774 --a------ C:\Program Files\dellete\outx.ico
2002-06-11 18:28 766 --a------ C:\Program Files\dellete\addrbookx.ico
2002-06-11 18:13 766 --a------ C:\Program Files\dellete\tnetx.ico
2002-06-11 17:28 766 --a------ C:\Program Files\dellete\Ping.ico
2002-06-11 14:20 3774 --a------ C:\Program Files\dellete\movmakx.ico
2002-06-11 14:15 766 --a------ C:\Program Files\dellete\mixx.ico
2002-06-11 14:09 766 --a------ C:\Program Files\dellete\srecx.ico
2002-06-11 14:06 3774 --a------ C:\Program Files\dellete\cdplay2x.ico
2002-06-11 13:59 3774 --a------ C:\Program Files\dellete\cdplayx.ico
2002-06-11 13:45 766 --a------ C:\Program Files\dellete\imagingx.ico
2002-06-11 13:40 766 --a------ C:\Program Files\dellete\pbrushx.ico
2002-06-11 13:37 766 --a------ C:\Program Files\dellete\calcx.ico
2002-06-11 13:32 766 --a------ C:\Program Files\dellete\wordpadx.ico
2002-06-11 11:40 766 --a------ C:\Program Files\dellete\ncpro.ico
2002-05-24 02:27 4096 --a------ C:\Program Files\dellete\color.dll
2002-03-27 23:09 85504 --a------ C:\Program Files\dellete\WC2.dll
2002-03-03 22:39 59914 --a------ C:\Program Files\dellete\ircop.wav
2002-02-07 15:15 5762 --a------ C:\Program Files\dellete\+o.wav
2002-02-07 15:15 3862 --a------ C:\Program Files\dellete\-o.wav
2002-02-03 22:25 25600 --a------ C:\Program Files\dellete\tbwin.dll
2002-01-08 18:59 45718 --a------ C:\Program Files\dellete\clones.wav
2002-01-04 01:41 1406 --a------ C:\Program Files\dellete\gns.ico
2001-12-29 23:21 4150 --a------ C:\Program Files\dellete\pager.ico
2001-12-29 22:40 4150 --a------ C:\Program Files\dellete\settings.ico
2001-12-10 18:35 54924 --a------ C:\Program Files\dellete\xsend.wav
2001-12-10 16:41 49324 --a------ C:\Program Files\dellete\failed.wav
2001-11-14 20:09 32038 --a------ C:\Program Files\dellete\spy.ico
2001-11-12 02:28 39520 --a------ C:\Program Files\dellete\lol11.MP3
2001-11-10 12:24 28672 --a------ C:\Program Files\dellete\ProcInfo.dll
2001-09-05 08:25 98988 --a------ C:\Program Files\dellete\lol 12.WAV
2001-08-03 19:09 22049 --a------ C:\Program Files\dellete\name.jpg
2001-07-18 19:03 46856 --a------ C:\Program Files\dellete\mejoin.wav
2001-07-13 21:48 2238 --a------ C:\Program Files\dellete\exitmail.ico
2001-07-13 21:45 2238 --a------ C:\Program Files\dellete\emailerz.ico
2001-07-13 19:45 2238 --a------ C:\Program Files\dellete\E-mailC.ico
2001-05-10 09:54 3262 --a------ C:\Program Files\dellete\Mail - Retrive.ico
2001-05-10 09:54 3262 --a------ C:\Program Files\dellete\Mail - Exit.ico
2001-05-10 09:54 3262 --a------ C:\Program Files\dellete\Mail - Check.ico
2001-05-10 09:53 3262 --a------ C:\Program Files\dellete\Mail - Setup.ico
2001-05-10 09:53 3262 --a------ C:\Program Files\dellete\Mail - Send.ico
2001-05-10 09:53 3262 --a------ C:\Program Files\dellete\Mail - OutBox.ico
2001-05-10 09:53 3262 --a------ C:\Program Files\dellete\Mail - InBox.ico
2001-05-09 10:01 26598 --a------ C:\Program Files\dellete\SSIconz.icl
2001-04-24 01:42 31390 --a------ C:\Program Files\dellete\irclean.exe
2001-03-22 19:57 409 --a------ C:\Program Files\dellete\ial-uppdater.ini
2001-03-02 18:33 23405 --a------ C:\Program Files\dellete\Nece.mp3
2001-02-20 04:32 7358 --a------ C:\Program Files\dellete\hlp.ico
2001-02-20 03:44 7358 --a------ C:\Program Files\dellete\about.ico
2001-02-08 21:08 2238 --a------ C:\Program Files\dellete\PREV05.ICO
2001-02-08 21:08 2238 --a------ C:\Program Files\dellete\PREV03.ICO
2001-02-08 21:08 2238 --a------ C:\Program Files\dellete\PREV02.ICO
2001-02-08 21:08 2238 --a------ C:\Program Files\dellete\PREV01.ICO
2001-02-08 21:07 2238 --a------ C:\Program Files\dellete\PREV08.ICO
2001-02-08 21:07 2238 --a------ C:\Program Files\dellete\PREV07.ICO
2001-02-08 21:07 2238 --a------ C:\Program Files\dellete\PREV06.ICO
2001-02-08 21:07 2238 --a------ C:\Program Files\dellete\PREV.ICO
2001-02-08 21:06 2238 --a------ C:\Program Files\dellete\PREV04.ICO
2001-02-04 18:27 2348 --a------ C:\Program Files\dellete\UNINSTAL.DAT
2001-02-04 00:40 2238 --a------ C:\Program Files\dellete\PREV11.ICO
2001-02-04 00:37 2238 --a------ C:\Program Files\dellete\PREV10.ICO
2001-02-03 02:54 2238 --a------ C:\Program Files\dellete\PREV09.ICO
2001-01-04 13:35 4150 --a------ C:\Program Files\dellete\Logs.ico
2000-11-01 17:03 35328 --a------ C:\Program Files\dellete\swamp.dll
2000-10-30 15:41 241664 --a------ C:\Program Files\dellete\iplookup.exe
2000-09-08 16:46 1254706 --a------ C:\Program Files\dellete\lol10.wav
2000-08-28 23:00 71528 --a------ C:\Program Files\dellete\downloaded.wav
2000-07-30 01:05 22528 --a------ C:\Program Files\dellete\popups.dll
2000-07-12 21:58 55970 --a------ C:\Program Files\dellete\iplookup.chm
2000-06-08 17:00 3002 --a------ C:\Program Files\dellete\mail.wav
2000-05-27 00:10 76480 --a------ C:\Program Files\dellete\slam.exe
2000-04-16 14:57 76288 --a------ C:\Program Files\dellete\Lovex.exe
2000-04-15 12:17 4150 --a------ C:\Program Files\dellete\Pretrazivac.ico
2000-04-08 18:04 38764 --a------ C:\Program Files\dellete\lol6.wav
2000-04-08 18:04 26298 --a------ C:\Program Files\dellete\Nece.wav
2000-04-08 18:04 26298 --a------ C:\Program Files\dellete\lol5.wav
2000-04-08 18:04 22830 --a------ C:\Program Files\dellete\lol3.wav
2000-04-08 18:04 18632 --a------ C:\Program Files\dellete\lol4.wav
2000-04-08 18:03 37026 --a------ C:\Program Files\dellete\lol1.wav
2000-04-03 20:13 3638 -ra------ C:\Program Files\dellete\Msn.ico
1999-12-07 16:00 13026 --a------ C:\Program Files\dellete\notice.WAV
1999-12-07 13:00 21260 --a------ C:\Program Files\dellete\Blip.wav
1999-12-07 12:00 3180 --a------ C:\Program Files\dellete\type.wav
1999-12-05 09:21 2238 --a------ C:\Program Files\dellete\malaysia.ico
1999-11-26 19:21 10600 --a------ C:\Program Files\dellete\nickhighlight.wav
1999-10-11 17:01 49854 --a------ C:\Program Files\dellete\lol13.WAV
1999-09-26 12:17 2238 --a------ C:\Program Files\dellete\setupmail.ico
1999-07-22 02:00 60528 --a------ C:\Program Files\dellete\HANGMAN.EXE
1999-06-04 01:14 4710 --a------ C:\Program Files\dellete\Awaysys.ico
1999-06-03 11:14 4710 --a------ C:\Program Files\dellete\away1.ico
1999-04-24 00:22 11548 --a------ C:\Program Files\dellete\mepart.wav
1998-09-11 02:46 77824 --a------ C:\Program Files\dellete\MC.EXE
1998-08-26 11:33 14185 --a------ C:\Program Files\dellete\pm.wav
1998-08-20 18:55 1078 --a------ C:\Program Files\dellete\MemoExpress.ICO
1998-07-12 03:38 23920 --a------ C:\Program Files\dellete\inviter.wav
1998-06-28 19:41 2238 --a------ C:\Program Files\dellete\greet.ico
1998-05-17 00:00 2238 --a------ C:\Program Files\dellete\Rainbow.cur
1997-11-24 16:31 10712 --a------ C:\Program Files\dellete\kicked.wav
1997-11-01 13:58 8122 --a------ C:\Program Files\dellete\chat.wav
1997-04-13 10:15 58497 --a------ C:\Program Files\dellete\pager.wav
1996-08-10 03:52 5694 --a------ C:\Program Files\dellete\Real-Time.ico
1996-08-10 03:52 5694 --a------ C:\Program Files\dellete\icon.ico
1994-03-18 10:24 9232 --a------ C:\Program Files\dellete\ABOUTWEP.DLL
1994-03-18 10:24 27648 --a------ C:\Program Files\dellete\PEGGED.EXE
1993-11-09 03:46 5260 --a------ C:\Program Files\dellete\Ping.wav
1993-07-22 19:14 22156 --a------ C:\Program Files\dellete\ban.wav
1993-02-17 13:43 8646 --a------ C:\Program Files\dellete\conaborted.wav
1992-04-14 12:49 11404 --a------ C:\Program Files\dellete\dcc.wav
1991-09-30 18:00 11216 --a------ C:\Program Files\dellete\STICKS.EXE
1991-09-30 10:00 63488 --a------ C:\Program Files\dellete\blocks.exe
1991-07-19 03:01 53248 --a------ C:\Program Files\dellete\TicTac.EXE


------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-07-21 10:09 50256]
"WFXSwtch"="C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe" [2001-07-19 09:04 26624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 23:21 185896]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-07-19 09:04 43520 C:\WINDOWS\system32\WFXSNT40.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CleanSweep Smart Sweep-Internet Sweep.lnk - C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe [2007-11-01 14:19:25 221184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R3 KCIRDA;%KCIRDA.ServiceDesc%;C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2001-10-04 10:23]
R3 QDFSDRV;QDFSDRV;C:\WINDOWS\system32\drivers\qdfsdrv.sys [2001-07-26 12:17]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2001-10-11 08:51]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe [2001-07-21 10:14]

2008-07-25 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE [2001-07-24 17:35]

2008-08-09 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2001-07-26 13:23]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 18:16:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-08-09 18:18:18
ComboFix-quarantined-files.txt 2008-08-09 16:18:13
ComboFix2.txt 2008-08-09 15:19:57
ComboFix3.txt 2008-08-09 13:29:30
ComboFix4.txt 2008-05-17 20:32:38
ComboFix5.txt 2008-08-09 16:13:19

Pre-Run: 8,105,332,736 bytes free
Post-Run: 8,092,672,000 bytes free

642

Poslao: 09 Avg 2008 20:08
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Racunar je sada generalno cist, osim jedne stvari koja mi se ne svidja.
Imas tu mIRC skriptu u folderu dellete, a ta skripta sadrzi gomilu EXE fajlova, izmedju ostalog i terminal emulator, sto je meni jako sumnjivo.

Ja bih te zamolio da tu skriptu deinstaliras, i da instaliras obican mIRC.

Zamolio bih te takodje, ukoliko zelis, da mi uploadujes fajlove koje je ComboFix obrisao.
To mozes uciniti tako sto ces da spakujes u jedan ZIP ceo folder C:\QooBox\quarantine i da mi taj ZIP (ili RAR, sve jedno) uploadujes preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

MyCity » Ambulanta -> Arhiva Ambulante » dosadni XPSecurityCenter

Ko je trenutno na forumu
 

Ukupno su 797 korisnika na forumu :: 31 registrovanih, 7 sakrivenih i 759 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Atomski čoban, babaroga, bestguarder, bobomicek, debeli, djboj, grenadir, Herman Terrance Aubrey, HrcAk47, janbo, Krusarac, ladro, laki_bb, Lord Nem, Metanoja, milutin134, mkukoleca, mrav pesadinac, nesa1962, Nikolaa11, Pikac-47, robert1979, sevenino, Srki94, tomigun, vathra, Vlajman1957, yufighter, zillbg, |_MeD_|