Da li sam se zarazila?!

4

Da li sam se zarazila?!

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Nemam kod sebe cd windowsa.... sta ce biti ako zatrazi a ja ga nema?! Ce prekinuti, nesto poremetiti ili mogu bezbedno da ga ugasim i kad uzmem cd ponovo pokrenem?!

Ostao mi cd u Zrenjaninu a ja sam u Beogradu do ko zna kad pa pitam cisto da znam sta mi je ciniti....

Dopuna: 18 Mar 2009 23:51

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:51, on 18.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Sandra\Desktop\AAAAAA\bbbb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.eu.avon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....9293699312
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.eu.avon.com/dwa7W.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11196 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

HJT je cist.

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

ComboFix 09-04-04.01 - Sandra 2009-04-07 12:45:01.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2226 [GMT 2:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\temp\28.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-05 22:14 . 2009-04-05 22:14 1,213,320 --a------ c:\windows\system32\trjscan.trb
2009-04-05 22:14 . 2009-04-05 22:14 905,608 --a------ c:\windows\system32\trupd.trb
2009-04-05 22:14 . 2009-04-05 22:14 35,440 --a------ c:\windows\system32\sschk.trb
2009-04-05 22:13 . 2009-03-30 16:53 2,929,528 --a------ c:\windows\system32\rmt.trb
2009-04-05 22:13 . 2009-03-23 18:00 1,295,224 --a------ c:\windows\system32\rmvtrjan.trb
2009-04-05 22:10 . 2009-04-05 22:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 22:09 . 2009-04-05 22:16 <DIR> d-------- c:\program files\Trojan Remover
2009-04-05 22:09 . 2009-04-05 22:09 <DIR> d-------- c:\documents and settings\Sandra\Application Data\Simply Super Software
2009-04-05 22:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-04-05 09:55 . 2009-04-05 09:55 102,475 --a------ c:\windows\system32\msvcrt2.dll
2009-03-21 15:58 . 2009-03-21 15:58 14 --a------ c:\windows\popcinfo.dat
2009-03-20 01:02 . 2009-03-20 01:02 <DIR> d-------- c:\program files\Bonjour
2009-03-19 08:33 . 2009-03-09 02:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-19 08:32 . 2009-04-01 09:01 <DIR> d-------- c:\program files\Java
2009-03-19 00:51 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-19 00:51 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-19 00:51 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-18 16:00 . 2006-09-06 18:43 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-03-18 15:59 . 2009-03-19 01:03 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-18 15:55 . 2008-12-21 01:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-18 15:55 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-18 15:55 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-18 15:55 . 2008-12-21 01:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-18 15:55 . 2008-12-21 01:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-18 15:55 . 2008-12-21 01:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-18 15:55 . 2008-12-21 01:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-18 15:55 . 2008-12-21 01:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-18 15:55 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-17 22:17 . 2009-03-17 22:17 <DIR> d-------- c:\windows\Internet Logs
2009-03-17 19:24 . 2009-03-17 19:24 8 --a------ c:\windows\system32\success
2009-03-17 19:22 . 2009-03-17 19:22 <DIR> d-------- c:\program files\Common Files\Deterministic Networks
2009-03-17 19:22 . 2009-03-17 19:22 <DIR> d-------- c:\program files\Cisco Systems
2009-03-17 19:22 . 2004-01-26 16:01 268,872 --a------ c:\windows\system32\drivers\CVPNDRVA.sys
2009-03-17 19:22 . 2003-07-24 20:55 139,604 --a------ c:\windows\system32\drivers\dne2000.sys
2009-03-17 19:22 . 2004-01-26 16:01 139,280 --a------ c:\windows\system32\CSGina.dll
2009-03-17 19:22 . 2003-07-24 20:55 114,000 --a------ c:\windows\system32\dneinobj.dll
2009-03-17 19:22 . 2003-05-01 14:26 5,220 --a------ c:\windows\system32\drivers\CVirtA.sys
2009-03-17 19:05 . 2009-03-17 19:05 <DIR> dr------- c:\program files\Skype
2009-03-17 19:05 . 2009-04-07 12:45 <DIR> d-------- c:\documents and settings\Sandra\Application Data\Skype
2009-03-17 19:05 . 2009-03-17 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-03-16 18:25 . 2009-03-16 18:25 <DIR> d-------- c:\program files\Interwoven
2009-03-16 18:25 . 2009-03-16 18:25 <DIR> d-------- c:\program files\Common Files\Interwoven
2009-03-16 17:57 . 2009-03-17 14:08 <DIR> d-------- C:\IWTemp
2009-03-15 17:58 . 2009-03-15 18:10 <DIR> d-------- c:\documents and settings\Sandra\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 10:49 26,940,960 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-07 10:49 1,511,968 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-07 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-06 21:20 360,068 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-06 21:20 144,452 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-28 16:41 --------- d-----w c:\documents and settings\Sandra\Application Data\POP Peeper
2009-03-21 13:20 --------- d-----w c:\documents and settings\All Users\Application Data\Phenomedia
2009-03-19 23:02 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 05:26 --------- d-----w c:\program files\POP Peeper
2009-03-17 17:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 16:01 --------- d-----w c:\program files\WordWeb
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 22:57 1,851,544 ----a-w c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-15_11.43.09.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-02 17:07:40 1,914,440 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-04-14 12:00:00 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2008-04-14 12:00:00 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2008-04-14 12:00:00 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-04-14 12:00:00 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-04-14 12:00:00 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-04-14 12:00:00 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2008-04-14 12:00:00 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 12:00:00 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2008-04-14 12:00:00 143,360 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2008-04-14 12:00:00 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2008-04-14 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2008-04-14 12:00:00 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-04-14 12:00:00 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2008-04-14 12:00:00 251,904 -c--a-w c:\windows\ie7\iepeers.dll
+ 2008-04-14 12:00:00 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2008-04-14 12:00:00 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2008-04-14 12:00:00 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2008-04-14 12:00:00 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-04-14 12:00:00 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2008-04-14 12:00:00 15,872 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2008-04-14 12:00:00 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2008-04-14 12:00:00 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-04-14 12:00:00 3,066,880 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-04-14 12:00:00 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2008-04-14 12:00:00 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2008-04-14 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-04-14 12:00:00 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-04-14 12:00:00 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2008-04-14 12:00:00 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-04-14 12:00:00 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-13 17:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 17:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2008-04-14 12:00:00 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-04-14 12:00:00 619,520 -c--a-w c:\windows\ie7\urlmon.dll
+ 2008-04-14 12:00:00 851,968 -c--a-w c:\windows\ie7\vgx.dll
+ 2008-04-14 12:00:00 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-04-14 12:00:00 666,112 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 17:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 17:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 16:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 17:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 17:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 17:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 17:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 17:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll.000
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll.000
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dat
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll.000
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll.000
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll.000
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll.000
+ 2008-08-27 12:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-08-27 12:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll.000
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll.000
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll.000
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll.000
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll.000
+ 2008-10-14 23:42:46 13,219,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroRd32.dll
+ 2009-03-17 17:05:44 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-03-18 14:28:59 10,134 ----a-r c:\windows\Installer\{A5D9626C-3459-45C6-9095-24BEC8A0DA76}\ARPPRODUCTICON.exe
- 2009-01-12 20:27:29 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2009-03-27 12:36:50 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
- 2009-01-12 20:27:31 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2009-03-27 12:36:51 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
- 2009-01-12 20:27:31 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2009-03-27 12:36:51 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
- 2009-01-12 20:27:31 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2009-03-27 12:36:51 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
- 2009-01-12 20:27:31 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2009-03-27 12:36:51 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
- 2009-01-12 20:27:29 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2009-03-27 12:36:50 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2009-01-05 11:48:22 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2009-03-27 12:41:28 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-04-14 12:00:00 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2008-04-14 12:00:00 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-04-14 12:00:00 61,440 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 17:39:20 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2008-04-14 12:00:00 99,840 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-04-14 12:00:00 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 17:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
- 2008-04-14 12:00:00 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-14 12:00:00 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-04-14 12:00:00 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-04-14 12:00:00 38,912 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-04-14 12:00:00 34,304 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00:00 143,360 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-04-14 12:00:00 216,576 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-04-14 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-04-14 12:00:00 323,584 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00:00 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2008-04-14 12:00:00 251,904 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00:00 48,640 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-04-14 12:00:00 62,976 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 17:39:12 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-04-14 12:00:00 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-04-14 12:00:00 35,840 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 17:36:06 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2008-04-14 12:00:00 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-04-14 12:00:00 15,872 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 12:00:00 22,016 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-14 12:00:00 29,184 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 17:32:30 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2008-04-14 12:00:00 3,066,880 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 20:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-04-14 12:00:00 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 12:00:00 56,832 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2008-04-14 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-04-14 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-04-14 12:00:00 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00:00 96,256 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-04-14 12:00:00 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 12:00:00 37,888 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-04-14 12:00:00 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-04-14 12:00:00 851,968 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2007-08-13 17:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll
- 2008-04-14 12:00:00 276,480 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-04-14 12:00:00 666,112 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 11:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
+ 2006-02-28 11:41:22 53,248 ----a-w c:\windows\system32\dnssd.dll
- 2008-04-14 12:00:00 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2008-04-14 12:00:00 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dxtrans.dll
- 2008-04-14 12:00:00 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2008-04-14 12:00:00 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-04-14 12:00:00 143,360 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-04-14 12:00:00 216,576 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-04-14 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-14 12:00:00 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-14 12:00:00 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2008-04-14 12:00:00 48,640 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-14 12:00:00 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2008-04-14 12:00:00 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2008-04-14 12:00:00 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2008-12-15 00:45:11 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-03-09 03:19:11 144,792 ----a-w c:\windows\system32\java.exe
- 2008-12-15 00:45:11 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-09 03:19:13 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-12-15 00:45:11 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-09 03:19:13 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-04-14 12:00:00 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ------w c:\windows\system32\jsproxy.dll
- 2008-04-14 12:00:00 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-03-24 13:15:33 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-25 11:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2008-04-14 12:00:00 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-04-14 12:00:00 3,066,880 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 20:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-14 12:00:00 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ------w c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00:00 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-02-13 15:22:54 947,472 ----a-w c:\windows\system32\msjava.dll
- 2008-04-14 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-04-14 12:00:00 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\msrating.dll
- 2008-04-14 12:00:00 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll
- 2008-04-14 12:00:00 96,256 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll
- 2009-03-15 10:09:16 58,998 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-07 07:05:10 58,998 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-15 10:09:16 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-07 07:05:10 392,864 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 12:00:00 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2007-03-06 01:22:36 14,048 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 12:00:00 37,888 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-04-14 12:00:00 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2003-08-28 20:40:22 62,560 ----a-w c:\windows\system32\vsdata.dll
+ 2003-08-28 20:40:26 189,792 ----a-w c:\windows\system32\vsdatant.sys
+ 2003-08-28 20:40:38 74,848 ----a-w c:\windows\system32\vsinit.dll
- 2008-04-14 12:00:00 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-04-14 12:00:00 666,112 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2007-07-11 16:32:22 338,888 ----a-w c:\windows\system32\xmlredist.exe
+ 2009-04-07 07:01:13 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-12 1429504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-05 1213320]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [4/14/2008 3:03:54 PM 596584]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [3/17/2009 7:22:04 PM 1466384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [5/27/2004 7:13:04 PM 16269]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 2:28:40 PM 24592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 1:18:09 AM 41376]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 12:31:54 PM 98328]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/14/2008 1:34:03 AM 57408]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-msile


.
------- Supplementary Scan -------
.
uStart Page = https://webmail.eu.avon.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {A76910A9-1170-4DE7-BD74-B31628C07E20} = 134.65.181.11,134.65.181.109
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=home
FF - plugin: c:\program files\Mozilla Firefox\plugins\np72esk32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPeWebEditPro.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 12:49:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(828-)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Completion time: 2009-04-07 12:50:58
ComboFix-quarantined-files.txt 2009-04-07 10:50:56
ComboFix2.txt 2009-03-15 12:53:09
ComboFix3.txt 2009-03-15 12:19:25
ComboFix4.txt 2009-03-15 11:46:43
ComboFix5.txt 2009-03-15 13:15:21

Pre-Run: 9.628.131.328 bytes free
Post-Run: 10,006,958,080 bytes free

496 --- E O F --- 2009-03-18 23:03:27

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

ComboFix 09-04-04.01 - Sandra 2009-04-07 12:45:01.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2226 [GMT 2:00]
Running from: c:\documents and settings\Sandra\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\temp\28.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-05 22:14 . 2009-04-05 22:14 1,213,320 --a------ c:\windows\system32\trjscan.trb
2009-04-05 22:14 . 2009-04-05 22:14 905,608 --a------ c:\windows\system32\trupd.trb
2009-04-05 22:14 . 2009-04-05 22:14 35,440 --a------ c:\windows\system32\sschk.trb
2009-04-05 22:13 . 2009-03-30 16:53 2,929,528 --a------ c:\windows\system32\rmt.trb
2009-04-05 22:13 . 2009-03-23 18:00 1,295,224 --a------ c:\windows\system32\rmvtrjan.trb
2009-04-05 22:10 . 2009-04-05 22:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 22:09 . 2009-04-05 22:16 <DIR> d-------- c:\program files\Trojan Remover
2009-04-05 22:09 . 2009-04-05 22:09 <DIR> d-------- c:\documents and settings\Sandra\Application Data\Simply Super Software
2009-04-05 22:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-04-05 09:55 . 2009-04-05 09:55 102,475 --a------ c:\windows\system32\msvcrt2.dll
2009-03-21 15:58 . 2009-03-21 15:58 14 --a------ c:\windows\popcinfo.dat
2009-03-20 01:02 . 2009-03-20 01:02 <DIR> d-------- c:\program files\Bonjour
2009-03-19 08:33 . 2009-03-09 02:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-19 08:32 . 2009-04-01 09:01 <DIR> d-------- c:\program files\Java
2009-03-19 00:51 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-19 00:51 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-19 00:51 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-18 16:00 . 2006-09-06 18:43 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-03-18 15:59 . 2009-03-19 01:03 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-18 15:55 . 2008-12-21 01:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-18 15:55 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-18 15:55 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-18 15:55 . 2008-12-21 01:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-18 15:55 . 2008-12-21 01:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-18 15:55 . 2008-12-21 01:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-18 15:55 . 2008-12-21 01:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-18 15:55 . 2008-12-21 01:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-18 15:55 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-17 22:17 . 2009-03-17 22:17 <DIR> d-------- c:\windows\Internet Logs
2009-03-17 19:24 . 2009-03-17 19:24 8 --a------ c:\windows\system32\success
2009-03-17 19:22 . 2009-03-17 19:22 <DIR> d-------- c:\program files\Common Files\Deterministic Networks
2009-03-17 19:22 . 2009-03-17 19:22 <DIR> d-------- c:\program files\Cisco Systems
2009-03-17 19:22 . 2004-01-26 16:01 268,872 --a------ c:\windows\system32\drivers\CVPNDRVA.sys
2009-03-17 19:22 . 2003-07-24 20:55 139,604 --a------ c:\windows\system32\drivers\dne2000.sys
2009-03-17 19:22 . 2004-01-26 16:01 139,280 --a------ c:\windows\system32\CSGina.dll
2009-03-17 19:22 . 2003-07-24 20:55 114,000 --a------ c:\windows\system32\dneinobj.dll
2009-03-17 19:22 . 2003-05-01 14:26 5,220 --a------ c:\windows\system32\drivers\CVirtA.sys
2009-03-17 19:05 . 2009-03-17 19:05 <DIR> dr------- c:\program files\Skype
2009-03-17 19:05 . 2009-04-07 12:45 <DIR> d-------- c:\documents and settings\Sandra\Application Data\Skype
2009-03-17 19:05 . 2009-03-17 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-03-16 18:25 . 2009-03-16 18:25 <DIR> d-------- c:\program files\Interwoven
2009-03-16 18:25 . 2009-03-16 18:25 <DIR> d-------- c:\program files\Common Files\Interwoven
2009-03-16 17:57 . 2009-03-17 14:08 <DIR> d-------- C:\IWTemp
2009-03-15 17:58 . 2009-03-15 18:10 <DIR> d-------- c:\documents and settings\Sandra\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 10:49 26,940,960 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-07 10:49 1,511,968 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-07 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-06 21:20 360,068 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-06 21:20 144,452 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-28 16:41 --------- d-----w c:\documents and settings\Sandra\Application Data\POP Peeper
2009-03-21 13:20 --------- d-----w c:\documents and settings\All Users\Application Data\Phenomedia
2009-03-19 23:02 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 05:26 --------- d-----w c:\program files\POP Peeper
2009-03-17 17:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 16:01 --------- d-----w c:\program files\WordWeb
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 22:57 1,851,544 ----a-w c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-15_11.43.09.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-02 17:07:40 1,914,440 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-04-14 12:00:00 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2008-04-14 12:00:00 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2008-04-14 12:00:00 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-04-14 12:00:00 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-04-14 12:00:00 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-04-14 12:00:00 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2008-04-14 12:00:00 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 12:00:00 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2008-04-14 12:00:00 143,360 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2008-04-14 12:00:00 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2008-04-14 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2008-04-14 12:00:00 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-04-14 12:00:00 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2008-04-14 12:00:00 251,904 -c--a-w c:\windows\ie7\iepeers.dll
+ 2008-04-14 12:00:00 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2008-04-14 12:00:00 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2008-04-14 12:00:00 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2008-04-14 12:00:00 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-04-14 12:00:00 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2008-04-14 12:00:00 15,872 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2008-04-14 12:00:00 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2008-04-14 12:00:00 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-04-14 12:00:00 3,066,880 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-04-14 12:00:00 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2008-04-14 12:00:00 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2008-04-14 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-04-14 12:00:00 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-04-14 12:00:00 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2008-04-14 12:00:00 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-04-14 12:00:00 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-13 17:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 17:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2008-04-14 12:00:00 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-04-14 12:00:00 619,520 -c--a-w c:\windows\ie7\urlmon.dll
+ 2008-04-14 12:00:00 851,968 -c--a-w c:\windows\ie7\vgx.dll
+ 2008-04-14 12:00:00 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-04-14 12:00:00 666,112 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 17:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 17:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 16:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 17:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 17:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 17:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 17:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 17:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll.000
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll.000
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dat
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll.000
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll.000
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll.000
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll.000
+ 2008-08-27 12:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-08-27 12:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll.000
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll.000
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll.000
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll.000
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll.000
+ 2008-10-14 23:42:46 13,219,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroRd32.dll
+ 2009-03-17 17:05:44 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-03-18 14:28:59 10,134 ----a-r c:\windows\Installer\{A5D9626C-3459-45C6-9095-24BEC8A0DA76}\ARPPRODUCTICON.exe
- 2009-01-12 20:27:29 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2009-03-27 12:36:50 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
- 2009-01-12 20:27:31 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2009-03-27 12:36:51 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
- 2009-01-12 20:27:31 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2009-03-27 12:36:51 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
- 2009-01-12 20:27:31 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2009-03-27 12:36:51 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
- 2009-01-12 20:27:31 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2009-03-27 12:36:51 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
- 2009-01-12 20:27:29 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2009-03-27 12:36:50 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2009-01-05 11:48:22 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2009-03-27 12:41:28 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-04-14 12:00:00 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2008-04-14 12:00:00 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-04-14 12:00:00 61,440 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 17:39:20 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2008-04-14 12:00:00 99,840 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-04-14 12:00:00 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 17:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
- 2008-04-14 12:00:00 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-14 12:00:00 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-04-14 12:00:00 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-04-14 12:00:00 38,912 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-04-14 12:00:00 34,304 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00:00 143,360 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-04-14 12:00:00 216,576 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-04-14 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-04-14 12:00:00 323,584 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00:00 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2008-04-14 12:00:00 251,904 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00:00 48,640 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-04-14 12:00:00 62,976 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 17:39:12 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-04-14 12:00:00 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-04-14 12:00:00 35,840 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 17:36:06 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2008-04-14 12:00:00 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-04-14 12:00:00 15,872 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 12:00:00 22,016 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-14 12:00:00 29,184 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 17:32:30 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2008-04-14 12:00:00 3,066,880 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 20:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-04-14 12:00:00 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 12:00:00 56,832 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2008-04-14 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-04-14 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-04-14 12:00:00 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00:00 96,256 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-04-14 12:00:00 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 12:00:00 37,888 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-04-14 12:00:00 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-04-14 12:00:00 851,968 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2007-08-13 17:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll
- 2008-04-14 12:00:00 276,480 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-04-14 12:00:00 666,112 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 11:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
+ 2006-02-28 11:41:22 53,248 ----a-w c:\windows\system32\dnssd.dll
- 2008-04-14 12:00:00 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2008-04-14 12:00:00 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dxtrans.dll
- 2008-04-14 12:00:00 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2008-04-14 12:00:00 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-04-14 12:00:00 143,360 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-04-14 12:00:00 216,576 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-04-14 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-14 12:00:00 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-14 12:00:00 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2008-04-14 12:00:00 48,640 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-14 12:00:00 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2008-04-14 12:00:00 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2008-04-14 12:00:00 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2008-12-15 00:45:11 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-03-09 03:19:11 144,792 ----a-w c:\windows\system32\java.exe
- 2008-12-15 00:45:11 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-09 03:19:13 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-12-15 00:45:11 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-09 03:19:13 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-04-14 12:00:00 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ------w c:\windows\system32\jsproxy.dll
- 2008-04-14 12:00:00 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-03-24 13:15:33 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-25 11:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2008-04-14 12:00:00 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-04-14 12:00:00 3,066,880 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 20:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-14 12:00:00 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ------w c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00:00 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-02-13 15:22:54 947,472 ----a-w c:\windows\system32\msjava.dll
- 2008-04-14 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-04-14 12:00:00 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\msrating.dll
- 2008-04-14 12:00:00 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll
- 2008-04-14 12:00:00 96,256 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll
- 2009-03-15 10:09:16 58,998 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-07 07:05:10 58,998 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-15 10:09:16 392,864 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-07 07:05:10 392,864 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 12:00:00 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2007-03-06 01:22:36 14,048 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 12:00:00 37,888 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-04-14 12:00:00 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2003-08-28 20:40:22 62,560 ----a-w c:\windows\system32\vsdata.dll
+ 2003-08-28 20:40:26 189,792 ----a-w c:\windows\system32\vsdatant.sys
+ 2003-08-28 20:40:38 74,848 ----a-w c:\windows\system32\vsinit.dll
- 2008-04-14 12:00:00 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-04-14 12:00:00 666,112 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2007-07-11 16:32:22 338,888 ----a-w c:\windows\system32\xmlredist.exe
+ 2009-04-07 07:01:13 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2008-03-12 1429504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-10-20 166456]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13545472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-07-21 450649]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-05 1213320]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-09-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [4/14/2008 3:03:54 PM 596584]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [3/17/2009 7:22:04 PM 1466384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [5/27/2004 7:13:04 PM 16269]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 2:28:40 PM 24592]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/14/2008 1:18:09 AM 41376]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 12:31:54 PM 98328]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [12/14/2008 1:34:03 AM 57408]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-msile


.
------- Supplementary Scan -------
.
uStart Page = https://webmail.eu.avon.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {A76910A9-1170-4DE7-BD74-B31628C07E20} = 134.65.181.11,134.65.181.109
FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\9bo71q6s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=home
FF - plugin: c:\program files\Mozilla Firefox\plugins\np72esk32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPeWebEditPro.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 12:49:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(828-)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Completion time: 2009-04-07 12:50:58
ComboFix-quarantined-files.txt 2009-04-07 10:50:56
ComboFix2.txt 2009-03-15 12:53:09
ComboFix3.txt 2009-03-15 12:19:25
ComboFix4.txt 2009-03-15 11:46:43
ComboFix5.txt 2009-03-15 13:15:21

Pre-Run: 9.628.131.328 bytes free
Post-Run: 10,006,958,080 bytes free

496 --- E O F --- 2009-03-18 23:03:27

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.
Ukoliko imas GMER od ranije, obavezno skini ponovo posto je pre neki dan updateovan.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

File2 i file1 su identicni, tj. okacila si mi pogresan file2.

Odradi jos i sledece:

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili.

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Kako identicni?! U zaglavlju pise drugacije vreme?! Za sadrzaj fajla nemam pojma...
Jel treba ponovo da skeniram taj drugi fajl?!

Sad cu da pustim ovo sto si napisao...
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Daj mi na proveru sledeca dva fajla:
C:\WINDOWS\system32\devenum.dll
C:\WINDOWS\system32\msdmo.dll

Upload uradi preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Uploadovala

Ko je trenutno na forumu
 

Ukupno su 1259 korisnika na forumu :: 30 registrovanih, 8 sakrivenih i 1221 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, amaterSRB, Bobrock1, bojank, bokisha253, Botovac, Brana01, Centauro, cikadeda, dencorr, dragoljub11987, Fabius, FileFinder, Georgius, Griffon vulture, ILGromovnik, Ivica1102, JOntra, Još malo pa deda, Kubovac, Lucije Kvint, Mcdado, Milos ZA, opt1, raptorsi, rodoljub, Srle993, Tvrtko I, vladaa012, vladulns