Prolem:unutra proverenih satova otvara cudne banere

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 12:19:37, on 13.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Nikola\temp\TeamViewer3\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [e89bcbc2] rundll32.exe "C:\WINDOWS\system32\hitkmvak.dll",b
O4 - HKLM\..\Run: [BMeba8f85e] Rundll32.exe "C:\WINDOWS\system32\hcueefrm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...




Skini ComboFix sa jedne od sledecih adresa na Desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.

Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-05-12.1 - Nikola 2008-05-13 18:32:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.603 [GMT 2:00]
Running from: C:\Documents and Settings\Nikola\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbigfste.ini
C:\WINDOWS\system32\cjmjjrdo.ini
C:\WINDOWS\system32\cpfnpyio.dll
C:\WINDOWS\system32\etsfgibb.dll
C:\WINDOWS\system32\hcueefrm.dll
C:\WINDOWS\system32\idyuiuqu.dll
C:\WINDOWS\system32\ihcguieo.dll
C:\WINDOWS\system32\ioeymwtr.dll
C:\WINDOWS\system32\kavmktih.ini
C:\WINDOWS\system32\ltvsjyvf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhbhheag.ini
C:\WINDOWS\system32\odrjjmjc.dll
C:\WINDOWS\system32\oikkqakc.ini
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\qijfktfo.dll
C:\WINDOWS\system32\rtwmyeoi.ini
C:\WINDOWS\system32\tguboqgl.ini
C:\WINDOWS\system32\uiatdywe.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\wgbmxtrm.ini
C:\WINDOWS\system32\yxjoynce.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-13 15:05 . 2008-05-13 18:37 49 --a------ C:\WINDOWS\transp.gif
2008-05-13 14:58 . 2008-05-13 14:58 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2008-05-13 14:58 . 2008-05-13 14:58 <DIR> d-------- C:\Program Files\Agnitum
2008-05-13 14:58 . 2008-05-13 18:37 150 --a------ C:\WINDOWS\ODBC.INI
2008-05-13 11:24 . 2008-05-13 11:24 <DIR> d-------- C:\VundoFix Backups
2008-05-13 11:15 . 2008-05-13 11:15 <DIR> d-------- C:\Documents and Settings\Nikola\temp
2008-05-13 11:15 . 2008-05-13 14:56 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\TeamViewer
2008-05-10 18:14 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-05-10 18:14 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-10 18:14 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-05-10 18:14 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-05-08 23:04 . 2008-05-08 23:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-08 14:31 . 2008-05-08 14:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-05-08 14:27 . 2008-05-08 14:27 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-08 14:12 . 2008-05-13 12:30 <DIR> d-------- C:\Program Files\Xfire
2008-05-08 14:12 . 2008-05-13 15:38 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Xfire
2008-05-08 12:13 . 2008-05-08 12:13 <DIR> d-------- C:\Program Files\Java
2008-05-08 12:13 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-08 12:10 . 2008-05-08 12:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-07 11:24 . 2008-05-07 11:24 <DIR> d-------- C:\Program Files\uTorrent
2008-05-07 11:24 . 2008-05-13 14:42 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\uTorrent
2008-05-06 09:46 . 2008-05-13 15:30 109,757 --a------ C:\WINDOWS\BMeba8f85e.xml
2008-05-05 18:13 . 2008-05-05 18:13 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Ubisoft
2008-05-05 18:12 . 2008-05-05 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-05 18:03 . 2008-05-05 18:03 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-05 18:03 . 2008-05-05 18:03 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\InstallShield
2008-05-05 17:12 . 2008-05-05 17:12 <DIR> d-------- C:\WINDOWS\Sun
2008-05-05 17:11 . 2008-05-05 17:11 <DIR> d-------- C:\Program Files\Sun
2008-05-05 16:29 . 2008-05-05 16:30 <DIR> d-------- C:\Documents and Settings\Nikola\Contacts
2008-05-05 16:28 . 2008-05-05 16:28 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-30 02:58 . 2008-04-30 02:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-27 12:45 . 2008-04-27 12:45 <DIR> d-------- C:\Program Files\directx
2008-04-27 11:27 . 2008-05-08 23:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-24 13:44 . 2008-04-24 13:44 38 --a------ C:\WINDOWS\avisplitter.INI
2008-04-20 19:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-20 19:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-20 19:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-20 19:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-20 19:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 16:37 196,608 ----a-w C:\WINDOWS\system32\drivers\nAdvanced.bin
2008-05-13 10:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-13 10:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-13 10:13 --------- d-----w C:\Program Files\ESET
2008-05-05 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\Nikola\Application Data\vlc
2008-03-30 15:28 --------- d-----w C:\Program Files\VideoLAN
2008-03-28 14:41 --------- d-----w C:\Program Files\KONAMI
2008-03-28 14:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-28 13:11 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-03-28 13:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-28 13:11 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-28 12:58 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-03-28 12:26 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-28 12:24 --------- d-----w C:\Program Files\Nero
2008-03-28 12:20 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-28 12:14 --------- d-----w C:\Program Files\HP
2008-03-28 11:59 --------- d-----w C:\Program Files\CCleaner
2008-03-28 11:57 --------- d-----w C:\Program Files\Lavalys
2008-03-28 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-28 11:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 11:46 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-03-28 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-03-28 11:36 --------- d-----w C:\Program Files\QuickTime
2008-03-28 11:22 --------- d-----w C:\Program Files\Bonjour
2008-03-28 11:19 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-28 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 11:07 --------- d-----w C:\Program Files\Microsoft Works
2008-03-28 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-27 15:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 15:20 --------- d--h--r C:\Documents and Settings\Nikola\Application Data\SecuROM
2008-03-27 15:19 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-27 15:13 --------- d-----w C:\Program Files\Electronic Arts
2008-03-27 14:15 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-27 14:14 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-27 14:13 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 14:10 --------- d-----w C:\Program Files\Realtek
2008-03-27 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-27 13:56 --------- d-----w C:\Program Files\My Company Name
2008-03-27 13:56 --------- d-----w C:\Program Files\ASUS
2008-03-27 13:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-27 13:44 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-03-27 13:44 --------- d-----w C:\Program Files\Realtek AC97
2008-03-27 13:44 --------- d-----w C:\Program Files\AvRack
2008-03-27 13:37 --------- d-----w C:\Program Files\Intel
2008-03-27 13:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-27 13:19 --------- d-----w C:\Program Files\microsoft frontpage
2004-02-27 02:57 32,768 ----a-w C:\Documents and Settings\Far Cry\FarCry.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 11:03 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 10:32 16132608 C:\WINDOWS\RTHDCPL.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 14:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-28 15:11 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2007-01-19 14:46 94720]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2007-01-23 13:54 335872]

C:\Documents and Settings\Nikola\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-30 02:58:44 2998608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurqro]
wvurqro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"D:\\Igre\\cod4\\iw3mp.exe"=
"D:\\Install\\za nidzu\\PES2008Patch1_10\\PES2008.exe"=
"D:\\Igre\\PES 08\\PES2008.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2007-01-23 17:31]
R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2007-01-19 14:46]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2007-01-19 14:46]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2007-01-19 14:47]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2007-01-19 14:46]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2007-01-19 14:46]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2007-01-19 14:47]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2007-01-19 14:46]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2007-01-19 14:46]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2007-01-19 14:46]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2007-01-19 14:46]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2007-01-19 14:46]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2007-01-19 14:46]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2007-01-19 14:47]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2007-01-19 14:47]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 11:03]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91dbc06c-fc05-11dc-ba7b-806d6172696f}]
\Shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-13 18:37:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-05-13 18:41:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 16:41:06

Pre-Run: 23,813,488,640 bytes free
Post-Run: 23,825,956,864 bytes free

239

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\BMeba8f85e.xml
C:\WINDOWS\system32\wvurqro.dll

Folder::
C:\Documents and Settings\Far Cry

Driver::
SetupNTGLM7X

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurqro]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-05-12.1 - Nikola 2008-05-19 14:01:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.592 [GMT 2:00]
Running from: C:\Documents and Settings\Nikola\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nikola\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMeba8f85e.xml
C:\WINDOWS\system32\wvurqro.dll
C:\Documents and Settings\Far Cry :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BMeba8f85e.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X


((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 15:34 . 2008-05-18 15:34 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Nokia Multimedia Player
2008-05-16 20:06 . 2008-05-16 20:06 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\InstallShield
2008-05-16 08:25 . 2008-05-16 08:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-05-16 08:25 . 2008-02-01 15:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-05-16 08:25 . 2008-02-01 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-05-16 08:24 . 2008-05-16 08:24 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-16 08:01 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-16 08:01 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-16 08:01 . 2008-05-16 08:01 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-16 08:01 . 2008-05-16 08:01 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-16 07:43 . 2008-05-16 07:43 <DIR> d-------- C:\Program Files\DIFX
2008-05-16 07:43 . 2008-05-16 07:43 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-16 07:43 . 2008-05-16 08:24 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-16 07:43 . 2008-05-16 08:01 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\PC Suite
2008-05-16 07:43 . 2008-05-16 08:12 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Nokia
2008-05-16 07:43 . 2008-05-16 08:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-16 07:43 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-16 07:42 . 2008-05-16 07:42 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-16 07:42 . 2008-05-16 08:25 <DIR> d-------- C:\Program Files\Nokia
2008-05-16 07:42 . 2008-05-16 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-16 07:42 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-16 07:42 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-16 07:42 . 2008-02-01 15:17 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-16 07:42 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-05-16 07:42 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-05-16 07:42 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-05-16 07:42 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-05-15 09:14 . 2008-05-19 11:17 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-13 15:05 . 2008-05-19 13:56 49 --a------ C:\WINDOWS\transp.gif
2008-05-13 14:58 . 2008-05-13 14:58 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2008-05-13 14:58 . 2008-05-13 14:58 <DIR> d-------- C:\Program Files\Agnitum
2008-05-13 14:58 . 2008-05-19 13:56 150 --a------ C:\WINDOWS\ODBC.INI
2008-05-13 11:24 . 2008-05-13 11:24 <DIR> d-------- C:\VundoFix Backups
2008-05-13 11:15 . 2008-05-13 11:15 <DIR> d-------- C:\Documents and Settings\Nikola\temp
2008-05-13 11:15 . 2008-05-13 14:56 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\TeamViewer
2008-05-10 18:14 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-05-10 18:14 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-10 18:14 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-05-10 18:14 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-05-08 23:04 . 2008-05-08 23:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-08 14:31 . 2008-05-08 14:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-05-08 14:27 . 2008-05-08 14:27 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-08 14:12 . 2008-05-16 11:58 <DIR> d-------- C:\Program Files\Xfire
2008-05-08 14:12 . 2008-05-16 20:36 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Xfire
2008-05-08 12:13 . 2008-05-08 12:13 <DIR> d-------- C:\Program Files\Java
2008-05-08 12:13 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-08 12:10 . 2008-05-08 12:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-07 11:24 . 2008-05-07 11:24 <DIR> d-------- C:\Program Files\uTorrent
2008-05-07 11:24 . 2008-05-13 14:42 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\uTorrent
2008-05-05 18:13 . 2008-05-05 18:13 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Ubisoft
2008-05-05 18:12 . 2008-05-05 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-05 18:03 . 2008-05-05 18:03 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-05 17:12 . 2008-05-05 17:12 <DIR> d-------- C:\WINDOWS\Sun
2008-05-05 17:11 . 2008-05-05 17:11 <DIR> d-------- C:\Program Files\Sun
2008-05-05 16:29 . 2008-05-05 16:30 <DIR> d-------- C:\Documents and Settings\Nikola\Contacts
2008-05-05 16:28 . 2008-05-05 16:28 <DIR> d-------- C:\Program Files\MSN Messenger
2008-04-30 02:58 . 2008-04-30 02:58 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-27 12:45 . 2008-04-27 12:45 <DIR> d-------- C:\Program Files\directx
2008-04-27 11:27 . 2008-05-08 23:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-24 13:44 . 2008-04-24 13:44 38 --a------ C:\WINDOWS\avisplitter.INI
2008-04-20 19:27 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-20 19:27 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-20 19:27 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-20 19:27 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-20 19:27 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 08:39 196,608 ----a-w C:\WINDOWS\system32\drivers\nAdvanced.bin
2008-05-16 18:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 10:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-13 10:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-13 10:13 --------- d-----w C:\Program Files\ESET
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\Nikola\Application Data\vlc
2008-03-30 15:28 --------- d-----w C:\Program Files\VideoLAN
2008-03-28 14:41 --------- d-----w C:\Program Files\KONAMI
2008-03-28 14:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-28 13:11 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-03-28 13:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-03-28 13:11 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-28 12:58 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-03-28 12:26 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-28 12:24 --------- d-----w C:\Program Files\Nero
2008-03-28 12:20 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-28 12:14 --------- d-----w C:\Program Files\HP
2008-03-28 11:59 --------- d-----w C:\Program Files\CCleaner
2008-03-28 11:57 --------- d-----w C:\Program Files\Lavalys
2008-03-28 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-28 11:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 11:46 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-03-28 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-03-28 11:36 --------- d-----w C:\Program Files\QuickTime
2008-03-28 11:22 --------- d-----w C:\Program Files\Bonjour
2008-03-28 11:19 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-28 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 11:07 --------- d-----w C:\Program Files\Microsoft Works
2008-03-28 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-27 15:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 15:20 --------- d--h--r C:\Documents and Settings\Nikola\Application Data\SecuROM
2008-03-27 15:19 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-27 15:13 --------- d-----w C:\Program Files\Electronic Arts
2008-03-27 14:15 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-27 14:14 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-27 14:13 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 14:10 --------- d-----w C:\Program Files\Realtek
2008-03-27 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-27 13:56 --------- d-----w C:\Program Files\My Company Name
2008-03-27 13:56 --------- d-----w C:\Program Files\ASUS
2008-03-27 13:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-27 13:44 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-03-27 13:44 --------- d-----w C:\Program Files\Realtek AC97
2008-03-27 13:44 --------- d-----w C:\Program Files\AvRack
2008-03-27 13:37 --------- d-----w C:\Program Files\Intel
2008-03-27 13:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-27 13:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-06 09:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2004-02-27 02:57 32,768 ----a-w C:\Documents and Settings\Far Cry\FarCry.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-13_18.40.49.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 16:10:58 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-16 18:15:17 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-05-05 16:10:59 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-16 18:15:17 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-05-05 16:10:59 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-16 18:15:18 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-05-05 16:10:52 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:11 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:53 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:13 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:53 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:13 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:54 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:14 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:55 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:14 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:56 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:15 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:56 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:15 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:15 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:10:58 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:16 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:11:00 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-16 18:15:18 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-05 16:11:00 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-16 18:15:18 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-05-05 16:11:01 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-16 18:15:18 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-05-05 16:11:01 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-16 18:15:18 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-05-05 16:11:01 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-16 18:15:19 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-05-05 16:10:58 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-16 18:15:16 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-05-13 16:37:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 11:56:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 05:42:53 3,262 ----a-r C:\WINDOWS\Installer\{4F1DCA42-2030-437C-A94E-736692A499C1}\ARPPRODUCTICON.exe
+ 2008-05-16 06:24:50 10,134 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\ARPPRODUCTICON.exe
+ 2008-05-16 06:24:50 458,752 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-05-16 06:24:50 8,854 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
+ 2008-05-16 06:24:50 458,752 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-05-16 06:24:50 8,854 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\NewShortcut3_F30B5B541F7D4207BF3032ED8CAF6640.exe
+ 2008-05-16 06:24:50 8,854 ----a-r C:\WINDOWS\Installer\{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
+ 2008-05-16 05:43:23 15,086 ----a-r C:\WINDOWS\Installer\{9C05FA75-0337-4523-AA57-9D3511018887}\ARPPRODUCTICON.exe
+ 2008-05-16 06:25:12 3,262 ----a-r C:\WINDOWS\Installer\{A4E0CA0F-1903-440A-9B98-FEA6CB049999}\ARPPRODUCTICON.exe
+ 2008-05-16 05:43:02 10,134 ----a-r C:\WINDOWS\Installer\{AC599724-5755-48C1-ABE7-ABB857652930}\ARPPRODUCTICON.exe
+ 2005-01-25 06:33:00 1,049,088 ----a-w C:\WINDOWS\RegisteredPackages\{1D099D24-8FDF-46DD-9EA3-31D6E9A73E9F}\msxml3.dll
+ 2005-02-10 19:04:02 44,032 ----a-w C:\WINDOWS\RegisteredPackages\{1D099D24-8FDF-46DD-9EA3-31D6E9A73E9F}\msxml3r.dll
+ 2007-03-29 21:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll
- 2001-08-23 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msxml3r.dll
+ 2005-02-10 19:04:02 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msxml3r.dll
+ 2008-03-06 09:19:36 534,016 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2006-11-02 05:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-02 05:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
- 2006-04-11 13:26:38 82,944 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-15 20:29:52 76,544 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
- 2006-04-11 13:29:18 87,808 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-09-15 20:30:10 82,688 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2007-11-29 08:39:42 16,896 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmb.sys
+ 2007-11-29 08:32:38 48,128 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcls.dll
+ 2007-11-29 08:39:44 95,744 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcocls.dll
+ 2007-11-29 08:33:04 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\wdfcoinstaller01005.dll
+ 2007-11-29 08:39:52 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerfltj.sys
+ 2007-11-29 08:39:42 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerflt.sys
+ 2007-11-29 08:39:40 19,328 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmbo.sys
+ 2008-02-01 13:17:04 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdnsu_AB69B9857FBB820139A32719113E6DF4E761B11D\nmwcdcls.dll
+ 2008-02-01 13:17:12 138,112 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdnsu_AB69B9857FBB820139A32719113E6DF4E761B11D\nmwcdnsu.sys
+ 2008-02-01 13:17:06 8,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\nmwcdnsuc_AB69B9857FBB820139A32719113E6DF4E761B11D\nmwcdnsuc.sys
+ 2007-09-17 13:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2008-03-06 09:19:36 534,016 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\PCCSWpdDriver.dll
+ 2008-03-06 09:14:58 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\WudfUpdate_01005.dll
- 2004-08-04 04:56:46 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2005-01-25 06:33:00 1,049,088 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2001-08-23 12:00:00 44,032 ----a-w C:\WINDOWS\system32\msxml3r.dll
+ 2005-02-10 19:04:02 44,032 ----a-w C:\WINDOWS\system32\msxml3r.dll
+ 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 14:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2006-12-04 12:37:58 1,317,648 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2006-10-05 02:31:10 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2008-05-12 14:19:47 63,392 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-17 15:29:30 63,392 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-12 14:19:47 404,298 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-17 15:29:30 404,298 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-08 19:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-04-18 23:02:30 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-08 19:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2006-04-11 13:30:44 93,752 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-15 21:30:16 87,040 ----a-w C:\WINDOWS\system32\WUDFCoinstaller.dll
- 2006-04-11 13:27:18 130,048 ----a-w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-15 21:30:06 142,848 ----a-w C:\WINDOWS\system32\WudfHost.exe
- 2006-04-11 13:26:44 158,208 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-15 20:29:54 163,840 ----a-w C:\WINDOWS\system32\WudfPlatform.dll
- 2006-04-11 13:26:56 54,272 ----a-w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-15 21:30:16 55,296 ----a-w C:\WINDOWS\system32\WudfSvc.dll
- 2006-04-11 13:27:18 304,640 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2006-09-15 21:30:16 308,224 ----a-w C:\WINDOWS\system32\WUDFx.dll
+ 2008-05-16 06:24:38 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-05-16 06:24:39 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 11:03 380928]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 10:32 16132608 C:\WINDOWS\RTHDCPL.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 14:42 176128]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-28 15:11 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2007-01-19 14:46 94720]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2007-01-23 13:54 335872]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"D:\\Igre\\cod4\\iw3mp.exe"=
"D:\\Install\\za nidzu\\PES2008Patch1_10\\PES2008.exe"=
"D:\\Igre\\PES 08\\PES2008.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2007-01-23 17:31]
R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2007-01-19 14:46]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 11:03]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2007-01-19 14:46]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2007-01-19 14:47]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2007-01-19 14:46]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2007-01-19 14:46]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2007-01-19 14:47]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2007-01-19 14:46]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2007-01-19 14:46]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2007-01-19 14:46]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2007-01-19 14:46]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2007-01-19 14:46]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2007-01-19 14:46]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2007-01-19 14:47]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2007-01-19 14:47]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-19 14:03:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-19 14:04:37
ComboFix-quarantined-files.txt 2008-05-19 12:03:54
ComboFix2.txt 2008-05-13 16:41:21

Pre-Run: 22,673,166,336 bytes free
Post-Run: 22,662,807,552 bytes free

345

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploaduj file: C:\Documents and Settings\Far Cry\FarCry.exe

preko sledeće forme: http://www.mycity.rs/ambulanta-upload.php


Javi kad odradiš upload...