offline
- dule6491
- Ugledni građanin
- Pridružio: 21 Feb 2006
- Poruke: 408
|
Evo loga:
ComboFix 09-01-17.03 - Dule 2009-01-18 1:07:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.336 [GMT 1:00]
Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Microsoft\backup.ftp
.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.
2009-01-17 20:27 . 2009-01-18 00:14 34,861 --a------ C:\v2r6j2t8m8h7.exe
2009-01-17 20:26 . 2009-01-17 20:26 866,816 -r-hs---- c:\windows\system32\drivers\SbiCtr.exe
2009-01-15 21:52 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-01-14 17:33 . 2009-01-16 17:19 34,861 --a------ C:\x4j8n9a6p9t.exe
2009-01-14 15:08 . 2009-01-14 15:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-01-14 15:05 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-01-14 14:59 . 2009-01-14 14:59 <DIR> d--h----- c:\program files\Zero G Registry
2009-01-14 14:59 . 2009-01-14 14:59 <DIR> d-------- c:\program files\Sports Interactive
2009-01-14 14:58 . 2009-01-14 14:58 <DIR> d--h----- c:\documents and settings\Dule\InstallAnywhere
2009-01-14 14:52 . 2009-01-14 15:08 <DIR> d-------- c:\documents and settings\Dule\Application Data\Sports Interactive
2009-01-14 03:47 . 2009-01-11 00:04 657,408 -r-hs---- c:\windows\system32\drivers\alcomrg.exe
2009-01-13 14:43 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-12 13:49 . 2009-01-13 14:40 <DIR> d-------- c:\program files\BeoINFO
2009-01-12 13:49 . 2009-01-12 13:49 <DIR> d-------- c:\documents and settings\Dule\Application Data\FarStone
2009-01-12 13:44 . 2003-08-30 06:34 14,496 --a------ c:\windows\system32\VDI08X.dat
2009-01-12 13:43 . 2009-01-12 13:43 <DIR> d-------- c:\program files\FarStone
2009-01-09 14:56 . 2009-01-09 15:04 <DIR> d-------- c:\documents and settings\Dule\Application Data\BitTorrent
2009-01-09 14:55 . 2009-01-18 00:14 <DIR> d-------- c:\program files\DNA
2009-01-09 14:55 . 2009-01-09 14:55 <DIR> d-------- c:\program files\BitTorrent
2009-01-09 14:55 . 2009-01-09 14:55 <DIR> d-------- c:\program files\AskBarDis
2009-01-09 14:55 . 2009-01-18 01:04 <DIR> d-------- c:\documents and settings\Dule\Application Data\DNA
2009-01-09 12:44 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-09 12:42 . 2009-01-09 12:42 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-01-09 12:38 . 2009-01-09 12:38 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-08 22:30 . 2008-12-02 13:57 171,520 -r-hs---- c:\windows\system32\drivers\explore.exe
2009-01-07 23:37 . 2009-01-07 23:37 <DIR> d-------- c:\documents and settings\Dule\Application Data\CyberLink
2009-01-07 23:36 . 2009-01-07 23:36 <DIR> d-------- c:\program files\CyberLink
2009-01-07 23:36 . 2009-01-07 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-06 17:54 . 2009-01-06 17:54 <DIR> d-------- c:\program files\EA GAMES
2009-01-06 17:54 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-01-06 13:41 . 2009-01-06 13:41 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-04 16:04 . 2009-01-16 17:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-01-04 15:59 . 2009-01-04 16:04 <DIR> d-------- c:\program files\Google
2008-12-31 18:02 . 2008-12-31 18:02 <DIR> d-------- C:\Transporter 3
2008-12-30 11:14 . 2008-12-30 11:18 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-12-29 02:03 . 2008-12-29 02:02 737,280 --a------ c:\windows\iun6002.exe
2008-12-28 22:20 . 2008-12-28 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\engodsag.dk
2008-12-28 22:19 . 2008-12-28 23:08 <DIR> d-------- c:\program files\AidMaker
2008-12-28 22:19 . 2008-12-28 23:08 <DIR> d-------- c:\documents and settings\Dule\Application Data\AidMaker
2008-12-28 22:18 . 2008-12-28 23:08 <DIR> d-------- c:\program files\ChrisTV Lite(2)
2008-12-28 22:14 . 2008-12-28 23:08 <DIR> d-------- c:\program files\RelevantKnowledge
2008-12-28 18:31 . 2008-12-28 23:08 <DIR> d-------- c:\program files\Pinnacle
2008-12-28 18:30 . 2008-12-28 23:08 <DIR> d-------- c:\windows\Pinnacle PCTV Rave
2008-12-28 18:30 . 2008-12-29 02:03 <DIR> d-------- c:\program files\Codec Pack - All In 1
2008-12-27 04:05 . 2008-12-27 04:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2008-12-27 03:43 . 2009-01-14 13:19 <DIR> d-------- c:\documents and settings\Dule\Application Data\Red Alert 3
2008-12-27 03:39 . 2008-12-27 03:39 <DIR> dr-h----- c:\documents and settings\Dule\Application Data\SecuROM
2008-12-27 03:39 . 2008-12-27 03:39 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-27 03:15 . 2008-12-27 03:15 <DIR> d-------- c:\windows\Logs
2008-12-27 03:15 . 2008-12-27 03:15 <DIR> d-------- c:\program files\Electronic Arts
2008-12-27 03:15 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-27 03:15 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2008-12-27 03:15 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-27 03:15 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2008-12-27 03:12 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools Pro
2008-12-27 03:12 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools
2008-12-27 03:10 . 2008-12-27 03:10 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-27 03:10 . 2008-12-27 03:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-27 03:08 . 2008-12-27 03:12 <DIR> d-------- c:\documents and settings\Dule\Application Data\DAEMON Tools Lite
2008-12-27 03:08 . 2008-12-27 03:08 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-26 23:34 . 2008-10-29 22:12 7,108,820,992 --a------ C:\rld-ra3.iso
2008-12-25 23:52 . 2008-12-25 23:52 <DIR> d-------- c:\windows\Sun
2008-12-25 21:17 . 2008-12-25 21:17 <DIR> d-------- c:\program files\PowerQuest
2008-12-25 21:16 . 2008-12-25 21:16 <DIR> d-------- C:\Biker BoyZ
2008-12-24 16:59 . 2008-12-29 19:54 <DIR> d-------- C:\counter strike
2008-12-22 23:02 . 2009-01-07 01:20 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-22 21:04 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-22 21:04 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-22 13:25 . 2008-12-22 13:25 <DIR> d-------- c:\documents and settings\Dule\Application Data\Windows Search
2008-12-22 12:28 . 2008-12-22 12:28 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-22 12:28 . 2008-12-28 00:05 <DIR> d-------- c:\program files\Windows Desktop Search
2008-12-22 11:23 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-22 03:40 . 2008-12-22 03:40 61,440 --a------ C:\poppy.exe
2008-12-21 23:19 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-12-21 23:18 . 2008-12-21 23:18 <DIR> d-------- c:\program files\%temp&
2008-12-21 23:05 . 2008-12-21 23:05 <DIR> d-------- c:\documents and settings\Dule\Application Data\ESET
2008-12-21 23:03 . 2008-12-21 23:03 <DIR> d-------- c:\program files\ESET
2008-12-21 22:57 . 2008-12-21 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-21 17:06 . 2009-01-18 00:14 <DIR> d-------- c:\documents and settings\Dule\Tracing
2008-12-21 17:03 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-21 16:31 . 2008-09-04 22:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-12-21 16:27 . 2008-12-21 16:27 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-21 16:26 . 2008-12-21 16:26 <DIR> d-------- c:\program files\Microsoft
2008-12-21 16:20 . 2008-12-22 19:14 <DIR> d-------- c:\documents and settings\Dule\Application Data\123 Free Solitaire
2008-12-21 16:13 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\program files\MSBuild
2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\program files\Microsoft Works
2008-12-21 16:11 . 2008-12-21 16:11 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-21 16:05 . 2009-01-07 12:02 <DIR> d-------- c:\windows\SHELLNEW
2008-12-21 16:05 . 2008-12-22 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 16:04 . 2008-12-21 16:04 <DIR> dr-h----- C:\MSOCache
2008-12-21 15:17 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-21 15:17 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-21 15:17 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-21 15:07 . 2008-12-21 15:07 <DIR> d-------- c:\program files\Java
2008-12-21 15:07 . 2009-01-12 17:28 <DIR> d-------- c:\documents and settings\Dule\Application Data\LimeWire
2008-12-21 15:07 . 2008-12-21 15:07 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 15:07 . 2008-12-21 15:07 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-21 15:04 . 2008-12-21 15:04 <DIR> d-------- c:\program files\LimeWire
2008-12-21 14:58 . 2008-12-21 14:58 <DIR> d-------- c:\documents and settings\Dule\Contacts
2008-12-21 14:14 . 2008-12-21 14:14 260 --a------ C:\sqmdata01.sqm
2008-12-21 14:14 . 2008-12-21 14:14 212 --a------ C:\sqmnoopt03.sqm
2008-12-21 14:11 . 2008-12-21 14:11 236 --a------ C:\sqmnoopt01.sqm
2008-12-21 14:11 . 2008-12-21 14:11 200 --a------ C:\sqmnoopt02.sqm
2008-12-21 14:10 . 2008-12-21 14:10 224 --a------ C:\sqmnoopt00.sqm
2008-12-21 14:10 . 2008-12-21 14:11 212 --a------ C:\sqmdata00.sqm
2008-12-21 13:55 . 2008-12-21 13:55 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-21 13:29 . 2008-12-21 14:56 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-21 13:29 . 2008-12-21 14:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-21 12:29 . 2009-01-09 12:43 <DIR> d-------- c:\program files\Windows Live
2008-12-21 12:18 . 2008-12-21 12:18 <DIR> d-------- c:\program files\uTorrent
2008-12-21 12:18 . 2009-01-13 14:40 <DIR> d-------- c:\documents and settings\Dule\Application Data\uTorrent
2008-12-21 11:54 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-21 11:54 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-21 11:54 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-21 11:54 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-21 11:54 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-21 11:54 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-21 11:54 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-21 11:54 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-21 11:54 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-21 11:34 . 2008-12-21 11:34 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-21 11:33 . 2008-12-21 11:34 <DIR> d-------- c:\windows\system32\drivers\umdf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 16:32 42,496 ----a-w c:\windows\system32\ftp.exe
2009-01-12 12:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 21:30 359,040 ------w c:\windows\system32\drivers\tcpip.sys
2008-12-25 20:17 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-20 18:08 --------- d-----w c:\program files\Realtek Sound Manager
2008-12-20 18:08 --------- d-----w c:\program files\Realtek AC97
2008-12-20 18:08 --------- d-----w c:\program files\GIGABYTE
2008-12-20 18:08 --------- d-----w c:\program files\AvRack
2008-12-20 18:06 --------- d-----w c:\program files\Intel
2008-12-20 17:51 --------- d-----w c:\program files\microsoft frontpage
2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
.
------- Sigcheck -------
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2009-01-08 22:30 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-09 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1410304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"SbiCtr.exe"="c:\windows\system32\drivers\SbiCtr.exe" [2009-01-17 866816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dule^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Dule\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-21 15:07 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 09:06 88363 c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 18:06 577536 c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\counter strike\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-10-25 30728]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-10-25 455936]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136]
R4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dc71666-dc1f-11dd-a8df-0016e6303ed4}]
\Shell\AutoRun\command - h:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - h:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dule\Application Data\Mozilla\Firefox\Profiles\1pt8l5yt.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 01:10:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1229272821-1220945662-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:93,3d,5a,99,bf,81,5c,86,07,42,ed,ff,d7,0e,4a,04,04,90,d2,b3,d5,
32,51,34,f0,c0,9b,fd,f8,4c,bd,43,03,d9,35,0e,05,d9,1c,1b,71,ab,44,ed,79,51,\
"rkeysecu"=hex:97,6c,f1,8c,ad,22,27,17,bb,23,e1,f6,3a,99,ec,ce
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-18 1:11:35
ComboFix-quarantined-files.txt 2009-01-18 00:11:28
Pre-Run: 12.424.912.896 bytes free
Post-Run: 13,411,524,608 bytes free
282 --- E O F --- 2008-12-23 23:11:57
Dopuna: 18 Jan 2009 1:24
E da,nista se nije promenilo...
|