offline
- veljko-94
- Zaslužni građanin
- Pridružio: 29 Jul 2008
- Poruke: 615
- Gde živiš: Zemun
|
ComboFix 08-09-27.05 - FlAmE of HeLl 2008-09-28 21:22:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1451 [GMT 2:00]
Running from: C:\Documents and Settings\FlAmE of HeLl\Desktop\Vazni programi\ComboFix.exe
Command switches used :: C:\Documents and Settings\FlAmE of HeLl\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\klmnluir.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ynvpuw
C:\WINDOWS\system32\klmnluir.dll
----- BITS: Possible infected sites -----
hxxp://91.203.93.6
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.
2008-09-28 20:00 . 2008-09-28 20:00 5,292,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-28 19:58 . 2008-09-28 20:00 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-28 13:35 . 2008-08-07 19:44 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\vlc
2008-09-27 22:00 . 2008-09-27 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-27 21:46 . 2008-09-27 21:46 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-27 21:12 . 2008-09-27 21:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SPORE
2008-09-27 21:07 . 2008-09-27 21:07 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-27 21:06 . 2008-09-28 19:55 <DIR> d-------- C:\Program Files\WinRarce
2008-09-27 20:58 . 2008-09-27 20:58 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-27 20:52 . 2001-08-23 12:00 229,376 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-09-27 20:52 . 2001-08-23 12:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2008-09-27 20:22 . 2008-09-27 20:24 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\BSplayer Pro
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-27 14:00 . 2008-09-27 14:00 <DIR> d-------- C:\Program Files\corel
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-27 12:11 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-27 12:11 . 2008-09-27 12:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\MSBuild
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 --a------ C:\WINDOWS\system32\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-27 12:10 . 2008-07-06 14:06 575,488 --a------ C:\WINDOWS\system32\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 117,760 --a------ C:\WINDOWS\system32\prntvpt.dll
2008-09-27 12:10 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-27 11:30 . 2008-09-27 11:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\AveDesk
2008-09-27 11:19 . 2008-09-27 11:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 11:14 . 2008-09-27 11:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C9.tmp
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C8.tmp
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-09-26 18:46 . 2008-09-26 18:54 <DIR> d-------- C:\Program Files\FrostWire
2008-09-26 18:46 . 2008-09-27 14:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FrostWire
2008-09-25 18:37 . 2008-09-28 19:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 18:37 . 2006-10-04 16:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SET29D.tmp
2008-09-25 18:36 . 2008-09-25 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 18:36 . 2008-09-25 18:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-25 18:35 . 2008-09-25 18:35 1,187 --a------ C:\WINDOWS\wmplayer.reg
2008-09-25 13:01 . 2008-09-25 13:01 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-24 20:34 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 19:49 . 2008-09-24 19:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-24 19:48 . 2008-09-24 19:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-24 19:39 . 2008-09-27 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> dr-h----- C:\MSOCache
2008-09-24 14:02 . 2008-09-24 14:02 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-09-23 19:16 . 2008-09-23 19:16 56 --a------ C:\WINDOWS\wb.ini
2008-09-23 17:51 . 2008-09-27 14:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ShoppingReport
2008-09-23 17:46 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\~GLH0012.TMP
2008-09-23 17:16 . 2008-09-23 17:16 <DIR> d-------- C:\Program Files\RocketDock
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\Stardock
2008-09-22 20:26 . 2008-09-22 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 18:00 . 2008-09-22 18:00 1,605 --a------ C:\Mozilla Firefox.lnk
2008-09-22 17:51 . 2008-09-22 17:51 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Windows Live Writer
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Microsoft
2008-09-22 15:49 . 2008-09-22 15:49 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-22 15:48 . 2008-09-22 15:48 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\MxBoost
2008-09-22 15:47 . 2008-09-22 15:48 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-22 15:25 . 2008-09-22 15:25 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-09-22 15:25 . 2008-09-22 15:26 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Vista Start Menu
2008-09-22 15:22 . 2008-09-22 15:22 <DIR> d-------- C:\Program Files\WinMatrix XP
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2008-09-20 10:17 . 2008-09-22 17:53 <DIR> d-------- C:\Program Files\Windows Live
2008-09-20 10:11 . 2008-09-28 20:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-09-20 08:10 . 2008-09-20 08:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Yahoo!
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Program Files\Nvu
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Nvu
2008-09-19 08:49 . 2008-09-19 08:49 <DIR> d-------- C:\Program Files\Complex
2008-09-17 21:09 . 2008-09-17 21:09 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-09-17 09:11 . 2008-09-17 09:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ChessBase
2008-09-17 09:10 . 2008-09-17 09:10 <DIR> d-------- C:\Program Files\ChessBase
2008-09-16 13:16 . 2008-09-16 13:17 <DIR> d-------- C:\Program Files\AIMP2
2008-09-16 13:15 . 2008-09-27 20:22 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 13:11 . 2008-09-15 13:12 <DIR> d-------- C:\Program Files\Real
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SolwaySoftware
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d-------- C:\Program Files\Recuva
2008-09-14 19:54 . 2008-09-14 19:54 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.thumbnails
2008-09-14 19:53 . 2008-09-14 19:55 <DIR> d-------- C:\PNG
2008-09-14 19:53 . 2008-09-14 19:53 <DIR> d-------- C:\ICO
2008-09-14 19:53 . 2007-02-03 21:50 125,484 --a------ C:\Vista_Style_Icons_Preview.png
2008-09-14 18:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-14 18:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-14 18:37 . 2008-09-14 18:38 <DIR> d-------- C:\Program Files\Picasa2
2008-09-14 18:37 . 2008-09-14 18:37 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-14 18:37 . 2008-09-15 11:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.gimp-2.4
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\IrfanView
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\LocalCooling
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-14 18:18 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Songbird2
2008-09-14 18:17 . 2008-09-15 19:39 <DIR> d-------- C:\Program Files\Songbird
2008-09-14 18:17 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-14 18:12 . 2008-09-14 18:12 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-14 18:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-14 15:43 . 2008-09-14 15:43 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FileZilla
2008-09-09 15:01 . 2008-09-17 20:38 <DIR> d-------- C:\Program Files\Valve
2008-09-09 14:44 . 2008-09-09 14:44 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SEGA
2008-09-08 21:47 . 2008-09-08 21:47 <DIR> d-------- C:\Program Files\Samurize
2008-09-07 21:10 . 2008-09-07 21:10 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\COWON
2008-09-07 21:08 . 2008-09-23 17:44 <DIR> d-------- C:\Program Files\JetAudio
2008-09-07 21:08 . 2008-09-07 21:08 <DIR> d-------- C:\Program Files\Common Files\COWON
2008-09-07 20:52 . 2008-09-07 20:52 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 18:00 71,172 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-28 16:56 --------- d-----w C:\Program Files\Google
2008-09-28 11:35 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-27 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 19:10 --------- d-----w C:\Program Files\CyberLink
2008-09-27 18:36 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BitTorrent
2008-09-27 18:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-27 18:21 --------- d-----w C:\Program Files\Winamp
2008-09-27 16:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Hamachi
2008-09-26 17:40 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-26 17:40 --------- d-----w C:\Program Files\OpenAL
2008-09-25 11:15 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-24 12:02 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 17:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-22 13:40 --------- d-----w C:\Program Files\Opera
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Activision
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Activision
2008-09-21 10:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-20 08:09 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-14 17:58 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-07 18:19 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BearShare
2008-09-06 19:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-06 13:28 --------- d-----w C:\Program Files\SpeedFan
2008-09-04 06:02 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-31 00:18 --------- d-----w C:\Program Files\Hamachi
2008-08-28 08:45 --------- d-----w C:\Program Files\e-texaspoker client
2008-08-28 08:32 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 08:16 --------- d-----w C:\Program Files\BitTorrent
2008-08-23 21:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-08-21 10:59 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-08-21 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-21 07:16 --------- d-----w C:\Program Files\Orb Networks
2008-08-21 07:11 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-20 09:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-18 14:46 22,328 ----a-w C:\Documents and Settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-08-18 14:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:24 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 13:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-08-16 19:00 --------- d-----w C:\Program Files\LucasArts
2008-08-15 06:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-14 07:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-13 13:44 --------- d-----w C:\Program Files\PoxNora
2008-08-13 07:48 20,500 ----a-w C:\Documents and Settings\FlAmE of HeLl\FMCodec.dat
2008-08-13 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-12 20:08 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\AdobeUM
2008-08-12 13:32 --------- d-----w C:\Program Files\Java
2008-08-12 13:16 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:53 --------- d-----w C:\Program Files\My Company Name
2008-08-11 18:53 --------- d-----w C:\Program Files\HP
2008-08-11 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-11 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-08-10 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-10 08:28 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-09 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Bioshock
2008-08-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
2008-08-09 13:39 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\GRETECH
2008-08-09 13:38 --------- d-----w C:\Program Files\GRETECH
2008-08-09 13:28 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Black Sea Studios
2008-08-09 09:02 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-09 07:42 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Ubisoft
2008-08-09 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-08 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\InstallShield
2008-08-08 17:47 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Microsoft Games
2008-08-08 16:54 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-08 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 21:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\ACD Systems
2008-08-07 20:46 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\TuneUp Software
2008-08-07 20:29 --------- d--h--r C:\Documents and Settings\FlAmE of HeLl\Application Data\SecuROM
2008-08-07 20:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-07 20:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-07 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-07 17:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 16:13 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 16:10 --------- d-----w C:\Program Files\BearShare Applications
2008-08-06 10:50 --------- d-----w C:\Program Files\WinFast
2008-08-06 10:50 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 10:41 --------- d-----w C:\Program Files\Mv2Player
2008-08-06 10:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-06 10:37 --------- d-----w C:\Program Files\Ahead
2008-08-06 10:28 --------- d-----w C:\Program Files\Total Commander XP
2008-08-06 10:23 --------- d-----w C:\Program Files\Realtek
2008-08-06 10:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-06 10:05 --------- d-----w C:\Program Files\Intel
2008-08-06 09:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
.
------- Sigcheck -------
2004-08-03 22:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\wininet.dll
2004-08-03 22:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-03 22:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\explorer.exe
2004-08-03 22:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-03 22:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\wuauclt.exe
2004-08-03 22:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot_2008-09-28_20.25.35.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-28 19:18:45 25,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2008-09-28 19:18:48 842,240 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2008-09-28 19:18:34 409,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2008-09-28 19:19:28 220,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2008-09-28 19:19:19 81,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\ae5eedbd8bab63d1532a728e1df385d8\DdsFileType.ni.dll
+ 2008-09-28 19:19:24 14,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2008-09-28 19:18:49 573,440 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE\5836ab1a74216a09cd6335a7c79d65be\EnvDTE.ni.dll
+ 2008-09-28 19:19:29 276,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE80\e1777a50d7d4b403c4e123ed8b413ea9\EnvDTE80.ni.dll
+ 2008-09-28 19:19:30 46,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE90\527fb85b42a96831c08a39f63fafe499\EnvDTE90.ni.dll
+ 2008-09-28 19:19:31 31,232 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE90a\cc45cdec5ce10fcb8726dfa598cfbba9\EnvDTE90a.ni.dll
+ 2008-09-28 19:19:20 504,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\6ebfd8b7de7e5c268bcb673b233bd70e\ICSharpCode.SharpZipLib.ni.dll
+ 2008-09-28 19:19:14 94,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\efca70ca873ab8817754464e26c18833\Interop.WIA.ni.dll
+ 2008-09-28 19:19:31 222,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2008-09-28 19:19:28 1,886,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2008-09-28 19:19:32 838,656 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2008-09-28 19:19:33 65,024 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2008-09-28 19:19:26 74,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2008-09-28 19:19:35 1,620,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2008-09-28 19:19:38 1,965,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2008-09-28 19:19:39 175,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2008-09-28 19:19:38 144,384 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2008-09-28 19:19:40 18,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\2991b2a523954fa3416e7f605f3bd295\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2008-09-28 19:18:51 42,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\19d2a5ce056898c72a4a2a88d827eea5\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2008-09-28 19:18:37 1,092,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2008-09-28 19:18:39 386,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-09-28 19:19:25 133,632 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2008-09-28 19:19:12 227,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\ff5529e64d52b5e3c9a2458675dc3d49\PaintDotNet.Base.ni.dll
+ 2008-09-28 19:19:17 1,810,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\49549bfdb2cf54e1fd5c3daf641cd6e7\PaintDotNet.Core.ni.dll
+ 2008-09-28 19:19:19 695,296 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\4959452d8a41097ee3cf09b21f0ec696\PaintDotNet.Data.ni.dll
+ 2008-09-28 19:19:22 642,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\a4eb4f4e12f2e29fa12f31f1ed23dcfb\PaintDotNet.Effects.ni.dll
+ 2008-09-28 19:19:14 322,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\53d5ac76b453df590081a4f8241dd707\PaintDotNet.Resources.ni.dll
+ 2008-09-28 19:19:13 20,992 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\faf277f248798b92116f90d4df10520f\PaintDotNet.StylusReader.ni.dll
+ 2008-09-28 19:19:13 600,576 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\790115710e04bc07632a8bd7a9ce2742\PaintDotNet.SystemLayer.ni.dll
+ 2008-09-28 19:18:41 319,488 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2008-09-28 19:18:41 255,488 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2008-09-28 19:18:43 365,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2008-09-28 19:19:05 970,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2008-09-28 19:19:08 2,508,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2008-09-28 19:19:11 1,800,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2008-09-28 19:18:00 212,992 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
+ 2008-09-28 19:17:57 1,056,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
+ 2008-09-28 19:18:02 381,440 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll
+ 2008-09-28 19:19:10 311,296 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-09-28 19:18:06 2,338,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
+ 2008-09-28 19:19:09 676,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2008-09-28 19:18:29 17,313,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
+ 2008-09-28 19:19:24 24,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\46c94d7cca0eb94fd86ba689c71fd717\WiaProxy32.ni.exe
+ 2008-09-28 19:19:01 198,656 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\11e406d1fd81e49395c5b315a2d02cc2\WindowsFormsIntegration.Design.ni.dll
+ 2008-09-28 19:19:02 80,384 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ab7c416d2adf03073a04016987a0725\WindowsFormsIntegration.Package.ni.dll
+ 2008-09-28 19:18:44 321,024 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 30192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 14:38 133104 C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 18:09 2056875 C:\Program Files\LocalCooling\localcooling.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-15 13:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 19:16 2145280 C:\Program Files\Vista Start Menu\VistaStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"D:\\CS 1.6\\hl.exe"=
"D:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"D:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"D:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"D:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\CS 1.6\\cstrike.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"D:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"D:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-28 30192]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);C:\WINDOWS\system32\drivers\wfeaglxt.sys [2007-07-25 405632]
S4 gupdate1c90b651dea8622;Google Update Service (gupdate1c90b651dea8622);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S4 MONyog;MONyog;C:\Program Files\MONyog\bin\MONyog.exe [2008-08-21 2367488]
S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-14 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 21:23:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-09-28 21:25:26
ComboFix-quarantined-files.txt 2008-09-28 19:24:45
ComboFix2.txt 2008-09-28 18:26:32
ComboFix3.txt 2008-09-28 08:54:02
Pre-Run: 10,358,415,360 bytes free
Post-Run: 10,349,510,656 bytes free
504
|