[bobby]Pomoc

2

[bobby]Pomoc

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Evo
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\klmnluir.dll

Folder::
C:\Program Files\ynvpuw

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e8d76a67]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

ComboFix 08-09-27.05 - FlAmE of HeLl 2008-09-28 21:22:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1451 [GMT 2:00]
Running from: C:\Documents and Settings\FlAmE of HeLl\Desktop\Vazni programi\ComboFix.exe
Command switches used :: C:\Documents and Settings\FlAmE of HeLl\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\klmnluir.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ynvpuw
C:\WINDOWS\system32\klmnluir.dll

----- BITS: Possible infected sites -----

hxxp://91.203.93.6
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 20:00 . 2008-09-28 20:00 5,292,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-28 19:58 . 2008-09-28 20:00 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-28 13:35 . 2008-08-07 19:44 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-27 22:12 . 2008-09-27 22:12 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\vlc
2008-09-27 22:00 . 2008-09-27 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-27 21:46 . 2008-09-27 21:46 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-27 21:12 . 2008-09-27 21:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SPORE
2008-09-27 21:07 . 2008-09-27 21:07 <DIR> d-------- C:\Program Files\Foxit Software
2008-09-27 21:06 . 2008-09-28 19:55 <DIR> d-------- C:\Program Files\WinRarce
2008-09-27 20:58 . 2008-09-27 20:58 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-27 20:52 . 2001-08-23 12:00 229,376 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-09-27 20:52 . 2001-08-23 12:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2008-09-27 20:22 . 2008-09-27 20:24 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\BSplayer Pro
2008-09-27 14:08 . 2008-09-27 14:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-27 14:00 . 2008-09-27 14:00 <DIR> d-------- C:\Program Files\corel
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-09-27 13:49 . 2008-09-27 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 12:14 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-27 12:11 . 2008-09-27 12:14 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-27 12:11 . 2008-09-27 12:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-27 12:10 . 2008-09-27 12:10 <DIR> d-------- C:\Program Files\MSBuild
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 --a------ C:\WINDOWS\system32\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 14:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-27 12:10 . 2008-07-06 12:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-27 12:10 . 2008-07-06 14:06 575,488 --a------ C:\WINDOWS\system32\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-27 12:10 . 2008-07-06 14:06 117,760 --a------ C:\WINDOWS\system32\prntvpt.dll
2008-09-27 12:10 . 2008-07-06 14:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-27 11:30 . 2008-09-27 11:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\AveDesk
2008-09-27 11:19 . 2008-09-27 11:19 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 11:14 . 2008-09-27 11:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C9.tmp
2008-09-26 19:40 . 2008-01-08 22:00 799,424 -ra------ C:\WINDOWS\system32\tmp1C8.tmp
2008-09-26 18:58 . 2008-09-26 18:58 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-09-26 18:46 . 2008-09-26 18:54 <DIR> d-------- C:\Program Files\FrostWire
2008-09-26 18:46 . 2008-09-27 14:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FrostWire
2008-09-25 18:37 . 2008-09-28 19:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-25 18:37 . 2006-10-04 16:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SET29D.tmp
2008-09-25 18:36 . 2008-09-25 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-25 18:36 . 2008-09-25 18:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-25 18:35 . 2008-09-25 18:35 1,187 --a------ C:\WINDOWS\wmplayer.reg
2008-09-25 13:01 . 2008-09-25 13:01 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-24 20:35 . 2008-09-24 20:35 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-24 20:34 . 2008-09-27 13:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-24 19:49 . 2008-09-24 19:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-24 19:48 . 2008-09-24 19:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-24 19:39 . 2008-09-27 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-24 19:38 . 2008-09-24 19:38 <DIR> dr-h----- C:\MSOCache
2008-09-24 14:02 . 2008-09-24 14:02 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-09-23 19:16 . 2008-09-23 19:16 56 --a------ C:\WINDOWS\wb.ini
2008-09-23 17:51 . 2008-09-27 14:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ShoppingReport
2008-09-23 17:46 . 2008-04-26 16:14 42,672 --a------ C:\WINDOWS\system32\~GLH0012.TMP
2008-09-23 17:16 . 2008-09-23 17:16 <DIR> d-------- C:\Program Files\RocketDock
2008-09-23 17:11 . 2008-09-23 17:11 <DIR> d-------- C:\Program Files\Stardock
2008-09-22 20:26 . 2008-09-22 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 18:00 . 2008-09-22 18:00 1,605 --a------ C:\Mozilla Firefox.lnk
2008-09-22 17:51 . 2008-09-22 17:51 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Windows Live Writer
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Microsoft
2008-09-22 15:49 . 2008-09-22 15:49 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-22 15:48 . 2008-09-22 15:48 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\MxBoost
2008-09-22 15:47 . 2008-09-22 15:48 <DIR> d-------- C:\Program Files\Maxthon2
2008-09-22 15:25 . 2008-09-22 15:25 <DIR> d-------- C:\Program Files\Vista Start Menu
2008-09-22 15:25 . 2008-09-22 15:26 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Vista Start Menu
2008-09-22 15:22 . 2008-09-22 15:22 <DIR> d-------- C:\Program Files\WinMatrix XP
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2008-09-20 10:17 . 2008-09-22 17:53 <DIR> d-------- C:\Program Files\Windows Live
2008-09-20 10:11 . 2008-09-28 20:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\OpenOffice.org2
2008-09-20 08:10 . 2008-09-20 08:11 250 --a------ C:\WINDOWS\gmer.ini
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Yahoo!
2008-09-19 20:56 . 2008-09-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Program Files\Nvu
2008-09-19 09:13 . 2008-09-19 09:13 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Nvu
2008-09-19 08:49 . 2008-09-19 08:49 <DIR> d-------- C:\Program Files\Complex
2008-09-17 21:09 . 2008-09-17 21:09 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-09-17 09:11 . 2008-09-17 09:11 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\ChessBase
2008-09-17 09:10 . 2008-09-17 09:10 <DIR> d-------- C:\Program Files\ChessBase
2008-09-16 13:16 . 2008-09-16 13:17 <DIR> d-------- C:\Program Files\AIMP2
2008-09-16 13:15 . 2008-09-27 20:22 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 13:11 . 2008-09-15 13:12 <DIR> d-------- C:\Program Files\Real
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-15 13:11 . 2008-09-15 13:11 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Program Files\Solway's Internet TV and Radio
2008-09-15 13:09 . 2008-09-15 13:09 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SolwaySoftware
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 12:01 . 2008-09-15 12:01 <DIR> d-------- C:\Program Files\Recuva
2008-09-14 19:54 . 2008-09-14 19:54 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.thumbnails
2008-09-14 19:53 . 2008-09-14 19:55 <DIR> d-------- C:\PNG
2008-09-14 19:53 . 2008-09-14 19:53 <DIR> d-------- C:\ICO
2008-09-14 19:53 . 2007-02-03 21:50 125,484 --a------ C:\Vista_Style_Icons_Preview.png
2008-09-14 18:38 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-14 18:38 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-14 18:37 . 2008-09-14 18:38 <DIR> d-------- C:\Program Files\Picasa2
2008-09-14 18:37 . 2008-09-14 18:37 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-14 18:37 . 2008-09-15 11:21 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\.gimp-2.4
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-14 18:36 . 2008-09-14 18:36 <DIR> d-------- C:\Program Files\IrfanView
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\QuickTime
2008-09-14 18:22 . 2008-09-14 18:23 <DIR> d-------- C:\Program Files\LocalCooling
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-14 18:22 . 2008-09-14 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-14 18:18 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\Songbird2
2008-09-14 18:17 . 2008-09-15 19:39 <DIR> d-------- C:\Program Files\Songbird
2008-09-14 18:17 . 2008-09-14 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 18:12 . 2008-09-14 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-14 18:12 . 2008-09-14 18:12 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-14 18:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-09-14 15:43 . 2008-09-14 15:43 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\FileZilla
2008-09-09 15:01 . 2008-09-17 20:38 <DIR> d-------- C:\Program Files\Valve
2008-09-09 14:44 . 2008-09-09 14:44 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\SEGA
2008-09-08 21:47 . 2008-09-08 21:47 <DIR> d-------- C:\Program Files\Samurize
2008-09-07 21:10 . 2008-09-07 21:10 <DIR> d-------- C:\Documents and Settings\FlAmE of HeLl\Application Data\COWON
2008-09-07 21:08 . 2008-09-23 17:44 <DIR> d-------- C:\Program Files\JetAudio
2008-09-07 21:08 . 2008-09-07 21:08 <DIR> d-------- C:\Program Files\Common Files\COWON
2008-09-07 20:52 . 2008-09-07 20:52 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 18:00 71,172 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-28 16:56 --------- d-----w C:\Program Files\Google
2008-09-28 11:35 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-27 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-27 19:10 --------- d-----w C:\Program Files\CyberLink
2008-09-27 18:36 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BitTorrent
2008-09-27 18:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-27 18:21 --------- d-----w C:\Program Files\Winamp
2008-09-27 16:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Hamachi
2008-09-26 17:40 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-26 17:40 --------- d-----w C:\Program Files\OpenAL
2008-09-25 11:15 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-24 12:02 --------- d-----w C:\Program Files\AlienGUIse
2008-09-23 17:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-22 13:40 --------- d-----w C:\Program Files\Opera
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Activision
2008-09-21 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Activision
2008-09-21 10:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-20 08:09 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-14 17:58 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-09-07 18:19 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\BearShare
2008-09-06 19:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-06 13:28 --------- d-----w C:\Program Files\SpeedFan
2008-09-04 06:02 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-08-31 00:18 --------- d-----w C:\Program Files\Hamachi
2008-08-28 08:45 --------- d-----w C:\Program Files\e-texaspoker client
2008-08-28 08:32 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 08:16 --------- d-----w C:\Program Files\BitTorrent
2008-08-23 21:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Dev-Cpp
2008-08-21 10:59 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-08-21 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-21 07:16 --------- d-----w C:\Program Files\Orb Networks
2008-08-21 07:11 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-20 09:07 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-18 14:46 22,328 ----a-w C:\Documents and Settings\FlAmE of HeLl\Application Data\PnkBstrK.sys
2008-08-18 14:24 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-18 14:24 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-18 13:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-08-16 19:00 --------- d-----w C:\Program Files\LucasArts
2008-08-15 06:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-14 07:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-13 13:44 --------- d-----w C:\Program Files\PoxNora
2008-08-13 07:48 20,500 ----a-w C:\Documents and Settings\FlAmE of HeLl\FMCodec.dat
2008-08-13 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-12 20:08 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\AdobeUM
2008-08-12 13:32 --------- d-----w C:\Program Files\Java
2008-08-12 13:16 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:53 --------- d-----w C:\Program Files\My Company Name
2008-08-11 18:53 --------- d-----w C:\Program Files\HP
2008-08-11 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-11 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-08-10 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-10 08:28 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-09 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Bioshock
2008-08-09 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
2008-08-09 13:39 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\GRETECH
2008-08-09 13:38 --------- d-----w C:\Program Files\GRETECH
2008-08-09 13:28 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Black Sea Studios
2008-08-09 09:02 --------- d-----w C:\Program Files\Common Files\BioWare
2008-08-09 07:42 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Ubisoft
2008-08-09 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-08 18:03 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\InstallShield
2008-08-08 17:47 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Microsoft Games
2008-08-08 16:54 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-08-08 11:31 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Skype
2008-08-08 08:24 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-08 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-07 21:56 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\ACD Systems
2008-08-07 20:46 --------- d-----w C:\Documents and Settings\FlAmE of HeLl\Application Data\TuneUp Software
2008-08-07 20:29 --------- d--h--r C:\Documents and Settings\FlAmE of HeLl\Application Data\SecuROM
2008-08-07 20:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-07 20:21 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-07 20:16 --------- d-----w C:\Program Files\CCleaner
2008-08-07 17:04 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 16:13 --------- d-----w C:\Program Files\Common Files\Java
2008-08-07 16:10 --------- d-----w C:\Program Files\BearShare Applications
2008-08-06 10:50 --------- d-----w C:\Program Files\WinFast
2008-08-06 10:50 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-06 10:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-06 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-06 10:41 --------- d-----w C:\Program Files\Mv2Player
2008-08-06 10:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-06 10:37 --------- d-----w C:\Program Files\Ahead
2008-08-06 10:28 --------- d-----w C:\Program Files\Total Commander XP
2008-08-06 10:23 --------- d-----w C:\Program Files\Realtek
2008-08-06 10:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-06 10:05 --------- d-----w C:\Program Files\Intel
2008-08-06 09:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
.

------- Sigcheck -------

2004-08-03 22:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\wininet.dll
2004-08-03 22:56 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-03 22:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\explorer.exe
2004-08-03 22:56 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-03 22:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\wuauclt.exe
2004-08-03 22:56 100864 80cb133bd6c830e8ca7e90015e45c1cd C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot_2008-09-28_20.25.35.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-28 19:18:45 25,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2008-09-28 19:18:48 842,240 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2008-09-28 19:18:34 409,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2008-09-28 19:19:28 220,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2008-09-28 19:19:19 81,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\ae5eedbd8bab63d1532a728e1df385d8\DdsFileType.ni.dll
+ 2008-09-28 19:19:24 14,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2008-09-28 19:18:49 573,440 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE\5836ab1a74216a09cd6335a7c79d65be\EnvDTE.ni.dll
+ 2008-09-28 19:19:29 276,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE80\e1777a50d7d4b403c4e123ed8b413ea9\EnvDTE80.ni.dll
+ 2008-09-28 19:19:30 46,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE90\527fb85b42a96831c08a39f63fafe499\EnvDTE90.ni.dll
+ 2008-09-28 19:19:31 31,232 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE90a\cc45cdec5ce10fcb8726dfa598cfbba9\EnvDTE90a.ni.dll
+ 2008-09-28 19:19:20 504,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\6ebfd8b7de7e5c268bcb673b233bd70e\ICSharpCode.SharpZipLib.ni.dll
+ 2008-09-28 19:19:14 94,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\efca70ca873ab8817754464e26c18833\Interop.WIA.ni.dll
+ 2008-09-28 19:19:31 222,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2008-09-28 19:19:28 1,886,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2008-09-28 19:19:32 838,656 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2008-09-28 19:19:33 65,024 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2008-09-28 19:19:26 74,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2008-09-28 19:19:35 1,620,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2008-09-28 19:19:38 1,965,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2008-09-28 19:19:39 175,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2008-09-28 19:19:38 144,384 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2008-09-28 19:19:40 18,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\2991b2a523954fa3416e7f605f3bd295\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2008-09-28 19:18:51 42,496 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\19d2a5ce056898c72a4a2a88d827eea5\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2008-09-28 19:18:37 1,092,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2008-09-28 19:18:39 386,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-09-28 19:19:25 133,632 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2008-09-28 19:19:12 227,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\ff5529e64d52b5e3c9a2458675dc3d49\PaintDotNet.Base.ni.dll
+ 2008-09-28 19:19:17 1,810,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\49549bfdb2cf54e1fd5c3daf641cd6e7\PaintDotNet.Core.ni.dll
+ 2008-09-28 19:19:19 695,296 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\4959452d8a41097ee3cf09b21f0ec696\PaintDotNet.Data.ni.dll
+ 2008-09-28 19:19:22 642,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\a4eb4f4e12f2e29fa12f31f1ed23dcfb\PaintDotNet.Effects.ni.dll
+ 2008-09-28 19:19:14 322,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\53d5ac76b453df590081a4f8241dd707\PaintDotNet.Resources.ni.dll
+ 2008-09-28 19:19:13 20,992 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\faf277f248798b92116f90d4df10520f\PaintDotNet.StylusReader.ni.dll
+ 2008-09-28 19:19:13 600,576 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\790115710e04bc07632a8bd7a9ce2742\PaintDotNet.SystemLayer.ni.dll
+ 2008-09-28 19:18:41 319,488 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2008-09-28 19:18:41 255,488 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2008-09-28 19:18:43 365,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2008-09-28 19:19:05 970,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2008-09-28 19:19:08 2,508,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2008-09-28 19:19:11 1,800,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2008-09-28 19:18:00 212,992 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
+ 2008-09-28 19:17:57 1,056,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
+ 2008-09-28 19:18:02 381,440 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll
+ 2008-09-28 19:19:10 311,296 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-09-28 19:18:06 2,338,304 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
+ 2008-09-28 19:19:09 676,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2008-09-28 19:18:29 17,313,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
+ 2008-09-28 19:19:24 24,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\46c94d7cca0eb94fd86ba689c71fd717\WiaProxy32.ni.exe
+ 2008-09-28 19:19:01 198,656 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\11e406d1fd81e49395c5b315a2d02cc2\WindowsFormsIntegration.Design.ni.dll
+ 2008-09-28 19:19:02 80,384 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ab7c416d2adf03073a04016987a0725\WindowsFormsIntegration.Package.ni.dll
+ 2008-09-28 19:18:44 321,024 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^FlAmE of HeLl^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\FlAmE of HeLl\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-31 14:38 133104 C:\Documents and Settings\FlAmE of HeLl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
--a------ 2006-12-01 18:09 2056875 C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
--a------ 2002-12-16 16:51 36864 C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-15 13:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
--a------ 2003-03-31 19:28 155648 C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
--a------ 2008-09-19 19:16 2145280 C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-11-16 16:13 90112 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MONyog"=2 (0x2)
"gupdate1c90b651dea8622"=2 (0x2)
"UserAccess7"=2 (0x2)
"NMSAccessU"=2 (0x2)
"gusvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"D:\\CS 1.6\\hl.exe"=
"D:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"D:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"D:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"D:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"D:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"D:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"D:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\CS 1.6\\cstrike.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"D:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"D:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-28 30192]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (Video);C:\WINDOWS\system32\drivers\wfeaglxt.sys [2007-07-25 405632]
S4 gupdate1c90b651dea8622;Google Update Service (gupdate1c90b651dea8622);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S4 MONyog;MONyog;C:\Program Files\MONyog\bin\MONyog.exe [2008-08-21 2367488]
S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-14 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 21:23:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-09-28 21:25:26
ComboFix-quarantined-files.txt 2008-09-28 19:24:45
ComboFix2.txt 2008-09-28 18:26:32
ComboFix3.txt 2008-09-28 08:54:02

Pre-Run: 10,358,415,360 bytes free
Post-Run: 10,349,510,656 bytes free

504

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ima li jos kakvih vidljivih simptoma?

Postavi mi sutra nov ComboFix log, koliko da se uverim da se infekcija nije vratila.

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Sada je nestao i poslednji deo infekcije.Internet explorer je prestao otvarao sajtove o nekom 'antivirusu'.Ako smo zavrsili da li je bezbedno da ugasim komp?
P.S Sutra ujutru postavljam novi combo fix log.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Bezbedno je da ugasis komp (po mom misljenju).

Trazio sam nov log za sutra, bas da bih jos jednom proverio da li se infekcija vraca kod novog starta Windowsa.

Citamo se sutra onda. Ja s posla stizem obicno oko 5, pa se citamo posle toga.

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Evo loga koji si sinoc trazio
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ovo izgleda OK.

Ima li nekih simptoma vidljivih na oko ili mozemo proglasiti komp zvanicno cistim?

offline
  • Veljko
  • Pridružio: 29 Jul 2008
  • Poruke: 615
  • Gde živiš: Zemun

Ja nista ne primecujem.Izgleda da komp radi normalno.Hvala na ulozenom trudu!!!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hajmo jos da deinstaliramo ComboFix:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

Ko je trenutno na forumu
 

Ukupno su 774 korisnika na forumu :: 32 registrovanih, 7 sakrivenih i 735 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., acko, babaroga, bato, BORUTUS, Dorcolac, dzoni19, Fog of War, girici2, goxin, ivan979, ivica976, kalens021, lovac12, LUDI, manda87, Markoni29, mustangkg, Ognjen D., repac, rovac, S.Palestinac, saputnik plavetnila, Sonyboy, Srki94, Tas011, Toni, vathra, virked, Vlad000, zuxbg