MyCity » Ambulanta -> Arhiva Ambulante » [helen1]scvchost.exe?

[helen1]scvchost.exe?

Napisano na dan: 10.6.2008

Strana:
1
2

[helen1]scvchost.exe?

Pagination

Prethodna strana

Odgovori

Strana:
1
2

mertek Poslao: 13 Jun 2008 00:21 Idi na vrh
offline mertek Građanin Pridružio: 06 Jun 2005 Poruke: 218 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno! Evo log fajla: ComboFix 08-06-09.7 - Djole 2008-06-13 0:13:19.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.216 [GMT 2:00] Running from: D:\Programi\ComboFix.exe Command switches used :: D:\Programi\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP C:\WINDOWS\popcinfot.dat C:\WINDOWS\popcreg.dat C:\WINDOWS\system32\ezsidmv.dat C:\WINDOWS\system32\pmls.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\popcinfot.dat C:\WINDOWS\popcreg.dat C:\WINDOWS\system32\ezsidmv.dat C:\WINDOWS\system32\pmls.dll . ((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))) . 2008-06-12 23:11 . 2008-06-12 23:11 <DIR> d-------- C:\Program Files\Pokemon PC 2008-06-12 16:23 . 2008-06-12 16:35 <DIR> d-------- C:\Program Files\Download Direct 2008-06-12 15:46 . 2008-06-12 15:51 <DIR> d-------- C:\Documents and Settings\Djole\Tracing 2008-06-12 15:44 . 2008-06-12 15:53 <DIR> d-------- C:\Program Files\Windows Live 2008-06-12 13:24 . 2008-06-12 21:19 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Thinstall 2008-06-10 23:54 . 2008-06-12 10:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-10 23:54 . 2008-06-10 23:54 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-03 20:15 . 2007-10-13 19:34 86,016 --a------ C:\WINDOWS\system32\pmservice.exe 2008-06-03 12:06 . 2008-06-03 22:30 921,624 --a------ C:\img2-001.raw 2008-06-03 11:29 . 2008-06-11 16:01 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\skypePM 2008-06-03 11:28 . 2008-06-03 11:29 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-06-03 10:53 . 2002-08-29 03:41 286,720 --a------ C:\WINDOWS\system32\msh263.drv 2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll 2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll 2008-06-03 10:46 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe 2008-06-03 10:46 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnpx32.dll 2008-06-03 10:25 . 2008-06-03 10:46 <DIR> d-------- C:\Program Files\Common Files\snp325 2008-06-03 10:25 . 2008-06-03 10:25 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\InstallShield 2008-06-03 10:25 . 2007-07-24 10:21 10,394,624 --a------ C:\WINDOWS\system32\drivers\snp325.sys 2008-06-03 10:25 . 2007-05-10 13:18 835,584 --a------ C:\WINDOWS\vsnp325.exe 2008-06-03 10:25 . 2007-04-21 09:30 270,336 --a------ C:\WINDOWS\tsnp325.exe 2008-06-03 10:25 . 2006-04-12 12:11 147,456 --a------ C:\WINDOWS\system32\rsnp325.dll 2008-06-03 10:25 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnp325.dll 2008-06-03 10:25 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp325.dll 2008-06-03 10:25 . 2007-07-11 16:09 20,480 --a------ C:\WINDOWS\FixCamera.exe 2008-06-03 10:25 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snp325.ini 2008-06-03 10:25 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snp325.src 2008-06-02 20:20 . 2008-06-10 15:54 2,672 --a------ C:\WINDOWS\system32\settings.aaw 2008-06-02 20:20 . 2008-06-10 15:54 704 --a------ C:\WINDOWS\system32\history.aaw 2008-06-02 14:19 . 2008-06-02 14:20 <DIR> d-------- C:\Program Files\SweetIM 2008-06-02 14:19 . 2008-06-02 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM 2008-06-02 03:11 . 2008-06-02 03:11 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-06-02 02:47 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-01 20:20 . 2008-06-01 20:20 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-06-01 18:03 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\(zabranjeno)lock 2008-06-01 11:00 . 2008-06-01 11:00 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\vlc 2008-06-01 10:55 . 2008-06-01 19:11 <DIR> d-------- C:\Program Files\VideoLAN 2008-06-01 00:57 . 2008-06-01 00:57 <DIR> d-------- C:\Program Files\SubtitleCreator 2008-05-29 23:55 . 2008-06-12 16:50 <DIR> d-------- C:\Program Files\Professional §©®ÎÞt v.3 Black 2008-05-29 22:37 . 2008-05-29 22:37 56,565 --a------ C:\WINDOWS\system32\SDL_image.dll 2008-05-29 22:26 . 2008-05-29 22:26 266,436 --a------ C:\WINDOWS\system32\tiff.dll 2008-05-29 21:36 . 2008-05-29 21:27 1,732,518 --a------ C:\WINDOWS\system32\libgsl.dll 2008-05-29 21:36 . 2008-05-29 21:27 243,671 --a------ C:\WINDOWS\system32\libgslcblas.dll 2008-05-29 21:12 . 2008-05-29 21:12 573,440 --a------ C:\WINDOWS\system32\alleg42.dll 2008-05-29 18:44 . 2008-05-29 18:44 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Sony Setup 2008-05-29 18:24 . 2008-05-29 18:29 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\SmsDiscount 2008-05-29 14:18 . 2008-05-29 22:40 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Dev-Cpp 2008-05-29 14:16 . 2008-05-29 22:36 <DIR> d-------- C:\Dev-Cpp 2008-05-29 07:59 . 2008-05-29 07:59 <DIR> d-------- C:\Program Files\VS Revo Group 2008-05-28 08:18 . 2008-05-28 08:18 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\JLC's Software 2008-05-28 08:17 . 2008-05-28 08:28 <DIR> d-------- C:\Program Files\JLC's Software 2008-05-26 13:46 . 2008-05-26 13:46 <DIR> d-------- C:\Program Files\TimeAdjuster 2008-05-26 13:43 . 2008-06-05 20:42 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Any Video Converter 2008-05-25 19:47 . 2008-05-25 19:47 <DIR> d-------- C:\Program Files\Rapishare Free Account Check 2008-05-25 19:47 . 2008-05-25 19:47 104,201 --a------ C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe 2008-05-25 12:05 . 2008-05-25 12:05 <DIR> d-------- C:\Program Files\uTorrent 2008-05-25 12:05 . 2008-06-07 00:47 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\uTorrent 2008-05-25 11:36 . 2008-06-12 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-05-24 15:14 . 2008-06-12 20:26 <DIR> d-------- C:\Program Files\MSN Messenger 2008-05-23 12:33 . 2008-05-23 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-05-23 12:32 . 2008-05-23 12:51 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Azureus 2008-05-22 22:38 . 2008-05-22 22:38 24 --a------ C:\WINDOWS\AM_D8.PRF 2008-05-22 22:36 . 2008-05-22 22:36 25 --a------ C:\WINDOWS\ES_1_D1.prf 2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\ES_2_D1.prf 2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\AM_D0.PRF 2008-05-22 18:26 . 2008-05-30 01:07 <DIR> d-------- C:\Documents and Settings\Djole\Contacts 2008-05-22 18:19 . 2008-05-22 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-05-22 18:18 . 2008-05-22 18:18 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-22 16:33 . 2002-11-27 14:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys 2008-05-22 16:33 . 2002-11-27 14:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin 2008-05-22 16:33 . 2002-11-27 14:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin 2008-05-22 16:33 . 2002-11-27 14:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat 2008-05-18 23:29 . 2008-05-18 23:29 4,080 --a------ C:\WINDOWS\GAMF0DRV.BIN 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-12 16:03 . 2008-05-12 16:05 <DIR> d-------- C:\WINDOWS\NV1636328.TMP 2008-05-12 15:49 . 2008-05-23 12:36 <DIR> d-------- C:\Program Files\Yahoo! 2008-05-12 15:45 . 2008-05-12 15:45 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-12 22:07 --------- d-----w C:\Documents and Settings\Djole\Application Data\SiteAdvisor 2008-06-12 22:00 170 ----a-w C:\Program Files\1bomb.ini 2008-06-12 19:07 --------- d-----w C:\Program Files\Unlocker 2008-06-12 11:31 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB30C.tmp 2008-06-12 06:30 --------- d-----w C:\Program Files\a-squared Free 2008-06-11 23:54 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB30B.tmp 2008-06-11 18:40 --------- d-----w C:\Documents and Settings\Djole\Application Data\Skype 2008-06-10 23:08 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB30A.tmp 2008-06-10 20:55 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB309.tmp 2008-06-10 13:53 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB308.tmp 2008-06-10 09:54 --------- d-----w C:\Program Files\Free Download Manager 2008-06-09 11:26 --------- d-----w C:\Program Files\Winamp 2008-06-08 22:39 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB307.tmp 2008-06-07 22:30 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB306.tmp 2008-06-07 18:42 --------- d-----w C:\Program Files\JetAudio 2008-06-06 23:04 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB305.tmp 2008-06-05 14:58 30,208 ----a-w C:\WINDOWS\Internet Logs\xDB304.tmp 2008-06-04 23:54 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB303.tmp 2008-06-03 23:25 --------- d-----w C:\Program Files\PopCap Games 2008-06-03 09:29 --------- d-----w C:\Program Files\Skype 2008-06-03 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 23:20 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB302.tmp 2008-06-02 22:42 27,136 ----a-w C:\WINDOWS\Internet Logs\xDB301.tmp 2008-06-02 18:20 69,120 ----a-w C:\WINDOWS\Internet Logs\xDB300.tmp 2008-06-02 01:11 --------- d-----w C:\Program Files\Real 2008-06-02 01:11 --------- d-----w C:\Program Files\Common Files\Real 2008-06-02 00:47 --------- d-----w C:\Program Files\Java 2008-06-01 19:26 --------- d-----w C:\Program Files\FDRLab 2008-06-01 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-01 17:25 --------- d-----w C:\Program Files\Lavasoft 2008-06-01 16:58 --------- d-----w C:\Program Files\EA GAMES 2008-06-01 16:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-01 16:04 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB2FF.tmp 2008-05-31 23:51 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB2FE.tmp 2008-05-31 17:27 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2FD.tmp 2008-05-30 23:39 50,688 ----a-w C:\WINDOWS\Internet Logs\xDB2FC.tmp 2008-05-30 13:27 --------- d-----w C:\Program Files\Warcraft III 2008-05-30 06:13 --------- d-----w C:\Program Files\Google 2008-05-29 23:09 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB2FB.tmp 2008-05-28 23:33 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB2FA.tmp 2008-05-28 06:34 55,808 ----a-w C:\WINDOWS\Internet Logs\xDB2F9.tmp 2008-05-26 22:27 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB2F8.tmp 2008-05-25 23:00 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2F7.tmp 2008-05-25 11:11 --------- d-----w C:\Program Files\Picasa2 2008-05-24 11:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 00:37 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F6.tmp 2008-05-23 19:22 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB2F5.tmp 2008-05-23 10:42 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F4.tmp 2008-05-22 21:31 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB2F3.tmp 2008-05-22 11:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2F2.tmp 2008-05-21 21:55 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2F1.tmp 2008-05-21 14:05 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2F0.tmp 2008-05-20 20:03 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2EF.tmp 2008-05-20 11:00 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB2EE.tmp 2008-05-20 08:52 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2ED.tmp 2008-05-19 22:16 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EC.tmp 2008-05-19 14:42 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2EB.tmp 2008-05-18 12:43 --------- d-----w C:\Program Files\RegScrubXP 2008-05-17 23:30 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EA.tmp 2008-05-17 20:34 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2E9.tmp 2008-05-16 18:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E8.tmp 2008-05-16 08:17 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E7.tmp 2008-05-15 22:32 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E6.tmp 2008-05-14 22:54 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB2E5.tmp 2008-05-14 17:57 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2E4.tmp 2008-05-14 13:33 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB2E3.tmp 2008-05-14 06:43 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E2.tmp 2008-05-13 22:30 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2E1.tmp 2008-05-13 09:12 34,816 ----a-w C:\WINDOWS\Internet Logs\xDB2E0.tmp 2008-05-12 22:52 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2DF.tmp 2008-05-12 18:21 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2DE.tmp 2008-05-12 14:04 61,440 ----a-w C:\WINDOWS\Internet Logs\xDB2DD.tmp 2008-05-12 08:06 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DC.tmp 2008-05-11 22:21 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DB.tmp 2008-05-11 08:13 --------- d-----w C:\Documents and Settings\Djole\Application Data\Lavasoft 2008-05-10 22:49 198,144 ----a-w C:\WINDOWS\Internet Logs\xDB2DA.tmp 2008-05-10 18:14 --------- d-----w C:\Program Files\Parallel Port Joystick 2008-05-10 17:23 0 ----a-w C:\subafsfile0.bin 2008-05-10 17:22 666,800 ----a-w C:\bin0.bin 2008-05-09 22:29 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D9.tmp 2008-05-09 18:43 113,152 ----a-w C:\WINDOWS\Internet Logs\xDB2D8.tmp 2008-05-09 10:58 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB2D7.tmp 2008-05-08 10:38 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2D6.tmp 2008-05-07 14:49 34,308 ----a-w C:\WINDOWS\system32\Chip.dll 2008-05-07 14:49 --------- d-----w C:\Program Files\REAPER 2008-05-07 06:19 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2D5.tmp 2008-05-06 16:01 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D4.tmp 2008-05-06 11:10 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D3.tmp 2008-05-05 22:30 14,848 ----a-w C:\WINDOWS\Internet Logs\xDB2D2.tmp 2008-05-05 00:19 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2D1.tmp 2008-05-04 23:19 --------- d-----w C:\Program Files\Garfield Goes to Pieces 2008-05-04 17:19 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D0.tmp 2008-05-04 11:47 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2CF.tmp 2008-05-03 23:49 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB2CE.tmp 2008-05-03 00:00 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2CD.tmp 2008-05-02 16:53 --------- d-----w C:\Program Files\Magicne Igrice 2008-05-02 14:48 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB2CC.tmp 2008-05-02 09:51 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB2CB.tmp 2008-05-01 23:00 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2CA.tmp 2008-05-01 05:59 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2C9.tmp 2005-09-27 18:24 152 --sh--r C:\WINDOWS\system32\5C39DEE95A.sys 2007-07-09 11:55 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-10_21.28.28,21 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-10 14:16:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-12 16:43:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-24 13:14:24 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2008-06-12 18:27:04 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2000-01-07 00:00:00 24,448 ----a-w C:\WINDOWS\sysgtime.dll + 2000-01-07 00:00:00 24,448 ----a-w C:\WINDOWS\system32\proclsvr.drv - 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVCLOCK"="nvclock.dll" [2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 04:50 88363 C:\WINDOWS\AGRSMMSG.exe] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 01:51 755472] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-01-08 21:22 917504] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\System32\sw20.exe" [2006-09-07 12:13 208896] "SW24"="C:\WINDOWS\System32\sw24.exe" [2006-09-07 12:14 69632] "WinSys2"="C:\WINDOWS\System32\winsys2.exe" [2006-10-03 08:37 217088] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 10:45 401408] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 05:59 307200] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920] "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 09:30 270336] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 16:09 20480] "snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 13:18 835584] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 03:11 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 03:41 13312] C:\Documents and Settings\Djole\Start Menu\Programs\Startup\ Calendarium.lnk - C:\Program Files\Calendarium\Calendarium.exe [2001-04-20 16:32:52 1522176] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2005-12-23 11:19:47 544768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.IV41"= ir41_32.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3D!Turbo Experience.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Joint Operations Typhoon Rising Registration.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK backup=C:\WINDOWS\pss\Registration Heroes of Might & Magic 5.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Ubisoft register.lnk] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Ubisoft register.lnk backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr] --a------ 2004-09-29 03:01 106496 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2003-09-15 15:58 1212466 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-01 14:56 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR] --a------ 2004-09-29 03:26 192512 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center] R2 ACEDRV06;ACEDRV06;C:\WINDOWS\System32\drivers\ACEDRV06.sys [2007-01-04 21:52] R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\System32\DRIVERS\Cap713x.sys [2004-10-14 09:19] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\System32\DRIVERS\cledx.sys [2007-12-11 05:59] R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\System32\drivers\PPJoyBus.sys [2004-10-24 09:11] R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\System32\drivers\PPortJoy.sys [2004-10-24 09:11] S3 CoolerXPDriver;CoolerXPDriver;C:\Program Files\MSI\PC Alert 4\NTCooler.sys [2002-12-10 12:26] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys [2006-10-01 14:53] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys [2006-10-01 14:53] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys [2006-10-01 14:53] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys [2006-10-01 14:53] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys [2006-10-01 14:53] Newly Created Service - PCALERTDRIVER Newly Created Service - USNJSVC . Contents of the 'Scheduled Tasks' folder "2008-05-22 16:18:59 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 00:17:54 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-06-13 0:25:46 ComboFix-quarantined-files.txt 2008-06-12 22:24:44 ComboFix2.txt 2008-06-12 06:46:33 ComboFix3.txt 2008-06-10 19:29:46 Pre-Run: 3,247,493,120 bytes free Post-Run: 3,257,602,048 bytes free 350

Profil

helen1 Poslao: 13 Jun 2008 22:20 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napredujemo. Kako se sad kompjuter ponasa? Ima li problema? Otvoriti Notepad i iskopirati sledeci tekst: `DirLook:: C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

mertek Poslao: 18 Jun 2008 21:23 Idi na vrh
offline mertek Građanin Pridružio: 06 Jun 2005 Poruke: 218 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kompjuter radi normalno. Evo novog log fajla: ComboFix 08-06-09.7 - Djole 2008-06-15 11:39:28.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.203 [GMT 2:00] Running from: D:\Programi\ComboFix.exe Command switches used :: D:\Programi\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))) . 2008-06-14 18:08 . 2008-06-14 18:08 11 --a------ C:\WINDOWS\3DShadow.INI 2008-06-14 16:48 . 2008-06-14 16:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-14 16:48 . 2008-06-14 16:48 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-14 16:31 . 2008-06-14 16:31 44,544 --------- C:\WINDOWS\AWuninstall.exe 2008-06-13 22:53 . 2008-06-14 23:24 56 ---h----- C:\WINDOWS\popcreg.dat 2008-06-13 22:53 . 2008-06-14 23:24 18 --a------ C:\WINDOWS\popcinfot.dat 2008-06-12 23:11 . 2008-06-12 23:11 <DIR> d-------- C:\Program Files\Pokemon PC 2008-06-12 15:46 . 2008-06-12 15:51 <DIR> d-------- C:\Documents and Settings\Djole\Tracing 2008-06-12 15:44 . 2008-06-12 15:53 <DIR> d-------- C:\Program Files\Windows Live 2008-06-12 13:24 . 2008-06-12 21:19 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Thinstall 2008-06-03 20:15 . 2007-10-13 19:34 86,016 --a------ C:\WINDOWS\system32\pmservice.exe 2008-06-03 12:06 . 2008-06-03 22:30 921,624 --a------ C:\img2-001.raw 2008-06-03 11:29 . 2008-06-11 16:01 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\skypePM 2008-06-03 11:28 . 2008-06-03 11:29 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-06-03 10:53 . 2002-08-29 03:41 286,720 --a------ C:\WINDOWS\system32\msh263.drv 2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll 2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll 2008-06-03 10:46 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe 2008-06-03 10:46 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnpx32.dll 2008-06-03 10:25 . 2008-06-03 10:46 <DIR> d-------- C:\Program Files\Common Files\snp325 2008-06-03 10:25 . 2008-06-03 10:25 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\InstallShield 2008-06-03 10:25 . 2007-07-24 10:21 10,394,624 --a------ C:\WINDOWS\system32\drivers\snp325.sys 2008-06-03 10:25 . 2007-05-10 13:18 835,584 --a------ C:\WINDOWS\vsnp325.exe 2008-06-03 10:25 . 2007-04-21 09:30 270,336 --a------ C:\WINDOWS\tsnp325.exe 2008-06-03 10:25 . 2006-04-12 12:11 147,456 --a------ C:\WINDOWS\system32\rsnp325.dll 2008-06-03 10:25 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnp325.dll 2008-06-03 10:25 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp325.dll 2008-06-03 10:25 . 2007-07-11 16:09 20,480 --a------ C:\WINDOWS\FixCamera.exe 2008-06-03 10:25 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snp325.ini 2008-06-03 10:25 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snp325.src 2008-06-02 20:20 . 2008-06-10 15:54 2,672 --a------ C:\WINDOWS\system32\settings.aaw 2008-06-02 20:20 . 2008-06-10 15:54 704 --a------ C:\WINDOWS\system32\history.aaw 2008-06-02 14:19 . 2008-06-02 14:20 <DIR> d-------- C:\Program Files\SweetIM 2008-06-02 14:19 . 2008-06-02 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM 2008-06-02 03:11 . 2008-06-02 03:11 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-06-02 02:47 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-01 20:20 . 2008-06-01 20:20 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-06-01 18:03 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\(zabranjeno)lock 2008-06-01 11:00 . 2008-06-01 11:00 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\vlc 2008-06-01 10:55 . 2008-06-01 19:11 <DIR> d-------- C:\Program Files\VideoLAN 2008-06-01 00:57 . 2008-06-01 00:57 <DIR> d-------- C:\Program Files\SubtitleCreator 2008-05-29 23:55 . 2008-06-15 02:06 <DIR> d-------- C:\Program Files\Professional §©®ÎÞt v.3 Black 2008-05-29 22:37 . 2008-05-29 22:37 56,565 --a------ C:\WINDOWS\system32\SDL_image.dll 2008-05-29 22:26 . 2008-05-29 22:26 266,436 --a------ C:\WINDOWS\system32\tiff.dll 2008-05-29 21:36 . 2008-05-29 21:27 1,732,518 --a------ C:\WINDOWS\system32\libgsl.dll 2008-05-29 21:36 . 2008-05-29 21:27 243,671 --a------ C:\WINDOWS\system32\libgslcblas.dll 2008-05-29 21:12 . 2008-05-29 21:12 573,440 --a------ C:\WINDOWS\system32\alleg42.dll 2008-05-29 18:44 . 2008-05-29 18:44 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Sony Setup 2008-05-29 18:24 . 2008-05-29 18:29 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\SmsDiscount 2008-05-29 14:18 . 2008-05-29 22:40 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Dev-Cpp 2008-05-29 14:16 . 2008-05-29 22:36 <DIR> d-------- C:\Dev-Cpp 2008-05-29 07:59 . 2008-05-29 07:59 <DIR> d-------- C:\Program Files\VS Revo Group 2008-05-28 08:18 . 2008-05-28 08:18 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\JLC's Software 2008-05-28 08:17 . 2008-05-28 08:28 <DIR> d-------- C:\Program Files\JLC's Software 2008-05-26 13:46 . 2008-05-26 13:46 <DIR> d-------- C:\Program Files\TimeAdjuster 2008-05-26 13:43 . 2008-06-05 20:42 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Any Video Converter 2008-05-25 19:47 . 2008-05-25 19:47 <DIR> d-------- C:\Program Files\Rapishare Free Account Check 2008-05-25 19:47 . 2008-05-25 19:47 104,201 --a------ C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe 2008-05-25 12:05 . 2008-05-25 12:05 <DIR> d-------- C:\Program Files\uTorrent 2008-05-25 12:05 . 2008-06-14 20:26 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\uTorrent 2008-05-25 11:36 . 2008-06-14 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-05-24 15:14 . 2008-06-12 20:26 <DIR> d-------- C:\Program Files\MSN Messenger 2008-05-23 12:33 . 2008-05-23 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-05-23 12:32 . 2008-05-23 12:51 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Azureus 2008-05-22 22:38 . 2008-05-22 22:38 24 --a------ C:\WINDOWS\AM_D8.PRF 2008-05-22 22:36 . 2008-05-22 22:36 25 --a------ C:\WINDOWS\ES_1_D1.prf 2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\ES_2_D1.prf 2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\AM_D0.PRF 2008-05-22 18:26 . 2008-05-30 01:07 <DIR> d-------- C:\Documents and Settings\Djole\Contacts 2008-05-22 18:19 . 2008-05-22 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-05-22 18:18 . 2008-05-22 18:18 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-22 16:33 . 2002-11-27 14:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys 2008-05-22 16:33 . 2002-11-27 14:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin 2008-05-22 16:33 . 2002-11-27 14:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin 2008-05-22 16:33 . 2002-11-27 14:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat 2008-05-18 23:29 . 2008-05-18 23:29 4,080 --a------ C:\WINDOWS\GAMF0DRV.BIN 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-15 09:32 --------- d-----w C:\Program Files\RegScrubXP 2008-06-15 09:30 --------- d-----w C:\Program Files\Winamp 2008-06-15 08:46 --------- d-----w C:\Documents and Settings\Djole\Application Data\SiteAdvisor 2008-06-14 10:54 170 ----a-w C:\Program Files\1bomb.ini 2008-06-14 00:38 26,112 ----a-w C:\WINDOWS\Internet Logs\xDB30E.tmp 2008-06-12 23:23 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB30D.tmp 2008-06-12 19:07 --------- d-----w C:\Program Files\Unlocker 2008-06-12 11:31 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB30C.tmp 2008-06-12 06:30 --------- d-----w C:\Program Files\a-squared Free 2008-06-11 23:54 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB30B.tmp 2008-06-11 18:40 --------- d-----w C:\Documents and Settings\Djole\Application Data\Skype 2008-06-10 23:08 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB30A.tmp 2008-06-10 20:55 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB309.tmp 2008-06-10 13:53 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB308.tmp 2008-06-10 09:54 --------- d-----w C:\Program Files\Free Download Manager 2008-06-08 22:39 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB307.tmp 2008-06-07 22:30 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB306.tmp 2008-06-07 18:42 --------- d-----w C:\Program Files\JetAudio 2008-06-06 23:04 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB305.tmp 2008-06-05 14:58 30,208 ----a-w C:\WINDOWS\Internet Logs\xDB304.tmp 2008-06-04 23:54 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB303.tmp 2008-06-03 23:25 --------- d-----w C:\Program Files\PopCap Games 2008-06-03 09:29 --------- d-----w C:\Program Files\Skype 2008-06-03 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 23:20 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB302.tmp 2008-06-02 22:42 27,136 ----a-w C:\WINDOWS\Internet Logs\xDB301.tmp 2008-06-02 18:20 69,120 ----a-w C:\WINDOWS\Internet Logs\xDB300.tmp 2008-06-02 01:11 --------- d-----w C:\Program Files\Real 2008-06-02 01:11 --------- d-----w C:\Program Files\Common Files\Real 2008-06-02 00:47 --------- d-----w C:\Program Files\Java 2008-06-01 19:26 --------- d-----w C:\Program Files\FDRLab 2008-06-01 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-01 17:25 --------- d-----w C:\Program Files\Lavasoft 2008-06-01 16:58 --------- d-----w C:\Program Files\EA GAMES 2008-06-01 16:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-01 16:04 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB2FF.tmp 2008-05-31 23:51 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB2FE.tmp 2008-05-31 17:27 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2FD.tmp 2008-05-30 23:39 50,688 ----a-w C:\WINDOWS\Internet Logs\xDB2FC.tmp 2008-05-30 13:27 --------- d-----w C:\Program Files\Warcraft III 2008-05-30 06:13 --------- d-----w C:\Program Files\Google 2008-05-29 23:09 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB2FB.tmp 2008-05-28 23:33 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB2FA.tmp 2008-05-28 06:34 55,808 ----a-w C:\WINDOWS\Internet Logs\xDB2F9.tmp 2008-05-26 22:27 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB2F8.tmp 2008-05-25 23:00 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2F7.tmp 2008-05-25 11:11 --------- d-----w C:\Program Files\Picasa2 2008-05-24 11:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 00:37 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F6.tmp 2008-05-23 19:22 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB2F5.tmp 2008-05-23 10:42 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F4.tmp 2008-05-23 10:36 --------- d-----w C:\Program Files\Yahoo! 2008-05-22 21:31 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB2F3.tmp 2008-05-22 11:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2F2.tmp 2008-05-21 21:55 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2F1.tmp 2008-05-21 14:05 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2F0.tmp 2008-05-20 20:03 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2EF.tmp 2008-05-20 11:00 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB2EE.tmp 2008-05-20 08:52 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2ED.tmp 2008-05-19 22:16 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EC.tmp 2008-05-19 14:42 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2EB.tmp 2008-05-17 23:30 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EA.tmp 2008-05-17 20:34 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2E9.tmp 2008-05-16 18:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E8.tmp 2008-05-16 08:17 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E7.tmp 2008-05-15 22:32 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E6.tmp 2008-05-14 22:54 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB2E5.tmp 2008-05-14 17:57 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2E4.tmp 2008-05-14 13:33 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB2E3.tmp 2008-05-14 06:43 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E2.tmp 2008-05-13 22:30 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2E1.tmp 2008-05-13 09:12 34,816 ----a-w C:\WINDOWS\Internet Logs\xDB2E0.tmp 2008-05-12 22:52 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2DF.tmp 2008-05-12 18:21 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2DE.tmp 2008-05-12 14:04 61,440 ----a-w C:\WINDOWS\Internet Logs\xDB2DD.tmp 2008-05-12 13:45 --------- d-----w C:\Documents and Settings\Djole\Application Data\Media Player Classic 2008-05-12 08:06 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DC.tmp 2008-05-11 22:21 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DB.tmp 2008-05-11 08:13 --------- d-----w C:\Documents and Settings\Djole\Application Data\Lavasoft 2008-05-10 22:49 198,144 ----a-w C:\WINDOWS\Internet Logs\xDB2DA.tmp 2008-05-10 18:14 --------- d-----w C:\Program Files\Parallel Port Joystick 2008-05-10 17:23 0 ----a-w C:\subafsfile0.bin 2008-05-10 17:22 666,800 ----a-w C:\bin0.bin 2008-05-09 22:29 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D9.tmp 2008-05-09 18:43 113,152 ----a-w C:\WINDOWS\Internet Logs\xDB2D8.tmp 2008-05-09 10:58 122,880 ----a-w C:\WINDOWS\Internet Logs\xDB2D7.tmp 2008-05-08 10:38 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2D6.tmp 2008-05-07 14:49 34,308 ----a-w C:\WINDOWS\system32\Chip.dll 2008-05-07 14:49 --------- d-----w C:\Program Files\REAPER 2008-05-07 06:19 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2D5.tmp 2008-05-06 16:01 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D4.tmp 2008-05-06 11:10 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D3.tmp 2008-05-05 22:30 14,848 ----a-w C:\WINDOWS\Internet Logs\xDB2D2.tmp 2008-05-05 00:19 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2D1.tmp 2008-05-04 23:19 --------- d-----w C:\Program Files\Garfield Goes to Pieces 2008-05-04 17:19 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D0.tmp 2008-05-04 11:47 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2CF.tmp 2008-05-03 23:49 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB2CE.tmp 2008-05-03 00:00 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2CD.tmp 2008-05-02 16:53 --------- d-----w C:\Program Files\Magicne Igrice 2005-09-27 18:24 152 --sh--r C:\WINDOWS\system32\5C39DEE95A.sys 2007-07-09 11:55 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP ---- 2008-06-01 20:20 83296 --a------ C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll 2008-06-01 20:20 73728 --a------ C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll 2008-06-01 20:20 42248 --a------ C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll 2008-06-01 20:20 27912 --a------ C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll ((((((((((((((((((((((((((((( snapshot@2008-06-10_21.28.28,21 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-10 14:16:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-15 08:11:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-24 13:14:24 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2008-06-12 18:27:04 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2000-01-07 00:00:00 24,448 ----a-w C:\WINDOWS\sysgtime.dll + 2000-01-07 00:00:00 24,448 ----a-w C:\WINDOWS\system32\proclsvr.drv - 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVCLOCK"="nvclock.dll" [2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 04:50 88363 C:\WINDOWS\AGRSMMSG.exe] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 01:51 755472] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-01-08 21:22 917504] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\System32\sw20.exe" [2006-09-07 12:13 208896] "SW24"="C:\WINDOWS\System32\sw24.exe" [2006-09-07 12:14 69632] "WinSys2"="C:\WINDOWS\System32\winsys2.exe" [2006-10-03 08:37 217088] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 10:45 401408] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 05:59 307200] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920] "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 09:30 270336] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 16:09 20480] "snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 13:18 835584] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 03:11 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 03:41 13312] C:\Documents and Settings\Djole\Start Menu\Programs\Startup\ Calendarium.lnk - C:\Program Files\Calendarium\Calendarium.exe [2001-04-20 16:32:52 1522176] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2005-12-23 11:19:47 544768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.IV41"= ir41_32.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3D!Turbo Experience.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Joint Operations Typhoon Rising Registration.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK backup=C:\WINDOWS\pss\Registration Heroes of Might & Magic 5.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Ubisoft register.lnk] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Ubisoft register.lnk backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr] --a------ 2004-09-29 03:01 106496 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2003-09-15 15:58 1212466 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-01 14:56 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR] --a------ 2004-09-29 03:26 192512 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center] R2 ACEDRV06;ACEDRV06;C:\WINDOWS\System32\drivers\ACEDRV06.sys [2007-01-04 21:52] R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-10-23 19:17] R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\System32\DRIVERS\Cap713x.sys [2004-10-14 09:19] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\System32\DRIVERS\cledx.sys [2007-12-11 05:59] R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\System32\drivers\PPJoyBus.sys [2004-10-24 09:11] R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\System32\drivers\PPortJoy.sys [2004-10-24 09:11] R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\System32\DRIVERS\snp325.sys [2007-07-24 10:21] R3 VGAUTI;VGAUTI;C:\WINDOWS\System32\DRIVERS\VGAUTI.sys [2003-10-22 11:37] S3 CoolerXPDriver;CoolerXPDriver;C:\Program Files\MSI\PC Alert 4\NTCooler.sys [2002-12-10 12:26] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys [2006-10-01 14:53] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys [2006-10-01 14:53] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys [2006-10-01 14:53] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys [2006-10-01 14:53] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys [2006-10-01 14:53] S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] . Contents of the 'Scheduled Tasks' folder "2008-05-22 16:18:59 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-15 11:44:57 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-15 11:50:51 ComboFix-quarantined-files.txt 2008-06-15 09:50:07 ComboFix2.txt 2008-06-12 22:25:47 ComboFix3.txt 2008-06-12 06:46:33 ComboFix4.txt 2008-06-10 19:29:46 Pre-Run: 2,979,020,800 bytes free Post-Run: 2,959,712,256 bytes free 349 Dopuna: 18 Jun 2008 21:23 @ helen1: Da li smo zavrsili? Ako ne - sta dalje?

Profil

helen1 Poslao: 19 Jun 2008 18:47 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini sto si cekao. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Windows\system32\pmservice.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

mertek Poslao: 21 Jun 2008 00:11 Idi na vrh
offline mertek Građanin Pridružio: 06 Jun 2005 Poruke: 218 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio! Evo log-a: ComboFix 08-06-09.7 - Djole 2008-06-21 0:02:10.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.222 [GMT 2:00] Running from: C:\Documents and Settings\Djole\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Djole\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Windows\system32\pmservice.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\pmservice.exe . ((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))) . 2008-06-20 20:44 . 2008-06-20 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Redfield 2008-06-20 13:46 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys 2008-06-20 00:56 . 2005-03-23 10:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-06-20 00:48 . 2001-04-09 05:03 17,784 --a------ C:\WINDOWS\system32\drivers\NSynas32.sys 2008-06-20 00:47 . 2008-06-20 00:47 <DIR> d-------- C:\Program Files\Steinberg 2008-06-19 15:00 . 2008-06-19 15:00 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-06-19 15:00 . 2008-06-19 15:00 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-06-19 15:00 . 2008-06-19 15:00 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-06-19 13:41 . 2008-06-19 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-06-19 12:13 . 2008-06-19 12:13 <DIR> d-------- C:\Program Files\Marsu-Fix 2008-06-19 12:13 . 2008-06-19 12:13 159,841 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe 2008-06-17 13:34 . 2008-06-17 13:34 <DIR> d-------- C:\Program Files\SmsDiscount.com 2008-06-17 11:35 . 2008-06-17 11:35 13,312 --a------ C:\WINDOWS\system32\busdgan.dll 2008-06-17 11:35 . 2008-06-17 11:35 13,312 --a------ C:\WINDOWS\system32\bapdfim.dll 2008-06-17 11:34 . 2008-06-17 11:34 13,312 --a------ C:\WINDOWS\system32\tasdgan.dll 2008-06-17 01:33 . 2008-06-17 01:35 20 --a------ C:\WINDOWS\SmsDiscount.INI 2008-06-16 17:58 . 2008-06-16 17:58 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-15 22:12 . 2008-06-18 08:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-15 22:12 . 2008-06-15 22:12 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-14 18:08 . 2008-06-14 18:08 11 --a------ C:\WINDOWS\3DShadow.INI 2008-06-14 16:31 . 2008-06-14 16:31 44,544 --------- C:\WINDOWS\AWuninstall.exe 2008-06-13 22:53 . 2008-06-17 12:20 56 ---h----- C:\WINDOWS\popcreg.dat 2008-06-13 22:53 . 2008-06-17 12:20 18 --a------ C:\WINDOWS\popcinfot.dat 2008-06-12 23:11 . 2008-06-12 23:11 <DIR> d-------- C:\Program Files\Pokemon PC 2008-06-12 15:46 . 2008-06-12 15:51 <DIR> d-------- C:\Documents and Settings\Djole\Tracing 2008-06-12 15:44 . 2008-06-12 15:53 <DIR> d-------- C:\Program Files\Windows Live 2008-06-12 13:24 . 2008-06-12 21:19 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Thinstall 2008-06-03 12:06 . 2008-06-18 17:16 921,624 --a------ C:\img2-001.raw 2008-06-03 11:29 . 2008-06-16 17:58 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\skypePM 2008-06-03 11:28 . 2008-06-03 11:29 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-06-03 10:53 . 2002-08-29 03:41 286,720 --a------ C:\WINDOWS\system32\msh263.drv 2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll 2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll 2008-06-03 10:46 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe 2008-06-03 10:46 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnpx32.dll 2008-06-03 10:25 . 2008-06-03 10:46 <DIR> d-------- C:\Program Files\Common Files\snp325 2008-06-03 10:25 . 2008-06-03 10:25 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\InstallShield 2008-06-03 10:25 . 2007-07-24 10:21 10,394,624 --a------ C:\WINDOWS\system32\drivers\snp325.sys 2008-06-03 10:25 . 2007-05-10 13:18 835,584 --a------ C:\WINDOWS\vsnp325.exe 2008-06-03 10:25 . 2007-04-21 09:30 270,336 --a------ C:\WINDOWS\tsnp325.exe 2008-06-03 10:25 . 2006-04-12 12:11 147,456 --a------ C:\WINDOWS\system32\rsnp325.dll 2008-06-03 10:25 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnp325.dll 2008-06-03 10:25 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp325.dll 2008-06-03 10:25 . 2007-07-11 16:09 20,480 --a------ C:\WINDOWS\FixCamera.exe 2008-06-03 10:25 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snp325.ini 2008-06-03 10:25 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snp325.src 2008-06-02 20:20 . 2008-06-15 11:59 2,672 --a------ C:\WINDOWS\system32\settings.aaw 2008-06-02 20:20 . 2008-06-19 11:39 1,088 --a------ C:\WINDOWS\system32\history.aaw 2008-06-02 03:11 . 2008-06-02 03:11 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-06-02 02:47 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-01 20:20 . 2008-06-01 20:20 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-06-01 18:03 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\(zabranjeno)lock 2008-06-01 11:00 . 2008-06-01 11:00 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\vlc 2008-06-01 10:55 . 2008-06-01 19:11 <DIR> d-------- C:\Program Files\VideoLAN 2008-06-01 00:57 . 2008-06-01 00:57 <DIR> d-------- C:\Program Files\SubtitleCreator 2008-05-29 23:55 . 2008-06-20 23:01 <DIR> d-------- C:\Program Files\Professional §©®ÎÞt v.3 Black 2008-05-29 22:37 . 2008-05-29 22:37 56,565 --a------ C:\WINDOWS\system32\SDL_image.dll 2008-05-29 22:26 . 2008-05-29 22:26 266,436 --a------ C:\WINDOWS\system32\tiff.dll 2008-05-29 21:36 . 2008-05-29 21:27 1,732,518 --a------ C:\WINDOWS\system32\libgsl.dll 2008-05-29 21:36 . 2008-05-29 21:27 243,671 --a------ C:\WINDOWS\system32\libgslcblas.dll 2008-05-29 21:12 . 2008-05-29 21:12 573,440 --a------ C:\WINDOWS\system32\alleg42.dll 2008-05-29 18:44 . 2008-05-29 18:44 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Sony Setup 2008-05-29 18:24 . 2008-06-20 22:19 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\SmsDiscount 2008-05-29 14:18 . 2008-05-29 22:40 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Dev-Cpp 2008-05-29 14:16 . 2008-05-29 22:36 <DIR> d-------- C:\Dev-Cpp 2008-05-29 07:59 . 2008-05-29 07:59 <DIR> d-------- C:\Program Files\VS Revo Group 2008-05-28 08:18 . 2008-05-28 08:18 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\JLC's Software 2008-05-28 08:17 . 2008-05-28 08:28 <DIR> d-------- C:\Program Files\JLC's Software 2008-05-26 13:46 . 2008-05-26 13:46 <DIR> d-------- C:\Program Files\TimeAdjuster 2008-05-26 13:43 . 2008-06-05 20:42 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Any Video Converter 2008-05-25 19:47 . 2008-05-25 19:47 <DIR> d-------- C:\Program Files\Rapishare Free Account Check 2008-05-25 19:47 . 2008-05-25 19:47 104,201 --a------ C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe 2008-05-24 15:14 . 2008-06-12 20:26 <DIR> d-------- C:\Program Files\MSN Messenger 2008-05-23 12:33 . 2008-05-23 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-05-23 12:32 . 2008-05-23 12:51 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Azureus 2008-05-22 22:38 . 2008-05-22 22:38 24 --a------ C:\WINDOWS\AM_D8.PRF 2008-05-22 22:36 . 2008-05-22 22:36 25 --a------ C:\WINDOWS\ES_1_D1.prf 2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\ES_2_D1.prf 2008-05-22 22:36 . 2008-05-22 22:36 24 --a------ C:\WINDOWS\AM_D0.PRF 2008-05-22 18:26 . 2008-05-30 01:07 <DIR> d-------- C:\Documents and Settings\Djole\Contacts 2008-05-22 18:19 . 2008-05-22 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-05-22 18:18 . 2008-05-22 18:18 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-05-22 16:33 . 2002-11-27 14:52 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys 2008-05-22 16:33 . 2002-11-27 14:52 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin 2008-05-22 16:33 . 2002-11-27 14:52 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin 2008-05-22 16:33 . 2002-11-27 14:52 42 -ra------ C:\WINDOWS\system32\drivers\jedireg.pat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-20 21:56 --------- d-----w C:\Documents and Settings\Djole\Application Data\SiteAdvisor 2008-06-20 21:07 --------- d-----w C:\Program Files\RegScrubXP 2008-06-20 20:52 --------- d-----w C:\Program Files\Yahoo! 2008-06-20 11:43 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB316.tmp 2008-06-19 22:57 79,360 ----a-w C:\WINDOWS\Internet Logs\xDB315.tmp 2008-06-19 22:49 --------- d-----w C:\Documents and Settings\Djole\Application Data\Steinberg 2008-06-19 22:48 --------- d-----w C:\Program Files\Syncrosoft 2008-06-19 22:46 --------- d-----w C:\Program Files\Image-Line 2008-06-19 15:59 --------- d-----w C:\Program Files\Winamp 2008-06-19 11:34 --------- d-----w C:\Program Files\ESET 2008-06-19 09:39 --------- d-----w C:\Program Files\EasyOffice 2008-06-18 19:32 --------- d-----w C:\Program Files\a-squared Free 2008-06-18 00:36 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB314.tmp 2008-06-17 15:52 38,912 ----a-w C:\WINDOWS\Internet Logs\xDB313.tmp 2008-06-16 23:42 54,784 ----a-w C:\WINDOWS\Internet Logs\xDB312.tmp 2008-06-16 20:41 --------- d-----w C:\Documents and Settings\Djole\Application Data\XnView 2008-06-16 20:34 --------- d-----w C:\Documents and Settings\Djole\Application Data\Skype 2008-06-16 01:03 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB311.tmp 2008-06-15 18:17 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB310.tmp 2008-06-15 15:34 170 ----a-w C:\Program Files\1bomb.ini 2008-06-15 09:59 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB30F.tmp 2008-06-14 00:38 26,112 ----a-w C:\WINDOWS\Internet Logs\xDB30E.tmp 2008-06-13 05:51 --------- d-----w C:\Program Files\Unlocker 2008-06-12 23:23 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB30D.tmp 2008-06-12 11:31 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB30C.tmp 2008-06-11 23:54 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB30B.tmp 2008-06-10 23:08 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB30A.tmp 2008-06-10 20:55 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB309.tmp 2008-06-10 13:53 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB308.tmp 2008-06-10 09:54 --------- d-----w C:\Program Files\Free Download Manager 2008-06-08 22:39 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB307.tmp 2008-06-07 22:30 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB306.tmp 2008-06-07 18:42 --------- d-----w C:\Program Files\JetAudio 2008-06-06 23:04 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB305.tmp 2008-06-05 14:58 30,208 ----a-w C:\WINDOWS\Internet Logs\xDB304.tmp 2008-06-04 23:54 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB303.tmp 2008-06-03 23:25 --------- d-----w C:\Program Files\PopCap Games 2008-06-03 09:29 --------- d-----w C:\Program Files\Skype 2008-06-03 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 23:20 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB302.tmp 2008-06-02 22:42 27,136 ----a-w C:\WINDOWS\Internet Logs\xDB301.tmp 2008-06-02 18:20 69,120 ----a-w C:\WINDOWS\Internet Logs\xDB300.tmp 2008-06-02 01:11 --------- d-----w C:\Program Files\Real 2008-06-02 01:11 --------- d-----w C:\Program Files\Common Files\Real 2008-06-02 00:47 --------- d-----w C:\Program Files\Java 2008-06-01 19:26 --------- d-----w C:\Program Files\FDRLab 2008-06-01 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-01 17:25 --------- d-----w C:\Program Files\Lavasoft 2008-06-01 16:58 --------- d-----w C:\Program Files\EA GAMES 2008-06-01 16:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-01 16:04 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB2FF.tmp 2008-05-31 23:51 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB2FE.tmp 2008-05-31 17:27 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2FD.tmp 2008-05-30 23:39 50,688 ----a-w C:\WINDOWS\Internet Logs\xDB2FC.tmp 2008-05-30 13:27 --------- d-----w C:\Program Files\Warcraft III 2008-05-30 06:13 --------- d-----w C:\Program Files\Google 2008-05-29 23:09 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB2FB.tmp 2008-05-28 23:33 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB2FA.tmp 2008-05-28 06:34 55,808 ----a-w C:\WINDOWS\Internet Logs\xDB2F9.tmp 2008-05-26 22:27 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB2F8.tmp 2008-05-25 23:00 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2F7.tmp 2008-05-25 11:11 --------- d-----w C:\Program Files\Picasa2 2008-05-24 11:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 00:37 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F6.tmp 2008-05-23 19:22 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB2F5.tmp 2008-05-23 10:42 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F4.tmp 2008-05-22 21:31 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB2F3.tmp 2008-05-22 11:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2F2.tmp 2008-05-21 21:55 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2F1.tmp 2008-05-21 14:05 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2F0.tmp 2008-05-20 20:03 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2EF.tmp 2008-05-20 11:00 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB2EE.tmp 2008-05-20 08:52 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2ED.tmp 2008-05-19 22:16 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EC.tmp 2008-05-19 14:42 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2EB.tmp 2008-05-18 21:29 4,080 ----a-w C:\WINDOWS\GAMF0DRV.BIN 2008-05-17 23:30 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EA.tmp 2008-05-17 20:34 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2E9.tmp 2008-05-16 18:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E8.tmp 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-16 08:17 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E7.tmp 2008-05-15 22:32 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E6.tmp 2008-05-14 22:54 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB2E5.tmp 2008-05-14 17:57 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2E4.tmp 2008-05-14 13:33 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB2E3.tmp 2008-05-14 06:43 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E2.tmp 2008-05-13 22:30 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2E1.tmp 2008-05-13 09:12 34,816 ----a-w C:\WINDOWS\Internet Logs\xDB2E0.tmp 2008-05-12 22:52 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2DF.tmp 2008-05-12 18:21 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2DE.tmp 2008-05-12 14:04 61,440 ----a-w C:\WINDOWS\Internet Logs\xDB2DD.tmp 2008-05-12 13:45 --------- d-----w C:\Documents and Settings\Djole\Application Data\Media Player Classic 2008-05-12 08:06 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DC.tmp 2008-05-11 22:21 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB2DB.tmp 2008-05-11 08:13 --------- d-----w C:\Documents and Settings\Djole\Application Data\Lavasoft 2008-05-10 22:49 198,144 ----a-w C:\WINDOWS\Internet Logs\xDB2DA.tmp 2008-05-10 18:14 --------- d-----w C:\Program Files\Parallel Port Joystick 2008-05-10 17:23 0 ----a-w C:\subafsfile0.bin 2008-05-10 17:22 666,800 ----a-w C:\bin0.bin 2008-05-09 22:29 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2D9.tmp 2005-09-27 18:24 152 --sh--r C:\WINDOWS\system32\5C39DEE95A.sys 2007-07-09 11:55 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-10_21.28.28,21 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-19 13:00:31 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll + 2008-06-19 13:00:31 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll + 2008-06-19 13:00:31 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL + 2008-06-19 13:00:32 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll + 2008-06-19 13:00:30 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL + 2008-06-19 13:00:32 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll - 2008-06-10 14:16:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-20 11:43:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-24 13:14:24 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2008-06-12 18:27:04 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2008-06-19 13:01:12 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-06-19 13:01:12 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-06-19 13:01:12 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-06-19 13:01:12 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-06-19 13:01:12 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-06-19 13:01:12 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-06-19 13:01:12 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-06-19 13:01:12 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-06-19 13:01:12 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-06-19 13:01:12 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-06-19 13:01:12 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-06-19 13:01:12 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-06-19 13:01:11 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-06-19 11:42:08 10,134 ----a-r C:\WINDOWS\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\callmsi.exe + 2008-06-19 11:42:08 136,448 ----a-r C:\WINDOWS\Installer\{98B987B8-17AE-4883-879A-65E6FB41A51C}\egui.exe + 2008-03-13 14:43:42 40,456 ----a-w C:\WINDOWS\LastGood\System32\DRIVERS\eamon.sys + 2008-03-13 14:44:36 29,704 ----a-w C:\WINDOWS\LastGood\System32\DRIVERS\easdrv.sys + 2008-03-13 14:52:18 33,800 ----a-w C:\WINDOWS\LastGood\System32\DRIVERS\epfwtdir.sys + 2000-01-07 00:00:00 24,448 ----a-w C:\WINDOWS\sysgtime.dll + 2008-04-23 12:52:20 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys + 2008-04-23 12:53:14 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys + 2008-04-23 13:00:48 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys - 2003-08-03 18:56:00 1,146,184 ----a-w C:\WINDOWS\system32\fm20.dll + 2005-03-17 11:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL - 2008-06-09 06:06:21 312,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-06-19 22:57:34 320,336 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 1998-06-17 16:08:32 53,248 ----a-w C:\WINDOWS\system32\MFC42ENU.DLL + 2000-05-11 10:06:20 397,312 ----a-w C:\WINDOWS\system32\MSRDO20.DLL + 2000-01-07 00:00:00 24,448 ----a-w C:\WINDOWS\system32\proclsvr.drv + 2000-04-03 14:52:54 151,552 ----a-w C:\WINDOWS\system32\RDOCURS.DLL - 2005-11-03 16:14:56 45,056 ----a-w C:\WINDOWS\system32\Synsopos.exe + 2002-11-25 06:36:18 45,056 ----a-w C:\WINDOWS\system32\Synsopos.exe - 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41 13312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVCLOCK"="nvclock.dll" [2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 04:50 88363 C:\WINDOWS\AGRSMMSG.exe] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 01:51 755472] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\System32\sw20.exe" [2006-09-07 12:13 208896] "SW24"="C:\WINDOWS\System32\sw24.exe" [2006-09-07 12:14 69632] "WinSys2"="C:\WINDOWS\System32\winsys2.exe" [2006-10-03 08:37 217088] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 10:45 401408] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 09:30 270336] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 16:09 20480] "snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 13:18 835584] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 03:11 185896] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 14:57 1443072] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 04:59 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 03:41 13312] C:\Documents and Settings\Djole\Start Menu\Programs\Startup\ Calendarium.lnk - C:\Program Files\Calendarium\Calendarium.exe [2001-04-20 16:32:52 1522176] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2005-12-23 11:19:47 544768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.IV41"= ir41_32.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3D!Turbo Experience.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Joint Operations Typhoon Rising Registration.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK backup=C:\WINDOWS\pss\Registration Heroes of Might & Magic 5.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Ubisoft register.lnk] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Ubisoft register.lnk backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr] --a------ 2004-09-29 03:01 106496 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2003-09-15 15:58 1212466 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-01 14:56 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR] --a------ 2004-09-29 03:26 192512 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center] R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-04-23 15:00] R2 ACEDRV06;ACEDRV06;C:\WINDOWS\System32\drivers\ACEDRV06.sys [2007-01-04 21:52] R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-10-23 19:17] R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\System32\DRIVERS\Cap713x.sys [2004-10-14 09:19] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\System32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\System32\drivers\PPJoyBus.sys [2004-10-24 09:11] R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\System32\drivers\PPortJoy.sys [2004-10-24 09:11] R3 VGAUTI;VGAUTI;C:\WINDOWS\System32\DRIVERS\VGAUTI.sys [2003-10-22 11:37] S3 CoolerXPDriver;CoolerXPDriver;C:\Program Files\MSI\PC Alert 4\NTCooler.sys [2002-12-10 12:26] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys [2006-10-01 14:53] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys [2006-10-01 14:53] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys [2006-10-01 14:53] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys [2006-10-01 14:53] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys [2006-10-01 14:53] S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\System32\DRIVERS\snp325.sys [2007-07-24 10:21] Newly Created Service - PCALERTDRIVER . Contents of the 'Scheduled Tasks' folder "2008-05-22 16:18:59 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 00:06:08 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-21 0:11:00 ComboFix-quarantined-files.txt 2008-06-20 22:10:29 ComboFix2.txt 2008-06-15 09:50:52 ComboFix3.txt 2008-06-12 22:25:47 ComboFix4.txt 2008-06-12 06:46:33 ComboFix5.txt 2008-06-10 19:29:46 Pre-Run: 5,120,139,264 bytes free Post-Run: 5,111,312,384 bytes free 385

Profil

helen1 Poslao: 24 Jun 2008 21:09 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini zbog kasnjenja: Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\busdgan.dll C:\WINDOWS\system32\bapdfim.dll C:\WINDOWS\system32\tasdgan.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

mertek Poslao: 25 Jun 2008 00:55 Idi na vrh
offline mertek Građanin Pridružio: 06 Jun 2005 Poruke: 218 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet sam zaj... stvar.Zaboravio sam da iskljucim NOD pre Combo Fix-a.Evo loga: ComboFix 08-06-20.4 - Djole 2008-06-25 0:47:33.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.233 [GMT 2:00] Running from: C:\Documents and Settings\Djole\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Djole\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\bapdfim.dll C:\WINDOWS\system32\busdgan.dll C:\WINDOWS\system32\tasdgan.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bapdfim.dll C:\WINDOWS\system32\busdgan.dll C:\WINDOWS\system32\tasdgan.dll C:\WINDOWS\system32\winsys.exe . ((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))) . 2008-06-23 12:16 . 2008-06-23 18:48 <DIR> d-------- C:\Program Files\TTMessenger 2008-06-23 10:47 . 2008-06-23 10:47 <DIR> d-------- C:\Program Files\FLV Player 2008-06-22 21:20 . 2008-06-22 21:20 <DIR> d-------- C:\Program Files\SeePassword 2008-06-20 20:44 . 2008-06-20 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Redfield 2008-06-20 13:46 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys 2008-06-20 00:56 . 2005-03-23 10:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-06-20 00:48 . 2001-04-09 05:03 17,784 --a------ C:\WINDOWS\system32\drivers\NSynas32.sys 2008-06-20 00:47 . 2008-06-20 00:47 <DIR> d-------- C:\Program Files\Steinberg 2008-06-19 15:00 . 2008-06-19 15:00 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-06-19 15:00 . 2008-06-19 15:00 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-06-19 15:00 . 2008-06-19 15:00 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-06-19 13:41 . 2008-06-19 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-06-19 12:13 . 2008-06-19 12:13 <DIR> d-------- C:\Program Files\Marsu-Fix 2008-06-19 12:13 . 2008-06-19 12:13 159,841 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe 2008-06-17 13:34 . 2008-06-17 13:34 <DIR> d-------- C:\Program Files\SmsDiscount.com 2008-06-17 01:33 . 2008-06-17 01:35 20 --a------ C:\WINDOWS\SmsDiscount.INI 2008-06-16 17:58 . 2008-06-16 17:58 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-15 22:12 . 2008-06-22 18:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-15 22:12 . 2008-06-15 22:12 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-14 18:08 . 2008-06-22 21:55 11 --a------ C:\WINDOWS\3DShadow.INI 2008-06-14 16:31 . 2008-06-14 16:31 44,544 --------- C:\WINDOWS\AWuninstall.exe 2008-06-13 22:53 . 2008-06-25 00:28 56 ---h----- C:\WINDOWS\popcreg.dat 2008-06-13 22:53 . 2008-06-25 00:28 18 --a------ C:\WINDOWS\popcinfot.dat 2008-06-12 23:11 . 2008-06-12 23:11 <DIR> d-------- C:\Program Files\Pokemon PC 2008-06-12 15:46 . 2008-06-12 15:51 <DIR> d-------- C:\Documents and Settings\Djole\Tracing 2008-06-12 15:44 . 2008-06-12 15:53 <DIR> d-------- C:\Program Files\Windows Live 2008-06-12 13:24 . 2008-06-12 21:19 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Thinstall 2008-06-03 12:06 . 2008-06-18 17:16 921,624 --a------ C:\img2-001.raw 2008-06-03 11:29 . 2008-06-24 00:05 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\skypePM 2008-06-03 11:28 . 2008-06-03 11:29 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-06-03 10:53 . 2002-08-29 03:41 286,720 --a------ C:\WINDOWS\system32\msh263.drv 2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-06-03 10:53 . 2002-08-29 03:41 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2008-06-03 10:53 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll 2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2008-06-03 10:53 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll 2008-06-03 10:46 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe 2008-06-03 10:46 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnpx32.dll 2008-06-03 10:25 . 2008-06-03 10:46 <DIR> d-------- C:\Program Files\Common Files\snp325 2008-06-03 10:25 . 2008-06-03 10:25 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\InstallShield 2008-06-03 10:25 . 2007-07-24 10:21 10,394,624 --a------ C:\WINDOWS\system32\drivers\snp325.sys 2008-06-03 10:25 . 2007-05-10 13:18 835,584 --a------ C:\WINDOWS\vsnp325.exe 2008-06-03 10:25 . 2007-04-21 09:30 270,336 --a------ C:\WINDOWS\tsnp325.exe 2008-06-03 10:25 . 2006-04-12 12:11 147,456 --a------ C:\WINDOWS\system32\rsnp325.dll 2008-06-03 10:25 . 2007-05-31 09:01 57,344 --a------ C:\WINDOWS\system32\vsnp325.dll 2008-06-03 10:25 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp325.dll 2008-06-03 10:25 . 2007-07-11 16:09 20,480 --a------ C:\WINDOWS\FixCamera.exe 2008-06-03 10:25 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snp325.ini 2008-06-03 10:25 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snp325.src 2008-06-02 20:20 . 2008-06-15 11:59 2,672 --a------ C:\WINDOWS\system32\settings.aaw 2008-06-02 20:20 . 2008-06-23 18:48 1,088 --a------ C:\WINDOWS\system32\history.aaw 2008-06-02 03:11 . 2008-06-02 03:11 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-06-02 02:47 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-01 20:20 . 2008-06-01 20:20 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-06-01 18:03 . 2008-06-01 18:04 <DIR> d-------- C:\Program Files\(zabranjeno)lock 2008-06-01 11:00 . 2008-06-01 11:00 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\vlc 2008-06-01 10:55 . 2008-06-01 19:11 <DIR> d-------- C:\Program Files\VideoLAN 2008-06-01 00:57 . 2008-06-01 00:57 <DIR> d-------- C:\Program Files\SubtitleCreator 2008-05-29 23:55 . 2008-06-24 23:15 <DIR> d-------- C:\Program Files\Professional §©®ÎÞt v.3 Black 2008-05-29 22:37 . 2008-05-29 22:37 56,565 --a------ C:\WINDOWS\system32\SDL_image.dll 2008-05-29 22:26 . 2008-05-29 22:26 266,436 --a------ C:\WINDOWS\system32\tiff.dll 2008-05-29 21:36 . 2008-05-29 21:27 1,732,518 --a------ C:\WINDOWS\system32\libgsl.dll 2008-05-29 21:36 . 2008-05-29 21:27 243,671 --a------ C:\WINDOWS\system32\libgslcblas.dll 2008-05-29 21:12 . 2008-05-29 21:12 573,440 --a------ C:\WINDOWS\system32\alleg42.dll 2008-05-29 18:44 . 2008-05-29 18:44 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Sony Setup 2008-05-29 18:24 . 2008-06-20 22:19 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\SmsDiscount 2008-05-29 14:18 . 2008-05-29 22:40 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Dev-Cpp 2008-05-29 14:16 . 2008-05-29 22:36 <DIR> d-------- C:\Dev-Cpp 2008-05-29 07:59 . 2008-05-29 07:59 <DIR> d-------- C:\Program Files\VS Revo Group 2008-05-28 08:18 . 2008-05-28 08:18 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\JLC's Software 2008-05-28 08:17 . 2008-05-28 08:28 <DIR> d-------- C:\Program Files\JLC's Software 2008-05-26 13:46 . 2008-05-26 13:46 <DIR> d-------- C:\Program Files\TimeAdjuster 2008-05-26 13:43 . 2008-06-23 16:15 <DIR> d-------- C:\Documents and Settings\Djole\Application Data\Any Video Converter 2008-05-25 19:47 . 2008-05-25 19:47 <DIR> d-------- C:\Program Files\Rapishare Free Account Check 2008-05-25 19:47 . 2008-05-25 19:47 104,201 --a------ C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe 2008-05-24 15:14 . 2008-06-12 20:26 <DIR> d-------- C:\Program Files\MSN Messenger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-24 22:36 --------- d-----w C:\Documents and Settings\Djole\Application Data\SiteAdvisor 2008-06-24 17:03 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB31D.tmp 2008-06-24 12:51 --------- d-----w C:\Program Files\Winamp 2008-06-23 23:41 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB31C.tmp 2008-06-23 23:05 --------- d-----w C:\Documents and Settings\Djole\Application Data\Skype 2008-06-23 17:42 --------- d-----w C:\Program Files\MainConcept 2008-06-23 16:48 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB31B.tmp 2008-06-23 10:17 27,136 ----a-w C:\WINDOWS\Internet Logs\xDB31A.tmp 2008-06-23 00:03 55,808 ----a-w C:\WINDOWS\Internet Logs\xDB319.tmp 2008-06-22 12:34 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-06-22 00:01 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB318.tmp 2008-06-21 00:49 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB317.tmp 2008-06-20 21:07 --------- d-----w C:\Program Files\RegScrubXP 2008-06-20 20:52 --------- d-----w C:\Program Files\Yahoo! 2008-06-20 11:43 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB316.tmp 2008-06-19 22:57 79,360 ----a-w C:\WINDOWS\Internet Logs\xDB315.tmp 2008-06-19 22:49 --------- d-----w C:\Documents and Settings\Djole\Application Data\Steinberg 2008-06-19 22:48 --------- d-----w C:\Program Files\Syncrosoft 2008-06-19 22:46 --------- d-----w C:\Program Files\Image-Line 2008-06-19 11:34 --------- d-----w C:\Program Files\ESET 2008-06-19 09:39 --------- d-----w C:\Program Files\EasyOffice 2008-06-18 19:32 --------- d-----w C:\Program Files\a-squared Free 2008-06-18 00:36 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB314.tmp 2008-06-17 15:52 38,912 ----a-w C:\WINDOWS\Internet Logs\xDB313.tmp 2008-06-16 23:42 54,784 ----a-w C:\WINDOWS\Internet Logs\xDB312.tmp 2008-06-16 20:41 --------- d-----w C:\Documents and Settings\Djole\Application Data\XnView 2008-06-16 01:03 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB311.tmp 2008-06-15 18:17 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB310.tmp 2008-06-15 15:34 170 ----a-w C:\Program Files\1bomb.ini 2008-06-15 09:59 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB30F.tmp 2008-06-14 00:38 26,112 ----a-w C:\WINDOWS\Internet Logs\xDB30E.tmp 2008-06-13 05:51 --------- d-----w C:\Program Files\Unlocker 2008-06-12 23:23 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB30D.tmp 2008-06-12 11:31 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB30C.tmp 2008-06-11 23:54 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB30B.tmp 2008-06-10 23:08 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB30A.tmp 2008-06-10 20:55 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB309.tmp 2008-06-10 13:53 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB308.tmp 2008-06-10 09:54 --------- d-----w C:\Program Files\Free Download Manager 2008-06-08 22:39 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB307.tmp 2008-06-07 22:30 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB306.tmp 2008-06-07 18:42 --------- d-----w C:\Program Files\JetAudio 2008-06-06 23:04 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB305.tmp 2008-06-05 14:58 30,208 ----a-w C:\WINDOWS\Internet Logs\xDB304.tmp 2008-06-04 23:54 101,888 ----a-w C:\WINDOWS\Internet Logs\xDB303.tmp 2008-06-03 23:25 --------- d-----w C:\Program Files\PopCap Games 2008-06-03 09:29 --------- d-----w C:\Program Files\Skype 2008-06-03 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-02 23:20 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB302.tmp 2008-06-02 22:42 27,136 ----a-w C:\WINDOWS\Internet Logs\xDB301.tmp 2008-06-02 18:20 69,120 ----a-w C:\WINDOWS\Internet Logs\xDB300.tmp 2008-06-02 01:11 --------- d-----w C:\Program Files\Real 2008-06-02 01:11 --------- d-----w C:\Program Files\Common Files\Real 2008-06-02 00:47 --------- d-----w C:\Program Files\Java 2008-06-01 19:26 --------- d-----w C:\Program Files\FDRLab 2008-06-01 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-01 17:25 --------- d-----w C:\Program Files\Lavasoft 2008-06-01 16:58 --------- d-----w C:\Program Files\EA GAMES 2008-06-01 16:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-01 16:04 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB2FF.tmp 2008-05-31 23:51 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB2FE.tmp 2008-05-31 17:27 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2FD.tmp 2008-05-30 23:39 50,688 ----a-w C:\WINDOWS\Internet Logs\xDB2FC.tmp 2008-05-30 13:27 --------- d-----w C:\Program Files\Warcraft III 2008-05-30 06:13 --------- d-----w C:\Program Files\Google 2008-05-29 23:09 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB2FB.tmp 2008-05-28 23:33 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB2FA.tmp 2008-05-28 06:34 55,808 ----a-w C:\WINDOWS\Internet Logs\xDB2F9.tmp 2008-05-26 22:27 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB2F8.tmp 2008-05-25 23:00 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB2F7.tmp 2008-05-25 11:11 --------- d-----w C:\Program Files\Picasa2 2008-05-24 11:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 00:37 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F6.tmp 2008-05-23 19:22 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB2F5.tmp 2008-05-23 10:51 --------- d-----w C:\Documents and Settings\Djole\Application Data\Azureus 2008-05-23 10:42 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F4.tmp 2008-05-23 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-05-22 21:31 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB2F3.tmp 2008-05-22 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-05-22 16:18 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-05-22 11:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2F2.tmp 2008-05-21 21:55 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2F1.tmp 2008-05-21 14:05 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2F0.tmp 2008-05-20 20:03 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2EF.tmp 2008-05-20 11:00 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB2EE.tmp 2008-05-20 08:52 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2ED.tmp 2008-05-19 22:16 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EC.tmp 2008-05-19 14:42 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB2EB.tmp 2008-05-18 21:29 4,080 ----a-w C:\WINDOWS\GAMF0DRV.BIN 2008-05-17 23:30 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2EA.tmp 2008-05-17 20:34 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB2E9.tmp 2008-05-16 18:45 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E8.tmp 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-16 08:17 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E7.tmp 2008-05-15 22:32 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB2E6.tmp 2008-05-14 22:54 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB2E5.tmp 2008-05-14 17:57 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB2E4.tmp 2008-05-14 13:33 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB2E3.tmp 2008-05-14 06:43 13,824 ----a-w C:\WINDOWS\Internet Logs\xDB2E2.tmp 2008-05-13 22:30 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB2E1.tmp 2005-09-27 18:24 152 --sh--r C:\WINDOWS\system32\5C39DEE95A.sys 2007-07-09 11:55 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot_2008-06-21_ 0.10.08,23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-20 11:43:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-24 18:10:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41 13312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVCLOCK"="nvclock.dll" [2003-04-14 03:59 81920 C:\WINDOWS\system32\nvclock.dll] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 04:50 88363 C:\WINDOWS\AGRSMMSG.exe] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 01:51 755472] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\System32\sw20.exe" [2006-09-07 12:13 208896] "SW24"="C:\WINDOWS\System32\sw24.exe" [2006-09-07 12:14 69632] "WinSys2"="C:\WINDOWS\System32\winsys2.exe" [2006-10-03 08:37 217088] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 10:45 401408] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 09:30 270336] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 16:09 20480] "snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 13:18 835584] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 03:11 185896] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 14:57 1443072] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 04:59 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 03:41 13312] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2005-12-23 11:19:47 544768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.IV41"= ir41_32.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3D!Turbo Experience.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk backup=C:\WINDOWS\pss\3D!Turbo Experience.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Joint Operations Typhoon Rising Registration.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK backup=C:\WINDOWS\pss\Registration Heroes of Might & Magic 5.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Djole^Start Menu^Programs^Startup^Ubisoft register.lnk] path=C:\Documents and Settings\Djole\Start Menu\Programs\Startup\Ubisoft register.lnk backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr] --a------ 2004-09-29 03:01 106496 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2004-05-12 16:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2003-09-15 15:58 1212466 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-01 14:56 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR] --a------ 2004-09-29 03:26 192512 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows UDP Control Center] R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-04-23 15:00] R2 ACEDRV06;ACEDRV06;C:\WINDOWS\System32\drivers\ACEDRV06.sys [2007-01-04 21:52] R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-10-23 19:17] R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\System32\DRIVERS\Cap713x.sys [2004-10-14 09:19] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\System32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\System32\drivers\PPJoyBus.sys [2004-10-24 09:11] R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\System32\drivers\PPortJoy.sys [2004-10-24 09:11] R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\System32\DRIVERS\snp325.sys [2007-07-24 10:21] R3 VGAUTI;VGAUTI;C:\WINDOWS\System32\DRIVERS\VGAUTI.sys [2003-10-22 11:37] S3 CoolerXPDriver;CoolerXPDriver;C:\Program Files\MSI\PC Alert 4\NTCooler.sys [2002-12-10 12:26] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\System32\DRIVERS\k600bus.sys [2006-10-01 14:53] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k600mdfl.sys [2006-10-01 14:53] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\System32\DRIVERS\k600mdm.sys [2006-10-01 14:53] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\System32\DRIVERS\k600mgmt.sys [2006-10-01 14:53] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\System32\DRIVERS\k600obex.sys [2006-10-01 14:53] S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [] Newly Created Service - PCALERTDRIVER . Contents of the 'Scheduled Tasks' folder "2008-05-22 16:18:59 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-25 00:52:24 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-06-25 0:57:11 ComboFix-quarantined-files.txt 2008-06-24 22:56:11 ComboFix2.txt 2008-06-20 22:11:01 ComboFix3.txt 2008-06-15 09:50:52 ComboFix4.txt 2008-06-12 22:25:47 ComboFix5.txt 2008-06-12 06:46:33 Pre-Run: 3,696,955,392 bytes free Post-Run: 3,702,697,984 bytes free 334 Da li da uradim isto kao sto si rekao ponovo, ali da iskljucim NOD (privremeno)?

Profil

helen1 Poslao: 26 Jun 2008 16:58 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

mertek Poslao: 26 Jun 2008 20:59 Idi na vrh
offline mertek Građanin Pridružio: 06 Jun 2005 Poruke: 218 Gde živiš: Pirot	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala na trudu i obavljenom poslu!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [helen1]scvchost.exe?

Ko je trenutno na forumu

Ukupno su 1149 korisnika na forumu :: 41 registrovanih, 9 sakrivenih i 1099 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Apok, Brana01, cavatina, ccoogg123, comi_pfc, debeli, Denaya, Dimitrise93, dragoljub11987, FOX, goxin, hatman, hologram, HrcAk47, ikan, Istman, Karla, kunktator, laganini123, laki_bb, Libertas, Lieutenant, lord sir giga, mercedesamg, Mi lao shu, Milometer, Mixelotti, mkukoleca, nemkea71, Pohovani_00, Srle993, Stefan M, tomigun, vathra, VP6919, vukdra, vukovi, zbazin, zeo, žeks62, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by