MyCity » Ambulanta -> Arhiva Ambulante » provjera loga

provjera loga

Napisano na dan: 3.5.2009

provjera loga

Sledeća strana

Pagination

Odgovori

nixer Poslao: 03 Maj 2009 12:30 Idi na vrh
offline nixer Novi MyCity građanin Pridružio: 03 Maj 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:00, on 3.5.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\dmadmin.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.hr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O1 - Hosts: 91.121.97.18 mininova.org O1 - Hosts: 91.121.97.18 mininova.org O1 - Hosts: 91.121.97.18 thepiratebay.org O1 - Hosts: 91.121.97.18 thepiratebay.org O1 - Hosts: 91.121.97.18 demonoid.com O1 - Hosts: 91.121.97.18 demonoid.com O2 - BHO: (no name) - {0B7CC15C-5889-46F5-AFDC-19E359A73A04} - (no file) O2 - BHO: (no name) - {168AD5F9-38C0-4F9C-85FE-D3D48A8E44D2} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [041728c7] rundll32.exe "C:\WINDOWS\system32\rcstkgaa.dll",b O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....0486394140 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- End of file - 7279 bytes

Profil

diarno Poslao: 03 Maj 2009 13:38 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Zaustavi Stalnu zaštitu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

nixer Poslao: 04 Maj 2009 09:01 Idi na vrh
offline nixer Novi MyCity građanin Pridružio: 03 Maj 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-05-03.1 - Korisnik 04.05.2009 8:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2039.1549 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090503-0] On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\chujjh.dll c:\windows\system32\mtrxahgs.dll c:\windows\system32\nfr.assembly c:\windows\system32\nfr.gpref c:\windows\system32\ovfsthxlvivkyrn.dat c:\windows\system32\ovfsthxxyakujlv.dat c:\windows\system32\TEMoYcdd.ini c:\windows\system32\TEMoYcdd.ini2 c:\windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 ))))))))))))))))))))))))))))))) . 2009-05-03 10:19 . 2009-05-03 10:19 -------- d-----w c:\program files\Trend Micro 2009-04-30 15:10 . 2009-04-30 15:10 -------- d-----w c:\program files\ProDM 2009-04-29 16:52 . 2009-04-29 16:52 -------- d-----w c:\program files\Microsoft Silverlight 2009-04-28 12:35 . 2009-04-28 12:35 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-28 12:35 . 2009-04-30 15:01 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-28 12:35 . 2009-04-28 12:35 -------- d-----w c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com 2009-04-28 12:34 . 2009-04-28 12:34 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-26 17:01 . 2009-04-28 12:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-26 15:50 . 2009-04-26 15:50 -------- d-----w c:\program files\Alwil Software 2009-04-26 15:28 . 2009-04-26 15:28 -------- d-----w c:\documents and settings\Korisnik\Application Data\InstallShield 2009-04-26 14:41 . 2009-04-26 14:46 81984 ----a-w c:\windows\system32\bdod.bin 2009-04-26 14:32 . 2009-04-26 14:32 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-26 14:32 . 2009-04-26 14:32 -------- d-----w c:\windows\system32\XPSViewer 2009-04-26 14:32 . 2009-04-26 14:32 -------- d-----w c:\program files\Reference Assemblies 2009-04-26 14:32 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll 2009-04-26 14:32 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-04-26 14:32 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-04-26 14:32 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll 2009-04-26 14:32 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll 2009-04-26 14:32 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll 2009-04-26 14:32 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll 2009-04-26 14:32 . 2009-04-26 14:32 -------- d-----w C:\73e59dee1c9b4bf6477947be 2009-04-26 14:15 . 2009-04-26 14:15 -------- d-----w c:\windows\system32\logs 2009-04-26 14:14 . 2009-04-26 14:15 -------- d-----w c:\program files\BitDefender 2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\windows\system32\URTTemp 2009-04-26 14:13 . 2009-04-26 14:15 -------- d-----w c:\program files\Common Files\BitDefender 2009-04-26 14:05 . 2009-04-26 14:05 -------- d-----w c:\documents and settings\Korisnik\Local Settings\Application Data\My Games 2009-04-26 13:59 . 2009-04-26 13:59 -------- d-----w c:\windows\Logs 2009-04-26 13:56 . 2009-04-26 13:56 -------- d-----w c:\documents and settings\Korisnik\Local Settings\Application Data\Google 2009-04-26 13:56 . 2009-04-26 14:56 -------- d-----w c:\program files\Google 2009-04-26 12:49 . 2009-04-26 12:49 -------- d-----w c:\program files\Firaxis Games 2009-04-26 12:48 . 2005-05-26 13:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll 2009-04-26 12:17 . 2009-04-26 12:17 2 ---h--w c:\windows\t55ft2692f44.dat 2009-04-26 12:17 . 2009-04-26 18:04 -------- d-----w c:\windows\system32\179223 2009-04-26 12:16 . 2009-04-26 12:38 -------- d-----w c:\program files\MagicISO 2009-04-26 11:45 . 2009-04-26 11:45 -------- d-----w c:\documents and settings\Korisnik\Local Settings\Application Data\Adobe 2009-04-26 11:39 . 2009-04-26 11:39 -------- d-----w c:\program files\Common Files\Adobe 2009-04-26 09:55 . 2009-04-26 09:55 -------- d-----w c:\documents and settings\Korisnik\Application Data\Star Trek Armada II Fleet Operations 2009-04-23 12:39 . 2009-04-23 12:39 -------- d-----w c:\program files\Activision 2009-04-23 12:31 . 2009-04-26 12:03 -------- d-----w C:\Downloads 2009-04-23 12:31 . 2009-04-26 10:37 -------- d-----w c:\documents and settings\Korisnik\Application Data\Internet Download Accelerator 2009-04-23 12:31 . 2009-04-26 14:05 -------- d-----w c:\program files\IDA 2009-04-23 12:09 . 2009-04-26 12:30 960544 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-23 12:09 . 2009-04-26 12:30 229408 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-23 12:09 . 2009-04-26 14:10 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-04-23 12:08 . 2009-04-23 12:08 -------- d-----w c:\program files\LSI SoftModem 2009-04-23 12:07 . 2007-12-20 09:43 248448 ----a-w c:\windows\system32\PROUnstl.exe 2009-04-23 12:07 . 2008-04-14 03:42 221184 ----a-w c:\windows\system32\wmpns.dll 2009-04-23 12:07 . 2009-04-23 12:07 -------- d-----w c:\program files\Windows Media Connect 2 2009-04-23 12:05 . 2009-04-23 12:06 -------- d-----w c:\windows\system32\drivers\UMDF 2009-04-23 12:05 . 2009-04-23 12:05 -------- d-----w c:\windows\system32\LogFiles 2009-04-23 11:48 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys 2009-04-23 11:48 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys 2009-04-23 11:47 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-23 11:47 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-23 11:47 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-23 11:47 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-04-23 11:44 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-23 11:41 . 2009-04-23 11:41 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-04-23 11:36 . 2007-11-30 11:18 26488 ----a-w c:\windows\system32\spupdsvc.exe 2009-04-23 11:36 . 2009-04-23 11:56 -------- d--h--w c:\windows\$hf_mig$ 2009-04-23 11:34 . 2008-10-16 12:09 43544 ----a-w c:\windows\system32\wups2.dll 2009-04-23 11:33 . 2009-04-23 11:33 -------- d-sh--w c:\documents and settings\Korisnik\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-04 06:52 . 2009-04-22 06:51 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-04-30 14:58 . 2009-04-22 06:59 65368 ----a-w c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-29 18:12 . 2009-04-22 06:47 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-29 17:41 . 2009-04-22 07:35 -------- d-----w c:\program files\Microsoft Works 2009-04-26 15:29 . 2009-04-22 08:23 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-26 12:30 . 2009-04-23 12:09 9632 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-26 12:30 . 2009-04-23 12:09 1864 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-23 11:55 . 2009-04-23 11:55 -------- d-----w c:\program files\Synaptics 2009-04-23 11:55 . 2009-04-22 08:23 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-22 08:45 . 2009-04-22 08:45 -------- d-----w c:\program files\Analog Devices 2009-04-22 08:34 . 2009-04-22 08:34 -------- d-----w c:\program files\WIDCOMM 2009-04-22 08:24 . 2009-04-22 08:24 -------- d-----w c:\program files\Hewlett-Packard 2009-04-22 08:08 . 2009-04-22 08:08 0 ----a-w c:\windows\nsreg.dat 2009-04-22 08:03 . 2009-04-22 08:03 -------- d-----w c:\program files\Ahead 2009-04-22 08:03 . 2009-04-22 08:03 -------- d-----w c:\program files\Common Files\Ahead 2009-04-22 07:52 . 2009-04-22 07:21 -------- d-----w c:\program files\Winamp 2009-04-22 07:35 . 2009-04-22 07:35 -------- d-----w c:\program files\MSBuild 2009-04-22 07:10 . 2009-04-22 07:09 -------- d-----w c:\program files\Java 2009-04-22 07:09 . 2009-04-22 07:09 -------- d-----w c:\program files\Common Files\Java 2009-04-22 06:48 . 2009-04-22 06:48 -------- d-----w c:\program files\microsoft frontpage 2009-04-22 06:47 . 2004-08-04 06:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-04-22 06:45 . 2009-04-22 06:45 21640 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-16 12:18 . 2009-04-26 14:01 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll 2009-03-16 12:18 . 2009-04-26 14:01 517448 ----a-w c:\windows\system32\XAudio2_4.dll 2009-03-16 12:18 . 2009-04-26 14:01 235352 ----a-w c:\windows\system32\xactengine3_4.dll 2009-03-16 12:18 . 2009-04-26 14:01 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll 2009-03-09 13:27 . 2009-04-26 14:01 453456 ----a-w c:\windows\system32\d3dx10_41.dll 2009-03-09 13:27 . 2009-04-26 14:01 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll 2009-03-09 13:27 . 2009-04-26 14:01 4178264 ----a-w c:\windows\system32\D3DX9_41.dll 2009-03-06 14:22 . 2008-04-14 03:42 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2008-04-14 03:42 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-21 06:25 . 2009-02-21 06:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL 2009-02-20 18:09 . 2008-04-14 03:41 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2008-04-14 03:41 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2008-04-14 03:42 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2008-04-14 03:41 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2008-04-14 03:41 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 11:13 . 2008-04-13 23:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 11:11 . 2008-04-14 03:42 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:06 . 2008-04-13 22:54 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 06:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-03 19:59 . 2008-04-14 03:42 56832 ----a-w c:\windows\system32\secur32.dll . ------- Sigcheck ------- [-] 2008-12-08 13:33 1614848 72F556C3CBCD9E4A830B9081E7B29D58 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= R3 ALSysIO;ALSysIO; [x] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S0 iastor78;iastor78; [x] S1 aswSP;avast! Self Protection; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] . - - - - ORPHANS REMOVED - - - - BHO-{0B7CC15C-5889-46F5-AFDC-19E359A73A04} - (no file) BHO-{168AD5F9-38C0-4F9C-85FE-D3D48A8E44D2} - (no file) HKCU-Run-Internet Download Accelerator - c:\program files\IDA\ida.exe HKLM-Run-041728c7 - c:\windows\system32\rcstkgaa.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hr/ uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = .local;<local> IE: Download ALL with IDA IE: Download with IDA IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\apemunwl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-04 08:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1500820517-1417001333-500\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1757981266-1500820517-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B909E1E4-775C-C3E1-C563-1CD4599D52E3}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "fahbgmjidfbk"=hex:66,61,62,69,69,6c,66,6c,67,63,67,6e,00,00 "jahbgmjiggkhjmpaobdb"=hex:61,61,00,00 "kahbgmjiiehgafcncacdgi"=hex:61,61,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(872) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3404) c:\windows\system32\btmmhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\windows\system32\agrsmsvc.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2009-05-04 8:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-04 06:55 Pre-Run: 151.849.840.640 bytes free Post-Run: 152.382.005.248 bytes free 255 --- E O F --- 2009-04-26 10:26

Profil

diarno Poslao: 04 Maj 2009 19:45 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `FileLook:: c:\windows\system32\bdod.bin DirLook:: c:\windows\system32\179223` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nixer Poslao: 05 Maj 2009 17:45 Idi na vrh
offline nixer Novi MyCity građanin Pridružio: 03 Maj 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-05-03.1 - Korisnik 05.05.2009 17:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2039.1519 [GMT 2:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090505-0] On-access scanning disabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 ))))))))))))))))))))))))))))))) . 2009-05-05 15:33 . 2009-05-05 15:33 -------- d-----w c:\windows\LastGood 2009-05-05 15:31 . 2009-05-05 15:31 -------- d-----w c:\program files\MSXML 4.0 2009-05-03 10:19 . 2009-05-03 10:19 -------- d-----w c:\program files\Trend Micro 2009-04-30 15:10 . 2009-04-30 15:10 -------- d-----w c:\program files\ProDM 2009-04-29 16:52 . 2009-04-29 16:52 -------- d-----w c:\program files\Microsoft Silverlight 2009-04-28 12:35 . 2009-04-28 12:35 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-28 12:35 . 2009-04-30 15:01 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-28 12:35 . 2009-04-28 12:35 -------- d-----w c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com 2009-04-28 12:34 . 2009-04-28 12:34 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-26 17:01 . 2009-04-28 12:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-26 15:50 . 2009-04-26 15:50 -------- d-----w c:\program files\Alwil Software 2009-04-26 15:28 . 2009-04-26 15:28 -------- d-----w c:\documents and settings\Korisnik\Application Data\InstallShield 2009-04-26 14:41 . 2009-04-26 14:46 81984 ----a-w c:\windows\system32\bdod.bin 2009-04-26 14:32 . 2009-04-26 14:32 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-26 14:32 . 2009-04-26 14:32 -------- d-----w c:\windows\system32\XPSViewer 2009-04-26 14:32 . 2009-04-26 14:32 -------- d-----w c:\program files\Reference Assemblies 2009-04-26 14:32 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll 2009-04-26 14:32 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-04-26 14:32 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-04-26 14:32 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll 2009-04-26 14:32 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll 2009-04-26 14:32 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll 2009-04-26 14:32 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll 2009-04-26 14:32 . 2009-04-26 14:32 -------- d-----w C:\73e59dee1c9b4bf6477947be 2009-04-26 14:15 . 2009-04-26 14:15 -------- d-----w c:\windows\system32\logs 2009-04-26 14:14 . 2009-04-26 14:15 -------- d-----w c:\program files\BitDefender 2009-04-26 14:13 . 2009-04-26 14:13 -------- d-----w c:\windows\system32\URTTemp 2009-04-26 14:13 . 2009-04-26 14:15 -------- d-----w c:\program files\Common Files\BitDefender 2009-04-26 14:05 . 2009-04-26 14:05 -------- d-----w c:\documents and settings\Korisnik\Local Settings\Application Data\My Games 2009-04-26 13:59 . 2009-05-04 07:17 -------- d--h--w c:\windows\msdownld.tmp 2009-04-26 13:59 . 2009-04-26 13:59 -------- d-----w c:\windows\Logs 2009-04-26 13:56 . 2009-04-26 13:56 -------- d-----w c:\documents and settings\Korisnik\Local Settings\Application Data\Google 2009-04-26 13:56 . 2009-04-26 14:56 -------- d-----w c:\program files\Google 2009-04-26 12:49 . 2009-04-26 12:49 -------- d-----w c:\program files\Firaxis Games 2009-04-26 12:48 . 2005-05-26 13:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll 2009-04-26 12:17 . 2009-04-26 12:17 2 ---h--w c:\windows\t55ft2692f44.dat 2009-04-26 12:17 . 2009-04-26 18:04 -------- d-----w c:\windows\system32\179223 2009-04-26 12:16 . 2009-04-26 12:38 -------- d-----w c:\program files\MagicISO 2009-04-26 11:45 . 2009-04-26 11:45 -------- d-----w c:\documents and settings\Korisnik\Local Settings\Application Data\Adobe 2009-04-26 11:39 . 2009-04-26 11:39 -------- d-----w c:\program files\Common Files\Adobe 2009-04-26 09:55 . 2009-04-26 09:55 -------- d-----w c:\documents and settings\Korisnik\Application Data\Star Trek Armada II Fleet Operations 2009-04-23 12:39 . 2009-04-23 12:39 -------- d-----w c:\program files\Activision 2009-04-23 12:31 . 2009-04-26 12:03 -------- d-----w C:\Downloads 2009-04-23 12:31 . 2009-04-26 10:37 -------- d-----w c:\documents and settings\Korisnik\Application Data\Internet Download Accelerator 2009-04-23 12:31 . 2009-04-26 14:05 -------- d-----w c:\program files\IDA 2009-04-23 12:09 . 2009-04-26 12:30 960544 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-23 12:09 . 2009-04-26 12:30 229408 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-23 12:09 . 2009-04-26 14:10 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-04-23 12:08 . 2009-04-23 12:08 -------- d-----w c:\program files\LSI SoftModem 2009-04-23 12:07 . 2007-12-20 09:43 248448 ----a-w c:\windows\system32\PROUnstl.exe 2009-04-23 12:07 . 2008-04-14 03:42 221184 ----a-w c:\windows\system32\wmpns.dll 2009-04-23 12:07 . 2009-04-23 12:07 -------- d-----w c:\program files\Windows Media Connect 2 2009-04-23 12:05 . 2009-04-23 12:06 -------- d-----w c:\windows\system32\drivers\UMDF 2009-04-23 12:05 . 2009-04-23 12:05 -------- d-----w c:\windows\system32\LogFiles 2009-04-23 11:48 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys 2009-04-23 11:48 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys 2009-04-23 11:47 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-23 11:47 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-23 11:47 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-23 11:47 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-04-23 11:44 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-23 11:41 . 2009-04-23 11:41 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-04-23 11:36 . 2007-11-30 11:18 26488 ----a-w c:\windows\system32\spupdsvc.exe 2009-04-23 11:36 . 2009-04-23 11:56 -------- d--h--w c:\windows\$hf_mig$ 2009-04-23 11:34 . 2008-10-16 12:09 43544 ----a-w c:\windows\system32\wups2.dll 2009-04-23 11:33 . 2009-04-23 11:33 -------- d-sh--w c:\documents and settings\Korisnik\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-05 15:36 . 2009-04-22 06:51 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-04-30 14:58 . 2009-04-22 06:59 65368 ----a-w c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-29 18:12 . 2009-04-22 06:47 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-29 17:41 . 2009-04-22 07:35 -------- d-----w c:\program files\Microsoft Works 2009-04-26 15:29 . 2009-04-22 08:23 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-26 12:30 . 2009-04-23 12:09 9632 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-26 12:30 . 2009-04-23 12:09 1864 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-23 11:55 . 2009-04-23 11:55 -------- d-----w c:\program files\Synaptics 2009-04-23 11:55 . 2009-04-22 08:23 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-22 08:45 . 2009-04-22 08:45 -------- d-----w c:\program files\Analog Devices 2009-04-22 08:34 . 2009-04-22 08:34 -------- d-----w c:\program files\WIDCOMM 2009-04-22 08:24 . 2009-04-22 08:24 -------- d-----w c:\program files\Hewlett-Packard 2009-04-22 08:08 . 2009-04-22 08:08 0 ----a-w c:\windows\nsreg.dat 2009-04-22 08:03 . 2009-04-22 08:03 -------- d-----w c:\program files\Ahead 2009-04-22 08:03 . 2009-04-22 08:03 -------- d-----w c:\program files\Common Files\Ahead 2009-04-22 07:52 . 2009-04-22 07:21 -------- d-----w c:\program files\Winamp 2009-04-22 07:35 . 2009-04-22 07:35 -------- d-----w c:\program files\MSBuild 2009-04-22 07:10 . 2009-04-22 07:09 -------- d-----w c:\program files\Java 2009-04-22 07:09 . 2009-04-22 07:09 -------- d-----w c:\program files\Common Files\Java 2009-04-22 06:48 . 2009-04-22 06:48 -------- d-----w c:\program files\microsoft frontpage 2009-04-22 06:47 . 2004-08-04 06:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-04-22 06:45 . 2009-04-22 06:45 21640 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-16 12:18 . 2009-04-26 14:01 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll 2009-03-16 12:18 . 2009-04-26 14:01 517448 ----a-w c:\windows\system32\XAudio2_4.dll 2009-03-16 12:18 . 2009-04-26 14:01 235352 ----a-w c:\windows\system32\xactengine3_4.dll 2009-03-16 12:18 . 2009-04-26 14:01 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll 2009-03-09 13:27 . 2009-04-26 14:01 453456 ----a-w c:\windows\system32\d3dx10_41.dll 2009-03-09 13:27 . 2009-04-26 14:01 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll 2009-03-09 13:27 . 2009-04-26 14:01 4178264 ----a-w c:\windows\system32\D3DX9_41.dll 2009-03-06 14:22 . 2008-04-14 03:42 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2008-04-14 03:42 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-21 06:25 . 2009-02-21 06:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL 2009-02-20 18:09 . 2008-04-14 03:41 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2008-04-14 03:41 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2008-04-14 03:42 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2008-04-14 03:41 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2008-04-14 03:41 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 11:13 . 2008-04-13 23:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 11:11 . 2008-04-14 03:42 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:06 . 2008-04-13 22:54 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 06:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bdod.bin -- Not a PE file. File Size: 81984 Created Time: 2009-04-26 14:41 Modified Time: 2009-04-26 14:46 Accessed Time: 2009-05-05 15:31 MD5: FDF06637A62677613683D05D9FA001E9 SHA: 456F9D6DFD32565891FE17497F8B3FB38BD3DB05 ---- Directory of c:\windows\system32\179223 ---- ------- Sigcheck ------- [-] 2008-12-08 13:33 1614848 72F556C3CBCD9E4A830B9081E7B29D58 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-04_06.52.47 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-30 14:45 . 2008-09-30 14:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll + 2009-05-05 15:33 . 2009-05-05 15:33 16384 c:\windows\temp\Perflib_Perfdata_960.dat + 2009-04-23 12:07 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll - 2009-04-23 12:07 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll + 2004-08-04 06:00 . 2009-05-05 15:32 72238 c:\windows\system32\perfc009.dat - 2004-08-04 06:00 . 2009-05-04 06:43 72238 c:\windows\system32\perfc009.dat - 2003-02-20 18:10 . 2003-02-20 18:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll + 2004-07-15 00:11 . 2004-07-15 00:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll + 2004-06-22 11:51 . 2004-06-22 11:51 53248 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe + 2004-07-15 12:28 . 2004-07-15 12:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll - 2003-02-21 05:24 . 2003-02-21 05:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll + 2004-07-15 12:28 . 2004-07-15 12:28 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll - 2003-02-21 05:26 . 2003-02-21 05:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2004-07-14 22:35 . 2004-07-14 22:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll + 2004-07-15 12:28 . 2004-07-15 12:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll - 2003-02-21 05:26 . 2003-02-21 05:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll + 2004-07-15 12:28 . 2004-07-15 12:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll + 2004-07-14 22:34 . 2004-07-14 22:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll - 2003-02-20 17:09 . 2003-02-20 17:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll + 2004-07-14 22:33 . 2004-07-14 22:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll + 2004-07-14 22:32 . 2004-07-14 22:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll + 2004-07-15 12:28 . 2004-07-15 12:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe - 2003-02-21 05:25 . 2003-02-21 05:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe + 2004-07-15 12:28 . 2004-07-15 12:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe - 2003-02-21 05:25 . 2003-02-21 05:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe + 2004-07-15 12:31 . 2004-07-15 12:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll - 2003-02-21 05:24 . 2003-02-21 05:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll + 2003-10-08 12:30 . 2003-10-08 12:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe - 2003-02-21 08:20 . 2003-02-21 08:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe + 2004-07-15 09:23 . 2004-07-15 09:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe + 2004-07-14 22:32 . 2004-07-14 22:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2004-07-14 23:49 . 2004-07-14 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2003-02-20 17:19 . 2003-02-20 17:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2004-07-14 23:49 . 2004-07-14 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - 2003-02-20 17:19 . 2003-02-20 17:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - 2003-02-20 17:19 . 2003-02-20 17:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe + 2004-07-14 23:49 . 2004-07-14 23:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe + 2009-05-05 15:31 . 2009-05-05 15:31 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe + 2009-05-05 15:32 . 2009-05-05 15:32 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c31624f8\System.Drawing.Design.dll + 2009-05-05 15:32 . 2009-05-05 15:32 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3f1ea2c8\CustomMarshalers.dll - 2009-04-26 14:13 . 2009-04-26 14:13 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2009-05-05 15:32 . 2009-05-05 15:32 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2009-05-05 15:32 . 2009-05-05 15:32 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll - 2009-04-26 14:13 . 2009-04-26 14:13 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2009-05-05 15:32 . 2009-05-05 15:32 66560 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll + 2009-05-05 15:32 . 2009-05-05 15:32 90112 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2009-05-05 15:32 . 2009-05-05 15:32 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll - 2009-04-26 14:13 . 2009-04-26 14:13 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll - 2009-04-26 14:13 . 2009-04-26 14:13 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll + 2009-05-05 15:32 . 2009-05-05 15:32 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll + 2004-07-15 12:31 . 2004-07-15 12:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll + 2009-05-05 15:32 . 2009-05-05 15:32 8192 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2004-08-04 06:00 . 2009-05-04 06:43 444362 c:\windows\system32\perfh009.dat + 2004-08-04 06:00 . 2009-05-05 15:32 444362 c:\windows\system32\perfh009.dat - 2003-02-21 08:20 . 2003-02-21 08:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe + 2004-07-15 09:23 . 2004-07-15 09:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe + 2004-07-15 12:31 . 2004-07-15 12:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll + 2004-07-15 12:28 . 2004-07-15 12:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll - 2003-02-21 05:27 . 2003-02-21 05:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll + 2004-07-15 12:28 . 2004-07-15 12:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll - 2003-02-21 05:27 . 2003-02-21 05:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll + 2004-07-15 12:31 . 2004-07-15 12:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll - 2003-02-21 05:26 . 2003-02-21 05:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll - 2003-02-21 05:26 . 2003-02-21 05:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll + 2004-07-15 12:28 . 2004-07-15 12:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll - 2003-02-21 05:26 . 2003-02-21 05:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll + 2004-07-15 12:31 . 2004-07-15 12:31 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll + 2004-07-15 12:31 . 2004-07-15 12:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll - 2003-02-21 05:26 . 2003-02-21 05:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll + 2004-07-15 12:28 . 2004-07-15 12:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll + 2004-07-15 12:28 . 2004-07-15 12:28 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll - 2003-02-21 05:26 . 2003-02-21 05:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll + 2004-07-15 12:31 . 2004-07-15 12:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll - 2003-02-20 17:09 . 2003-02-20 17:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll + 2004-07-14 22:35 . 2004-07-14 22:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll + 2004-08-10 14:20 . 2004-08-10 14:20 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe - 2003-02-20 17:09 . 2003-02-20 17:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll + 2004-07-14 22:33 . 2004-07-14 22:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll + 2004-07-14 22:33 . 2004-07-14 22:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2004-07-14 22:25 . 2004-07-14 22:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2003-02-20 17:09 . 2003-02-20 17:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll + 2004-07-14 22:32 . 2004-07-14 22:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll - 2003-02-21 05:26 . 2003-02-21 05:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll + 2004-07-15 12:28 . 2004-07-15 12:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll + 2004-07-15 12:28 . 2004-07-15 12:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll - 2003-02-20 17:09 . 2003-02-20 17:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe + 2004-07-14 22:35 . 2004-07-14 22:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe - 2003-02-20 17:06 . 2003-02-20 17:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll + 2004-07-14 22:24 . 2004-07-14 22:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll - 2003-02-21 08:21 . 2003-02-21 08:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-07-15 09:23 . 2004-07-15 09:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-07-14 23:49 . 2004-07-14 23:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2009-05-05 15:33 . 2009-05-05 15:33 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c3981692\System.Drawing.dll + 2009-05-05 15:33 . 2009-05-05 15:33 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7bb32178\System.Drawing.Design.dll + 2009-05-05 15:33 . 2009-05-05 15:33 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_408703b9\CustomMarshalers.dll + 2009-05-05 15:32 . 2009-05-05 15:32 573440 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-04-26 14:13 . 2009-04-26 14:13 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2009-05-05 15:32 . 2009-05-05 15:32 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2009-05-05 15:32 . 2009-05-05 15:32 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2009-04-26 14:13 . 2009-04-26 14:13 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2009-05-05 15:32 . 2009-05-05 15:32 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2009-04-26 14:13 . 2009-04-26 14:13 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2009-04-26 14:13 . 2009-04-26 14:13 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2009-05-05 15:32 . 2009-05-05 15:32 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2009-05-05 15:32 . 2009-05-05 15:32 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-04-26 14:13 . 2009-04-26 14:13 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll + 2009-05-05 15:32 . 2009-05-05 15:32 372736 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll - 2009-04-26 14:13 . 2009-04-26 14:13 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2009-05-05 15:32 . 2009-05-05 15:32 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2009-05-05 15:32 . 2009-05-05 15:32 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll - 2009-04-26 14:13 . 2009-04-26 14:13 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll + 2009-05-05 15:32 . 2009-05-05 15:32 303104 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-05-05 15:32 . 2009-05-05 15:32 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2009-04-26 14:13 . 2009-04-26 14:13 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2009-05-05 15:32 . 2009-05-05 15:32 720896 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2008-09-30 14:42 . 2008-09-30 14:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll + 2008-09-30 14:43 . 2008-09-30 14:43 1286152 c:\windows\system32\msxml4.dll - 2003-02-21 03:04 . 2003-02-21 03:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll + 2004-07-15 06:15 . 2004-07-15 06:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll + 2004-07-15 12:29 . 2004-07-15 12:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll + 2004-07-15 12:32 . 2004-07-15 12:32 2052096 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll + 2004-07-15 12:29 . 2004-07-15 12:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2004-07-15 12:31 . 2004-07-15 12:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2004-07-15 12:29 . 2004-07-15 12:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll + 2004-07-15 12:32 . 2004-07-15 12:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll + 2004-07-14 22:28 . 2004-07-14 22:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2004-07-14 22:26 . 2004-07-14 22:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2004-07-15 12:29 . 2004-07-15 12:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2009-05-05 15:33 . 2009-05-05 15:33 4763648 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b445930f\System.dll + 2009-05-05 15:32 . 2009-05-05 15:32 1953792 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_43b10db3\System.dll + 2009-05-05 15:33 . 2009-05-05 15:33 5505024 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e1366387\System.Xml.dll + 2009-05-05 15:32 . 2009-05-05 15:32 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_10e9ced3\System.Xml.dll + 2009-05-05 15:33 . 2009-05-05 15:33 7880704 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a2b020a9\System.Windows.Forms.dll + 2009-05-05 15:32 . 2009-05-05 15:32 3014656 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4bf0b759\System.Windows.Forms.dll + 2009-05-05 15:33 . 2009-05-05 15:33 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_05af3aa7\System.Drawing.dll + 2009-05-05 15:33 . 2009-05-05 15:33 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2aa0e053\System.Design.dll + 2009-05-05 15:33 . 2009-05-05 15:33 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_0aeeea41\System.Design.dll + 2009-05-05 15:33 . 2009-05-05 15:33 3379200 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_69abc535\mscorlib.dll + 2009-05-05 15:33 . 2009-05-05 15:33 8880128 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_54897e8d\mscorlib.dll + 2009-05-05 15:32 . 2009-05-05 15:32 1224704 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-05-05 15:32 . 2009-05-05 15:32 1339392 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll + 2009-05-05 15:32 . 2009-05-05 15:32 2052096 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll + 2009-05-05 15:32 . 2009-05-05 15:32 1257472 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-05-05 15:32 . 2009-05-05 15:32 1703936 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll + 2009-05-05 15:32 . 2009-05-05 15:32 1294336 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= R3 ALSysIO;ALSysIO; [x] S0 iastor78;iastor78; [x] S1 aswSP;avast! Self Protection; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hr/ uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = .local;<local> IE: Download ALL with IDA IE: Download with IDA IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\apemunwl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-05 17:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1757981266-1500820517-1417001333-500\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1757981266-1500820517-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B909E1E4-775C-C3E1-C563-1CD4599D52E3}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "fahbgmjidfbk"=hex:66,61,62,69,69,6c,66,6c,67,63,67,6e,00,00 "jahbgmjiggkhjmpaobdb"=hex:61,61,00,00 "kahbgmjiiehgafcncacdgi"=hex:61,61,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(872) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(1424) c:\windows\system32\btmmhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-05-05 17:40 ComboFix-quarantined-files.txt 2009-05-05 15:40 ComboFix2.txt 2009-05-04 06:55 Pre-Run: 152.191.156.224 bytes free Post-Run: 152.187.744.256 bytes free 387 --- E O F --- 2009-05-05 15:33

Profil

diarno Poslao: 05 Maj 2009 23:10 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kakvo je sad stanje? Ako imas jos problema precizno ih opisi .

Profil

MyCity » Ambulanta -> Arhiva Ambulante » provjera loga

Ko je trenutno na forumu

Ukupno su 874 korisnika na forumu :: 46 registrovanih, 6 sakrivenih i 822 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, aleksmajstor, bestguarder, bojcistv, bokisha253, Brana01, Bubimir, darios, Denaya, Dimitrije Paunovic, draggan, FOX, goxin, havoc995, ivica976, ivicasimo, Karla, Kibice, kjkszpj, kybonacci, laurusri, Lord Nem, Magistar78, mercedesamg, Mercury, Mi lao shu, milenko crazy north, mnn2, Nemanja.M, oldtimer, operniki, procesor, RJ, robertino, Smiljke, Sokic, Srki94, Srle993, suton, uruk, vathra, Vlad000, vladaa012, voja64, zillbg, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by