samo jedna kratka analiza

1

samo jedna kratka analiza

offline
  • MeT  Male
  • Novi MyCity građanin
  • Pridružio: 25 Jul 2008
  • Poruke: 7

uletio mi je virtumondo i sad bi htio bit siguran da je crko pa ako moze samo pregled. hvala

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:28, on 25.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\Programi\miranda\miranda32.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Programi\Copy of mIRC\mirc.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\StatBar.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MeT's IE
O2 - BHO: (no name) - {3002F0D6-AB49-475E-A666-148741D0EAFA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StatBar] C:\StatBar.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC0A37D0-E2AF-4924-BFBD-2904A374AB11}: NameServer = 85.114.32.7,85.114.32.8
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O21 - SSODL: wnslvxtf - {209E0883-7E22-4CC6-962D-FC87186D27BC} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6332 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zdravo MeT,

Tragova Vundoa jos ima, pa bih te zamolio da nam kazes prvo cime si to cistio racunar, a onda cemo videti kako cemo dalje.

offline
  • MeT  Male
  • Novi MyCity građanin
  • Pridružio: 25 Jul 2008
  • Poruke: 7

VirtumundoBeGone.exe

FxVMonde.exe

Spybot - Search & Destroy

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jako losa situacija kada treba analizirati log ukoliko nema vise pocetnih vektora. Daleko bi bilo lakse i sigurnije da si se nama obratio od samog pocetka, pa da tacno vidimo infekciju.

Zamolio bih te da se sledeci put (zlu ne trebalo) obratis nama pre nego sto sam krenes nesto da cistis.

Probacemo da izvucemo jos koju informaciju na sledeci nacin:

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • MeT  Male
  • Novi MyCity građanin
  • Pridružio: 25 Jul 2008
  • Poruke: 7

ComboFix 08-07-26.1 - MeT 2008-07-26 20:39:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2493 [GMT 2:00]
Running from: C:\Documents and Settings\MeT\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\adaway.lic
C:\WINDOWS\eefp.exe
C:\WINDOWS\system32\CJQWvyay.ini
C:\WINDOWS\system32\CJQWvyay.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mmyyipkx.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pattlkpr.ini
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.

2008-07-26 18:17 . 2008-07-26 18:17 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-07-26 14:20 . 2005-07-30 03:55 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-07-26 14:19 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-07-26 14:19 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-07-25 19:51 . 2008-07-26 19:33 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-25 19:50 . 2008-07-25 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-25 16:48 . 2008-07-25 16:48 <DIR> d-------- C:\MxDownload
2008-07-25 16:48 . 2008-07-25 16:48 0 --a------ C:\WINDOWS\system32\cid_store.dat
2008-07-25 16:03 . 2008-07-25 16:03 2,282,496 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-07-25 11:36 . 2008-07-25 11:37 <DIR> d-------- C:\Program Files\Unlocker
2008-07-25 11:04 . 2008-07-25 11:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-25 11:04 . 2008-07-25 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-25 11:03 . 2008-07-25 11:06 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-25 00:50 . 2008-07-25 00:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-25 00:25 . 2008-07-25 00:25 18,944 --a------ C:\WINDOWS\system32\homie.dll
2008-07-25 00:25 . 2008-07-25 00:25 18,944 --a------ C:\WINDOWS\system32\dombho.dll
2008-07-25 00:24 . 2008-07-25 00:24 18,944 --a------ C:\WINDOWS\system32\hombho.dll
2008-07-25 00:23 . 2008-07-25 00:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 00:23 . 2008-07-25 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 22:12 . 2008-07-25 11:04 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Canon
2008-07-24 18:03 . 2008-07-24 18:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-24 18:01 . 2008-07-24 18:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-07-24 17:56 . 2008-07-24 17:56 <DIR> d-------- C:\VundoFix Backups
2008-07-24 14:10 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-07-24 14:10 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-07-24 14:03 . 2008-07-24 14:03 <DIR> d-------- C:\Program Files\ESET
2008-07-24 14:03 . 2008-07-24 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-24 13:24 . 2008-07-24 13:25 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-07-24 12:56 . 2008-07-24 12:57 1,395 --a------ C:\ping.exe.lnk
2008-07-24 01:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-24 00:32 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Cabos
2008-07-24 00:31 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Shared
2008-07-24 00:31 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Incomplete
2008-07-24 00:30 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\.limewire
2008-07-24 00:27 . 2008-07-24 01:01 <DIR> d-------- C:\Program Files\Java
2008-07-24 00:26 . 2008-07-24 00:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-24 00:23 . 2008-07-24 00:23 <DIR> d-------- C:\Program Files\Cabos
2008-07-23 23:16 . 2008-07-23 23:16 <DIR> d-------- C:\Program Files\SendSpace
2008-07-23 23:03 . 2008-07-23 23:03 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-23 22:58 . 2008-07-23 22:58 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Comodo
2008-07-23 22:58 . 2008-07-23 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-07-23 19:53 . 2008-07-23 19:53 94,848 --a------ C:\WINDOWS\system32\xkpiyymm.dll
2008-07-23 17:58 . 2008-07-22 11:13 211 --a------ C:\boot.ini.comodofirewall
2008-07-23 17:57 . 2008-07-24 13:57 <DIR> d-------- C:\Program Files\Comodo
2008-07-23 16:21 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2008-07-23 16:21 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2008-07-23 16:19 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-23 16:17 . 2008-07-23 16:17 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Publish Providers
2008-07-23 16:14 . 2008-07-26 16:53 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Sony
2008-07-23 16:12 . 2008-07-23 16:12 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-23 16:12 . 2008-07-23 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-23 16:11 . 2008-07-23 16:11 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-23 16:11 . 2008-07-23 16:11 <DIR> d-------- C:\Program Files\Sony
2008-07-23 16:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-23 16:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-23 16:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-23 16:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-23 16:04 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-23 16:04 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-23 16:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-23 16:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 16:04 . 2008-07-23 22:55 1,388 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 16:03 . 2008-07-23 16:05 <DIR> d-------- C:\Documents and Settings\MeT\SmitfraudFix
2008-07-23 14:14 . 2008-07-23 14:14 <DIR> d-------- C:\Fraps
2008-07-23 13:59 . 2008-07-23 13:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-07-23 13:41 . 2008-07-23 07:34 86,016 --a------ C:\WINDOWS\grswptdl.exe
2008-07-23 13:41 . 2008-07-23 13:41 65,536 ---hs---- C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe
2008-07-23 13:37 . 2008-07-23 13:37 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-23 13:22 . 2008-01-14 14:52 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-07-22 19:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-22 18:01 . 2008-07-22 18:01 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-22 18:01 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-22 18:01 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-22 17:57 . 2008-07-22 17:57 <DIR> d-------- C:\Program Files\ffdshow
2008-07-22 17:57 . 2008-06-22 20:33 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-07-22 17:57 . 2008-06-22 20:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-22 17:57 . 2008-06-22 20:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-22 17:41 . 2008-07-22 17:41 <DIR> d-------- C:\Program Files\Game Cam
2008-07-22 17:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-22 17:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-22 17:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-22 14:10 . 2008-07-22 14:10 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-07-22 14:10 . 2008-07-22 14:10 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-07-22 14:10 . 2006-10-30 14:13 2,182,016 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-07-22 14:10 . 2006-10-30 14:11 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-07-22 14:10 . 2006-10-30 13:27 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-22 13:05 . 2008-07-26 19:29 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-22 12:16 . 2008-07-22 12:16 <DIR> d-------- C:\Program Files\SlySoft
2008-07-22 12:16 . 2008-07-22 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-22 12:16 . 2008-07-22 12:16 57,344 --a------ C:\WINDOWS\system32\binkp2x.dll
2008-07-22 12:16 . 2008-07-22 12:16 49,152 --a------ C:\WINDOWS\system32\brwsvc.dll
2008-07-22 12:16 . 2008-07-22 12:16 20,480 --a------ C:\WINDOWS\system32\nt32int.dll
2008-07-22 12:16 . 2008-07-22 12:16 0 ---hs---- C:\WINDOWS\SCA55DB0A.tmp
2008-07-22 12:12 . 2008-07-22 12:12 <DIR> d-------- C:\Program Files\Nero
2008-07-22 12:12 . 2008-07-22 12:13 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-22 11:29 . 2008-07-23 23:22 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Bioshock
2008-07-22 11:29 . 2008-07-22 11:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-22 00:17 . 2003-07-25 02:40 335,872 --a------ C:\StatBar.exe
2008-07-22 00:17 . 2003-07-25 02:40 60,463 --a------ C:\StatBar.hlp
2008-07-22 00:17 . 2003-07-25 02:40 377 --a------ C:\StatBar.cnt
2008-07-22 00:07 . 2008-07-22 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-07-22 00:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-22 00:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\ScanSoft
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\ScanSoft
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-22 00:04 . 2008-07-22 00:04 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-07-22 00:03 . 2008-07-22 00:03 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-07-21 20:55 . 2008-07-21 20:55 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-07-21 20:40 . 2008-07-21 20:40 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-21 20:40 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-21 20:40 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-07-21 20:36 . 2008-07-21 20:36 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Styler
2008-07-21 20:36 . 2008-07-21 20:36 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Skype
2008-07-21 20:36 . 2008-07-21 20:36 <DIR> dr-h----- C:\Documents and Settings\MeT\Application Data\SecuROM
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\vlc
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\ViStart
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Thunderbird
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Thinstall
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\TeraCopy
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Super-Cow
2008-07-21 20:34 . 2008-07-21 20:34 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Xentient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 16:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-26 15:04 --------- d-----w C:\Documents and Settings\MeT\Application Data\MxBoost
2008-07-24 22:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-22 15:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-21 22:07 --------- d-----w C:\Program Files\Canon
2008-07-21 19:15 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-21 19:14 --------- d--h--w C:\Program Files\CanonBJ
2008-07-21 19:11 --------- d-----w C:\Program Files\MSBuild
2008-07-21 19:10 --------- d-----w C:\Program Files\Reference Assemblies
2008-07-21 19:09 --------- d-----w C:\Program Files\MSXML 6.0
2008-07-21 18:32 --------- d-----w C:\Program Files\Maxthon2
2008-07-21 18:13 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-21 17:56 --------- d-----w C:\Program Files\IVT Corporation
2008-07-21 17:56 --------- d-----w C:\Documents and Settings\MeT\Application Data\Logitech
2008-07-21 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-21 17:55 --------- d-----w C:\Program Files\Logitech
2008-07-21 17:55 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-21 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-21 17:54 --------- d-----w C:\Program Files\NGONVOD116369
2008-07-21 17:53 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-21 17:53 --------- d-----w C:\Program Files\Realtek
2008-07-21 17:52 --------- d-----w C:\Documents and Settings\MeT\Application Data\InstallShield
2008-07-21 17:50 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-07-21 17:50 --------- d-----w C:\Program Files\Intel
2008-07-21 17:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-21 17:26 --------- d-----w C:\Program Files\Windows Media Connect 2
.

------- Sigcheck -------

2007-12-07 05:01 816128 e1d790ea12ee89d2a282faa45c8ae68f C:\WINDOWS\system32\wininet.dll
2007-12-07 05:01 816128 e1d790ea12ee89d2a282faa45c8ae68f C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\explorer.exe
2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-21 18:21 1134592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"StatBar"="C:\StatBar.exe" [2003-07-25 02:40 335872]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2008-07-21 20:06 823296]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2008-01-09 09:33 2189864]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 11:51 13508608]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-01-09 11:51 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\MeT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-21 19:55:31 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-23 01:49 5376 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MeT^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
path=C:\Documents and Settings\MeT\Start Menu\Programs\Startup\SDK Tray Menu.lnk
backup=C:\WINDOWS\pss\SDK Tray Menu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-ra------ 2007-05-25 08:07 1953792 C:\WINDOWS\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a48063]
--a------ 2008-07-23 19:53 94848 C:\WINDOWS\system32\xkpiyymm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 18:50 1603152 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-04-03 18:00 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-09 11:51 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 12:02 79400 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Programi\\Copy of mIRC\\mirc.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Programi\\miranda\\miranda32.exe"=
"D:\\GameS\\!fps\\cod\\CoDMP.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 15:00]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 15:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-21 20:20]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc70a10c-5757-11dd-bb82-806d6172696f}]
\Shell\AutoRun\command - F:\CDSETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\1-Click Maintenance.job - cQGAj^FB<< s !4C:\Program Files\TuneUp Utilities 2008\OneClick.exe/schedulestartMeT,Runs 1-Click Maintenance at specified times0 []
.
- - - - ORPHANS REMOVED - - - -

BHO-{3002F0D6-AB49-475E-A666-148741D0EAFA} - (no file)
ShellExecuteHooks-{6230596F-3A44-4CDF-815B-372FA03C75D6} - (no file)
SSODL-wnslvxtf-{209E0883-7E22-4CC6-962D-FC87186D27BC} - (no file)


.
------- Supplementary Scan -------
.
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{AC0A37D0-E2AF-4924-BFBD-2904A374AB11}: NameServer = 85.114.32.7,85.114.32.8


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-26 20:42:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-07-26 20:44:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 18:44:04

Pre-Run: 1,675,767,808 bytes free
Post-Run: 1,678,159,872 bytes free

307

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

MeT, posalji mi na proveru sledece fajlove:
C:\WINDOWS\system32\homie.dll
C:\WINDOWS\system32\dombho.dll
C:\WINDOWS\system32\hombho.dll
C:\ping.exe.lnk
C:\WINDOWS\system32\xkpiyymm.dll
C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe

Spakuj ih u jedan ZIP i uploaduj preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Javi ovde u temi kada odradis upload.

offline
  • MeT  Male
  • Novi MyCity građanin
  • Pridružio: 25 Jul 2008
  • Poruke: 7

ping.exe.lnk ti ja mogu rec sta je, to mi je za pinganje susjeda u lanu Very Happy

eo, upload gotov

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\system32\homie.dll
C:\WINDOWS\system32\dombho.dll
C:\WINDOWS\system32\hombho.dll
C:\WINDOWS\system32\xkpiyymm.dll
C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a48063]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • MeT  Male
  • Novi MyCity građanin
  • Pridružio: 25 Jul 2008
  • Poruke: 7

ComboFix 08-07-26.1 - MeT 2008-07-27 13:47:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2915 [GMT 2:00]
Running from: C:\Documents and Settings\MeT\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MeT\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\system32\dombho.dll
C:\WINDOWS\system32\hombho.dll
C:\WINDOWS\system32\homie.dll
C:\WINDOWS\system32\xkpiyymm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MeT\MediaTubeCodec_ver1.1463.0.exe
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\system32\dombho.dll
C:\WINDOWS\system32\hombho.dll
C:\WINDOWS\system32\homie.dll
C:\WINDOWS\system32\xkpiyymm.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-26 21:53 . 2008-07-26 21:53 <DIR> d-------- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP
2008-07-26 21:28 . 2008-07-26 21:32 1,245 --a------ C:\WINDOWS\eReg.dat
2008-07-26 18:17 . 2008-07-26 18:17 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-07-26 14:19 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-07-26 14:19 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-07-25 19:51 . 2008-07-26 19:33 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-25 19:50 . 2008-07-25 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-25 16:48 . 2008-07-25 16:48 <DIR> d-------- C:\MxDownload
2008-07-25 16:48 . 2008-07-25 16:48 0 --a------ C:\WINDOWS\system32\cid_store.dat
2008-07-25 16:03 . 2008-07-25 16:03 2,282,496 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-07-25 11:36 . 2008-07-25 11:37 <DIR> d-------- C:\Program Files\Unlocker
2008-07-25 11:04 . 2008-07-25 11:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-25 11:04 . 2008-07-25 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-25 11:03 . 2008-07-25 11:06 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-25 00:50 . 2008-07-25 00:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-25 00:23 . 2008-07-25 00:23 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 00:23 . 2008-07-25 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 22:12 . 2008-07-25 11:04 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Canon
2008-07-24 18:03 . 2008-07-24 18:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-24 18:01 . 2008-07-24 18:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-07-24 17:56 . 2008-07-24 17:56 <DIR> d-------- C:\VundoFix Backups
2008-07-24 14:10 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-07-24 14:10 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-07-24 14:03 . 2008-07-24 14:03 <DIR> d-------- C:\Program Files\ESET
2008-07-24 14:03 . 2008-07-24 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-24 13:24 . 2008-07-24 13:25 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-07-24 12:56 . 2008-07-24 12:57 1,395 --a------ C:\ping.exe.lnk
2008-07-24 01:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-24 00:32 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Cabos
2008-07-24 00:31 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Shared
2008-07-24 00:31 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\Incomplete
2008-07-24 00:30 . 2008-07-24 00:32 <DIR> d-------- C:\Documents and Settings\MeT\.limewire
2008-07-24 00:27 . 2008-07-24 01:01 <DIR> d-------- C:\Program Files\Java
2008-07-24 00:26 . 2008-07-24 00:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-24 00:23 . 2008-07-24 00:23 <DIR> d-------- C:\Program Files\Cabos
2008-07-23 23:16 . 2008-07-23 23:16 <DIR> d-------- C:\Program Files\SendSpace
2008-07-23 23:03 . 2008-07-23 23:03 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-23 22:58 . 2008-07-23 22:58 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Comodo
2008-07-23 22:58 . 2008-07-23 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-07-23 17:58 . 2008-07-22 11:13 211 --a------ C:\boot.ini.comodofirewall
2008-07-23 17:57 . 2008-07-24 13:57 <DIR> d-------- C:\Program Files\Comodo
2008-07-23 16:21 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2008-07-23 16:21 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2008-07-23 16:19 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-23 16:17 . 2008-07-23 16:17 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Publish Providers
2008-07-23 16:14 . 2008-07-26 16:53 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Sony
2008-07-23 16:12 . 2008-07-23 16:12 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-23 16:12 . 2008-07-23 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-23 16:11 . 2008-07-23 16:11 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-23 16:11 . 2008-07-23 16:11 <DIR> d-------- C:\Program Files\Sony
2008-07-23 16:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-23 16:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-23 16:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-23 16:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-23 16:04 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-23 16:04 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-23 16:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-23 16:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 16:04 . 2008-07-23 22:55 1,388 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 16:03 . 2008-07-23 16:05 <DIR> d-------- C:\Documents and Settings\MeT\SmitfraudFix
2008-07-23 14:14 . 2008-07-23 14:14 <DIR> d-------- C:\Fraps
2008-07-23 13:59 . 2008-07-23 13:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-07-23 13:37 . 2008-07-23 13:37 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-23 13:22 . 2008-01-14 14:52 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-07-22 19:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-22 18:01 . 2008-07-22 18:01 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-22 18:01 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-22 18:01 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-22 17:57 . 2008-07-22 17:57 <DIR> d-------- C:\Program Files\ffdshow
2008-07-22 17:57 . 2008-06-22 20:33 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-07-22 17:57 . 2008-06-22 20:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-22 17:57 . 2008-06-22 20:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-22 17:41 . 2008-07-22 17:41 <DIR> d-------- C:\Program Files\Game Cam
2008-07-22 17:41 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-22 17:41 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-22 17:41 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-22 14:10 . 2008-07-22 14:10 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-07-22 14:10 . 2008-07-22 14:10 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-07-22 14:10 . 2006-10-30 14:13 2,182,016 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-07-22 14:10 . 2006-10-30 14:11 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-07-22 14:10 . 2006-10-30 13:27 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-22 13:05 . 2008-07-26 19:29 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-22 12:16 . 2008-07-22 12:16 <DIR> d-------- C:\Program Files\SlySoft
2008-07-22 12:16 . 2008-07-22 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-22 12:16 . 2008-07-22 12:16 57,344 --a------ C:\WINDOWS\system32\binkp2x.dll
2008-07-22 12:16 . 2008-07-22 12:16 49,152 --a------ C:\WINDOWS\system32\brwsvc.dll
2008-07-22 12:16 . 2008-07-22 12:16 20,480 --a------ C:\WINDOWS\system32\nt32int.dll
2008-07-22 12:16 . 2008-07-22 12:16 0 ---hs---- C:\WINDOWS\SCA55DB0A.tmp
2008-07-22 12:12 . 2008-07-22 12:12 <DIR> d-------- C:\Program Files\Nero
2008-07-22 12:12 . 2008-07-22 12:13 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-22 11:29 . 2008-07-23 23:22 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Bioshock
2008-07-22 11:29 . 2008-07-22 11:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-22 00:17 . 2003-07-25 02:40 335,872 --a------ C:\StatBar.exe
2008-07-22 00:17 . 2003-07-25 02:40 60,463 --a------ C:\StatBar.hlp
2008-07-22 00:17 . 2003-07-25 02:40 377 --a------ C:\StatBar.cnt
2008-07-22 00:07 . 2008-07-22 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-07-22 00:06 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-22 00:06 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\ScanSoft
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\ScanSoft
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-22 00:04 . 2008-07-22 00:04 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-07-22 00:03 . 2008-07-22 00:03 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-07-21 20:55 . 2008-07-21 20:55 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-07-21 20:40 . 2008-07-21 20:40 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-21 20:40 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-21 20:40 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-07-21 20:36 . 2008-07-21 20:36 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Styler
2008-07-21 20:36 . 2008-07-21 20:36 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Skype
2008-07-21 20:36 . 2008-07-21 20:36 <DIR> dr-h----- C:\Documents and Settings\MeT\Application Data\SecuROM
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\vlc
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\ViStart
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Thunderbird
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Thinstall
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\TeraCopy
2008-07-21 20:35 . 2008-07-21 20:35 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Super-Cow
2008-07-21 20:34 . 2008-07-21 20:34 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\Xentient
2008-07-21 20:33 . 2008-07-21 20:33 <DIR> d-------- C:\Program Files\uTorrent
2008-07-21 20:33 . 2008-07-26 19:30 <DIR> d-------- C:\Documents and Settings\MeT\Application Data\uTorrent
2008-07-21 20:31 . 2008-07-21 20:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-21 20:31 . 2008-07-26 19:33 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-21 20:31 . 2008-07-21 20:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 09:17 --------- d-----w C:\Documents and Settings\MeT\Application Data\MxBoost
2008-07-26 19:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 22:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-22 15:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-21 22:07 --------- d-----w C:\Program Files\Canon
2008-07-21 19:15 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-21 19:14 --------- d--h--w C:\Program Files\CanonBJ
2008-07-21 19:11 --------- d-----w C:\Program Files\MSBuild
2008-07-21 19:10 --------- d-----w C:\Program Files\Reference Assemblies
2008-07-21 19:09 --------- d-----w C:\Program Files\MSXML 6.0
2008-07-21 18:32 --------- d-----w C:\Program Files\Maxthon2
2008-07-21 18:13 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-21 17:56 --------- d-----w C:\Program Files\IVT Corporation
2008-07-21 17:56 --------- d-----w C:\Documents and Settings\MeT\Application Data\Logitech
2008-07-21 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-21 17:55 --------- d-----w C:\Program Files\Logitech
2008-07-21 17:55 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-21 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-21 17:54 --------- d-----w C:\Program Files\NGONVOD116369
2008-07-21 17:53 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-21 17:53 --------- d-----w C:\Program Files\Realtek
2008-07-21 17:52 --------- d-----w C:\Documents and Settings\MeT\Application Data\InstallShield
2008-07-21 17:50 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-07-21 17:50 --------- d-----w C:\Program Files\Intel
2008-07-21 17:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-21 17:26 --------- d-----w C:\Program Files\Windows Media Connect 2
.

------- Sigcheck -------

2007-12-07 05:01 816128 e1d790ea12ee89d2a282faa45c8ae68f C:\WINDOWS\system32\wininet.dll
2007-12-07 05:01 816128 e1d790ea12ee89d2a282faa45c8ae68f C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\explorer.exe
2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-26_20.43.58.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-26 19:53:45 155,648 ----a-w C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll
- 2008-07-22 09:28:58 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-07-26 19:53:28 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-07-22 09:28:58 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-07-26 19:53:28 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-07-22 09:28:58 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-07-26 19:53:28 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-07-22 09:28:55 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:24 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:55 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:25 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:56 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:25 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:56 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:25 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:56 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:26 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:56 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:26 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:26 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:57 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:27 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:57 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:27 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:58 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-07-26 19:53:28 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-22 09:28:59 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-07-26 19:53:29 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-07-22 09:28:59 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-07-26 19:53:29 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-07-22 09:28:59 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-07-26 19:53:29 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-07-22 09:28:59 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-07-26 19:53:29 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-07-22 09:28:58 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-07-26 19:53:27 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-07-26 19:53:06 4,286 ----a-r C:\WINDOWS\Installer\{D4FEA244-A9BC-4727-8EA9-B369579F43CF}\ARPPRODUCTICON.exe
- 2008-07-26 18:42:15 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT
+ 2008-07-27 09:16:35 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-21 18:21 1134592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"StatBar"="C:\StatBar.exe" [2003-07-25 02:40 335872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2008-07-21 20:06 823296]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2008-01-09 09:33 2189864]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 11:51 13508608]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 21:59 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 03:34 169984]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-01-09 11:51 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\MeT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-21 19:55:31 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-23 01:49 5376 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MeT^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
path=C:\Documents and Settings\MeT\Start Menu\Programs\Startup\SDK Tray Menu.lnk
backup=C:\WINDOWS\pss\SDK Tray Menu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-ra------ 2007-05-25 08:07 1953792 C:\WINDOWS\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 18:50 1603152 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-04-03 18:00 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 08:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-09 11:51 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 12:02 79400 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Programi\\Copy of mIRC\\mirc.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Programi\\miranda\\miranda32.exe"=
"D:\\GameS\\!fps\\cod\\CoDMP.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 15:00]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 15:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-21 20:20]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc70a10c-5757-11dd-bb82-806d6172696f}]
\Shell\AutoRun\command - F:\CDSETUP.EXE

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\1-Click Maintenance.job - cQGAj^FB<< s !4C:\Program Files\TuneUp Utilities 2008\OneClick.exe/schedulestartMeT,Runs 1-Click Maintenance at specified times0 []
.
- - - - ORPHANS REMOVED - - - -

SSODL-wnslvxtf-{209E0883-7E22-4CC6-962D-FC87186D27BC} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-27 13:48:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
Completion time: 2008-07-27 13:49:27
ComboFix-quarantined-files.txt 2008-07-27 11:49:08
ComboFix2.txt 2008-07-26 18:44:06

Pre-Run: 1,237,000,192 bytes free
Post-Run: 1,225,572,352 bytes free

339

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Simptomi? Kako se komp sada ponasa?

Ko je trenutno na forumu
 

Ukupno su 583 korisnika na forumu :: 4 registrovanih, 3 sakrivenih i 576 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, bato, cikadeda, slonic_tonic