Mogu reci da je samo sinoc javilo 3 trojana i posle toga, a i jos uvek nista....
HijackThis:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:15, on 4.4.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll
O4 - HKLM\..\Run: [avast! Antivirus] C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -boot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIA2006] "C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe" -firstboot (User 'Default user')
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCAF64D2-85FC-401F-BC14-8B76026CE98A}: NameServer = 91.150.77.5 82.208.208.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\Mixerowsky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SkypeGadget1.2.gadget\wrapper\Skype4COM.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8125 bytes
ComboFix:
Code:
ComboFix 08-04-03.3 - Mixerowsky 2008-04-04 14:51:31.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1033.18.326 [GMT 2:00]
Running from: D:\Downloads\ComboFix\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\a.bat
.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.
2008-04-04 01:29 . 2008-04-04 01:29 <DIR> d-------- C:\Program Files\Steganos Internet Anonym 2006
2008-04-04 01:29 . 2008-04-04 01:29 <DIR> d-------- C:\Program Files\Secure Surfing Engine
2008-04-04 00:49 . 2008-04-04 00:49 <DIR> d-------- C:\Windows\System32\tenarchlib
2008-04-04 00:49 . 2007-03-14 01:30 1,712,128 --a------ C:\Windows\System32\GdiPlus.dll
2008-04-04 00:49 . 2005-10-12 23:10 180,224 --a-s---- C:\Windows\System32\archlib.dll
2008-04-04 00:49 . 2006-07-26 22:13 57,344 --a------ C:\Windows\System32\MFC71ENU.DLL
2008-04-04 00:06 . 2008-04-04 00:07 <DIR> d-------- C:\Program Files\DietSuccess
2008-04-04 00:03 . 2008-04-04 00:03 72,469 --a------ C:\Windows\System32\tmp4_113183652800.bk
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 23:58 . 2008-04-03 23:58 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\X3mE Yamb
2008-04-03 23:58 . 2008-04-03 23:58 <DIR> d-------- C:\Users\All Users\X3mE Yamb
2008-04-03 23:58 . 2008-04-03 23:58 <DIR> d-------- C:\ProgramData\X3mE Yamb
2008-04-03 23:58 . 2008-04-03 23:58 <DIR> d-------- C:\Program Files\X3mE Yamb
2008-04-03 23:37 . 2008-04-04 00:13 8,012 --a------ C:\Windows\System32\tmp4_97403721805.bk
2008-04-03 15:06 . 2008-04-03 15:25 15,828 --a------ C:\Windows\System32\tmp5_158479713464.bk
2008-04-03 14:22 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-04-03 14:03 . 2008-04-03 15:06 18,460 --a------ C:\Windows\System32\tmp4_51047201946.bk
2008-04-03 08:28 . 2008-04-03 08:28 268 --ah----- C:\sqmdata03.sqm
2008-04-03 08:28 . 2008-04-03 08:28 244 --ah----- C:\sqmnoopt03.sqm
2008-04-02 22:00 . 2008-04-02 22:00 24 --a------ C:\Windows\cdplayer.ini
2008-04-02 19:49 . 2008-04-02 19:52 <DIR> d-------- C:\Windows\Lhsp
2008-04-02 19:49 . 2008-04-04 01:01 <DIR> d-------- C:\Program Files\Di recnik
2008-04-02 19:49 . 2002-02-01 19:00 1,497,088 --a------ C:\Windows\System32\cc3260mt.dll
2008-04-02 19:49 . 2003-01-30 05:04 1,412,608 --a------ C:\Windows\System32\cc3260.dll
2008-04-02 19:49 . 2002-02-01 18:00 1,326,080 --a------ C:\Windows\System32\vcl60.bpl
2008-04-02 19:49 . 2002-02-01 17:00 148,992 --a------ C:\Windows\System32\adortl60.bpl
2008-04-02 19:49 . 2002-02-01 18:00 22,016 --a------ C:\Windows\System32\Borlndmm.dll
2008-04-02 17:51 . 2008-04-02 17:52 <DIR> d-------- C:\Program Files\TweakVI
2008-04-02 16:48 . 2008-04-02 16:48 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\NoteTab Pro
2008-04-02 16:47 . 2008-04-02 16:47 777 --a------ C:\Windows\notepad.lnk
2008-04-02 16:46 . 2008-04-02 16:47 <DIR> d-------- C:\Windows\System32\drivers\setup
2008-04-02 16:44 . 2008-04-02 16:44 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2008-04-02 15:49 . 2008-04-02 15:49 815 --a------ C:\prefs.js
2008-04-02 15:46 . 2008-04-02 15:46 <DIR> d-------- C:\Windows\TweakVI
2008-04-02 15:46 . 2008-04-02 15:46 0 --a------ C:\Windows\System32\tviresource.val
2008-04-02 15:19 . 2008-04-02 15:19 244 --ah----- C:\sqmnoopt02.sqm
2008-04-02 15:19 . 2008-04-02 15:19 232 --ah----- C:\sqmdata02.sqm
2008-04-02 15:00 . 2008-04-02 15:02 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\Uniblue
2008-04-02 14:47 . 2008-04-02 14:47 535 --a------ C:\Windows\ODBCINST.INI
2008-04-02 14:47 . 2008-04-02 14:47 288 --a------ C:\Windows\ODBC.INI
2008-04-02 14:47 . 2008-04-02 14:47 126 --a------ C:\Windows\mdm.ini
2008-04-02 14:46 . 2008-04-02 14:46 <DIR> d-------- C:\Program Files\Web Publish
2008-04-02 14:46 . 2008-04-02 14:46 1,273 --a------ C:\Windows\VB.INI
2008-04-02 14:46 . 2008-04-03 14:56 62 --a------ C:\Windows\VBAddin.INI
2008-04-02 14:45 . 2008-04-02 14:45 <DIR> d-------- C:\Windows\msapps
2008-04-02 14:38 . 1998-05-21 04:45 313,856 --a------ C:\Windows\System32\dx3j.dll
2008-04-02 14:38 . 1998-05-21 10:21 140,048 --a------ C:\Windows\System32\jit.dll
2008-04-02 14:38 . 1998-05-21 05:45 135,168 --a------ C:\Windows\System32\javaee.dll
2008-04-02 14:38 . 1998-05-21 05:57 42,496 --a------ C:\Windows\setdebug.exe
2008-04-02 14:38 . 1998-05-21 05:44 7,356 --a------ C:\Windows\System32\javasup.vxd
2008-04-02 14:38 . 1998-05-21 04:48 6,550 --a------ C:\Windows\jautoexp.dat
2008-04-02 14:31 . 2008-04-02 14:31 <DIR> d-------- C:\Program Files\Common Files\Blueberry Software
2008-04-02 14:30 . 2008-04-02 14:31 <DIR> d--h----- C:\Users\All Users\{3A7FD077-F0B4-4276-BE42-175DEF23CA39}
2008-04-02 14:30 . 2008-04-02 14:31 <DIR> d--h----- C:\ProgramData\{3A7FD077-F0B4-4276-BE42-175DEF23CA39}
2008-04-02 14:21 . 2008-04-02 14:21 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\LogSys
2008-04-02 14:21 . 2008-04-02 14:28 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\Blueberry
2008-04-02 14:21 . 2008-04-02 14:21 <DIR> d-------- C:\Users\All Users\LogSys
2008-04-02 14:21 . 2008-04-02 14:22 <DIR> d-------- C:\Users\All Users\Blueberry
2008-04-02 14:21 . 2008-04-02 14:21 <DIR> d-------- C:\ProgramData\LogSys
2008-04-02 14:21 . 2008-04-02 14:22 <DIR> d-------- C:\ProgramData\Blueberry
2008-04-02 14:21 . 2008-04-02 14:21 <DIR> d-------- C:\Program Files\Blueberry Software
2008-04-02 13:30 . 2008-04-02 13:30 244 --ah----- C:\sqmnoopt01.sqm
2008-04-02 13:30 . 2008-04-02 13:30 232 --ah----- C:\sqmdata01.sqm
2008-04-02 00:16 . 2008-04-02 00:16 244 --ah----- C:\sqmnoopt00.sqm
2008-04-02 00:16 . 2008-04-02 00:16 232 --ah----- C:\sqmdata00.sqm
2008-04-01 22:52 . 2008-04-01 22:52 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-04-01 22:51 . 2008-04-01 22:51 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\Roaming
2008-04-01 22:51 . 2008-04-01 22:51 <DIR> d-------- C:\Program Files\B4Playing
2008-04-01 22:23 . 2008-04-01 22:24 <DIR> d-------- C:\Program Files\Foxit Software
2008-04-01 20:45 . 2008-04-01 20:45 <DIR> d-------- C:\Program Files\Sudoku
2008-04-01 20:45 . 2008-04-01 20:45 286,720 --a------ C:\Windows\iun506.exe
2008-04-01 14:04 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
2008-04-01 14:04 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
2008-03-31 15:04 . 2008-03-31 15:04 <DIR> d-------- C:\Users\All Users\SweetIM
2008-03-31 15:04 . 2008-03-31 15:04 <DIR> d-------- C:\ProgramData\SweetIM
2008-03-31 15:04 . 2008-03-31 15:04 <DIR> d-------- C:\Program Files\SweetIM
2008-03-30 21:33 . 2008-04-03 14:21 <DIR> d-------- C:\Images
2008-03-30 21:13 . 2008-03-30 21:13 <DIR> d-------- C:\Program Files\Rockstar Games
2008-03-30 11:16 . 2008-03-30 11:16 <DIR> d-------- C:\Program Files\EPCTV
2008-03-29 15:59 . 2008-03-29 15:59 <DIR> d-------- C:\Windows\Caps
2008-03-29 15:59 . 2008-03-29 16:03 <DIR> d-------- C:\Program Files\RapidLeecher Ultimate 2007
2008-03-29 15:34 . 2008-03-29 15:34 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\Ashampoo
2008-03-29 15:33 . 2008-03-29 15:33 <DIR> d-------- C:\Users\All Users\ashampoo
2008-03-29 15:33 . 2008-03-29 15:33 <DIR> d-------- C:\ProgramData\ashampoo
2008-03-29 15:33 . 2008-03-31 14:43 <DIR> d-------- C:\Program Files\Ashampoo
2008-03-27 22:48 . 2008-03-27 22:48 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\HEXelon
2008-03-27 22:47 . 2008-03-27 22:55 <DIR> d-------- C:\Program Files\TC UP
2008-03-27 17:02 . 2008-03-27 17:02 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\ACD Systems
2008-03-27 16:53 . 2008-03-27 16:53 <DIR> d-------- C:\Users\All Users\ACD Systems
2008-03-27 16:53 . 2008-03-27 16:53 <DIR> d-------- C:\ProgramData\ACD Systems
2008-03-27 16:52 . 2008-03-27 16:53 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-03-27 16:52 . 2008-03-27 16:52 <DIR> d-------- C:\Program Files\ACD Systems
2008-03-27 16:50 . 2008-03-27 16:51 <DIR> d-------- C:\Program Files\ACDSee Pro 2.0.219
2008-03-27 16:46 . 2008-03-27 16:46 <DIR> d-------- C:\Program Files\CCleaner
2008-03-27 00:00 . 2008-03-27 00:00 <DIR> d-------- C:\temp\Dissection-2
2008-03-27 00:00 . 2008-03-28 00:00 <DIR> d-------- C:\temp
2008-03-26 22:53 . 2008-03-26 23:00 <DIR> d-------- C:\Users\All Users\Autodesk
2008-03-26 22:53 . 2008-03-26 23:00 <DIR> d-------- C:\ProgramData\Autodesk
2008-03-26 22:53 . 2008-03-26 22:57 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-03-26 19:46 . 2008-03-26 19:46 <DIR> d-------- C:\Users\Mixerowsky\AppData\Roaming\SolidWorks 2008
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 17:49 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-19 18:44 174 --sha-w C:\Program Files\desktop.ini
2008-03-19 18:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-19 18:37 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-19 18:37 --------- d-----w C:\Program Files\Windows Mail
2008-03-19 18:37 --------- d-----w C:\Program Files\Windows Journal
2008-03-19 18:37 --------- d-----w C:\Program Files\Windows Defender
2008-03-19 18:37 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-19 18:37 --------- d-----w C:\Program Files\Windows Calendar
2008-03-19 18:25 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-19 18:24 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-17 13:52 --------- d-----w C:\Program Files\Microsoft Games
2008-03-12 15:58 --------- d-----w C:\Program Files\MSBuild
2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-02-29 04:14 223,744 ----a-w C:\Windows\System32\b4fm.dll
2008-02-13 04:04 51,200 ----a-w C:\Windows\system32\drivers\Rtnicxp.sys
2008-02-09 22:09 13,464 ----a-w C:\Windows\System32\AcSignExtRes.dll
2008-02-09 22:08 43,160 ----a-w C:\Windows\System32\AcSignIcon.dll
2008-02-09 22:08 426,136 ----a-w C:\Windows\System32\AcSignOpt.exe
2008-02-09 22:08 28,312 ----a-w C:\Windows\System32\AcSignExt.dll
2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-19 06:14 925,184 ----a-w C:\Windows\System32\FXSRESM.dll
2008-01-19 06:06 8,147,456 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
2008-01-19 05:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
2008-01-19 05:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
2008-01-19 05:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
2008-01-19 05:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 05:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
2008-01-19 05:37 2,031,616 ----a-w C:\Windows\System32\win32k.sys
2008-01-19 05:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
2008-01-19 05:33 56,320 ----a-w C:\Windows\System32\graftabl.com
2008-01-19 05:30 34,304 ----a-w C:\Windows\System32\BlbEvents.dll
2008-01-19 05:27 8,704 ----a-w C:\Windows\System32\kd1394.dll
2008-01-19 05:26 605,696 ----a-w C:\Windows\System32\adtschema.dll
2008-01-19 03:17 100,043 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-01-05 11:37 128,482 ----a-w C:\Windows\System32\manage-bde.wsf
2008-01-05 11:36 195,122 ----a-w C:\Windows\System32\winrm.vbs
2008-01-05 11:35 80,047 ----a-w C:\Windows\System32\slmgr.vbs
2008-01-05 11:34 15,181 ----a-w C:\Windows\System32\gatherWirelessInfo.vbs
2008-01-05 11:27 96,760 ----a-w C:\Windows\System32\dfshim.dll
2008-01-05 11:27 84,480 ----a-w C:\Windows\System32\mscories.dll
2008-01-05 11:27 282,112 ----a-w C:\Windows\System32\mscoree.dll
2008-01-05 11:27 158,720 ----a-w C:\Windows\System32\mscorier.dll
2008-01-05 11:21 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
2008-01-05 11:21 579,584 ----a-w C:\Windows\System32\icardagt.exe
2008-01-05 11:21 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
2008-01-05 11:21 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
2008-01-05 11:21 28,672 ----a-w C:\Windows\System32\TsWpfWrp.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_ 0.23.17.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 22:20:03 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-04 12:40:23 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-03 23:30:12 10,134 ----a-r C:\Windows\Installer\{00000000-5736-4205-1000-F7ED0776FB27}\ARPPRODUCTICON.exe
+ 2008-04-03 23:30:12 65,536 ----a-r C:\Windows\Installer\{00000000-5736-4205-1000-F7ED0776FB27}\DTLNKDE00_00000000573642051000F7ED0776FB27.exe
+ 2008-04-03 23:30:12 65,536 ----a-r C:\Windows\Installer\{00000000-5736-4205-1000-F7ED0776FB27}\DTLNKEN00_00000000573642051000F7ED0776FB27.exe
+ 2008-04-03 23:30:12 65,536 ----a-r C:\Windows\Installer\{00000000-5736-4205-1000-F7ED0776FB27}\DTLNKFR00_00000000573642051000F7ED0776FB27.exe
- 2008-04-03 21:49:18 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-04 12:41:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-03 22:20:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-04 12:42:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-04 12:42:43 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-03 22:13:03 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-04 12:51:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-03 22:20:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-04 12:42:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-04 12:42:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-03 22:00:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-04 12:21:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-03 22:00:52 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-04 12:21:23 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-03 22:00:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-04 12:21:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-03 14:28:23 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-04 11:48:07 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-03 14:28:23 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-04 11:48:07 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2005-10-08 15:10:54 98,304 --s-a-w C:\Windows\System32\tenarchlib\datalib.dll
+ 2006-12-22 14:54:04 352,256 --s-a-w C:\Windows\System32\tenarchlib\syslib.dll
+ 2006-07-26 20:13:44 1,245,184 --s-a-w C:\Windows\System32\tenarchlib\uilib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-11 22:17 219952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 1 (0x1)
"HideLogonScripts"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostSurf Reminder]
C:\Program Files\GhostSurf Platinum\Privacy Control Center.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-03-27 19:31 111928 C:\Program Files\SweetIM\Messenger\SweetIM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5636780E-FF83-4D2A-9804-AD5D73CD8E0F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{6339F929-1960-4444-9E5D-8ED0B46AF220}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{F95A7022-B96F-4963-B6D2-344E1FA228C1}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{43F5603A-03B3-4807-9E11-8C857A476E96}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{203C1491-7E0E-4ADE-BA6B-B1B43501E71B}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{88605E80-5DEE-40DF-8F71-5EC603C55772}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{88585A8B-4729-4E27-99CD-B1E62622199D}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2D3762E1-DFBA-4C77-A4D7-C889551D3E6A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{DF1440E1-EC97-4AA7-879B-D7B4C2642F9A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3BD3CB89-D94A-4AD7-B28C-53F196926DB8}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{45AA267A-7802-4A89-BFBB-8059B0149312}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3B64CA37-444A-43BF-AB19-FAB0C8DB8650}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1257169A-89C7-442D-942B-5700C6FCF181}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E47C6FD4-ADED-4347-80B5-C6F9AB3DC6C3}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{E008E5CD-AB24-4504-9013-CF5BEBD4C00E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{85568728-036D-40D7-A9E1-E582801289CD}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{A0980D1B-15DA-4CCE-BA93-86EAC9A80C88}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{C9788C50-A031-4D7E-8A03-C70A288B8CFD}C:\\hack-script\\mirc.exe"= UDP:C:\hack-script\mirc.exe:mIRC
"UDP Query User{038FFC84-CA33-457C-9E7F-D204F1CF01F6}C:\\hack-script\\mirc.exe"= TCP:C:\hack-script\mirc.exe:mIRC
"TCP Query User{6F21CE1B-F9BF-4C5E-A340-1D753C620B15}C:\\program files\\orbitdownloader\\orbitdm.exe"= UDP:C:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader
"UDP Query User{E2B4F0B7-6ED5-4FE6-9BE8-E996F58D9871}C:\\program files\\orbitdownloader\\orbitdm.exe"= TCP:C:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader
"{D8B591B7-0C6F-42DC-8BA9-3CD999DCEFE3}"= UDP:C:\Program Files\Wippien\Wippien.exe:Wippien
"{F583011F-F1ED-4549-80AD-627C8906ECCC}"= TCP:C:\Program Files\Wippien\Wippien.exe:Wippien
"{0860D5BC-8C38-4071-870E-08229FFD46CE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7ED0E460-FC32-4E22-B5DE-3757AA51D532}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{42161C43-A004-4E73-A62D-E43C40BE181B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{555082A9-011D-4516-A53E-113437A0763B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{08244D7C-0AB8-4B02-9376-9E1133F12B01}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{70114550-42D6-44F6-813C-9042D19B7A2F}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"UDP Query User{C502F77B-36F0-4E83-A3E5-1EAA11965DFF}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"{D03EC949-E246-4612-80F0-7EEEFC69CF5E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5643F03B-4524-41C1-8B35-E300EDBFE82D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{43B137F9-6BE5-4CB0-B599-27B33595131E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{65E8E653-AD55-4C46-AC83-822D7E95810F}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"UDP Query User{504BDF9A-2D07-4332-B1F3-25768C324A5B}C:\\program files\\yahoo! games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\yahoo! games\zuma deluxe\zuma.exe:Zuma
"{42F1E91E-6C09-4CCE-AC9D-7554BDBF35D3}"= Disabled:UDP:443:ooVoo TCP port 443
"{A83223C2-950E-4F4A-846C-52D512930549}"= Disabled:TCP:443:ooVoo UDP port 443
"{5265BA3C-9E53-48A3-A4D1-55CD42FC3B3C}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{C46A99CC-5817-4FDD-9FB5-CE1C2E104A62}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{41556EA2-2D48-4440-A3BC-30BA12EC9BDC}"= Disabled:TCP:37675:ooVoo UDP port 37675
"TCP Query User{38A08099-AC38-4097-9C23-12C2EFAA2740}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{A894C34C-53AB-4842-A6EE-AC1184879F7D}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application
"TCP Query User{435E1463-B1C1-4728-B445-2B96D6EF0683}C:\\program files\\epctv\\internet tv & radio player\\tvplayer.exe"= UDP:C:\program files\epctv\internet tv & radio player\tvplayer.exe:TVPlayer
"UDP Query User{21B7AF78-9D38-434C-A6F5-D61977E3DACF}C:\\program files\\epctv\\internet tv & radio player\\tvplayer.exe"= TCP:C:\program files\epctv\internet tv & radio player\tvplayer.exe:TVPlayer
"TCP Query User{4778089C-A628-44B4-A792-F15F84DF52F6}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{9DECB77C-39AA-4EA9-ACC5-563186620D66}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{E61C796D-2473-4833-938C-2BD6F7BC2C74}C:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:C:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{CFE8EC5A-B549-44B0-93E5-8371B532D402}C:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:C:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{4B4AF713-AB6F-4637-BBC1-C6AFABD0FD79}C:\\program files\\microsoft visual studio\\common\\tools\\vs-ent98\\vanalyzr\\varpc.exe"= UDP:C:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe:Microsoft (R) Visual Studio VSA RPC Event Creator
"UDP Query User{724DCF7D-94C8-49AF-BFE9-A38AB541A78F}C:\\program files\\microsoft visual studio\\common\\tools\\vs-ent98\\vanalyzr\\varpc.exe"= TCP:C:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe:Microsoft (R) Visual Studio VSA RPC Event Creator
"{6507A4A8-16A8-4DB9-AA96-E2BDB35CF56C}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{B9121A71-BF94-4E3B-9A0A-E1BBF4D1AB44}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{269C001B-78BC-474A-B3D6-302246302EFD}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D70FFA68-6F3C-4F92-9AC9-D75CBCF7FF22}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{A8084D7F-30F4-40EB-9CBC-9F99CD3CD1DB}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{2624BDA7-8D73-41AB-A7BB-E66D777BFF70}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CA63DE66-23E5-471F-8C48-CB95A6DC5928}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{E5B6658D-4A98-4694-868F-CC93949B632A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{202E0306-D5E9-41F8-AAAE-301077DF8383}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{D9E6F943-C96F-4AC8-9971-0B8766AD9D3F}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 VD_FileDisk;VD_FileDisk;C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-03-19 20:57]
S3 wip0203;Wippien Network Adapter 2.3;C:\Windows\system32\DRIVERS\wip0203.sys [2007-12-04 18:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 13:00:23 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-02 13:00:23 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 14:53:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-04 14:54:42
ComboFix-quarantined-files.txt 2008-04-04 12:54:39
Pre-Run: 30,984,593,408 bytes free
Post-Run: 30,955,241,472 bytes free
.
2008-04-02 12:16:32 --- E O F ---
trojanac koji nikako da ode....uzas....
Re: trojanac koji nikako da ode....uzas....