ComboFix 08-04-04.1 - Angelovski 2008-04-05 15:39:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.657 [GMT 2:00]
Running from: C:\Documents and Settings\Angelovski\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
2008-04-04 19:06 . 2008-04-04 19:06 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-04 19:06 . 2008-04-04 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-04 19:06 . 2008-04-05 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-04 19:06 . 2008-04-05 15:41 4,919,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 19:06 . 2008-04-04 19:06 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-04 19:06 . 2008-04-04 19:06 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-04 19:06 . 2008-04-05 00:25 50,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 19:06 . 2008-04-05 15:41 10,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-04 19:06 . 2008-04-05 00:25 2,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-04 18:53 . 2008-04-04 18:53 162,432 --a------ C:\WINDOWS\system32\drivers\ithsgt.sys
2008-04-04 18:53 . 2008-04-04 18:53 12,032 --a------ C:\WINDOWS\system32\drivers\lilsgt.sys
2008-04-03 19:51 . 2008-04-03 19:51 <DIR> d-------- C:\Program Files\OpenAL
2008-04-03 19:51 . 2008-04-03 19:51 418,480 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-04-03 19:20 . 2008-04-03 19:20 <DIR> d-------- C:\Program Files\Orca
2008-04-03 18:17 . 2008-04-03 18:17 38 --a------ C:\WINDOWS\avisplitter.INI
2008-04-03 15:19 . 2008-04-03 15:19 <DIR> d-------- C:\Program Files\EA GAMES
2008-04-03 14:11 . 2004-08-18 05:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-01 09:12 . 2008-04-01 09:12 <DIR> d--hs---- C:\Diskeeper
2008-03-31 22:41 . 2008-03-31 22:41 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-03-31 22:41 . 2008-03-31 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-03-31 15:50 . 2008-03-31 15:50 <DIR> d-------- C:\Program Files\EA Sports
2008-03-31 14:36 . 2008-03-31 14:36 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-03-31 14:33 . 2008-03-31 14:33 <DIR> d-------- C:\Program Files\Any Video Converter
2008-03-31 14:33 . 2008-03-31 20:21 <DIR> d-------- C:\Documents and Settings\Angelovski\Application Data\Any Video Converter
2008-03-31 14:32 . 2007-11-05 16:34 15,760 --a------ C:\WINDOWS\system32\iviaspi.sys
2008-03-30 17:53 . 2008-03-31 14:32 <DIR> d-------- C:\Program Files\SanDisk
2008-03-30 10:23 . 2008-03-30 10:23 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-29 18:12 . 2008-03-29 18:12 <DIR> d-------- C:\Program Files\THQ
2008-03-28 16:40 . 2008-03-31 19:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-27 13:20 . 2008-03-27 13:20 <DIR> d-------- C:\Program Files\LingvoSoft
2008-03-27 12:56 . 2008-03-27 12:56 <DIR> d-------- C:\Documents and Settings\Angelovski\Application Data\Ectaco
2008-03-26 19:14 . 2008-03-26 19:15 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-03-26 19:14 . 2008-04-01 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-26 19:13 . 2008-03-26 19:13 <DIR> d-------- C:\Program Files\MSBuild
2008-03-26 19:11 . 2008-03-26 19:11 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-26 19:10 . 2008-03-26 19:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-26 19:10 . 2008-03-26 19:15 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-26 19:10 . 2008-03-26 19:10 <DIR> d-------- C:\Program Files\Autodesk
2008-03-26 19:10 . 2008-04-01 20:21 <DIR> d-------- C:\Documents and Settings\Angelovski\Application Data\Autodesk
2008-03-26 19:10 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-26 16:01 . 2005-08-13 06:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Sample.ico
2008-03-26 15:59 . 2008-03-26 15:59 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-03-26 15:59 . 2005-08-30 02:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-03-26 15:59 . 2005-08-30 02:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-03-26 15:59 . 2005-08-13 06:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2008-03-26 15:59 . 2005-08-30 02:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-03-26 15:59 . 2005-08-30 02:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-03-26 15:59 . 2005-08-30 02:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-03-26 15:59 . 2005-08-30 02:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-03-26 15:59 . 2005-08-30 02:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-03-26 15:58 . 2008-03-26 15:58 <DIR> d-------- C:\Program Files\Samsung
2008-03-26 13:39 . 2008-03-26 13:39 <DIR> d-------- C:\Program Files\Codemasters
2008-03-24 15:19 . 2008-03-24 15:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-24 15:15 . 2008-03-24 15:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-03-21 20:52 . 2008-03-21 20:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-19 19:48 . 2008-03-19 20:30 <DIR> d-------- C:\Documents and Settings\Angelovski\index_files
2008-03-19 15:48 . 2008-03-19 15:48 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-03-19 14:26 . 2008-03-19 14:26 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-19 14:17 . 2008-03-19 14:17 <DIR> d-------- C:\WINDOWS\USB Game Controller
2008-03-19 14:17 . 2008-03-19 14:17 <DIR> d-------- C:\Program Files\USB Game Controller
2008-03-19 12:32 . 2008-03-19 12:32 <DIR> d-------- C:\Program Files\TEXTware
2008-03-19 12:32 . 2008-03-19 12:32 <DIR> d-------- C:\Documents and Settings\Angelovski\Application Data\Oxford
2008-03-19 12:31 . 2008-03-19 12:31 <DIR> d-------- C:\Program Files\Oxford
2008-03-19 12:30 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-18 12:19 . 2008-03-05 16:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-03-18 12:19 . 2008-03-05 16:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-18 12:19 . 2008-03-05 17:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-03-18 12:19 . 2008-02-06 00:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-03-18 12:19 . 2008-03-05 17:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-03-18 12:19 . 2008-03-05 17:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-16 19:48 . 2008-03-16 19:48 <DIR> d-------- C:\Documents and Settings\Angelovski\Application Data\ESET
2008-03-16 19:47 . 2008-03-16 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-16 19:22 . 2008-03-16 19:22 <DIR> d-------- C:\WINDOWS\Sun
2008-03-16 15:43 . 2008-03-16 15:43 <DIR> d-------- C:\Documents and Settings\Angelovski\Application Data\Ubisoft
2008-03-16 15:43 . 2008-03-16 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-16 13:26 . 2008-03-25 21:15 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-15 16:28 . 2008-03-15 16:28 <DIR> d-------- C:\Program Files\KONAMI
2008-03-15 16:14 . 2008-04-04 19:26 <DIR> d-------- C:\NEW
2008-03-15 15:26 . 2008-03-15 15:26 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-15 15:26 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-15 15:26 . 2008-03-19 20:59 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-15 15:25 . 2008-03-15 15:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-15 15:25 . 2008-03-15 15:25 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-15 15:16 . 2008-03-15 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-15 15:01 . 2008-03-15 15:02 <DIR> d-------- C:\Program Files\Winamp
2008-03-15 15:01 . 2008-03-15 15:06 <DIR> d-------- C:\Documents and Settings\Angelovski\Application Data\Winamp
2008-03-15 14:57 . 2008-03-15 14:57 <DIR> d-------- C:\Program Files\FireTune
2008-03-15 14:57 . 2008-03-15 14:57 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-03-15 14:55 . 2008-03-15 14:55 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 11
2008-03-15 14:55 . 2008-03-15 14:55 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-03-15 14:54 . 2008-03-15 14:54 <DIR> d-------- C:\Program Files\Webteh
2008-03-15 14:53 . 2008-03-15 14:53 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-03-15 14:53 . 2008-03-15 14:53 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-03-15 14:52 . 2008-03-15 14:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 14:52 . 2008-03-15 14:52 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-03-15 14:52 . 2008-03-15 14:52 <DIR> d-------- C:\Program Files\ACD Systems
2008-03-15 14:52 . 2008-03-15 14:52 <DIR> d-------- C:\Documents and Settings\Angelovski\Application Data\ACD Systems
2008-03-15 14:52 . 2008-03-15 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-15 14:49 . 2008-03-15 14:49 <DIR> d-------- C:\Program Files\Gabest
2008-03-15 14:49 . 2008-03-15 14:49 <DIR> d-------- C:\Program Files\DVD Decrypter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 17:51 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-03 16:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 17:50 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-28 13:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 10:43 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\MyPhoneExplorer
2008-03-16 18:21 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-15 11:44 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\DAEMON Tools
2008-03-15 11:43 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-15 11:41 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-03-15 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-15 11:39 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\Apple Computer
2008-03-15 11:38 --------- d-----w C:\Program Files\QuickTime
2008-03-15 11:37 --------- d-----w C:\Program Files\Apple Software Update
2008-03-15 11:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-15 11:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-15 11:36 --------- d-----w C:\Program Files\Nero
2008-03-15 11:36 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-15 11:36 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\Nero
2008-03-15 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-15 11:33 --------- d-----w C:\Program Files\Sun
2008-03-15 11:32 --------- d-----w C:\Program Files\Java
2008-03-15 11:32 --------- d-----w C:\Program Files\Common Files\Java
2008-03-15 11:29 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-15 11:29 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\Teleca
2008-03-15 11:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-15 11:20 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-03-15 11:20 --------- d-----w C:\Program Files\Logitech
2008-03-15 11:20 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\Logitech
2008-03-15 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-15 11:19 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-15 11:19 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-03-15 11:19 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-15 11:19 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-03-15 11:19 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\InstallShield
2008-03-15 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-15 11:17 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\Image Zone Express
2008-03-15 11:16 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\HP
2008-03-15 11:15 --------- d-----w C:\Program Files\HP
2008-03-15 11:15 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-15 11:15 --------- d-----w C:\Program Files\Common Files\HP
2008-03-15 11:15 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-15 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-15 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-15 11:12 --------- d-----w C:\Program Files\Canon
2008-03-15 11:11 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-15 11:10 --------- d--h--w C:\Program Files\CanonBJ
2008-03-15 10:50 --------- d-----w C:\Documents and Settings\Angelovski\Application Data\Sony Ericsson
2008-03-15 10:41 --------- d-----w C:\Program Files\Creative
2008-03-15 10:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-15 10:37 --------- d-----w C:\Program Files\DIFX
2008-03-15 10:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-07 01:49 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-03-07 01:47 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-03-07 01:47 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-03-07 01:47 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-03-07 01:47 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-03-07 01:47 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-03-07 01:47 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-03-07 01:47 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-03-07 01:45 756,224 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-03-07 01:44 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-03-07 01:44 566,784 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-03-07 01:44 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-03-07 01:44 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-03-07 01:44 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-03-07 01:44 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-03-07 01:44 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-03-07 01:44 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-03-06 19:04 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 19:03 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-03-06 19:02 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-03-06 18:55 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-06 18:55 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-03-06 18:55 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-03-06 18:54 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-03-06 18:54 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-03-06 18:54 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-03-06 18:54 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-03-06 18:54 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-03-06 18:54 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-03-06 18:52 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-03-06 18:51 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-03-06 18:51 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-03-06 18:51 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-03-06 18:51 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-03-06 18:50 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-03-06 18:50 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-03-06 18:50 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-03-06 18:50 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-03-06 18:50 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-03-06 18:49 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-03-06 18:49 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-03-06 18:34 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-03-06 18:34 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-03-06 18:34 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-03-06 18:31 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-03-06 18:31 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-03-06 18:31 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-03-06 18:31 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-03-06 18:31 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-07 03:46 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 15:54 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-03-07 03:46 169984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-03-07 03:46 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/15/2008 1:20:14 PM 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [3/15/2008 1:19:16 PM 789008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 13:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
"vidc.VP60"= C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"= C:\WINDOWS\system32\vp6vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-03-07 03:46 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"=
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe"=
"C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"=
"C:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"C:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-04-04 18:53]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-04-04 18:53]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 netModUSBlfService;netMod USB Lower Filter Service;C:\WINDOWS\system32\drivers\nMUSBlf.sys [2004-01-20 14:44]
R3 netModUSBService;Service for netMod USB CAPI Driver;C:\WINDOWS\system32\drivers\nMUSB.sys [2006-10-02 17:07]
S3 nMtskService;nMtskBar Service;C:\WINDOWS\nMtsk.exe [2005-05-06 13:19]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5afadca0-0014-11dd-8f5c-def2432bf9ac}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92265cf8-f27d-11dc-9ad3-8aa84b344bac}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-05 15:41:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-05 15:42:14
ComboFix-quarantined-files.txt 2008-04-05 13:42:06
Pre-Run: 28,177,965,056 bytes free
Post-Run: 28,163,514,368 bytes free
.
2008-03-24 13:26:23 --- E O F ---
Registrovani: 9 ( djoka_l, popusicko, Nebojsa Milanovic, peromalosutra, Ultrena, vidonk, SlobaBgd, morihei ueshiba, majstordaca )
Windows Script Host - problem
). Posle toga pusti da Combofix ponovo odradi svoje i okachi novi ComboFix log posto je HiJackThis log OK. Naravno javi kako se racunar ponasha posle dodatnog ciscenja djubreta. CFScript.txt fajl je u attachmentu dole...