MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Problem sa virusom

Napisano na dan: 30.7.2010
1

Problem sa virusom
Sledeća strana Pagination

Idi na vrh

Poslao: 30 Jul 2010 16:07
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Nakon prebacivanja slika sa digitalnog fotoaparata NOD 32 ver. 3.0.695.0 pokazuje u donjem desnom uglu ekrana da je blokirao adresu "peradjoka35.com" sa IP adresom 127.0.0.1/:80. Dok sam pravio log fajlove DDS i GMER sve ikonice na desktopu su poplavile. Bilo koju da probam prevuci na drugu poziciju na desktopu povukla bi i sve ostale za sobom. Kompjuter je dosta usporio i nisam napravljene log fajlove mogao ni kopirati niti pomjeriti ni bilo sta drugo uraditi sa njima. Pokrenuo sam combo fix i nakon sto je on zavrsio sa radom neke stvari su se vratile u normalu ali je kompjuter i dalje spor. Ispod se nalaze fajlovi pripremljeni prije nego je kompjuter sasvim poludio.

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 30 Jul 2010 16:17
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

mozes li mi postaviti logove od ComboFixa?

Poslao: 30 Jul 2010 16:23
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Naravno.Evo loga od combo fixa:
mycity.rs/must-login.png

ComboFix 10-07-29.02 - mladen 30.07.2010 15:43:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1350 [GMT 2:00]
Running from: c:\documents and settings\mladen\Desktop\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Win
c:\win\1.exe
c:\win\lsass.exe
c:\win\names.txt
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-27 12:32 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-27 12:16 . 1999-09-10 11:06 5600 ----a-w- c:\windows\system\winaspi.dll
2010-07-27 12:16 . 1999-09-10 11:06 4672 ----a-w- c:\windows\system\wowpost.exe
2010-07-27 12:13 . 1999-09-10 11:06 45056 ----a-w- c:\windows\system32\wnaspi32.dll
2010-07-27 12:13 . 1999-09-10 11:06 25244 ----a-w- c:\windows\system32\drivers\aspi32.sys
2010-07-27 12:08 . 2010-07-27 12:08 -------- d-----w- C:\adaptec
2010-07-27 11:28 . 2010-07-27 11:54 -------- d-----w- c:\documents and settings\mladen\Application Data\Ahead
2010-07-27 11:27 . 2004-03-03 19:30 5504 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-07-27 11:27 . 2004-03-03 19:30 125184 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2010-07-27 11:27 . 2001-06-26 06:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-07-27 11:27 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-07-27 11:27 . 2001-07-06 16:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-07-27 11:27 . 2001-07-06 12:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-07-27 11:27 . 2001-07-06 10:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-07-27 11:27 . 2010-07-27 11:27 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-27 11:27 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-07-27 11:03 . 2010-07-27 11:03 -------- d-----w- c:\documents and settings\mladen\Application Data\Canneverbe_Limited
2010-07-27 11:01 . 2010-07-27 11:01 158528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-27 11:00 . 2010-07-27 11:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-27 10:59 . 2010-07-27 10:59 -------- d-----w- c:\program files\Reference Assemblies
2010-07-27 10:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-27 10:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-27 10:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-27 10:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-27 10:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-27 10:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-27 10:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-27 10:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-27 10:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-27 10:58 . 2010-07-27 10:59 -------- d-----w- C:\038e1b9beb2292f7043d7a6b
2010-07-27 10:55 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-27 10:55 . 2010-07-27 10:55 -------- d-----w- c:\program files\MSXML 6.0
2010-07-27 10:53 . 2010-07-27 10:53 -------- d-----w- C:\582351f645d2f5d0f8
2010-07-27 10:52 . 2010-07-27 11:04 -------- d-----w- C:\20551b1787af0758a7
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\Ahead
2010-07-27 09:38 . 2010-07-27 12:30 -------- d-----w- c:\program files\Ahead
2010-07-27 09:25 . 2010-07-27 09:25 -------- d-----w- c:\program files\Common Files\Skype
2010-07-27 09:25 . 2010-07-27 10:22 -------- d-----r- c:\program files\Skype
2010-07-26 19:51 . 2010-07-26 19:51 -------- d-s---w- c:\documents and settings\mladen\UserData
2010-07-26 19:07 . 2010-07-26 19:07 -------- d-----w- c:\documents and settings\mladen\Application Data\TeamViewer
2010-07-26 19:07 . 2010-07-26 19:07 -------- d-----w- c:\program files\TeamViewer
2010-07-26 11:57 . 2010-07-26 11:57 -------- d-----w- c:\documents and settings\mladen\Application Data\Malwarebytes
2010-07-26 11:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 11:56 . 2010-07-26 11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 11:56 . 2010-07-26 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 11:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 11:33 . 2010-07-26 11:33 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\ESET
2010-07-26 10:21 . 2010-07-26 10:21 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\IsolatedStorage
2010-07-26 10:21 . 2010-07-26 10:21 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\HP
2010-07-26 10:20 . 2010-07-26 10:20 129 ----a-w- c:\documents and settings\mladen\Local Settings\Application Data\fusioncache.dat
2010-07-26 10:20 . 2010-07-30 12:32 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\ApplicationHistory
2010-07-26 10:18 . 2010-07-26 10:18 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-07-26 10:18 . 2010-07-26 10:18 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-07-26 10:18 . 2010-07-26 10:18 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-26 10:17 . 2010-07-26 10:17 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-26 10:17 . 2010-07-26 10:18 -------- d-----w- c:\program files\Common Files\Acronis
2010-07-26 10:17 . 2010-07-26 10:17 -------- d-----w- c:\program files\Acronis
2010-07-26 09:02 . 2010-07-26 09:02 -------- d-----w- c:\program files\Common Files\HP
2010-07-26 09:00 . 2010-07-26 09:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-26 09:00 . 2010-07-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-26 09:00 . 2004-05-11 08:53 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2010-07-26 09:00 . 2004-05-11 08:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-07-26 09:00 . 2004-05-11 08:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-07-26 09:00 . 2004-05-11 08:53 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-07-26 09:00 . 2004-05-11 08:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-07-26 09:00 . 2004-05-11 08:53 1230336 ----a-r- c:\windows\system32\MSXML4.dll
2010-07-26 09:00 . 2010-07-26 09:00 45056 ----a-r- c:\documents and settings\mladen\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2010-07-26 08:59 . 2010-07-26 08:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-07-26 08:58 . 2010-07-26 08:58 -------- d-----w- c:\windows\system32\URTTemp
2010-07-26 08:56 . 2004-06-21 20:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-07-26 08:56 . 2004-06-21 20:02 51088 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-07-26 08:56 . 2004-06-21 20:02 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-07-26 08:56 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-26 08:56 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-26 08:56 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-26 08:56 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-26 08:56 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-07-26 08:56 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-26 08:53 . 2004-03-18 14:55 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-07-26 08:53 . 2004-03-18 14:39 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-07-26 08:53 . 2004-03-18 14:38 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-07-26 08:53 . 2004-03-18 14:56 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-07-26 08:53 . 2004-03-18 14:53 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-07-26 08:53 . 2004-03-18 14:39 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-07-26 08:53 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-26 08:42 . 2010-07-26 09:04 -------- d-----w- c:\program files\HP
2010-07-26 08:33 . 2010-07-26 09:05 104257 ----a-w- c:\windows\hpoins04.dat
2010-07-26 08:33 . 2004-06-21 20:02 17176 ------w- c:\windows\hpomdl04.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 12:44 . 2010-07-25 16:24 -------- d-----w- c:\documents and settings\mladen\Application Data\Skype
2010-07-30 12:32 . 2010-07-25 16:57 -------- d-----w- c:\documents and settings\mladen\Application Data\skypePM
2010-07-27 11:03 . 2010-07-25 16:01 68456 ----a-w- c:\documents and settings\mladen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-27 09:25 . 2010-07-25 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-26 10:25 . 2010-07-25 15:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-25 16:57 . 2010-07-25 16:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-25 16:38 . 2010-07-25 16:38 0 ----a-w- c:\windows\nsreg.dat
2010-07-25 16:36 . 2010-07-25 16:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 16:36 . 2010-07-25 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK
2010-07-25 16:36 . 2010-07-25 16:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-25 16:34 . 2010-07-25 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-25 16:32 . 2010-07-25 16:32 -------- d-----w- c:\program files\Microsoft Works
2010-07-25 16:32 . 2010-07-25 16:32 -------- d-----w- c:\program files\MSBuild
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\program files\CyberLink
2010-07-25 16:23 . 2010-07-25 16:22 -------- d-----w- c:\program files\Winamp
2010-07-25 16:22 . 2010-07-25 16:22 -------- d-----w- c:\documents and settings\mladen\Application Data\Winamp
2010-07-25 16:22 . 2010-07-25 16:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 16:21 . 2010-07-25 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-25 16:18 . 2010-07-25 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-25 16:15 . 2010-07-25 16:15 -------- d-----w- c:\program files\ESET
2010-07-25 16:15 . 2010-07-25 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-25 16:13 . 2010-07-25 16:13 -------- d-----w- c:\program files\XP Codec Pack
2010-07-25 16:10 . 2010-07-25 16:09 -------- d-----w- c:\program files\ATI Technologies
2010-07-25 16:05 . 2010-07-25 16:05 845968 ----a-w- c:\windows\system32\AI - Series.scr
2010-07-25 16:04 . 2010-07-25 16:04 -------- d-----w- c:\program files\Analog Devices
2010-07-25 15:52 . 2010-07-25 15:52 -------- d-----w- c:\program files\microsoft frontpage
2010-07-25 15:48 . 2010-07-25 15:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [25.7.2010 18:03 29056]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258-);c:\windows\system32\drivers\tdrpm258.sys [26.7.2010 12:18 911680]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [26.7.2010 12:18 2480048]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 9:02 472280]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [26.7.2010 12:18 160704]
R3 ALI5261;ALi Based Ethernet NT Driver;c:\windows\system32\drivers\ALILAN.SYS [25.7.2010 18:05 29184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KFPOIAOB
*Deregistered* - kfpoiaob
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {38992B3B-D11C-404C-B7AC-34D33E93BAA9} = 212.103.128.66 213.253.112.8
FF - ProfilePath - c:\documents and settings\mladen\Application Data\Mozilla\Firefox\Profiles\xngwken2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-run32 - c:\win\lsass.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-07-30 15:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888-)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-30 15:48:19
ComboFix-quarantined-files.txt 2010-07-30 13:48

Pre-Run: 13.894.430.720 bytes free
Post-Run: 13.965.373.440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1FA69E8C5CC4A0881EDFC15E2D80B063

Poslao: 30 Jul 2010 16:35
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Jesi skenirao nekim antivirusom posle zaraze? Jel Nod nesto detektovao? Ako imas neke logove od AV okaci ih?

Poslao: 30 Jul 2010 16:45
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Nisam skenirao antivirusom, a poceo sam i da gubim povjerenje u njega. Ovo je drugi put za mjesec dana da registruje neka desavanja a da ih ne zaustavi. Prvi put mi je i pored njega, pretpostavljam opet neki virus, potrosio 8 GB za dva dana na wirelessu. Tada sam formatirao disk i rijesio problem. Ovo je njegov log fajl za zadnjih nekoliko dana:

mycity.rs/must-login.png

Poslao: 30 Jul 2010 16:50
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zasto koristis Service Pack 2? Trebalo bi da predjes na SP 3.

Skini program RSIT na Desktop:

http://images.malwareremoval.com/random/RSIT.exe


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

Poslao: 30 Jul 2010 16:59
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Sto se tice servis paka ni sam ne znam zasto. Valjda imam taj na cd-u pa mi nekako najlakse i najbrze za instalaciju :-)

Evo i log fajla:


mycity.rs/must-login.png

Logfile of random's system information tool 1.08 (written by random/random)
Run by mladen at 2010-07-30 16:54:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (61%) free of 22 GB
Total RAM: 1791 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:54:58, on 30.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mladen\Desktop\RSIT.exe
C:\Program Files\trend micro\mladen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38992B3B-D11C-404C-B7AC-34D33E93BAA9}: NameServer = 212.103.128.66 213.253.112.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6058 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-12 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-03-27 5107232]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2010-03-27 362232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-30 16:54:16 ----D---- C:\Program Files\trend micro
2010-07-30 16:54:15 ----D---- C:\rsit
2010-07-30 15:48:21 ----D---- C:\WINDOWS\temp
2010-07-30 15:48:20 ----A---- C:\ComboFix.txt
2010-07-30 15:43:05 ----A---- C:\Boot.bak
2010-07-30 15:43:01 ----RASHD---- C:\cmdcons
2010-07-30 15:40:29 ----A---- C:\WINDOWS\zip.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\SWSC.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\SWREG.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\sed.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\PEV.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\MBR.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\grep.exe
2010-07-30 15:40:24 ----D---- C:\WINDOWS\ERDNT
2010-07-30 15:38:59 ----D---- C:\Qoobox
2010-07-28 17:14:29 ----D---- C:\WINDOWS\Minidump
2010-07-27 14:32:30 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-07-27 14:16:03 ----A---- C:\WINDOWS\system32\wnaspi32.BAK
2010-07-27 14:16:03 ----A---- C:\WINDOWS\system32\drivers\aspi32.BAK
2010-07-27 14:13:06 ----A---- C:\WINDOWS\system32\wnaspi32.dll
2010-07-27 14:13:06 ----A---- C:\WINDOWS\system32\drivers\aspi32.sys
2010-07-27 14:08:03 ----D---- C:\adaptec
2010-07-27 13:28:28 ----D---- C:\Documents and Settings\mladen\Application Data\Ahead
2010-07-27 13:27:59 ----A---- C:\WINDOWS\system32\drivers\imagesrv.sys
2010-07-27 13:27:59 ----A---- C:\WINDOWS\system32\drivers\imagedrv.sys
2010-07-27 13:27:41 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-07-27 13:27:41 ----A---- C:\WINDOWS\system32\picn20.dll
2010-07-27 13:27:40 ----A---- C:\WINDOWS\system32\ImagXpr5.dll
2010-07-27 13:27:40 ----A---- C:\WINDOWS\system32\imagx5.dll
2010-07-27 13:27:40 ----A---- C:\WINDOWS\system32\imagr5.dll
2010-07-27 13:27:36 ----D---- C:\Program Files\Common Files\Ahead
2010-07-27 13:27:36 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-07-27 13:03:16 ----D---- C:\Documents and Settings\mladen\Application Data\Canneverbe_Limited
2010-07-27 13:00:09 ----D---- C:\WINDOWS\system32\XPSViewer
2010-07-27 13:00:01 ----D---- C:\WINDOWS\system32\en-US
2010-07-27 12:59:52 ----D---- C:\Program Files\Reference Assemblies
2010-07-27 12:58:45 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-07-27 12:58:44 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-07-27 12:58:44 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-07-27 12:58:43 ----D---- C:\038e1b9beb2292f7043d7a6b
2010-07-27 12:55:23 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-07-27 12:55:21 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-07-27 12:55:13 ----D---- C:\Program Files\MSXML 6.0
2010-07-27 12:53:17 ----D---- C:\582351f645d2f5d0f8
2010-07-27 12:52:56 ----D---- C:\20551b1787af0758a7
2010-07-27 12:45:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-07-27 12:45:02 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-07-27 11:38:44 ----D---- C:\Program Files\Ahead
2010-07-27 11:25:12 ----D---- C:\Program Files\Common Files\Skype
2010-07-27 11:25:05 ----RD---- C:\Program Files\Skype
2010-07-26 21:07:18 ----D---- C:\Documents and Settings\mladen\Application Data\TeamViewer
2010-07-26 21:07:07 ----D---- C:\Program Files\TeamViewer
2010-07-26 14:24:47 ----D---- C:\Documents and Settings\mladen\Application Data\WinRAR
2010-07-26 13:57:02 ----D---- C:\Documents and Settings\mladen\Application Data\Malwarebytes
2010-07-26 13:56:54 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-26 13:56:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-26 13:56:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-26 13:56:52 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-26 12:21:35 ----D---- C:\Documents and Settings\mladen\Application Data\Acronis
2010-07-26 12:20:16 ----D---- C:\Documents and Settings\All Users\Application Data\Acronis
2010-07-26 12:18:19 ----A---- C:\WINDOWS\system32\drivers\afcdp.sys
2010-07-26 12:18:09 ----A---- C:\WINDOWS\system32\drivers\tdrpm258.sys
2010-07-26 12:18:03 ----A---- C:\WINDOWS\system32\drivers\timntr.sys
2010-07-26 12:17:59 ----A---- C:\WINDOWS\system32\drivers\snapman.sys
2010-07-26 12:17:35 ----D---- C:\Program Files\Common Files\Acronis
2010-07-26 12:17:34 ----D---- C:\Program Files\Acronis
2010-07-26 11:05:34 ----A---- C:\_Sid.txt
2010-07-26 11:02:13 ----D---- C:\Program Files\Common Files\HP
2010-07-26 11:00:47 ----D---- C:\Program Files\Hewlett-Packard
2010-07-26 11:00:47 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\MSXML4r.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\MSXML4a.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\MSXML4.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\hpvcr70.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\hpvcp70.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\hpvaut32.dll
2010-07-26 10:59:39 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-07-26 10:58:34 ----RSD---- C:\WINDOWS\assembly
2010-07-26 10:58:34 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-26 10:58:33 ----D---- C:\WINDOWS\system32\URTTemp
2010-07-26 10:56:51 ----RA---- C:\WINDOWS\system32\drivers\HPZipr12.sys
2010-07-26 10:56:49 ----RA---- C:\WINDOWS\system32\drivers\hpzid412.sys
2010-07-26 10:56:25 ----RA---- C:\WINDOWS\system32\drivers\HPZius12.sys
2010-07-26 10:56:21 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-07-26 10:56:13 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-07-26 10:56:08 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-07-26 10:53:58 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2010-07-26 10:53:58 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2010-07-26 10:53:58 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2010-07-26 10:53:57 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2010-07-26 10:53:57 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2010-07-26 10:53:57 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2010-07-26 10:53:57 ----A---- C:\WINDOWS\IsUninst.exe
2010-07-26 10:42:42 ----D---- C:\Program Files\HP
2010-07-26 10:37:32 ----D---- C:\Config.Msi
2010-07-25 19:44:55 ----A---- C:\WINDOWS\system32\h323log.txt
2010-07-25 19:39:49 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-07-25 19:39:47 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2010-07-25 19:39:46 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-07-25 19:39:44 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-07-25 19:39:43 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-07-25 19:39:41 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-07-25 19:39:40 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-07-25 19:39:39 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-07-25 19:39:37 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2010-07-25 19:39:35 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-07-25 19:39:33 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-07-25 19:39:29 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-07-25 19:38:54 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-07-25 19:38:34 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-07-25 19:38:34 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-07-25 19:38:34 ----A---- C:\WINDOWS\system32\drivers\msmpu401.sys
2010-07-25 19:38:33 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-07-25 19:38:31 ----A---- C:\WINDOWS\system32\drivers\gameenum.sys
2010-07-25 19:38:12 ----A---- C:\WINDOWS\system32\usbui.dll
2010-07-25 19:38:10 ----A---- C:\WINDOWS\system32\drivers\ALIM1541.SYS
2010-07-25 19:35:57 ----A---- C:\WINDOWS\system32\drivers\ALI5261.SYS
2010-07-25 19:34:50 ----A---- C:\WINDOWS\imsins.BAK
2010-07-25 19:34:47 ----SHD---- C:\WINDOWS\Installer
2010-07-25 19:34:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-25 19:34:46 ----D---- C:\Program Files\Common Files\ODBC
2010-07-25 19:34:46 ----A---- C:\WINDOWS\ODBCINST.INI
2010-07-25 19:34:43 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-07-25 19:34:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-25 19:34:41 ----RD---- C:\Program Files
2010-07-25 19:34:41 ----D---- C:\Program Files\Common Files
2010-07-25 19:34:39 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-07-25 19:34:39 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-07-25 19:34:39 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-07-25 19:34:32 ----A---- C:\WINDOWS\system32\irclass.dll
2010-07-25 19:34:31 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-07-25 19:34:31 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-07-25 19:34:31 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-07-25 19:34:31 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-07-25 19:34:30 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-07-25 19:34:29 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-07-25 19:34:29 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-07-25 19:34:29 ----A---- C:\WINDOWS\system32\batt.dll
2010-07-25 19:34:29 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-07-25 19:34:24 ----A---- C:\WINDOWS\system32\storprop.dll
2010-07-25 19:34:16 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-07-25 19:32:34 ----RA---- C:\WINDOWS\SET8.tmp
2010-07-25 19:32:31 ----RA---- C:\WINDOWS\SET4.tmp
2010-07-25 19:32:30 ----RA---- C:\WINDOWS\SET3.tmp
2010-07-25 19:32:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-25 19:32:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-25 19:32:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-25 19:31:58 ----A---- C:\WINDOWS\setuplog.txt
2010-07-25 19:31:54 ----SHD---- C:\System Volume Information
2010-07-25 19:31:54 ----D---- C:\Documents and Settings
2010-07-25 19:30:43 ----RASH---- C:\boot.ini
2010-07-25 19:26:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-25 19:26:46 ----RSD---- C:\WINDOWS\Fonts
2010-07-25 19:26:46 ----RD---- C:\WINDOWS\Web
2010-07-25 19:26:46 ----HD---- C:\WINDOWS\inf
2010-07-25 19:26:46 ----D---- C:\WINDOWS\WinSxS
2010-07-25 19:26:46 ----D---- C:\WINDOWS\twain_32
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\wins
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\wbem
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\usmt
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\spool
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\ShellExt
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\Setup
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\ras
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\oobe
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\npp
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\mui
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\IME
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\icsxml
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\ias
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\export
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\dhcp
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\config
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\3com_dmi
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\3076
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\2052
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1054
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1042
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1041
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1037
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1033
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1031
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1028
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1025
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system
2010-07-25 19:26:46 ----D---- C:\WINDOWS\security
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Resources
2010-07-25 19:26:46 ----D---- C:\WINDOWS\repair
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Provisioning
2010-07-25 19:26:46 ----D---- C:\WINDOWS\PeerNet
2010-07-25 19:26:46 ----D---- C:\WINDOWS\pchealth
2010-07-25 19:26:46 ----D---- C:\WINDOWS\mui
2010-07-25 19:26:46 ----D---- C:\WINDOWS\msapps
2010-07-25 19:26:46 ----D---- C:\WINDOWS\msagent
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Media
2010-07-25 19:26:46 ----D---- C:\WINDOWS\java
2010-07-25 19:26:46 ----D---- C:\WINDOWS\ime
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Help
2010-07-25 19:26:46 ----D---- C:\WINDOWS\ehome
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Driver Cache
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Debug
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Cursors
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Connection Wizard
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Config
2010-07-25 19:26:46 ----D---- C:\WINDOWS\AppPatch
2010-07-25 19:26:46 ----D---- C:\WINDOWS\addins
2010-07-25 19:26:46 ----D---- C:\WINDOWS
2010-07-25 19:26:46 ----ASH---- C:\pagefile.sys
2010-07-25 18:57:49 ----D---- C:\Documents and Settings\mladen\Application Data\skypePM
2010-07-25 18:39:38 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-07-25 18:38:24 ----D---- C:\Documents and Settings\mladen\Application Data\Mozilla
2010-07-25 18:36:52 ----A---- C:\WINDOWS\system32\drivers\ar5211.sys
2010-07-25 18:36:52 ----A---- C:\WINDOWS\system32\ar5211.sys
2010-07-25 18:36:28 ----D---- C:\Documents and Settings\All Users\Application Data\TP-LINK
2010-07-25 18:34:04 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-07-25 18:32:45 ----D---- C:\Program Files\Microsoft Works
2010-07-25 18:32:38 ----D---- C:\Program Files\MSBuild
2010-07-25 18:32:18 ----D---- C:\Program Files\Microsoft Visual Studio
2010-07-25 18:32:17 ----D---- C:\Program Files\Common Files\DESIGNER
2010-07-25 18:28:50 ----D---- C:\WINDOWS\SHELLNEW
2010-07-25 18:28:29 ----D---- C:\Program Files\Microsoft Office
2010-07-25 18:28:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-25 18:28:08 ----RD---- C:\MSOCache
2010-07-25 18:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2010-07-25 18:26:06 ----D---- C:\Program Files\CyberLink
2010-07-25 18:24:52 ----D---- C:\Documents and Settings\mladen\Application Data\Skype
2010-07-25 18:24:39 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\px.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-07-25 18:22:40 ----D---- C:\Program Files\Winamp
2010-07-25 18:22:40 ----D---- C:\Documents and Settings\mladen\Application Data\Winamp
2010-07-25 18:22:20 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-25 18:22:18 ----D---- C:\Documents and Settings\mladen\Application Data\Macromedia
2010-07-25 18:22:17 ----D---- C:\Documents and Settings\mladen\Application Data\Adobe
2010-07-25 18:21:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-07-25 18:21:25 ----D---- C:\Program Files\Common Files\Adobe
2010-07-25 18:21:25 ----D---- C:\Program Files\Adobe
2010-07-25 18:20:05 ----D---- C:\Program Files\WinRAR
2010-07-25 18:19:12 ----D---- C:\Program Files\Mozilla Firefox
2010-07-25 18:17:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-25 18:15:23 ----D---- C:\Program Files\ESET
2010-07-25 18:15:23 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-07-25 18:13:11 ----D---- C:\Program Files\XP Codec Pack
2010-07-25 18:09:46 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-07-25 18:09:41 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2010-07-25 18:09:39 ----RA---- C:\WINDOWS\system32\ATIDEMGR.dll
2010-07-25 18:09:21 ----D---- C:\Program Files\ATI Technologies
2010-07-25 18:08:47 ----R---- C:\WINDOWS\system32\drivers\EIO.sys
2010-07-25 18:05:03 ----N---- C:\WINDOWS\system32\UnLAN.exe
2010-07-25 18:05:03 ----N---- C:\WINDOWS\system32\remove.exe
2010-07-25 18:05:03 ----A---- C:\WINDOWS\system32\drivers\ALILAN.SYS
2010-07-25 18:04:34 ----A---- C:\WINDOWS\system32\drivers\smsens.sys
2010-07-25 18:04:34 ----A---- C:\WINDOWS\system32\drivers\aeaudio.sys
2010-07-25 18:04:33 ----A---- C:\WINDOWS\system32\wdmioctl.dll
2010-07-25 18:04:32 ----A---- C:\WINDOWS\system32\SMMedia.dll
2010-07-25 18:04:30 ----A---- C:\WINDOWS\SynthCoreA.Dll
2010-07-25 18:04:30 ----A---- C:\WINDOWS\SynCor.exe
2010-07-25 18:04:28 ----A---- C:\WINDOWS\system32\SynthCore11Resources.dll
2010-07-25 18:04:28 ----A---- C:\WINDOWS\system32\Syncor11.dll
2010-07-25 18:04:28 ----A---- C:\WINDOWS\system32\S11thk32.dll
2010-07-25 18:04:24 ----D---- C:\WINDOWS\VirtualEar
2010-07-25 18:04:24 ----A---- C:\WINDOWS\system32\Audio3d.dll
2010-07-25 18:04:23 ----A---- C:\WINDOWS\system32\virtear.dll
2010-07-25 18:04:22 ----A---- C:\WINDOWS\system32\drivers\smwdm.sys
2010-07-25 18:04:21 ----A---- C:\WINDOWS\system32\a3d.dll
2010-07-25 18:04:20 ----D---- C:\Program Files\Analog Devices
2010-07-25 18:04:20 ----A---- C:\WINDOWS\system32\DSndUp.exe
2010-07-25 18:04:20 ----A---- C:\WINDOWS\system32\CleanUp.exe
2010-07-25 18:03:37 ----N---- C:\WINDOWS\system32\UnAGP.EXE
2010-07-25 18:03:37 ----N---- C:\WINDOWS\system32\rmagp.EXE
2010-07-25 18:03:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-25 18:03:34 ----A---- C:\WINDOWS\system32\drivers\ALiAGP.SYS
2010-07-25 18:03:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-25 18:03:27 ----D---- C:\Program Files\Common Files\InstallShield
2010-07-25 18:03:09 ----A---- C:\WINDOWS\Ascd_tmp.ini
2010-07-25 18:03:08 ----A---- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2010-07-25 18:01:01 ----D---- C:\Documents and Settings\mladen\Application Data\Identities
2010-07-25 18:00:59 ----HD---- C:\Program Files\Uninstall Information
2010-07-25 18:00:45 ----ASH---- C:\Documents and Settings\mladen\Application Data\desktop.ini
2010-07-25 18:00:44 ----SD---- C:\Documents and Settings\mladen\Application Data\Microsoft
2010-07-25 17:59:58 ----D---- C:\WINDOWS\SoftwareDistribution
2010-07-25 17:58:50 ----D---- C:\WINDOWS\Prefetch
2010-07-25 17:58:49 ----SD---- C:\WINDOWS\system32\Microsoft
2010-07-25 17:58:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-25 17:52:21 ----D---- C:\WINDOWS\system32\xircom
2010-07-25 17:52:21 ----D---- C:\Program Files\xerox
2010-07-25 17:52:21 ----D---- C:\Program Files\microsoft frontpage
2010-07-25 17:51:54 ----RASH---- C:\MSDOS.SYS
2010-07-25 17:51:54 ----RASH---- C:\IO.SYS
2010-07-25 17:51:54 ----A---- C:\WINDOWS\control.ini
2010-07-25 17:51:54 ----A---- C:\CONFIG.SYS
2010-07-25 17:51:54 ----A---- C:\AUTOEXEC.BAT
2010-07-25 17:51:33 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-25 17:51:29 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-07-25 17:50:26 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-25 17:50:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-25 17:50:25 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-07-25 17:50:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-07-25 17:50:13 ----HD---- C:\Program Files\WindowsUpdate
2010-07-25 17:49:52 ----D---- C:\WINDOWS\system32\DirectX
2010-07-25 17:49:34 ----A---- C:\WINDOWS\system32\atrace.dll
2010-07-25 17:49:31 ----A---- C:\WINDOWS\system32\desktop.ini
2010-07-25 17:49:31 ----A---- C:\WINDOWS\desktop.ini
2010-07-25 17:49:26 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-07-25 17:49:25 ----A---- C:\WINDOWS\system32\acctres.dll
2010-07-25 17:49:24 ----D---- C:\Program Files\Common Files\Services
2010-07-25 17:49:22 ----SD---- C:\WINDOWS\Tasks
2010-07-25 17:49:22 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-07-25 17:49:21 ----D---- C:\Program Files\Common Files\MSSoap
2010-07-25 17:49:18 ----D---- C:\WINDOWS\srchasst
2010-07-25 17:49:17 ----D---- C:\WINDOWS\system32\Macromed
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wups.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-07-25 17:49:12 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-07-25 17:49:12 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-07-25 17:49:09 ----D---- C:\Program Files\Movie Maker
2010-07-25 17:49:06 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-07-25 17:49:06 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-07-25 17:49:06 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-07-25 17:49:06 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-07-25 17:49:03 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-07-25 17:49:03 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-07-25 17:49:02 ----D---- C:\WINDOWS\system32\Restore
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\srclient.dll
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\msconf.dll
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\ils.dll
2010-07-25 17:48:59 ----D---- C:\Program Files\NetMeeting
2010-07-25 17:48:59 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-07-25 17:48:59 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-07-25 17:48:58 ----A---- C:\WINDOWS\system32\inetres.dll
2010-07-25 17:48:58 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-07-25 17:48:56 ----D---- C:\Program Files\Outlook Express
2010-07-25 17:48:56 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-07-25 17:48:56 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-07-25 17:48:56 ----A---- C:\WINDOWS\system32\mstask.dll
2010-07-25 17:48:55 ----A---- C:\WINDOWS\system32\isign32.dll
2010-07-25 17:48:55 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-07-25 17:48:55 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-07-25 17:48:55 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-07-25 17:48:51 ----D---- C:\Program Files\Common Files\System
2010-07-25 17:48:49 ----D---- C:\Program Files\Internet Explorer
2010-07-25 17:48:11 ----D---- C:\Program Files\ComPlus Applications
2010-07-25 17:48:08 ----A---- C:\WINDOWS\vbaddin.ini
2010-07-25 17:48:08 ----A---- C:\WINDOWS\vb.ini
2010-07-25 17:48:03 ----D---- C:\WINDOWS\Registration
2010-07-25 17:47:55 ----D---- C:\Program Files\Windows Media Player
2010-07-25 17:47:55 ----D---- C:\Program Files\Online Services
2010-07-25 17:47:46 ----D---- C:\Program Files\Messenger
2010-07-25 17:47:43 ----D---- C:\Program Files\MSN Gaming Zone
2010-07-25 17:47:43 ----A---- C:\WINDOWS\system32\write.exe
2010-07-25 17:47:36 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\winchat.exe
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\hticons.dll
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\avwav.dll
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-07-25 17:47:30 ----A---- C:\WINDOWS\system32\getuname.dll
2010-07-25 17:47:30 ----A---- C:\WINDOWS\system32\charmap.exe
2010-07-25 17:47:30 ----A---- C:\WINDOWS\system32\calc.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\winmine.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\tskill.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\sol.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\reset.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\freecell.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\tscon.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\shadow.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\regini.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\msg.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\logoff.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\stclient.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-07-25 17:47:26 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-07-25 17:47:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-07-25 17:47:12 ----D---- C:\Program Files\MSN
2010-07-25 17:47:11 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-07-25 17:47:11 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-07-25 17:47:11 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-07-25 17:47:11 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-07-25 17:47:10 ----D---- C:\Program Files\Windows NT
2010-07-25 17:47:10 ----A---- C:\WINDOWS\system32\spider.exe
2010-07-25 17:47:10 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-07-25 17:47:10 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-07-25 17:47:08 ----D---- C:\WINDOWS\system32\MsDtc
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-07-25 17:47:06 ----D---- C:\WINDOWS\system32\Com
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\colbact.dll
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-07-25 17:47:05 ----A---- C:\WINDOWS\system32\comuid.dll
2010-07-25 17:47:05 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-07-25 17:47:05 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-07-25 17:47:00 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-07-25 17:47:00 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-07-25 17:46:59 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-07-25 17:46:59 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-07-25 17:46:53 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-07-25 17:46:53 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 months======

2010-07-30 15:46:49 ----A---- C:\WINDOWS\system.ini
2010-07-26 11:04:03 ----A---- C:\WINDOWS\win.ini
2010-07-25 17:51:16 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ALiAGP;ALi AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\ALiAGP.sys [2003-08-05 29056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-07-26 166272]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258-); C:\WINDOWS\system32\DRIVERS\tdrpm258.sys [2010-07-26 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-07-26 581984]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2010-07-26 160704]
R3 ALI5261;ALi Based Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ALILAN.SYS [2003-09-05 29184]
R3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-03-27 543712]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-12 786944]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-19 602880]
S3 catchme;catchme; \??\C:\DOCUME~1\mladen\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-03-27 751464]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-26 2480048]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-12 389120]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-12 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Poslao: 30 Jul 2010 17:12
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Poslao: 30 Jul 2010 17:36
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Zavrseno. Evo log fajla:

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 30.7.2010 17:30:36

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {6681ecf8-9810-11df-b264-806d6172696f}
E: {6681ecf9-9810-11df-b264-806d6172696f}
D: {6681ecfa-9810-11df-b264-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 6681ecf8-9810-11df-b264-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 6681ecfa-9810-11df-b264-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 6681ecf9-9810-11df-b264-806d6172696f
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 30.7.2010 17:31:30

Scanning for connected USB mass storage...
----------------------------------------
G: {07a48e7a-997b-11df-96b4-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 07a48e7a-997b-11df-96b4-0011d832dbb2
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

Mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 30.7.2010 17:33:16

Scanning for connected USB mass storage...
----------------------------------------
G: {1163c024-9be6-11df-96bb-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 1163c024-9be6-11df-96bb-0011d832dbb2
----------------------------------------

----------------------------------------
Desktop.ini found at G:\NADFOLDER\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 30.7.2010 17:33:49

Scanning for connected USB mass storage...
----------------------------------------
G: {1163c024-9be6-11df-96bb-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 1163c024-9be6-11df-96bb-0011d832dbb2
----------------------------------------

----------------------------------------
Desktop.ini found at G:\NADFOLDER\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 30.7.2010 17:34:01

Scanning for connected USB mass storage...
----------------------------------------
G: {1163c024-9be6-11df-96bb-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 1163c024-9be6-11df-96bb-0011d832dbb2
----------------------------------------

----------------------------------------
Desktop.ini found at G:\NADFOLDER\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 30.7.2010 17:35:16

Scanning for connected USB mass storage...
----------------------------------------
G: {2d10feb4-9b4c-11df-96b8-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 2d10feb4-9b4c-11df-96b8-0011d832dbb2
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================

Poslao: 30 Jul 2010 18:42
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti prvi USB memorijski uređaj koji si skenirao.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{07a48e7a-997b-11df-96b4-0011d832dbb2}
delete_mimics:
no_sh:
folder_list: %DRIVE%

- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Ko je trenutno na forumu
 

Ukupno su 1258 korisnika na forumu :: 54 registrovanih, 3 sakrivenih i 1201 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksandarbl, aramis s, babaroga, Ben Roj, bojankrstc, bufanje, cavatina, ccoogg123, cenejac111, croato, Denaya, djordje92sm, djuradj, doloress, dragan_mig31, draganca, Frunze, Georgius, havoc995, ikan, Insan, ivan1973, JOntra, Kibice, kikisp, kolle.the.kid, kunktator, kybonacci, Leonov, loon123, mackenzie, Magistar78, MB120mm, Metanoja, Mi lao shu, Miki01, mikrimaus, Mirage 2000N, MrNo, oldtimer, Panter, pein, predragc, Ripanjac, saputnik plavetnila, Simon simonović, tubular, Udvar, VJ, voja64, Webb, wulfy, zdrebac