MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Problem sa virusom

Napisano na dan: 30.7.2010
1

Problem sa virusom
Sledeća strana Pagination

Idi na vrh

Poslao: 30 Jul 2010 16:07
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Nakon prebacivanja slika sa digitalnog fotoaparata NOD 32 ver. 3.0.695.0 pokazuje u donjem desnom uglu ekrana da je blokirao adresu "peradjoka35.com" sa IP adresom 127.0.0.1/:80. Dok sam pravio log fajlove DDS i GMER sve ikonice na desktopu su poplavile. Bilo koju da probam prevuci na drugu poziciju na desktopu povukla bi i sve ostale za sobom. Kompjuter je dosta usporio i nisam napravljene log fajlove mogao ni kopirati niti pomjeriti ni bilo sta drugo uraditi sa njima. Pokrenuo sam combo fix i nakon sto je on zavrsio sa radom neke stvari su se vratile u normalu ali je kompjuter i dalje spor. Ispod se nalaze fajlovi pripremljeni prije nego je kompjuter sasvim poludio.

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Poslao: 30 Jul 2010 16:17
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

mozes li mi postaviti logove od ComboFixa?



Poslao: 30 Jul 2010 16:23
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Naravno.Evo loga od combo fixa:
[Link mogu videti samo ulogovani korisnici]

ComboFix 10-07-29.02 - mladen 30.07.2010 15:43:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1350 [GMT 2:00]
Running from: c:\documents and settings\mladen\Desktop\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Win
c:\win\1.exe
c:\win\lsass.exe
c:\win\names.txt
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-27 12:32 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-27 12:16 . 1999-09-10 11:06 5600 ----a-w- c:\windows\system\winaspi.dll
2010-07-27 12:16 . 1999-09-10 11:06 4672 ----a-w- c:\windows\system\wowpost.exe
2010-07-27 12:13 . 1999-09-10 11:06 45056 ----a-w- c:\windows\system32\wnaspi32.dll
2010-07-27 12:13 . 1999-09-10 11:06 25244 ----a-w- c:\windows\system32\drivers\aspi32.sys
2010-07-27 12:08 . 2010-07-27 12:08 -------- d-----w- C:\adaptec
2010-07-27 11:28 . 2010-07-27 11:54 -------- d-----w- c:\documents and settings\mladen\Application Data\Ahead
2010-07-27 11:27 . 2004-03-03 19:30 5504 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-07-27 11:27 . 2004-03-03 19:30 125184 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2010-07-27 11:27 . 2001-06-26 06:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-07-27 11:27 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-07-27 11:27 . 2001-07-06 16:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-07-27 11:27 . 2001-07-06 12:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-07-27 11:27 . 2001-07-06 10:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-07-27 11:27 . 2010-07-27 11:27 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-27 11:27 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-07-27 11:03 . 2010-07-27 11:03 -------- d-----w- c:\documents and settings\mladen\Application Data\Canneverbe_Limited
2010-07-27 11:01 . 2010-07-27 11:01 158528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-27 11:00 . 2010-07-27 11:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-07-27 10:59 . 2010-07-27 10:59 -------- d-----w- c:\program files\Reference Assemblies
2010-07-27 10:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-27 10:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-27 10:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-27 10:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-27 10:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-27 10:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-27 10:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-27 10:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-27 10:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-27 10:58 . 2010-07-27 10:59 -------- d-----w- C:\038e1b9beb2292f7043d7a6b
2010-07-27 10:55 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-27 10:55 . 2010-07-27 10:55 -------- d-----w- c:\program files\MSXML 6.0
2010-07-27 10:53 . 2010-07-27 10:53 -------- d-----w- C:\582351f645d2f5d0f8
2010-07-27 10:52 . 2010-07-27 11:04 -------- d-----w- C:\20551b1787af0758a7
2010-07-27 09:48 . 2010-07-27 09:48 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\Ahead
2010-07-27 09:38 . 2010-07-27 12:30 -------- d-----w- c:\program files\Ahead
2010-07-27 09:25 . 2010-07-27 09:25 -------- d-----w- c:\program files\Common Files\Skype
2010-07-27 09:25 . 2010-07-27 10:22 -------- d-----r- c:\program files\Skype
2010-07-26 19:51 . 2010-07-26 19:51 -------- d-s---w- c:\documents and settings\mladen\UserData
2010-07-26 19:07 . 2010-07-26 19:07 -------- d-----w- c:\documents and settings\mladen\Application Data\TeamViewer
2010-07-26 19:07 . 2010-07-26 19:07 -------- d-----w- c:\program files\TeamViewer
2010-07-26 11:57 . 2010-07-26 11:57 -------- d-----w- c:\documents and settings\mladen\Application Data\Malwarebytes
2010-07-26 11:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 11:56 . 2010-07-26 11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 11:56 . 2010-07-26 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 11:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 11:33 . 2010-07-26 11:33 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\ESET
2010-07-26 10:21 . 2010-07-26 10:21 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\IsolatedStorage
2010-07-26 10:21 . 2010-07-26 10:21 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\HP
2010-07-26 10:20 . 2010-07-26 10:20 129 ----a-w- c:\documents and settings\mladen\Local Settings\Application Data\fusioncache.dat
2010-07-26 10:20 . 2010-07-30 12:32 -------- d-----w- c:\documents and settings\mladen\Local Settings\Application Data\ApplicationHistory
2010-07-26 10:18 . 2010-07-26 10:18 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-07-26 10:18 . 2010-07-26 10:18 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-07-26 10:18 . 2010-07-26 10:18 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-07-26 10:17 . 2010-07-26 10:17 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-07-26 10:17 . 2010-07-26 10:18 -------- d-----w- c:\program files\Common Files\Acronis
2010-07-26 10:17 . 2010-07-26 10:17 -------- d-----w- c:\program files\Acronis
2010-07-26 09:02 . 2010-07-26 09:02 -------- d-----w- c:\program files\Common Files\HP
2010-07-26 09:00 . 2010-07-26 09:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-26 09:00 . 2010-07-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-07-26 09:00 . 2004-05-11 08:53 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2010-07-26 09:00 . 2004-05-11 08:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-07-26 09:00 . 2004-05-11 08:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-07-26 09:00 . 2004-05-11 08:53 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-07-26 09:00 . 2004-05-11 08:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-07-26 09:00 . 2004-05-11 08:53 1230336 ----a-r- c:\windows\system32\MSXML4.dll
2010-07-26 09:00 . 2010-07-26 09:00 45056 ----a-r- c:\documents and settings\mladen\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2010-07-26 08:59 . 2010-07-26 08:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-07-26 08:58 . 2010-07-26 08:58 -------- d-----w- c:\windows\system32\URTTemp
2010-07-26 08:56 . 2004-06-21 20:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-07-26 08:56 . 2004-06-21 20:02 51088 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-07-26 08:56 . 2004-06-21 20:02 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-07-26 08:56 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-26 08:56 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-26 08:56 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-26 08:56 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-26 08:56 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-07-26 08:56 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-26 08:53 . 2004-03-18 14:55 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-07-26 08:53 . 2004-03-18 14:39 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-07-26 08:53 . 2004-03-18 14:38 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-07-26 08:53 . 2004-03-18 14:56 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-07-26 08:53 . 2004-03-18 14:53 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-07-26 08:53 . 2004-03-18 14:39 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-07-26 08:53 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-26 08:42 . 2010-07-26 09:04 -------- d-----w- c:\program files\HP
2010-07-26 08:33 . 2010-07-26 09:05 104257 ----a-w- c:\windows\hpoins04.dat
2010-07-26 08:33 . 2004-06-21 20:02 17176 ------w- c:\windows\hpomdl04.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 12:44 . 2010-07-25 16:24 -------- d-----w- c:\documents and settings\mladen\Application Data\Skype
2010-07-30 12:32 . 2010-07-25 16:57 -------- d-----w- c:\documents and settings\mladen\Application Data\skypePM
2010-07-27 11:03 . 2010-07-25 16:01 68456 ----a-w- c:\documents and settings\mladen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-27 09:25 . 2010-07-25 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-26 10:25 . 2010-07-25 15:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-25 16:57 . 2010-07-25 16:57 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-25 16:38 . 2010-07-25 16:38 0 ----a-w- c:\windows\nsreg.dat
2010-07-25 16:36 . 2010-07-25 16:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 16:36 . 2010-07-25 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK
2010-07-25 16:36 . 2010-07-25 16:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-25 16:34 . 2010-07-25 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-25 16:32 . 2010-07-25 16:32 -------- d-----w- c:\program files\Microsoft Works
2010-07-25 16:32 . 2010-07-25 16:32 -------- d-----w- c:\program files\MSBuild
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-25 16:26 . 2010-07-25 16:26 -------- d-----w- c:\program files\CyberLink
2010-07-25 16:23 . 2010-07-25 16:22 -------- d-----w- c:\program files\Winamp
2010-07-25 16:22 . 2010-07-25 16:22 -------- d-----w- c:\documents and settings\mladen\Application Data\Winamp
2010-07-25 16:22 . 2010-07-25 16:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-25 16:21 . 2010-07-25 16:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-25 16:18 . 2010-07-25 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-25 16:15 . 2010-07-25 16:15 -------- d-----w- c:\program files\ESET
2010-07-25 16:15 . 2010-07-25 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-25 16:13 . 2010-07-25 16:13 -------- d-----w- c:\program files\XP Codec Pack
2010-07-25 16:10 . 2010-07-25 16:09 -------- d-----w- c:\program files\ATI Technologies
2010-07-25 16:05 . 2010-07-25 16:05 845968 ----a-w- c:\windows\system32\AI - Series.scr
2010-07-25 16:04 . 2010-07-25 16:04 -------- d-----w- c:\program files\Analog Devices
2010-07-25 15:52 . 2010-07-25 15:52 -------- d-----w- c:\program files\microsoft frontpage
2010-07-25 15:48 . 2010-07-25 15:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [25.7.2010 18:03 29056]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258-);c:\windows\system32\drivers\tdrpm258.sys [26.7.2010 12:18 911680]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 35168]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [26.7.2010 12:18 2480048]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 9:02 472280]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [26.7.2010 12:18 160704]
R3 ALI5261;ALi Based Ethernet NT Driver;c:\windows\system32\drivers\ALILAN.SYS [25.7.2010 18:05 29184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KFPOIAOB
*Deregistered* - kfpoiaob
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {38992B3B-D11C-404C-B7AC-34D33E93BAA9} = 212.103.128.66 213.253.112.8
FF - ProfilePath - c:\documents and settings\mladen\Application Data\Mozilla\Firefox\Profiles\xngwken2.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-run32 - c:\win\lsass.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-07-30 15:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888-)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-30 15:48:19
ComboFix-quarantined-files.txt 2010-07-30 13:48

Pre-Run: 13.894.430.720 bytes free
Post-Run: 13.965.373.440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1FA69E8C5CC4A0881EDFC15E2D80B063

Poslao: 30 Jul 2010 16:35
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Jesi skenirao nekim antivirusom posle zaraze? Jel Nod nesto detektovao? Ako imas neke logove od AV okaci ih?

Poslao: 30 Jul 2010 16:45
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Nisam skenirao antivirusom, a poceo sam i da gubim povjerenje u njega. Ovo je drugi put za mjesec dana da registruje neka desavanja a da ih ne zaustavi. Prvi put mi je i pored njega, pretpostavljam opet neki virus, potrosio 8 GB za dva dana na wirelessu. Tada sam formatirao disk i rijesio problem. Ovo je njegov log fajl za zadnjih nekoliko dana:

[Link mogu videti samo ulogovani korisnici]

Poslao: 30 Jul 2010 16:50
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zasto koristis Service Pack 2? Trebalo bi da predjes na SP 3.

Skini program RSIT na Desktop:

[Link mogu videti samo ulogovani korisnici]


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

Poslao: 30 Jul 2010 16:59
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Sto se tice servis paka ni sam ne znam zasto. Valjda imam taj na cd-u pa mi nekako najlakse i najbrze za instalaciju :-)

Evo i log fajla:


[Link mogu videti samo ulogovani korisnici]

Logfile of random's system information tool 1.08 (written by random/random)
Run by mladen at 2010-07-30 16:54:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (61%) free of 22 GB
Total RAM: 1791 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:54:58, on 30.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mladen\Desktop\RSIT.exe
C:\Program Files\trend micro\mladen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\..\{38992B3B-D11C-404C-B7AC-34D33E93BAA9}: NameServer = 212.103.128.66 213.253.112.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6058 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-12 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-03-27 5107232]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2010-03-27 362232]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-30 16:54:16 ----D---- C:\Program Files\trend micro
2010-07-30 16:54:15 ----D---- C:\rsit
2010-07-30 15:48:21 ----D---- C:\WINDOWS\temp
2010-07-30 15:48:20 ----A---- C:\ComboFix.txt
2010-07-30 15:43:05 ----A---- C:\Boot.bak
2010-07-30 15:43:01 ----RASHD---- C:\cmdcons
2010-07-30 15:40:29 ----A---- C:\WINDOWS\zip.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\SWSC.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\SWREG.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\sed.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\PEV.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\MBR.exe
2010-07-30 15:40:29 ----A---- C:\WINDOWS\grep.exe
2010-07-30 15:40:24 ----D---- C:\WINDOWS\ERDNT
2010-07-30 15:38:59 ----D---- C:\Qoobox
2010-07-28 17:14:29 ----D---- C:\WINDOWS\Minidump
2010-07-27 14:32:30 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-07-27 14:16:03 ----A---- C:\WINDOWS\system32\wnaspi32.BAK
2010-07-27 14:16:03 ----A---- C:\WINDOWS\system32\drivers\aspi32.BAK
2010-07-27 14:13:06 ----A---- C:\WINDOWS\system32\wnaspi32.dll
2010-07-27 14:13:06 ----A---- C:\WINDOWS\system32\drivers\aspi32.sys
2010-07-27 14:08:03 ----D---- C:\adaptec
2010-07-27 13:28:28 ----D---- C:\Documents and Settings\mladen\Application Data\Ahead
2010-07-27 13:27:59 ----A---- C:\WINDOWS\system32\drivers\imagesrv.sys
2010-07-27 13:27:59 ----A---- C:\WINDOWS\system32\drivers\imagedrv.sys
2010-07-27 13:27:41 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-07-27 13:27:41 ----A---- C:\WINDOWS\system32\picn20.dll
2010-07-27 13:27:40 ----A---- C:\WINDOWS\system32\ImagXpr5.dll
2010-07-27 13:27:40 ----A---- C:\WINDOWS\system32\imagx5.dll
2010-07-27 13:27:40 ----A---- C:\WINDOWS\system32\imagr5.dll
2010-07-27 13:27:36 ----D---- C:\Program Files\Common Files\Ahead
2010-07-27 13:27:36 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-07-27 13:03:16 ----D---- C:\Documents and Settings\mladen\Application Data\Canneverbe_Limited
2010-07-27 13:00:09 ----D---- C:\WINDOWS\system32\XPSViewer
2010-07-27 13:00:01 ----D---- C:\WINDOWS\system32\en-US
2010-07-27 12:59:52 ----D---- C:\Program Files\Reference Assemblies
2010-07-27 12:58:45 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-07-27 12:58:44 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-07-27 12:58:44 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-07-27 12:58:43 ----D---- C:\038e1b9beb2292f7043d7a6b
2010-07-27 12:55:23 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-07-27 12:55:21 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-07-27 12:55:13 ----D---- C:\Program Files\MSXML 6.0
2010-07-27 12:53:17 ----D---- C:\582351f645d2f5d0f8
2010-07-27 12:52:56 ----D---- C:\20551b1787af0758a7
2010-07-27 12:45:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-07-27 12:45:02 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-07-27 11:38:44 ----D---- C:\Program Files\Ahead
2010-07-27 11:25:12 ----D---- C:\Program Files\Common Files\Skype
2010-07-27 11:25:05 ----RD---- C:\Program Files\Skype
2010-07-26 21:07:18 ----D---- C:\Documents and Settings\mladen\Application Data\TeamViewer
2010-07-26 21:07:07 ----D---- C:\Program Files\TeamViewer
2010-07-26 14:24:47 ----D---- C:\Documents and Settings\mladen\Application Data\WinRAR
2010-07-26 13:57:02 ----D---- C:\Documents and Settings\mladen\Application Data\Malwarebytes
2010-07-26 13:56:54 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-26 13:56:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-26 13:56:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-26 13:56:52 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-26 12:21:35 ----D---- C:\Documents and Settings\mladen\Application Data\Acronis
2010-07-26 12:20:16 ----D---- C:\Documents and Settings\All Users\Application Data\Acronis
2010-07-26 12:18:19 ----A---- C:\WINDOWS\system32\drivers\afcdp.sys
2010-07-26 12:18:09 ----A---- C:\WINDOWS\system32\drivers\tdrpm258.sys
2010-07-26 12:18:03 ----A---- C:\WINDOWS\system32\drivers\timntr.sys
2010-07-26 12:17:59 ----A---- C:\WINDOWS\system32\drivers\snapman.sys
2010-07-26 12:17:35 ----D---- C:\Program Files\Common Files\Acronis
2010-07-26 12:17:34 ----D---- C:\Program Files\Acronis
2010-07-26 11:05:34 ----A---- C:\_Sid.txt
2010-07-26 11:02:13 ----D---- C:\Program Files\Common Files\HP
2010-07-26 11:00:47 ----D---- C:\Program Files\Hewlett-Packard
2010-07-26 11:00:47 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\MSXML4r.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\MSXML4a.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\MSXML4.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\hpvcr70.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\hpvcp70.dll
2010-07-26 11:00:40 ----RA---- C:\WINDOWS\system32\hpvaut32.dll
2010-07-26 10:59:39 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-07-26 10:58:34 ----RSD---- C:\WINDOWS\assembly
2010-07-26 10:58:34 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-26 10:58:33 ----D---- C:\WINDOWS\system32\URTTemp
2010-07-26 10:56:51 ----RA---- C:\WINDOWS\system32\drivers\HPZipr12.sys
2010-07-26 10:56:49 ----RA---- C:\WINDOWS\system32\drivers\hpzid412.sys
2010-07-26 10:56:25 ----RA---- C:\WINDOWS\system32\drivers\HPZius12.sys
2010-07-26 10:56:21 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-07-26 10:56:13 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-07-26 10:56:08 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-07-26 10:53:58 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2010-07-26 10:53:58 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2010-07-26 10:53:58 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2010-07-26 10:53:57 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2010-07-26 10:53:57 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2010-07-26 10:53:57 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2010-07-26 10:53:57 ----A---- C:\WINDOWS\IsUninst.exe
2010-07-26 10:42:42 ----D---- C:\Program Files\HP
2010-07-26 10:37:32 ----D---- C:\Config.Msi
2010-07-25 19:44:55 ----A---- C:\WINDOWS\system32\h323log.txt
2010-07-25 19:39:49 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-07-25 19:39:47 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2010-07-25 19:39:46 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-07-25 19:39:44 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-07-25 19:39:43 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-07-25 19:39:41 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-07-25 19:39:40 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-07-25 19:39:39 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-07-25 19:39:37 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2010-07-25 19:39:35 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010-07-25 19:39:33 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010-07-25 19:39:29 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-07-25 19:38:54 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-07-25 19:38:34 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-07-25 19:38:34 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2010-07-25 19:38:34 ----A---- C:\WINDOWS\system32\drivers\msmpu401.sys
2010-07-25 19:38:33 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-07-25 19:38:31 ----A---- C:\WINDOWS\system32\drivers\gameenum.sys
2010-07-25 19:38:12 ----A---- C:\WINDOWS\system32\usbui.dll
2010-07-25 19:38:10 ----A---- C:\WINDOWS\system32\drivers\ALIM1541.SYS
2010-07-25 19:35:57 ----A---- C:\WINDOWS\system32\drivers\ALI5261.SYS
2010-07-25 19:34:50 ----A---- C:\WINDOWS\imsins.BAK
2010-07-25 19:34:47 ----SHD---- C:\WINDOWS\Installer
2010-07-25 19:34:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-25 19:34:46 ----D---- C:\Program Files\Common Files\ODBC
2010-07-25 19:34:46 ----A---- C:\WINDOWS\ODBCINST.INI
2010-07-25 19:34:43 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-07-25 19:34:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-25 19:34:41 ----RD---- C:\Program Files
2010-07-25 19:34:41 ----D---- C:\Program Files\Common Files
2010-07-25 19:34:39 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-07-25 19:34:39 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-07-25 19:34:39 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-07-25 19:34:38 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-07-25 19:34:36 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-07-25 19:34:35 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-07-25 19:34:34 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-07-25 19:34:32 ----A---- C:\WINDOWS\system32\irclass.dll
2010-07-25 19:34:31 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-07-25 19:34:31 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-07-25 19:34:31 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-07-25 19:34:31 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-07-25 19:34:30 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-07-25 19:34:29 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-07-25 19:34:29 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-07-25 19:34:29 ----A---- C:\WINDOWS\system32\batt.dll
2010-07-25 19:34:29 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-07-25 19:34:24 ----A---- C:\WINDOWS\system32\storprop.dll
2010-07-25 19:34:16 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-07-25 19:32:34 ----RA---- C:\WINDOWS\SET8.tmp
2010-07-25 19:32:31 ----RA---- C:\WINDOWS\SET4.tmp
2010-07-25 19:32:30 ----RA---- C:\WINDOWS\SET3.tmp
2010-07-25 19:32:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-25 19:32:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-25 19:32:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-25 19:31:58 ----A---- C:\WINDOWS\setuplog.txt
2010-07-25 19:31:54 ----SHD---- C:\System Volume Information
2010-07-25 19:31:54 ----D---- C:\Documents and Settings
2010-07-25 19:30:43 ----RASH---- C:\boot.ini
2010-07-25 19:26:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-25 19:26:46 ----RSD---- C:\WINDOWS\Fonts
2010-07-25 19:26:46 ----RD---- C:\WINDOWS\Web
2010-07-25 19:26:46 ----HD---- C:\WINDOWS\inf
2010-07-25 19:26:46 ----D---- C:\WINDOWS\WinSxS
2010-07-25 19:26:46 ----D---- C:\WINDOWS\twain_32
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\wins
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\wbem
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\usmt
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\spool
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\ShellExt
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\Setup
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\ras
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\oobe
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\npp
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\mui
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\inetsrv
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\IME
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\icsxml
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\ias
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\export
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\dhcp
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\config
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\3com_dmi
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\3076
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\2052
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1054
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1042
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1041
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1037
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1033
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1031
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1028
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32\1025
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system32
2010-07-25 19:26:46 ----D---- C:\WINDOWS\system
2010-07-25 19:26:46 ----D---- C:\WINDOWS\security
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Resources
2010-07-25 19:26:46 ----D---- C:\WINDOWS\repair
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Provisioning
2010-07-25 19:26:46 ----D---- C:\WINDOWS\PeerNet
2010-07-25 19:26:46 ----D---- C:\WINDOWS\pchealth
2010-07-25 19:26:46 ----D---- C:\WINDOWS\mui
2010-07-25 19:26:46 ----D---- C:\WINDOWS\msapps
2010-07-25 19:26:46 ----D---- C:\WINDOWS\msagent
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Media
2010-07-25 19:26:46 ----D---- C:\WINDOWS\java
2010-07-25 19:26:46 ----D---- C:\WINDOWS\ime
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Help
2010-07-25 19:26:46 ----D---- C:\WINDOWS\ehome
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Driver Cache
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Debug
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Cursors
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Connection Wizard
2010-07-25 19:26:46 ----D---- C:\WINDOWS\Config
2010-07-25 19:26:46 ----D---- C:\WINDOWS\AppPatch
2010-07-25 19:26:46 ----D---- C:\WINDOWS\addins
2010-07-25 19:26:46 ----D---- C:\WINDOWS
2010-07-25 19:26:46 ----ASH---- C:\pagefile.sys
2010-07-25 18:57:49 ----D---- C:\Documents and Settings\mladen\Application Data\skypePM
2010-07-25 18:39:38 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-07-25 18:38:24 ----D---- C:\Documents and Settings\mladen\Application Data\Mozilla
2010-07-25 18:36:52 ----A---- C:\WINDOWS\system32\drivers\ar5211.sys
2010-07-25 18:36:52 ----A---- C:\WINDOWS\system32\ar5211.sys
2010-07-25 18:36:28 ----D---- C:\Documents and Settings\All Users\Application Data\TP-LINK
2010-07-25 18:34:04 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-07-25 18:32:45 ----D---- C:\Program Files\Microsoft Works
2010-07-25 18:32:38 ----D---- C:\Program Files\MSBuild
2010-07-25 18:32:18 ----D---- C:\Program Files\Microsoft Visual Studio
2010-07-25 18:32:17 ----D---- C:\Program Files\Common Files\DESIGNER
2010-07-25 18:28:50 ----D---- C:\WINDOWS\SHELLNEW
2010-07-25 18:28:29 ----D---- C:\Program Files\Microsoft Office
2010-07-25 18:28:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-25 18:28:08 ----RD---- C:\MSOCache
2010-07-25 18:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2010-07-25 18:26:06 ----D---- C:\Program Files\CyberLink
2010-07-25 18:24:52 ----D---- C:\Documents and Settings\mladen\Application Data\Skype
2010-07-25 18:24:39 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\px.dll
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-07-25 18:22:44 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-07-25 18:22:40 ----D---- C:\Program Files\Winamp
2010-07-25 18:22:40 ----D---- C:\Documents and Settings\mladen\Application Data\Winamp
2010-07-25 18:22:20 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-25 18:22:18 ----D---- C:\Documents and Settings\mladen\Application Data\Macromedia
2010-07-25 18:22:17 ----D---- C:\Documents and Settings\mladen\Application Data\Adobe
2010-07-25 18:21:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-07-25 18:21:25 ----D---- C:\Program Files\Common Files\Adobe
2010-07-25 18:21:25 ----D---- C:\Program Files\Adobe
2010-07-25 18:20:05 ----D---- C:\Program Files\WinRAR
2010-07-25 18:19:12 ----D---- C:\Program Files\Mozilla Firefox
2010-07-25 18:17:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-25 18:15:23 ----D---- C:\Program Files\ESET
2010-07-25 18:15:23 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-07-25 18:13:11 ----D---- C:\Program Files\XP Codec Pack
2010-07-25 18:09:46 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-07-25 18:09:41 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2010-07-25 18:09:39 ----RA---- C:\WINDOWS\system32\ATIDEMGR.dll
2010-07-25 18:09:21 ----D---- C:\Program Files\ATI Technologies
2010-07-25 18:08:47 ----R---- C:\WINDOWS\system32\drivers\EIO.sys
2010-07-25 18:05:03 ----N---- C:\WINDOWS\system32\UnLAN.exe
2010-07-25 18:05:03 ----N---- C:\WINDOWS\system32\remove.exe
2010-07-25 18:05:03 ----A---- C:\WINDOWS\system32\drivers\ALILAN.SYS
2010-07-25 18:04:34 ----A---- C:\WINDOWS\system32\drivers\smsens.sys
2010-07-25 18:04:34 ----A---- C:\WINDOWS\system32\drivers\aeaudio.sys
2010-07-25 18:04:33 ----A---- C:\WINDOWS\system32\wdmioctl.dll
2010-07-25 18:04:32 ----A---- C:\WINDOWS\system32\SMMedia.dll
2010-07-25 18:04:30 ----A---- C:\WINDOWS\SynthCoreA.Dll
2010-07-25 18:04:30 ----A---- C:\WINDOWS\SynCor.exe
2010-07-25 18:04:28 ----A---- C:\WINDOWS\system32\SynthCore11Resources.dll
2010-07-25 18:04:28 ----A---- C:\WINDOWS\system32\Syncor11.dll
2010-07-25 18:04:28 ----A---- C:\WINDOWS\system32\S11thk32.dll
2010-07-25 18:04:24 ----D---- C:\WINDOWS\VirtualEar
2010-07-25 18:04:24 ----A---- C:\WINDOWS\system32\Audio3d.dll
2010-07-25 18:04:23 ----A---- C:\WINDOWS\system32\virtear.dll
2010-07-25 18:04:22 ----A---- C:\WINDOWS\system32\drivers\smwdm.sys
2010-07-25 18:04:21 ----A---- C:\WINDOWS\system32\a3d.dll
2010-07-25 18:04:20 ----D---- C:\Program Files\Analog Devices
2010-07-25 18:04:20 ----A---- C:\WINDOWS\system32\DSndUp.exe
2010-07-25 18:04:20 ----A---- C:\WINDOWS\system32\CleanUp.exe
2010-07-25 18:03:37 ----N---- C:\WINDOWS\system32\UnAGP.EXE
2010-07-25 18:03:37 ----N---- C:\WINDOWS\system32\rmagp.EXE
2010-07-25 18:03:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-25 18:03:34 ----A---- C:\WINDOWS\system32\drivers\ALiAGP.SYS
2010-07-25 18:03:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-25 18:03:27 ----D---- C:\Program Files\Common Files\InstallShield
2010-07-25 18:03:09 ----A---- C:\WINDOWS\Ascd_tmp.ini
2010-07-25 18:03:08 ----A---- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2010-07-25 18:01:01 ----D---- C:\Documents and Settings\mladen\Application Data\Identities
2010-07-25 18:00:59 ----HD---- C:\Program Files\Uninstall Information
2010-07-25 18:00:45 ----ASH---- C:\Documents and Settings\mladen\Application Data\desktop.ini
2010-07-25 18:00:44 ----SD---- C:\Documents and Settings\mladen\Application Data\Microsoft
2010-07-25 17:59:58 ----D---- C:\WINDOWS\SoftwareDistribution
2010-07-25 17:58:50 ----D---- C:\WINDOWS\Prefetch
2010-07-25 17:58:49 ----SD---- C:\WINDOWS\system32\Microsoft
2010-07-25 17:58:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-25 17:52:21 ----D---- C:\WINDOWS\system32\xircom
2010-07-25 17:52:21 ----D---- C:\Program Files\xerox
2010-07-25 17:52:21 ----D---- C:\Program Files\microsoft frontpage
2010-07-25 17:51:54 ----RASH---- C:\MSDOS.SYS
2010-07-25 17:51:54 ----RASH---- C:\IO.SYS
2010-07-25 17:51:54 ----A---- C:\WINDOWS\control.ini
2010-07-25 17:51:54 ----A---- C:\CONFIG.SYS
2010-07-25 17:51:54 ----A---- C:\AUTOEXEC.BAT
2010-07-25 17:51:33 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-25 17:51:29 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-07-25 17:50:26 ----RD---- C:\WINDOWS\Offline Web Pages
2010-07-25 17:50:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-25 17:50:25 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-07-25 17:50:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-07-25 17:50:13 ----HD---- C:\Program Files\WindowsUpdate
2010-07-25 17:49:52 ----D---- C:\WINDOWS\system32\DirectX
2010-07-25 17:49:34 ----A---- C:\WINDOWS\system32\atrace.dll
2010-07-25 17:49:31 ----A---- C:\WINDOWS\system32\desktop.ini
2010-07-25 17:49:31 ----A---- C:\WINDOWS\desktop.ini
2010-07-25 17:49:26 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-07-25 17:49:25 ----A---- C:\WINDOWS\system32\acctres.dll
2010-07-25 17:49:24 ----D---- C:\Program Files\Common Files\Services
2010-07-25 17:49:22 ----SD---- C:\WINDOWS\Tasks
2010-07-25 17:49:22 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-07-25 17:49:21 ----D---- C:\Program Files\Common Files\MSSoap
2010-07-25 17:49:18 ----D---- C:\WINDOWS\srchasst
2010-07-25 17:49:17 ----D---- C:\WINDOWS\system32\Macromed
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wups.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-07-25 17:49:14 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-07-25 17:49:13 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-07-25 17:49:12 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-07-25 17:49:12 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-07-25 17:49:09 ----D---- C:\Program Files\Movie Maker
2010-07-25 17:49:06 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-07-25 17:49:06 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-07-25 17:49:06 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-07-25 17:49:06 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-07-25 17:49:03 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-07-25 17:49:03 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-07-25 17:49:02 ----D---- C:\WINDOWS\system32\Restore
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\srclient.dll
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-07-25 17:49:02 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\msconf.dll
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-07-25 17:49:01 ----A---- C:\WINDOWS\system32\ils.dll
2010-07-25 17:48:59 ----D---- C:\Program Files\NetMeeting
2010-07-25 17:48:59 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-07-25 17:48:59 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-07-25 17:48:58 ----A---- C:\WINDOWS\system32\inetres.dll
2010-07-25 17:48:58 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-07-25 17:48:56 ----D---- C:\Program Files\Outlook Express
2010-07-25 17:48:56 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-07-25 17:48:56 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-07-25 17:48:56 ----A---- C:\WINDOWS\system32\mstask.dll
2010-07-25 17:48:55 ----A---- C:\WINDOWS\system32\isign32.dll
2010-07-25 17:48:55 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-07-25 17:48:55 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-07-25 17:48:55 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-07-25 17:48:51 ----D---- C:\Program Files\Common Files\System
2010-07-25 17:48:49 ----D---- C:\Program Files\Internet Explorer
2010-07-25 17:48:11 ----D---- C:\Program Files\ComPlus Applications
2010-07-25 17:48:08 ----A---- C:\WINDOWS\vbaddin.ini
2010-07-25 17:48:08 ----A---- C:\WINDOWS\vb.ini
2010-07-25 17:48:03 ----D---- C:\WINDOWS\Registration
2010-07-25 17:47:55 ----D---- C:\Program Files\Windows Media Player
2010-07-25 17:47:55 ----D---- C:\Program Files\Online Services
2010-07-25 17:47:46 ----D---- C:\Program Files\Messenger
2010-07-25 17:47:43 ----D---- C:\Program Files\MSN Gaming Zone
2010-07-25 17:47:43 ----A---- C:\WINDOWS\system32\write.exe
2010-07-25 17:47:36 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\winchat.exe
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\hticons.dll
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\avwav.dll
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-07-25 17:47:35 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-07-25 17:47:30 ----A---- C:\WINDOWS\system32\getuname.dll
2010-07-25 17:47:30 ----A---- C:\WINDOWS\system32\charmap.exe
2010-07-25 17:47:30 ----A---- C:\WINDOWS\system32\calc.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\winmine.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\tskill.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\sol.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\reset.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-07-25 17:47:29 ----A---- C:\WINDOWS\system32\freecell.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\tscon.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\shadow.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\regini.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\msg.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\logoff.exe
2010-07-25 17:47:28 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\stclient.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-07-25 17:47:27 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-07-25 17:47:26 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-07-25 17:47:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-07-25 17:47:12 ----D---- C:\Program Files\MSN
2010-07-25 17:47:11 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-07-25 17:47:11 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-07-25 17:47:11 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-07-25 17:47:11 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-07-25 17:47:10 ----D---- C:\Program Files\Windows NT
2010-07-25 17:47:10 ----A---- C:\WINDOWS\system32\spider.exe
2010-07-25 17:47:10 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-07-25 17:47:10 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-07-25 17:47:09 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-07-25 17:47:08 ----D---- C:\WINDOWS\system32\MsDtc
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-07-25 17:47:08 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-07-25 17:47:07 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-07-25 17:47:06 ----D---- C:\WINDOWS\system32\Com
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\colbact.dll
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-07-25 17:47:06 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-07-25 17:47:05 ----A---- C:\WINDOWS\system32\comuid.dll
2010-07-25 17:47:05 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-07-25 17:47:05 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-07-25 17:47:00 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-07-25 17:47:00 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-07-25 17:46:59 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-07-25 17:46:59 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-07-25 17:46:53 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-07-25 17:46:53 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

======List of files/folders modified in the last 1 months======

2010-07-30 15:46:49 ----A---- C:\WINDOWS\system.ini
2010-07-26 11:04:03 ----A---- C:\WINDOWS\win.ini
2010-07-25 17:51:16 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ALiAGP;ALi AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\ALiAGP.sys [2003-08-05 29056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-07-26 166272]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258-); C:\WINDOWS\system32\DRIVERS\tdrpm258.sys [2010-07-26 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-07-26 581984]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2010-07-26 160704]
R3 ALI5261;ALi Based Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ALILAN.SYS [2003-09-05 29184]
R3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-03-27 543712]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-12 786944]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-19 602880]
S3 catchme;catchme; \??\C:\DOCUME~1\mladen\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-03-27 751464]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-26 2480048]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-12 389120]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-12 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Poslao: 30 Jul 2010 17:12
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Poslao: 30 Jul 2010 17:36
Idi na vrh
offline
  • Pridružio: 30 Jul 2010
  • Poruke: 54

Zavrseno. Evo log fajla:

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 30.7.2010 17:30:36

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {6681ecf8-9810-11df-b264-806d6172696f}
E: {6681ecf9-9810-11df-b264-806d6172696f}
D: {6681ecfa-9810-11df-b264-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 6681ecf8-9810-11df-b264-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 6681ecfa-9810-11df-b264-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 6681ecf9-9810-11df-b264-806d6172696f
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 30.7.2010 17:31:30

Scanning for connected USB mass storage...
----------------------------------------
G: {07a48e7a-997b-11df-96b4-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 07a48e7a-997b-11df-96b4-0011d832dbb2
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

Mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 30.7.2010 17:33:16

Scanning for connected USB mass storage...
----------------------------------------
G: {1163c024-9be6-11df-96bb-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 1163c024-9be6-11df-96bb-0011d832dbb2
----------------------------------------

----------------------------------------
Desktop.ini found at G:\NADFOLDER\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 30.7.2010 17:33:49

Scanning for connected USB mass storage...
----------------------------------------
G: {1163c024-9be6-11df-96bb-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 1163c024-9be6-11df-96bb-0011d832dbb2
----------------------------------------

----------------------------------------
Desktop.ini found at G:\NADFOLDER\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 30.7.2010 17:34:01

Scanning for connected USB mass storage...
----------------------------------------
G: {1163c024-9be6-11df-96bb-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 1163c024-9be6-11df-96bb-0011d832dbb2
----------------------------------------

----------------------------------------
Desktop.ini found at G:\NADFOLDER\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 30.7.2010 17:35:16

Scanning for connected USB mass storage...
----------------------------------------
G: {2d10feb4-9b4c-11df-96b8-0011d832dbb2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 2d10feb4-9b4c-11df-96b8-0011d832dbb2
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================

Poslao: 30 Jul 2010 18:42
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti prvi USB memorijski uređaj koji si skenirao.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{07a48e7a-997b-11df-96b4-0011d832dbb2}
delete_mimics:
no_sh:
folder_list: %DRIVE%

- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom

Ko je trenutno na forumu
 

Ukupno su 1181 korisnika na forumu :: 85 registrovanih, 6 sakrivenih i 1090 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amonsrb, Avalon015, Banovo Brdo, Bickoooo, Black Luster Soldier, bladesu, bojank, BORUTUS, brundo65, Butcher, cifra, Cirkon, Citalac, d.arsenal321, dane007, dankisha, darkangel, darkdruid72, djile1, Djokislav, DJUNTA, DonRumataEstorski, Dorcolac, dragan_mig31, draganl, dragoljub11987, dulleo, Dzoni2412, EXIT78, g_g, GORDI, havoc995, ivan979, ivan_8282, Jomini, Kenanjoz, kikisp, Koridor, kybonacci, lcc, Litostroton, lucko1, lukac, M74AB3, Marko Marković, mercedesamg, Miki01, mikki jons, Milometer, Milos1389, mkukoleca, moldway, narandzasti, nemkea71, oldtimer, peradetlić, pfc74, rakivan, raster12, rednap, royst33, samocitam, saputnik plavetnila, sasa87, savaskytec, sekretar, Srki94, synergia, t84dar, tachinni, tanakadzo, The Boss, TheBeastOfMG, theNedjeljko, Timočka Divizija, UAV operator, Vatreni Zmaj, Velizar Laro, Vlada1389, Vrač, vuksa72, YugoSlav, Zadonbas, Zmaj Tolak, zoran77