MyCity » Ambulanta -> Arhiva Ambulante » magnet za virus :DD

magnet za virus :DD

Napisano na dan: 14.9.2012
1

magnet za virus :DD
Sledeća strana Pagination

Idi na vrh

Poslao: 14 Sep 2012 21:27
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

nemam sta da opisujem klikno sam link koji nisam trebao Embarassed ruka mi je bila brza od mozga i stidim se toga Embarassed

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by tracer at 21:04:21 on 2012-09-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1037 [GMT -7:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe
C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe
C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe
C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\tracer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tracer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tracer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tracer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tracer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\tracer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IMMON] "c:\program files\im magician\Vicamon.exe"
mRunOnce: [DelContextmenu] cmd.exe /c del c:\program" "files\perfect" "uninstaller\Contextmenu.dll
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
IE: Download Video on This Page - c:\program files\tomato\youtube video downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\tomato\youtube video downloader\MDIEEx.dll/212
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {11F19C45-9675-488A-A8E0-8E8234DC245D}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: microsoft.com\www.update
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [Link mogu videti samo ulogovani korisnici]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [Link mogu videti samo ulogovani korisnici]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5D4D47ED-FA3A-4955-82BB-DFD5C24E3320} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: qsn.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: setup.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: steam.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: taskmgr.exe - "c:\program files\process hacker 2\ProcessHacker.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2012-3-13 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2012-3-13 5248]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-1-28 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-1-28 202928]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-3-14 14776]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-1-28 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-25 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-28 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-28 355632]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2012-1-28 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-28 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-28 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-1-28 133912]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-2-9 1529152]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-1-30 99856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2012-2-9 10064]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2012-3-15 17792]
R4 KProcessHacker2;KProcessHacker2;c:\program files\process hacker 2\kprocesshacker.sys [2012-2-2 33352]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys --> c:\windows\system32\drivers\vmci.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IBUpdaterService;Updater Service; [x]
S2 PfFilter;PfFilter;\??\g:\protected folder\pffilter.sys --> g:\protected folder\pffilter.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-20 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-6-26 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-9-12 23456]
S3 getbus;getbus; [x]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\HIDUSBF.SYS [2012-7-21 3616]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-9-6 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-9-6 10200]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-8-15 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-30 14336]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-15 01:44:18 -------- d-----w- c:\program files\Steam
2012-09-12 23:34:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-09-12 23:33:17 -------- d-----w- c:\documents and settings\tracer\application data\Vimisoft Studio
2012-09-12 23:33:05 77824 ----a-w- c:\windows\system32\vgf.dll
2012-09-12 23:33:05 73728 ----a-r- c:\windows\system32\exvmuvc.ax
2012-09-12 23:33:05 450560 ----a-w- c:\windows\system32\newlistview2.dll
2012-09-12 23:33:04 -------- d-----w- c:\program files\common files\Vimisoft Studio
2012-09-12 23:32:54 -------- d-----w- c:\program files\Vimicro Corporation
2012-09-12 23:32:43 -------- d-----w- c:\program files\IM Magician
2012-09-10 06:17:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-09-10 01:10:08 -------- d-----w- C:\Downloads
2012-09-09 02:03:25 5785088 ----a-w- c:\windows\system32\QtGui4.dll
2012-09-09 02:03:24 2170368 ----a-w- c:\windows\system32\QtCore4.dll
2012-09-09 02:02:14 15934 ----a-w- c:\windows\system32\mingwm10.dll
2012-09-09 00:43:03 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-07 03:29:02 2872000 ----a-w- c:\windows\system32\pwNative.exe
2012-09-07 03:29:01 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-09-07 03:28:59 10200 ------w- c:\windows\system32\pwdspio.sys
2012-09-05 18:11:24 -------- d-----w- c:\program files\common files\Steam
2012-09-05 05:49:31 -------- d-----w- c:\program files\CustoPackTools
2012-09-05 05:43:50 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-09-04 19:09:55 -------- d-sha-r- C:\cmdcons
2012-09-04 19:08:05 98816 ----a-w- c:\windows\sed.exe
2012-09-04 19:08:05 518144 ----a-w- c:\windows\SWREG.exe
2012-09-04 19:08:05 256000 ----a-w- c:\windows\PEV.exe
2012-09-04 19:08:05 208896 ----a-w- c:\windows\MBR.exe
2012-09-03 05:12:43 -------- d-----w- c:\program files\Ray Adams
2012-08-30 21:42:02 840264 ----a-w- c:\windows\system32\pbsvc (1).exe
2012-08-29 22:58:16 -------- d-----w- c:\program files\uTorrent
2012-08-29 22:42:28 -------- d-----w- c:\documents and settings\tracer\application data\atitray
2012-08-29 22:37:50 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2012-08-29 22:37:50 -------- d-----w- c:\program files\Radeon Omega Drivers
2012-08-28 17:50:43 -------- d-----w- c:\documents and settings\tracer\application data\Qualys
2012-08-27 23:13:54 -------- d-----w- c:\documents and settings\tracer\local settings\application data\PassMark
2012-08-27 23:13:35 -------- d-----w- c:\documents and settings\all users\application data\PassMark
2012-08-27 06:52:59 -------- d-----w- c:\documents and settings\all users\application data\Premium
2012-08-27 06:52:02 -------- d-----w- c:\documents and settings\all users\application data\OptimizerPro1
2012-08-27 06:49:53 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-08-26 01:10:31 -------- d-----w- c:\documents and settings\tracer\local settings\application data\Darkpedia_Network
2012-08-23 23:42:02 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-08-23 23:41:37 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-08-19 07:36:09 -------- d-----w- c:\documents and settings\tracer\local settings\application data\Facebook
2012-08-17 05:14:25 -------- d-----w- c:\documents and settings\tracer\local settings\application data\VMware
2012-08-17 03:18:37 -------- d-----w- c:\documents and settings\tracer\AppData
2012-08-17 03:11:19 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-08-16 23:34:41 -------- d-----w- c:\documents and settings\tracer\application data\Free Download Manager
2012-08-16 23:27:31 -------- d-----w- c:\documents and settings\tracer\application data\DAEMON Tools Lite
2012-08-16 23:26:43 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-08-16 18:46:22 -------- d-----w- c:\documents and settings\tracer\application data\ElevatedDiagnostics
2012-08-16 18:20:57 73728 ----a-w- c:\windows\system32\waitwnd.exe
2012-08-16 18:20:57 6584 ----a-w- c:\windows\system32\InstFunc.dll
2012-08-16 18:20:57 180224 ----a-w- c:\windows\system32\setuplib.dll
2012-08-16 18:19:41 36864 ----a-w- c:\windows\system32\amdk8.sys
2012-08-16 18:11:12 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2012-08-16 18:11:12 45056 ----a-w- c:\windows\system32\vusetup.dll
2012-08-16 18:11:12 11392 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2012-08-16 07:46:29 -------- d-----w- c:\documents and settings\tracer\local settings\application data\WMTools Downloaded Files
2012-08-16 07:36:25 -------- d-----w- c:\documents and settings\tracer\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-16 04:44:10 -------- d-----w- c:\documents and settings\tracer\local settings\application data\PC_Drivers_Headquarters
2012-08-16 04:14:47 -------- d-----w- c:\documents and settings\tracer\local settings\application data\Innovative Solutions
.
==================== Find3M ====================
.
2012-09-14 23:09:49 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 23:09:49 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 20:09:10 7746048 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-09-05 20:08:42 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-09-05 20:08:31 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-09-05 20:08:20 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-09-05 20:08:18 305664 ----a-w- c:\windows\system32\ati2dvag.dll
2012-09-05 20:07:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-09-05 20:07:40 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2012-09-05 20:07:35 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-09-05 20:07:26 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-09-05 20:07:16 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-09-05 20:07:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-05 20:07:12 294912 ----a-w- c:\windows\system32\ATIODE.exe
2012-09-05 20:06:49 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-05 20:06:37 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2012-09-05 20:05:56 19976192 ----a-w- c:\windows\system32\atioglxx.dll
2012-09-05 20:05:56 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-09-05 20:05:31 5374560 ----a-w- c:\windows\system32\ati3duag.dll
2012-09-05 20:05:18 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-09-05 20:04:48 888832 ----a-w- c:\windows\system32\ati2cqag.dll
2012-09-05 20:04:32 647168 ----a-w- c:\windows\system32\ati2evxx.exe
2012-09-05 20:04:30 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-09-05 20:04:26 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-09-05 20:04:24 3900800 ----a-w- c:\windows\system32\ativvaxx.dll
2012-09-05 20:04:04 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-09-05 20:03:53 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-05 20:03:42 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-09-05 20:03:42 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-09-05 20:03:39 217088 ----a-w- c:\windows\system32\atipdlxx.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13:14 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-15 18:59:14 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-14 21:03:00 794408 ----a-w- c:\windows\system32\pbsvc.exe
2012-08-11 23:36:16 2332288 ----a-w- c:\windows\system32\TUKernel.exe
2012-07-13 22:22:49 65536 ----a-w- c:\windows\IFinst27.exe
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 03:47:56 53248 ----a-w- c:\windows\system32\drivers\SETD3.tmp
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-26 21:06:24 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-06-25 15:56:05 212 ----a-w- c:\windows\ildasmfnt.bin
2012-06-19 23:54:20 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-17 21:14:42 1021440 ----a-w- c:\windows\system32\ac3filter_intl.dll
2012-06-17 21:10:08 965120 ----a-w- c:\windows\system32\ac3filter.acm
.
============= FINISH: 21:05:09.15 ===============

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Poslao: 14 Sep 2012 23:43
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pozdrav, MrZiM windows7



Exclamation ComboFix nije dijagnosticki alat kao ovi iz uputstva. To je jako mocan alat, koji nepravilnim rukovanjem, moze unistiti operativni sistem ili pak obrisati sve padatke sa hard diska. Pokrece se iskljucivo uz predlog, nadleznost i detaljno uputstvo helpera koji je expert u toj oblasti i zna sta radi.

Za ubuduce, ne pokreci ComboFix na svoju ruku!!!


Arrow Otidji u C:\ i dostavi nam ComboFix.txt. Puna lokacija je C:\ComboFix.txt.



Poslao: 15 Sep 2012 08:54
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

combofix mi je trazio "argus" bio sam napravio temu "virus opet" i tamo mi je zatrazen combofix nikad nisam dirao takav program sam mozda nisam obrisao combofix evo postavljam log ali to je prosli scan
[Link mogu videti samo ulogovani korisnici]

Poslao: 15 Sep 2012 09:29
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Arrow Ako imas ikonicu od ComboFix-a na ekranu, obrisi je, a zatim isprati sledece uputstvo detaljno


Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Poslao: 15 Sep 2012 18:01
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

Napisano: 15 Sep 2012 15:03

ComboFix 12-09-14.03 - tracer 09/15/2012 14:51:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1360 [GMT -7:00]
Running from: c:\documents and settings\tracer\My Documents\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\mingwm10.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 01:44 . 2012-09-15 21:45 -------- d-----w- c:\program files\Steam
2012-09-12 23:34 . 2012-09-12 23:34 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-09-12 23:33 . 2012-09-12 23:33 -------- d-----w- c:\documents and settings\tracer\Application Data\Vimisoft Studio
2012-09-12 23:33 . 2009-06-17 16:55 73728 ----a-r- c:\windows\system32\exvmuvc.ax
2012-09-12 23:33 . 2009-03-03 18:55 450560 ----a-w- c:\windows\system32\newlistview2.dll
2012-09-12 23:33 . 2009-02-09 18:13 77824 ----a-w- c:\windows\system32\vgf.dll
2012-09-12 23:33 . 2012-09-12 23:33 -------- d-----w- c:\program files\Common Files\Vimisoft Studio
2012-09-12 23:32 . 2012-09-12 23:45 -------- d-----w- c:\program files\Vimicro Corporation
2012-09-12 23:32 . 2012-09-12 23:33 -------- d-----w- c:\program files\IM Magician
2012-09-12 23:32 . 2012-09-12 23:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-09-10 06:17 . 2012-09-10 06:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-09-10 05:57 . 2012-09-15 01:36 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-10 05:57 . 2012-09-10 05:57 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-10 01:10 . 2012-09-10 01:10 -------- d-----w- C:\Downloads
2012-09-09 02:03 . 2006-06-20 02:35 5785088 ----a-w- c:\windows\system32\QtGui4.dll
2012-09-09 02:03 . 2006-06-24 07:16 2170368 ----a-w- c:\windows\system32\QtCore4.dll
2012-09-09 00:43 . 2012-09-09 00:52 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-07 03:29 . 2012-08-20 21:48 2872000 ----a-w- c:\windows\system32\pwNative.exe
2012-09-07 03:29 . 2012-08-20 21:48 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-09-07 03:28 . 2012-08-20 21:48 10200 ------w- c:\windows\system32\pwdspio.sys
2012-09-05 18:11 . 2012-09-05 18:11 -------- d-----w- c:\program files\Common Files\Steam
2012-09-05 05:49 . 2012-09-13 22:05 -------- d-----w- c:\program files\CustoPackTools
2012-09-05 05:43 . 2012-02-09 21:13 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-09-03 05:12 . 2012-09-15 15:44 -------- d-----w- c:\program files\Ray Adams
2012-08-30 21:42 . 2012-08-30 21:41 840264 ----a-w- c:\windows\system32\pbsvc (1).exe
2012-08-29 22:58 . 2012-08-29 22:58 -------- d-----w- c:\program files\uTorrent
2012-08-29 22:42 . 2012-08-29 22:42 -------- d-----w- c:\documents and settings\tracer\Application Data\atitray
2012-08-29 22:37 . 2012-08-29 22:37 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2012-08-29 22:37 . 2012-08-29 22:37 -------- d-----w- c:\program files\Radeon Omega Drivers
2012-08-28 17:50 . 2012-08-28 17:50 -------- d-----w- c:\documents and settings\tracer\Application Data\Qualys
2012-08-27 23:13 . 2012-08-27 23:13 -------- d-----w- c:\documents and settings\tracer\Local Settings\Application Data\PassMark
2012-08-27 23:13 . 2012-08-27 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2012-08-27 06:52 . 2012-08-27 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-08-27 06:52 . 2012-08-27 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\OptimizerPro1
2012-08-27 06:51 . 2012-08-27 06:51 454 ----a-w- C:\user.js
2012-08-27 06:49 . 2012-08-27 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-08-26 01:10 . 2012-08-26 01:10 -------- d-----w- c:\documents and settings\tracer\Local Settings\Application Data\Darkpedia_Network
2012-08-23 23:42 . 2012-02-09 21:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-08-23 23:41 . 2012-08-23 23:42 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-08-23 15:43 . 2012-08-23 15:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-08-23 15:34 . 2012-08-23 15:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-20 06:05 . 2012-08-23 21:45 -------- d-----w- c:\documents and settings\tracer\Application Data\Skype
2012-08-20 06:04 . 2012-08-23 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-08-19 07:36 . 2012-08-19 07:45 -------- d-----w- c:\documents and settings\tracer\Local Settings\Application Data\Facebook
2012-08-17 05:14 . 2012-08-17 17:53 -------- d-----w- c:\documents and settings\tracer\Local Settings\Application Data\VMware
2012-08-17 05:14 . 2012-08-20 04:46 -------- d-----w- c:\documents and settings\tracer\Application Data\VMware
2012-08-17 03:18 . 2012-08-17 03:18 -------- d-----w- c:\documents and settings\tracer\Application Data\Apple Computer
2012-08-17 03:18 . 2012-08-17 03:18 -------- d-----w- c:\documents and settings\tracer\AppData
2012-08-17 03:11 . 2012-08-17 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-08-16 23:35 . 2012-08-20 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2012-08-16 23:34 . 2012-09-12 23:41 -------- d-----w- c:\documents and settings\tracer\Application Data\Free Download Manager
2012-08-16 23:27 . 2012-09-09 00:55 -------- d-----w- c:\documents and settings\tracer\Application Data\DAEMON Tools Lite
2012-08-16 23:26 . 2012-09-09 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 23:09 . 2012-06-20 07:20 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 23:09 . 2012-01-28 19:36 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 23:07 . 2012-05-23 21:40 1651104 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2012-09-11 07:06 . 2012-05-23 21:40 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-09-10 05:55 . 2012-05-18 19:08 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-09-05 20:09 . 2012-08-15 18:58 7746048 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-09-05 20:08 . 2012-08-15 18:58 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-09-05 20:08 . 2012-08-15 18:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-09-05 20:08 . 2012-08-15 18:58 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-09-05 20:08 . 2012-08-15 18:58 305664 ----a-w- c:\windows\system32\ati2dvag.dll
2012-09-05 20:07 . 2012-08-15 18:58 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-09-05 20:07 . 2012-08-15 18:58 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2012-09-05 20:07 . 2012-08-15 18:58 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-09-05 20:07 . 2008-10-03 22:29 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-09-05 20:07 . 2012-08-15 18:58 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-09-05 20:07 . 2012-08-15 18:58 294912 ----a-w- c:\windows\system32\ATIODE.exe
2012-09-05 20:07 . 2008-10-03 21:38 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-05 20:06 . 2008-10-03 21:39 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-05 20:06 . 2012-08-15 18:58 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2012-09-05 20:05 . 2012-08-15 18:58 19976192 ----a-w- c:\windows\system32\atioglxx.dll
2012-09-05 20:05 . 2012-08-15 18:58 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-09-05 20:05 . 2012-08-15 18:58 5374560 ----a-w- c:\windows\system32\ati3duag.dll
2012-09-05 20:05 . 2012-08-15 18:58 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-09-05 20:04 . 2012-08-15 18:58 888832 ----a-w- c:\windows\system32\ati2cqag.dll
2012-09-05 20:04 . 2012-08-15 18:58 647168 ----a-w- c:\windows\system32\ati2evxx.exe
2012-09-05 20:04 . 2012-08-15 18:58 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-09-05 20:04 . 2012-08-15 18:58 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-09-05 20:04 . 2012-08-15 18:58 3900800 ----a-w- c:\windows\system32\ativvaxx.dll
2012-09-05 20:04 . 2012-08-15 18:58 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-09-05 20:03 . 2012-08-15 18:58 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-05 20:03 . 2012-08-15 18:58 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-09-05 20:03 . 2012-08-15 18:58 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-09-05 20:03 . 2012-08-15 18:58 217088 ----a-w- c:\windows\system32\atipdlxx.dll
2012-08-21 09:13 . 2012-01-28 19:18 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-01-28 19:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-01-28 19:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-25 18:57 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13 . 2012-01-28 19:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-01-28 19:18 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13 . 2012-01-28 19:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-01-28 19:18 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-01-28 19:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-01-28 19:18 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:13 . 2012-01-28 19:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-01-28 19:17 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-01-28 19:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-14 21:03 . 2012-08-14 21:03 794408 ----a-w- c:\windows\system32\pbsvc.exe
2012-08-11 23:36 . 2012-07-06 18:08 2332288 ----a-w- c:\windows\system32\TUKernel.exe
2012-07-13 22:22 . 2012-07-13 22:22 65536 ----a-w- c:\windows\IFinst27.exe
2012-07-06 13:58 . 2002-08-30 14:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 01:34 . 2012-07-02 06:14 2237088 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-04 14:05 . 2012-01-29 00:52 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 03:47 . 2012-08-15 19:33 53248 ----a-w- c:\windows\system32\drivers\SETD3.tmp
2012-07-03 13:40 . 2002-08-30 14:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2002-08-30 14:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2002-08-30 14:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2002-08-30 14:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2012-01-28 17:01 385024 ----a-w- c:\windows\system32\html.iec
2012-06-26 21:06 . 2012-06-20 13:14 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-06-19 23:54 . 2012-01-28 16:07 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-14 08:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-15 16:08 . 2012-09-15 16:08 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-09-15 16:08 . 2012-09-15 16:08 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-09-15 16:08 . 2012-09-15 16:08 16384 c:\windows\temp\Cookies\index.dat
+ 2012-09-09 20:42 . 2001-11-09 16:01 24064 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ativcoxx.dll
+ 2012-09-09 20:42 . 2009-07-15 01:20 17408 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atitvo32.dll
+ 2012-09-09 20:42 . 2009-02-03 20:52 45056 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ATIODCLI.exe
+ 2012-09-09 20:42 . 2009-07-15 01:27 49664 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atimpc32.dll
+ 2012-09-09 20:42 . 2009-07-15 02:06 53248 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ATIDDC.DLL
+ 2012-09-09 20:42 . 2009-07-15 01:22 45056 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\aticalrt.dll
+ 2012-09-09 20:42 . 2009-07-15 01:22 45056 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\aticalcl.dll
+ 2012-09-09 20:42 . 2009-07-15 02:10 26112 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\Ati2mdxx.exe
+ 2012-09-09 20:42 . 2009-07-15 01:19 53248 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ati2erec.dll
+ 2012-09-09 20:42 . 2009-07-15 02:10 43520 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ati2edxx.dll
+ 2012-09-09 20:43 . 2008-04-14 13:42 23552 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\wdmaud.drv
+ 2012-09-09 20:43 . 2004-07-09 12:27 48512 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\stream.sys
+ 2012-09-09 20:43 . 2008-04-14 07:15 60160 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\drmk.sys
+ 2012-09-09 20:42 . 2012-09-05 20:07 83215 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\oemdspif.dll
+ 2012-09-09 20:42 . 2012-09-05 20:07 12614 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ativcoxx.dll
+ 2012-09-09 20:42 . 2012-09-05 20:07 81222 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atiode.exe
+ 2012-09-09 20:42 . 2012-09-05 20:06 25130 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atiodcli.exe
+ 2012-09-09 20:42 . 2012-09-05 20:03 41501 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atimpc32.dll
+ 2012-09-09 20:42 . 2012-09-05 20:04 28700 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atiddc.dll
+ 2012-09-09 20:42 . 2012-09-05 20:05 71662 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atibtmon.exe
+ 2012-09-09 20:42 . 2012-09-05 20:03 61529 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atiapfxx.exe
+ 2012-09-09 20:42 . 2012-09-05 20:07 16308 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati2mdxx.exe
+ 2012-09-09 20:42 . 2012-09-05 20:07 13670 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati2erec.dll
+ 2012-09-09 20:42 . 2012-09-05 20:08 28838 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati2edxx.dll
+ 2012-01-30 14:00 . 2012-05-03 01:20 99856 c:\windows\system32\drivers\AtihdXP3.sys
+ 2012-01-28 17:00 . 2012-06-02 22:19 53784 c:\windows\ServicePackFiles\i386\wuauclt.exe
+ 2012-09-09 20:42 . 2012-09-09 20:42 88102 c:\windows\Installer\{D67107F9-3DFB-9D54-434B-028CA4F1ADF2}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-09-09 20:42 . 2012-09-09 20:42 88102 c:\windows\Installer\{D67107F9-3DFB-9D54-434B-028CA4F1ADF2}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-09-09 20:42 . 2012-09-09 20:42 88102 c:\windows\Installer\{D67107F9-3DFB-9D54-434B-028CA4F1ADF2}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-09-09 20:42 . 2012-09-09 20:42 88102 c:\windows\Installer\{D67107F9-3DFB-9D54-434B-028CA4F1ADF2}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-09-09 20:43 . 2012-09-09 20:43 10134 c:\windows\Installer\{D158588C-B6A4-636B-2A24-38C15EAD2D5C}\ARPPRODUCTICON.exe
+ 2012-09-09 20:43 . 2012-09-09 20:43 10134 c:\windows\Installer\{ACD8576E-C02F-0118-9D06-2E65BCEC3540}\ARPPRODUCTICON.exe
+ 2012-09-09 20:44 . 2012-09-09 20:44 10134 c:\windows\Installer\{45EB96EE-AC25-5797-FAC5-78025043708F}\ARPPRODUCTICON.exe
+ 2012-09-09 20:43 . 2012-09-09 20:43 10134 c:\windows\Installer\{3DECEA7E-BC27-5B1D-10CE-CB1BBA0DD4CA}\ARPPRODUCTICON.exe
+ 2012-09-09 20:43 . 2012-09-09 20:43 10134 c:\windows\Installer\{1962E9F3-7870-DA54-3A18-2669DF9DE216}\ARPPRODUCTICON.exe
+ 2012-09-09 20:41 . 2012-09-09 20:41 10134 c:\windows\Installer\{07AC654E-38B1-410A-E655-7C7D975F9986}\ARPPRODUCTICON.exe
+ 2012-09-09 20:43 . 2012-09-09 20:43 10134 c:\windows\Installer\{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}\ARPPRODUCTICON.exe
- 2012-08-17 03:35 . 2012-08-17 03:35 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2a7f0f80915131c07208a0f3cd9e9d04\WindowsFormsIntegration.Package.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2a7f0f80915131c07208a0f3cd9e9d04\WindowsFormsIntegration.Package.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\d8d403a8e3a556a52742bcf425202bac\VSLangProj.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\d8d403a8e3a556a52742bcf425202bac\VSLangProj.ni.dll
+ 2012-09-10 23:32 . 2012-09-10 23:32 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\10098a659404cafa95ad739b350e68f0\VSLangProj.ni.dll
- 2012-08-17 03:39 . 2012-08-17 03:39 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\10098a659404cafa95ad739b350e68f0\VSLangProj.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\3090dabb21d322ec7ac32ad907d4d6b4\stdole.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\3090dabb21d322ec7ac32ad907d4d6b4\stdole.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 48128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4225616387dfdbebed7e1f1ec69f5335\Microsoft.Windows.Design.Host.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 48128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\4225616387dfdbebed7e1f1ec69f5335\Microsoft.Windows.Design.Host.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\43b7b0d7a2c05cca31a8685e14f049db\Microsoft.VisualStudio.Tools.Applications.BuildTasks.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\080f11fc4343e61c9d73878d132c3a56\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\080f11fc4343e61c9d73878d132c3a56\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e4669d021f536248aaa9f1efa6f9eb61\Microsoft.SqlServer.ForEachADOEnumerator.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e4669d021f536248aaa9f1efa6f9eb61\Microsoft.SqlServer.ForEachADOEnumerator.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\266327ce9a2b55e1f55198d111870fc7\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\266327ce9a2b55e1f55198d111870fc7\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\MetaGen\58fc9bce7c9b3a18aca96cbcf6f8aea9\MetaGen.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\MetaGen\58fc9bce7c9b3a18aca96cbcf6f8aea9\MetaGen.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\MetaGen\47d0c405c2023ace70661f83ca052492\MetaGen.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\MetaGen\47d0c405c2023ace70661f83ca052492\MetaGen.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\b5339bc99b5ec7823f21eadcc7aa4f8a\EnvDTE90.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\b5339bc99b5ec7823f21eadcc7aa4f8a\EnvDTE90.ni.dll
+ 2012-09-09 20:43 . 2002-12-12 08:14 4096 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\ksuser.dll
+ 2012-09-09 20:42 . 2012-09-05 20:07 8348 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atitvo32.dll
+ 2012-09-09 20:44 . 2012-09-09 20:44 9662 c:\windows\Installer\{45EB96EE-AC25-5797-FAC5-78025043708F}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2011-05-30 13:42 . 2011-05-30 13:42 240640 c:\windows\system32\xvidvfw.dll
+ 2012-09-09 20:42 . 2009-07-15 02:10 155648 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\Oemdspif.dll
+ 2012-09-09 20:42 . 2009-07-15 01:43 887724 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ativva6x.dat
+ 2012-09-09 20:42 . 2009-07-15 02:10 204800 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atipdlxx.dll
+ 2012-09-09 20:42 . 2009-07-15 01:18 376832 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atiok3x2.dll
+ 2012-09-09 20:42 . 2009-02-18 17:55 294912 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ATIODE.exe
+ 2012-09-09 20:42 . 2009-07-15 01:23 561152 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atikvmag.dll
+ 2012-09-09 20:42 . 2009-07-15 02:00 311296 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atiiiexx.dll
+ 2012-09-09 20:42 . 2009-06-10 16:54 197655 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atiicdxx.dat
+ 2012-09-09 20:42 . 2009-07-15 02:29 446464 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ATIDEMGX.dll
+ 2012-09-09 20:42 . 2009-05-11 21:35 118784 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atibtmon.exe
+ 2012-09-09 20:42 . 2009-07-15 01:21 159744 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atiadlxx.dll
+ 2012-09-09 20:42 . 2009-07-15 02:08 602112 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ati2evxx.exe
+ 2012-09-09 20:42 . 2009-07-15 02:09 155648 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ati2evxx.dll
+ 2012-09-09 20:42 . 2009-07-15 02:27 336896 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ati2dvag.dll
+ 2012-09-09 20:42 . 2009-07-15 01:14 614400 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ati2cqag.dll
+ 2012-09-09 20:43 . 2008-04-14 07:49 146048 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\portcls.sys
+ 2012-09-09 20:43 . 2009-08-19 12:05 100368 c:\windows\system32\ReinstallBackups\0000\DriverFiles\AtiHdmi.sys
- 2002-08-30 14:00 . 2012-08-20 05:57 581618 c:\windows\system32\perfh009.dat
+ 2002-08-30 14:00 . 2012-09-10 06:07 581618 c:\windows\system32\perfh009.dat
+ 2002-08-30 14:00 . 2012-09-10 06:07 119086 c:\windows\system32\perfc009.dat
- 2002-08-30 14:00 . 2012-08-20 05:57 119086 c:\windows\system32\perfc009.dat
+ 2012-09-14 23:09 . 2012-09-14 23:09 690888 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
+ 2012-09-14 23:09 . 2012-09-14 23:09 474824 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
- 2012-06-20 07:20 . 2012-08-28 17:51 250568 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-06-20 07:20 . 2012-09-14 23:09 250568 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-12-07 19:32 . 2011-12-07 19:32 216064 c:\windows\system32\Lagarith.dll
+ 2012-09-09 20:42 . 2012-09-05 20:05 501588 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ativvamv.dll
+ 2012-09-09 20:42 . 2012-09-05 20:05 887724 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ativva6x.dat
+ 2012-09-09 20:42 . 2012-09-05 20:03 111771 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atipdlxx.dll
+ 2012-09-09 20:42 . 2012-09-05 20:08 313767 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atiok3x2.dll
+ 2012-09-09 20:42 . 2012-09-05 20:08 440839 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atikvmag.dll
+ 2012-09-09 20:42 . 2012-09-05 20:04 311296 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atiiiexx.dll
+ 2012-09-09 20:42 . 2012-09-05 20:07 601728 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atiicdxx.dat
+ 2012-09-09 20:42 . 2012-09-05 20:04 442368 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atidemgx.dll
+ 2012-09-09 20:42 . 2012-09-05 20:06 128405 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atiadlxx.dll
+ 2012-09-09 20:42 . 2012-09-05 20:04 347442 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati2evxx.exe
+ 2012-09-09 20:42 . 2012-09-05 20:07 104326 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati2evxx.dll
+ 2012-09-09 20:42 . 2012-09-05 20:08 192319 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati2dvag.dll
+ 2012-09-09 20:42 . 2012-09-05 20:04 450976 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati2cqag.dll
- 2012-08-15 18:58 . 2009-07-15 01:43 887724 c:\windows\system32\ativva6x.dat
+ 2012-08-15 18:58 . 2012-09-05 20:05 887724 c:\windows\system32\ativva6x.dat
+ 2012-08-15 18:58 . 2012-09-05 20:07 601728 c:\windows\system32\atiicdxx.dat
+ 2012-01-28 17:00 . 2012-07-02 17:49 916992 c:\windows\ServicePackFiles\i386\wininet.dll
+ 2012-01-28 17:01 . 2012-07-02 17:49 105984 c:\windows\ServicePackFiles\i386\url.dll
+ 2012-01-28 17:00 . 2012-07-02 17:49 206848 c:\windows\ServicePackFiles\i386\occache.dll
- 2012-03-13 14:36 . 2012-03-13 14:36 451072 c:\windows\San Andreas Mod Installer\uninstall.exe
+ 2012-03-13 14:36 . 2012-09-09 03:33 451072 c:\windows\San Andreas Mod Installer\uninstall.exe
+ 2012-09-09 20:43 . 2012-09-09 20:43 233472 c:\windows\Installer\7933cb.msi
+ 2012-09-09 20:43 . 2012-09-09 20:43 418816 c:\windows\Installer\7933c6.msi
+ 2012-09-09 20:43 . 2012-09-09 20:43 251392 c:\windows\Installer\7933c1.msi
+ 2012-09-09 20:43 . 2012-09-09 20:43 265728 c:\windows\Installer\7933bb.msi
+ 2012-09-09 20:43 . 2012-09-09 20:43 356352 c:\windows\Installer\7933b2.msi
+ 2012-09-09 20:41 . 2012-09-09 20:41 442368 c:\windows\Installer\79339a.msi
+ 2012-09-10 21:36 . 2012-09-10 21:36 197632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2d022997b5e28fc4be221435afc4b527\WindowsFormsIntegration.Design.ni.dll
- 2012-08-17 03:35 . 2012-08-17 03:35 197632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2d022997b5e28fc4be221435afc4b527\WindowsFormsIntegration.Design.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 513536 c:\windows\assembly\NativeImages_v2.0.50727_32\WcfTestClient\c0ba06bafd64ce2787f867f222f72a5e\WcfTestClient.ni.exe
- 2012-08-17 03:35 . 2012-08-17 03:35 513536 c:\windows\assembly\NativeImages_v2.0.50727_32\WcfTestClient\c0ba06bafd64ce2787f867f222f72a5e\WcfTestClient.ni.exe
- 2012-08-17 03:35 . 2012-08-17 03:35 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\WcfSvcHost\3bde76071bba9f936414fd98399f9b34\WcfSvcHost.ni.exe
+ 2012-09-10 21:36 . 2012-09-10 21:36 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\WcfSvcHost\3bde76071bba9f936414fd98399f9b34\WcfSvcHost.ni.exe
+ 2012-09-10 23:31 . 2012-09-10 23:31 353280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f4ca85313d0d03395d7071c8230b4370\Microsoft.Windows.Design.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 353280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f4ca85313d0d03395d7071c8230b4370\Microsoft.Windows.Design.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 499200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\5280d6f583276d455d7e14e98bc5c53d\Microsoft.Windows.Design.Interaction.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 499200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\5280d6f583276d455d7e14e98bc5c53d\Microsoft.Windows.Design.Interaction.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 428544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3675ca4002624125b82cc615f538a94c\Microsoft.Windows.Design.Extensibility.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 428544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3675ca4002624125b82cc615f538a94c\Microsoft.Windows.Design.Extensibility.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 783872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fb65896ea698da9ab5a18f0d43f3a039\Microsoft.VisualStudio.Modeling.Sdk.Shell.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 783872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fb65896ea698da9ab5a18f0d43f3a039\Microsoft.VisualStudio.Modeling.Sdk.Shell.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 894464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f7f2e9aeef2a1b193f83967d8fccef13\Microsoft.VisualStudio.OfficeTools.Designer.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 894464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f7f2e9aeef2a1b193f83967d8fccef13\Microsoft.VisualStudio.OfficeTools.Designer.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 511488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\eb41240c51b37b3e47186b01a2c96763\Microsoft.VisualStudio.Shell.Design.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 511488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\eb41240c51b37b3e47186b01a2c96763\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 760320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e58f89bb8eaaab0a217814c564b56df6\Microsoft.VisualStudio.Tools.Office.Ribbon.ni.dll
- 2012-08-17 03:35 . 2012-08-17 03:35 230912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dbac052a1d3ec5e8f9059c445ff8b661\Microsoft.VisualStudio.ServiceModel.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 230912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dbac052a1d3ec5e8f9059c445ff8b661\Microsoft.VisualStudio.ServiceModel.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d990a160eb14ec0da1095cbfb870564f\Microsoft.VisualStudio.Configuration.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d990a160eb14ec0da1095cbfb870564f\Microsoft.VisualStudio.Configuration.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 537600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d6b1a3b4a57a5da678bcf78e1385345b\Microsoft.VisualStudio.Xaml.LanguageService.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 537600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d6b1a3b4a57a5da678bcf78e1385345b\Microsoft.VisualStudio.Xaml.LanguageService.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 943104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d4c2f6870bfd69d9dbdefa8c372b157c\Microsoft.VisualStudio.Tools.Office.Designer.Office2007.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 159744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c1f6c4a21e1b5030d4fb3aa4393c532a\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 159744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c1f6c4a21e1b5030d4fb3aa4393c532a\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 822272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a07b7f0d9e7e19cad32c5f8ed15d3f2b\Microsoft.VisualStudio.Shell.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 822272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a07b7f0d9e7e19cad32c5f8ed15d3f2b\Microsoft.VisualStudio.Shell.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9ea4ea499edc072b377ccb5630b090ad\Microsoft.VisualStudio.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9ea4ea499edc072b377ccb5630b090ad\Microsoft.VisualStudio.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 179712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\84b6287b0b3ae86cb491c1a0548013fe\Microsoft.VisualStudio.EnterpriseTools.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 179712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\84b6287b0b3ae86cb491c1a0548013fe\Microsoft.VisualStudio.EnterpriseTools.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 781824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6c76b72d19057afa8971b28c11a21177\Microsoft.VisualStudio.Tools.Applications.Project.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 197632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\603ad00cced49bc0e3aebe0b9b3d4b3d\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 197632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\603ad00cced49bc0e3aebe0b9b3d4b3d\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 861696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4615b0050137a87a38957a3839796d00\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 861696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4615b0050137a87a38957a3839796d00\Microsoft.VisualStudio.Shell.9.0.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 173056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\447703eaab4aeaaade958fe35ea26432\Microsoft.VisualStudio.TextTemplating.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 173056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\447703eaab4aeaaade958fe35ea26432\Microsoft.VisualStudio.TextTemplating.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 790528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\437d3bb401d0aca4a7643414c0631041\Microsoft.VisualStudio.Modeling.ArtifactMapper.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 790528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\437d3bb401d0aca4a7643414c0631041\Microsoft.VisualStudio.Modeling.ArtifactMapper.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 205312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1d8074f8a5684ca6a0ad4146aa120eec\Microsoft.VisualStudio.TextTemplating.VSHost.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 205312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1d8074f8a5684ca6a0ad4146aa120eec\Microsoft.VisualStudio.TextTemplating.VSHost.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 287744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\177aaa83f655e424ef82ced09c948323\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 287744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\177aaa83f655e424ef82ced09c948323\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6b83c802681396f922e3f798a7d27539\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6b83c802681396f922e3f798a7d27539\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 766464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\d07ba53d83fbc8fe2649389b4aaf1584\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 983552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\8d98b1fa56fb3a74c2bebbfa062131fa\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 691712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\3b0c5b4401fa9e41fc10f162b28ff96c\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 153600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\09fc56c37223fadce8d2b9fbc9b6e9a1\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 487936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\7a5743920f501ee2b682f24d0bc5135c\Microsoft.CompactFramework.Design.PocketPC.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 487936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\7a5743920f501ee2b682f24d0bc5135c\Microsoft.CompactFramework.Design.PocketPC.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\6b0cc36de15a8d56d9885863df5e7f38\Microsoft.CompactFramework.Design.SmartPhone.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\6b0cc36de15a8d56d9885863df5e7f38\Microsoft.CompactFramework.Design.SmartPhone.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 464384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\5720352e052af7d8b97b3ea15da74029\Microsoft.CompactFramework.Design.WindowsCE.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 464384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\5720352e052af7d8b97b3ea15da74029\Microsoft.CompactFramework.Design.WindowsCE.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 265728 c:\windows\assembly\NativeImages_v2.0.50727_32\ADODB\e026eebcc43a5e49b6b7758e0cd3fc63\ADODB.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 265728 c:\windows\assembly\NativeImages_v2.0.50727_32\ADODB\e026eebcc43a5e49b6b7758e0cd3fc63\ADODB.ni.dll
+ 2012-09-09 20:42 . 2009-07-15 01:44 2053888 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ativvaxx.dll
+ 2012-09-09 20:42 . 2009-07-15 01:20 3289088 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\aticaldd.dll
+ 2012-09-09 20:42 . 2009-07-15 01:58 3281408 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ati3duag.dll
+ 2012-09-09 20:42 . 2009-07-15 04:20 4407808 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\ati2mtag.sys
+ 2012-01-28 17:42 . 2008-04-14 13:42 5658624 c:\windows\system32\logonuicpt.exe
- 2012-01-28 16:40 . 2012-08-28 16:48 3659272 c:\windows\system32\FNTCACHE.DAT
+ 2012-01-28 16:40 . 2012-09-15 15:47 3659272 c:\windows\system32\FNTCACHE.DAT
+ 2012-09-09 20:42 . 2012-09-05 20:04 2000845 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ativvaxx.dll
+ 2012-09-09 20:42 . 2012-09-05 20:05 8627059 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\atioglxx.dll
+ 2012-09-09 20:42 . 2012-09-05 20:05 2846050 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati3duag.dll
+ 2012-09-09 20:42 . 2012-09-05 20:09 5128720 c:\windows\system32\DRVSTORE\CX137134_EEA0B8778908C2A68FFBD183998B20855D3D7F0D\B136646\ati2mtag.sys
+ 2012-08-15 18:58 . 2012-09-05 20:09 7746048 c:\windows\system32\dllcache\ati2mtag.sys
+ 2012-01-28 17:00 . 2012-07-02 17:49 1212416 c:\windows\ServicePackFiles\i386\urlmon.dll
+ 2012-01-28 17:00 . 2012-07-02 17:49 6008320 c:\windows\ServicePackFiles\i386\mshtml.dll
+ 2012-09-05 06:03 . 2009-03-14 16:07 1550848 c:\windows\Resources\Themes\CustoPackTools\SevenVG RTM Normal-9552187\Shell\NormalColor\Shellstyle.dll
+ 2012-09-10 01:23 . 2009-03-14 16:07 1550848 c:\windows\Resources\Themes\CustoPackTools\SevenVG RTM Normal-16699609\Shell\NormalColor\Shellstyle.dll
+ 2012-09-15 01:44 . 2012-09-15 01:44 1065984 c:\windows\Installer\9675f4.msi
+ 2012-09-09 20:44 . 2012-09-09 20:44 1135616 c:\windows\Installer\79340d.msi
- 2012-08-17 03:38 . 2012-08-17 03:38 3083776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\dea48a36af1115614d4f3f30baf87bfd\Microsoft.Windows.Design.Markup.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 3083776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\dea48a36af1115614d4f3f30baf87bfd\Microsoft.Windows.Design.Markup.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 2620928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\b67d73aee5e532e97ba7284857030d25\Microsoft.Windows.Design.Developer.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 2620928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\b67d73aee5e532e97ba7284857030d25\Microsoft.Windows.Design.Developer.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 1824768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fdbf21ab9853f24eab05f17abfd0b84b\Microsoft.VisualStudio.Modeling.Diagrams.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 1824768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fdbf21ab9853f24eab05f17abfd0b84b\Microsoft.VisualStudio.Modeling.Diagrams.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 6000640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f9c8a349d6cae06a0e704953a6f22986\Microsoft.VisualStudio.Editors.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 6000640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f9c8a349d6cae06a0e704953a6f22986\Microsoft.VisualStudio.Editors.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 3026944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e0315cb49ff44fe96758e493a563ad71\Microsoft.VisualStudio.Xaml.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 3026944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e0315cb49ff44fe96758e493a563ad71\Microsoft.VisualStudio.Xaml.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 2383872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dfc593190fc0a0048bae848c3db14088\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 2383872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dfc593190fc0a0048bae848c3db14088\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 1181696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\df9377eedf8c58300e54c07d27e066b6\Microsoft.VisualStudio.Windows.Forms.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 1181696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\df9377eedf8c58300e54c07d27e066b6\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 1868800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\df8520c3cb0f3e7e54267588d13b9ce1\Microsoft.VisualStudio.CommonIDE.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 1868800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\df8520c3cb0f3e7e54267588d13b9ce1\Microsoft.VisualStudio.CommonIDE.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 4130304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c7cc33eca73a01f06135e22fe96695a0\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 4130304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c7cc33eca73a01f06135e22fe96695a0\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 3254272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b31db467448f022b8aa2ebf04f36d41d\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 3254272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b31db467448f022b8aa2ebf04f36d41d\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 1006080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8dc35e9b764db6e54c3b96feba0b1210\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 1006080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8dc35e9b764db6e54c3b96feba0b1210\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 1309696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\78b97f0fca56f5186f76d1e7dc6f73ab\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 1309696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\78b97f0fca56f5186f76d1e7dc6f73ab\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 1510912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\75dd01596e721c30e575a9aef149f827\Microsoft.VisualStudio.Modeling.Sdk.ni.dll
- 2012-08-17 03:38 . 2012-08-17 03:38 1510912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\75dd01596e721c30e575a9aef149f827\Microsoft.VisualStudio.Modeling.Sdk.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 1167872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5d752a637bac014d5c097ccbafee8524\Microsoft.VisualStudio.EnterpriseTools.Shell.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 1167872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5d752a637bac014d5c097ccbafee8524\Microsoft.VisualStudio.EnterpriseTools.Shell.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 2181632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\396b550eacd03802abe92996c83d08a8\Microsoft.VisualStudio.Modeling.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 2181632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\396b550eacd03802abe92996c83d08a8\Microsoft.VisualStudio.Modeling.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 2353152 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\324e2ce1fe62238ace73b0916feb65a9\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.ni.dll
+ 2012-09-10 23:19 . 2012-09-10 23:19 2353152 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\324e2ce1fe62238ace73b0916feb65a9\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.ni.dll
+ 2012-09-10 21:38 . 2012-09-10 21:38 1362432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\293704b64cf0b77ef81bab2a3d012f71\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 1362432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\293704b64cf0b77ef81bab2a3d012f71\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.ni.dll
+ 2012-09-10 23:31 . 2012-09-10 23:31 1019392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\22fc5a14b46120dae47efdb31f497d26\Microsoft.VisualStudio.Tools.Office.ProgrammingModel.ni.dll
+ 2012-09-10 21:37 . 2012-09-10 21:37 1438208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\22a4aebd207d47eb29c8328bc0ba7dc8\Microsoft.VisualStudio.Design.ni.dll
- 2012-08-17 03:37 . 2012-08-17 03:37 1438208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\22a4aebd207d47eb29c8328bc0ba7dc8\Microsoft.VisualStudio.Design.ni.dll
- 2012-08-17 03:36 . 2012-08-17 03:36 1789952 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\6cf0cf55a9ad592919999cbb06704f3d\Microsoft.CompactFramework.Design.ni.dll
+ 2012-09-10 21:36 . 2012-09-10 21:36 1789952 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\6cf0cf55a9ad592919999cbb06704f3d\Microsoft.CompactFramework.Design.ni.dll
+ 2012-09-09 20:42 . 2009-07-15 01:48 12693504 c:\windows\system32\ReinstallBackups\0004\DriverFiles\B_85444\atioglxx.dll
+ 2012-01-31 09:48 . 2012-09-13 07:10 62164608 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-08-29 897424]
"Steam"="c:\program files\Steam\Steam.exe" [2012-09-15 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"IMMON"="c:\program files\IM Magician\Vicamon.exe" [2009-05-07 143360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-15 04:25 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-08-29 22:58 897424 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WindowFX"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"RTHDCPL"=rthdcpl.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"EM_EXEC"=c:\progra~1\mousew~1\system\em_exec.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3/13/2012 7:09 AM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3/13/2012 7:09 AM 5248]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1/28/2012 12:17 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1/28/2012 12:18 PM 202928]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/14/2012 1:59 AM 14776]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1/28/2012 12:18 PM 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/25/2012 11:57 AM 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/28/2012 12:18 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/28/2012 12:18 PM 355632]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/28/2012 6:00 PM 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/28/2012 12:18 PM 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [1/28/2012 12:17 PM 133912]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/30/2012 7:00 AM 99856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2/9/2012 1:16 PM 10064]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [3/15/2012 6:33 AM 17792]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys --> c:\windows\system32\DRIVERS\vmci.sys [?]
S2 IBUpdaterService;Updater Service; [x]
S2 PfFilter;PfFilter;\??\g:\protected folder\pffilter.sys --> g:\protected folder\pffilter.sys [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2/9/2012 2:13 PM 1529152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/20/2012 12:20 AM 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/26/2012 11:57 PM 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9/12/2012 4:34 PM 23456]
S3 getbus;getbus; [x]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\HIDUSBF.SYS [7/21/2012 12:14 PM 3616]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [9/6/2012 8:29 PM 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [9/6/2012 8:28 PM 10200]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/15/2011 4:06 PM 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 23:09]
.
2012-09-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-23 09:12]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808021631-1553047175-750149628-1003Core.job
- c:\documents and settings\tracer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 17:22]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-152049171-839522115-1003Core.job
- c:\documents and settings\tracer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 17:22]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-152049171-839522115-1003UA.job
- c:\documents and settings\tracer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 17:22]
.
.
------- Supplementary Scan -------
.
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D}
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2012-09-15 14:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1808021631-1553047175-750149628-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\RCFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\RESFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\VCDFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\VMTFile\shell\Ä*“¬*±´“"\command]
@=expand:"Notepad.exe \"%1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1824)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-09-15 14:59:23
ComboFix-quarantined-files.txt 2012-09-15 21:59
ComboFix2.txt 2012-09-04 19:18
.
Pre-Run: 66,100,088,832 bytes free
Post-Run: 66,141,851,648 bytes free
.
- - End Of File - - ABFE294EA1754A4BC5631F1680FB7B0A

Dopuna: 15 Sep 2012 18:01

neko bilo ko ?

Poslao: 15 Sep 2012 23:11
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys|c:\windows\system32\drivers\atapi.sys

Snapshot::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-

RegLock::
[HKEY_USERS\S-1-5-21-1808021631-1553047175-750149628-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0011)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0011)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\RCFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
[HKEY_LOCAL_MACHINE\software\Classes\RESFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
[HKEY_LOCAL_MACHINE\software\Classes\VCDFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
[HKEY_LOCAL_MACHINE\software\Classes\VMTFile\shell\Ä*“¬*±´“"\command]
@=expand:"Notepad.exe \"%1\""

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


===============================

Kakvo je sada stanje sistema?

Poslao: 16 Sep 2012 11:04
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

Napisano: 16 Sep 2012 11:03

izgleda da ja nemam combofix na desktopu i kad sam prevuko cfscript na combofix on pocne da se instalira i onda skenira ?

Dopuna: 16 Sep 2012 11:04

da li je to normalno ?

Poslao: 16 Sep 2012 11:17
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Da, uradi bas kao sto pise, prevuces CFScript.txt fajl i onda ne diraj nista, na kraju ces dobiti log...

Poslao: 16 Sep 2012 11:36
Idi na vrh
offline
  • Pridružio: 07 Nov 2011
  • Poruke: 78

Napisano: 16 Sep 2012 11:35

[Link mogu videti samo ulogovani korisnici]

Dopuna: 16 Sep 2012 11:36

ComboFix 12-09-15.02 - tracer 09/16/2012 11:24:27.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1570 [GMT -7:00]
Running from: c:\documents and settings\tracer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tracer\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 05:38 . 2012-09-16 17:38 -------- d-----w- c:\program files\(zabranjeno)ed Steam
2012-09-16 04:14 . 2009-12-06 02:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2012-09-16 04:14 . 2012-09-16 04:14 -------- d-----w- c:\program files\ffdshow
2012-09-16 04:14 . 2012-09-16 04:14 -------- d-----w- c:\program files\IObit
2012-09-12 23:34 . 2012-09-12 23:34 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-09-12 23:33 . 2012-09-12 23:33 -------- d-----w- c:\documents and settings\tracer\Application Data\Vimisoft Studio
2012-09-12 23:33 . 2009-06-17 16:55 73728 ----a-r- c:\windows\system32\exvmuvc.ax
2012-09-12 23:33 . 2009-03-03 18:55 450560 ----a-w- c:\windows\system32\newlistview2.dll
2012-09-12 23:33 . 2009-02-09 18:13 77824 ----a-w- c:\windows\system32\vgf.dll
2012-09-12 23:33 . 2012-09-12 23:33 -------- d-----w- c:\program files\Common Files\Vimisoft Studio
2012-09-12 23:32 . 2012-09-12 23:45 -------- d-----w- c:\program files\Vimicro Corporation
2012-09-12 23:32 . 2012-09-12 23:33 -------- d-----w- c:\program files\IM Magician
2012-09-12 23:32 . 2012-09-12 23:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-09-10 06:17 . 2012-09-10 06:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-09-10 05:57 . 2012-09-15 01:36 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-10 05:57 . 2012-09-10 05:57 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-10 01:10 . 2012-09-10 01:10 -------- d-----w- C:\Downloads
2012-09-09 02:03 . 2006-06-20 02:35 5785088 ----a-w- c:\windows\system32\QtGui4.dll
2012-09-09 02:03 . 2006-06-24 07:16 2170368 ----a-w- c:\windows\system32\QtCore4.dll
2012-09-09 00:43 . 2012-09-09 00:52 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-07 03:29 . 2012-08-20 21:48 2872000 ----a-w- c:\windows\system32\pwNative.exe
2012-09-07 03:29 . 2012-08-20 21:48 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-09-07 03:28 . 2012-08-20 21:48 10200 ------w- c:\windows\system32\pwdspio.sys
2012-09-05 18:11 . 2012-09-05 18:11 -------- d-----w- c:\program files\Common Files\Steam
2012-09-05 05:49 . 2012-09-13 22:05 -------- d-----w- c:\program files\CustoPackTools
2012-09-05 05:43 . 2012-02-09 21:13 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-09-03 05:12 . 2012-09-15 15:44 -------- d-----w- c:\program files\Ray Adams
2012-08-30 21:42 . 2012-08-30 21:41 840264 ----a-w- c:\windows\system32\pbsvc (1).exe
2012-08-29 22:58 . 2012-08-29 22:58 -------- d-----w- c:\program files\uTorrent
2012-08-29 22:42 . 2012-08-29 22:42 -------- d-----w- c:\documents and settings\tracer\Application Data\atitray
2012-08-29 22:37 . 2012-08-29 22:37 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2012-08-29 22:37 . 2012-08-29 22:37 -------- d-----w- c:\program files\Radeon Omega Drivers
2012-08-28 17:50 . 2012-08-28 17:50 -------- d-----w- c:\documents and settings\tracer\Application Data\Qualys
2012-08-27 23:13 . 2012-08-27 23:13 -------- d-----w- c:\documents and settings\tracer\Local Settings\Application Data\PassMark
2012-08-27 23:13 . 2012-08-27 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2012-08-27 06:52 . 2012-08-27 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-08-27 06:52 . 2012-08-27 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\OptimizerPro1
2012-08-27 06:51 . 2012-08-27 06:51 454 ----a-w- C:\user.js
2012-08-27 06:49 . 2012-08-27 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-08-26 01:10 . 2012-08-26 01:10 -------- d-----w- c:\documents and settings\tracer\Local Settings\Application Data\Darkpedia_Network
2012-08-23 23:42 . 2012-02-09 21:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-08-23 23:41 . 2012-08-23 23:42 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-08-23 15:43 . 2012-08-23 15:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-08-23 15:34 . 2012-08-23 15:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-20 06:05 . 2012-08-23 21:45 -------- d-----w- c:\documents and settings\tracer\Application Data\Skype
2012-08-20 06:04 . 2012-08-23 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-08-19 07:36 . 2012-08-19 07:45 -------- d-----w- c:\documents and settings\tracer\Local Settings\Application Data\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 23:09 . 2012-06-20 07:20 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 23:09 . 2012-01-28 19:36 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 23:07 . 2012-05-23 21:40 1651104 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2012-09-11 07:06 . 2012-05-23 21:40 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-09-10 05:55 . 2012-05-18 19:08 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-09-05 20:09 . 2012-08-15 18:58 7746048 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-09-05 20:08 . 2012-08-15 18:58 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-09-05 20:08 . 2012-08-15 18:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-09-05 20:08 . 2012-08-15 18:58 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-09-05 20:08 . 2012-08-15 18:58 305664 ----a-w- c:\windows\system32\ati2dvag.dll
2012-09-05 20:07 . 2012-08-15 18:58 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-09-05 20:07 . 2012-08-15 18:58 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2012-09-05 20:07 . 2012-08-15 18:58 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-09-05 20:07 . 2008-10-03 22:29 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-09-05 20:07 . 2012-08-15 18:58 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-09-05 20:07 . 2012-08-15 18:58 294912 ----a-w- c:\windows\system32\ATIODE.exe
2012-09-05 20:07 . 2008-10-03 21:38 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-05 20:06 . 2008-10-03 21:39 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-05 20:06 . 2012-08-15 18:58 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2012-09-05 20:05 . 2012-08-15 18:58 19976192 ----a-w- c:\windows\system32\atioglxx.dll
2012-09-05 20:05 . 2012-08-15 18:58 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-09-05 20:05 . 2012-08-15 18:58 5374560 ----a-w- c:\windows\system32\ati3duag.dll
2012-09-05 20:05 . 2012-08-15 18:58 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-09-05 20:04 . 2012-08-15 18:58 888832 ----a-w- c:\windows\system32\ati2cqag.dll
2012-09-05 20:04 . 2012-08-15 18:58 647168 ----a-w- c:\windows\system32\ati2evxx.exe
2012-09-05 20:04 . 2012-08-15 18:58 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-09-05 20:04 . 2012-08-15 18:58 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-09-05 20:04 . 2012-08-15 18:58 3900800 ----a-w- c:\windows\system32\ativvaxx.dll
2012-09-05 20:04 . 2012-08-15 18:58 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-09-05 20:03 . 2012-08-15 18:58 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-05 20:03 . 2012-08-15 18:58 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-09-05 20:03 . 2012-08-15 18:58 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-09-05 20:03 . 2012-08-15 18:58 217088 ----a-w- c:\windows\system32\atipdlxx.dll
2012-08-21 09:13 . 2012-01-28 19:18 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-01-28 19:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-01-28 19:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-25 18:57 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13 . 2012-01-28 19:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-01-28 19:18 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13 . 2012-01-28 19:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-01-28 19:18 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-01-28 19:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-01-28 19:18 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:13 . 2012-01-28 19:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-01-28 19:17 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-01-28 19:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-14 21:03 . 2012-08-14 21:03 794408 ----a-w- c:\windows\system32\pbsvc.exe
2012-08-11 23:36 . 2012-07-06 18:08 2332288 ----a-w- c:\windows\system32\TUKernel.exe
2012-07-13 22:22 . 2012-07-13 22:22 65536 ----a-w- c:\windows\IFinst27.exe
2012-07-06 13:58 . 2002-08-30 14:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 01:34 . 2012-07-02 06:14 2237088 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-07-04 14:05 . 2012-01-29 00:52 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 03:47 . 2012-08-15 19:33 53248 ----a-w- c:\windows\system32\drivers\SETD3.tmp
2012-07-03 13:40 . 2002-08-30 14:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2002-08-30 14:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2002-08-30 14:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2002-08-30 14:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2012-01-28 17:01 385024 ----a-w- c:\windows\system32\html.iec
2012-06-26 21:06 . 2012-06-20 13:14 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-06-19 23:54 . 2012-01-28 16:07 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-08-29 897424]
"(zabranjeno)ed Steam Service"="c:\program files\(zabranjeno)ed Steam\(zabranjeno)ed Steam.exe" [2011-09-16 337506]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"IMMON"="c:\program files\IM Magician\Vicamon.exe" [2009-05-07 143360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-15 04:25 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-08-29 22:58 897424 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WindowFX"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"RTHDCPL"=rthdcpl.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"EM_EXEC"=c:\progra~1\mousew~1\system\em_exec.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\(zabranjeno)ed Steam\\steam.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [3/13/2012 7:09 AM 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [3/13/2012 7:09 AM 5248]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1/28/2012 12:17 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1/28/2012 12:18 PM 202928]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/14/2012 1:59 AM 14776]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1/28/2012 12:18 PM 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/25/2012 11:57 AM 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/28/2012 12:18 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/28/2012 12:18 PM 355632]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/28/2012 6:00 PM 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/28/2012 12:18 PM 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [1/28/2012 12:17 PM 133912]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/30/2012 7:00 AM 99856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2/9/2012 1:16 PM 10064]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [3/15/2012 6:33 AM 17792]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys --> c:\windows\system32\DRIVERS\vmci.sys [?]
S2 IBUpdaterService;Updater Service; [x]
S2 PfFilter;PfFilter;\??\g:\protected folder\pffilter.sys --> g:\protected folder\pffilter.sys [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2/9/2012 2:13 PM 1529152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/20/2012 12:20 AM 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/26/2012 11:57 PM 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9/12/2012 4:34 PM 23456]
S3 getbus;getbus; [x]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\HIDUSBF.SYS [7/21/2012 12:14 PM 3616]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [9/6/2012 8:29 PM 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [9/6/2012 8:28 PM 10200]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/15/2011 4:06 PM 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [9/15/2012 9:14 PM 14416]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 23:09]
.
2012-09-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-23 09:12]
.
2012-09-16 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-09-16 18:21]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1808021631-1553047175-750149628-1003Core.job
- c:\documents and settings\tracer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 17:22]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-152049171-839522115-1003Core.job
- c:\documents and settings\tracer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 17:22]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-152049171-839522115-1003UA.job
- c:\documents and settings\tracer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 17:22]
.
.
------- Supplementary Scan -------
.
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D}
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2012-09-16 11:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\RCFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\RESFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\VCDFile\shell\Ä*“¬*±´“"\command]
@=expand:"notepad.exe \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\VMTFile\shell\Ä*“¬*±´“"\command]
@=expand:"Notepad.exe \"%1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1680)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-16 11:30:49
ComboFix-quarantined-files.txt 2012-09-16 18:30
ComboFix2.txt 2012-09-15 21:59
ComboFix3.txt 2012-09-04 19:18
.
Pre-Run: 57,507,852,288 bytes free
Post-Run: 57,486,049,280 bytes free
.
- - End Of File - - 06E8A22ACEC0A79E606AE27D153F0A6E

Poslao: 16 Sep 2012 12:25
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Arrow Racunar je čist što se malware-a tiče. Potrebno je da ispratiš sledeće korake...



Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi. Ostale koriscene alate mozes rucno obrisati.



Arrow Ukoliko i dalje imas problema sa sistemom, postavi temu u Windows potforumu i tamo iznesi problem.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: [Link mogu videti samo ulogovani korisnici]

Više o MCShield-u možeš saznati u ovim temama:
v1: [Link mogu videti samo ulogovani korisnici]
v2: [Link mogu videti samo ulogovani korisnici]



Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: [Link mogu videti samo ulogovani korisnici]




TwinHeadedEagle (AMF Tim)

MyCity » Ambulanta -> Arhiva Ambulante » magnet za virus :DD

Ko je trenutno na forumu
 

Ukupno su 1020 korisnika na forumu :: 55 registrovanih, 5 sakrivenih i 960 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 6aurora9, _stipa_, A.R.Chafee.Jr., acov34, babaroga, Boris90, Bosnjo, BUDDAR70, ccoogg123, celik, crnogorac, darkojbn, dragan_mig31, Duce, Gall, GeoM, Gheljda, hvost, Ir, Jakonjveliki, janezek67, jarovitt, Jonbonjovi, JosipRi, kovinacc, lacko, ladro, laurusri, Lester Freamon, ljuba.b, MarkoD, MILO-VAN, Mineral, minmatar34957, nevjerna beba, Prečanin30, Pururin, raso76, RokajSnimaj, S-lash, samo opusteno, Sevetar, sickmouse, SlaKoj, strn, synergia, tachinni, Tas011, ujke, vukajlo71, zafon031, Zeljo980, zlatkoa987, zmajbre, zvomar