MyCity » Ambulanta -> Arhiva Ambulante » problem sa drajverom

problem sa drajverom

Napisano na dan: 14.6.2011

Strana:
1
2

problem sa drajverom

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Pek Poslao: 14 Jun 2011 00:55 Idi na vrh
offline Pek Građanin Pridružio: 13 Jun 2011 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 14 Jun 2011 0:52 Uput za ambulantu sam dobio od doktora "goran9888" Receno mi je da preskocim opis problema je je goran sa problemom vec upoznat u drugoj temi. A evo i trazenih izvestaja . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by petar at 20:37:42 on 2011-06-13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1405 [GMT 2:00] . AV: AntiVir Desktop Disabled/Outdated {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost -k DcomLaunch E:\WINDOWS\system32\svchost -k rpcss E:\WINDOWS\System32\svchost.exe -k netsvcs E:\WINDOWS\system32\svchost.exe -k NetworkService E:\WINDOWS\system32\svchost.exe -k LocalService E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir Desktop\sched.exe E:\WINDOWS\system32\Ati2evxx.exe E:\Program Files\Avira\AntiVir Desktop\avguard.exe E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe E:\WINDOWS\system32\svchost.exe -k imgsvc E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe E:\Program Files\Avira\AntiVir Desktop\avshadow.exe E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Real\RealPlayer\update\realsched.exe E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe E:\Program Files\Avira\AntiVir Desktop\avgnt.exe E:\WINDOWS\aadrive32.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe E:\WINDOWS\System32\alg.exe E:\WINDOWS\System32\svchost.exe -k HTTPFilter E:\WINDOWS\System32\vssvc.exe E:\WINDOWS\system32\dllhost.exe E:\WINDOWS\system32\dllhost.exe E:\WINDOWS\system32\msdtc.exe E:\WINDOWS\system32\wbem\wmiprvse.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Mozilla Firefox\plugin-container.exe e:\program files\avira\antivir desktop\avcenter.exe E:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = [Link mogu videti samo ulogovani korisnici] mWinlogon: Taskman=c:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\progra~1\micros~2\office12\GRA8E1~1.DLL uRun: [NVIDIA nTune] "e:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [Tnaww] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe uRun: [BitTorrent] "e:\documents and settings\petar\my documents\downloads\BitTorrent-7.2.1.exe" uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [TkBellExe] "e:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Microsoft Driver Setup] e:\windows\aadrive32.exe mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mExplorerRun: [Microsoft Driver Setup] e:\windows\aadrive32.exe StartupFolder: e:\docume~1\petar\startm~1\programs\startup\magicd~1.lnk - e:\program files\magicdisc\MagicDisc.exe IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL TCP: DhcpNameServer = 95.180.0.18 95.180.1.2 TCP: Interfaces\{2351BE20-F994-45B3-91FC-292A618DCF64} : DhcpNameServer = 95.180.0.18 95.180.1.2 TCP: Interfaces\{5F5EE84C-4E8C-43A3-9147-E8B57A1A3FC8} : DhcpNameServer = 95.180.0.18 95.180.1.2 TCP: Interfaces\{EF71537F-16C5-426E-A4CC-AD4FED0AFD8E} : DhcpNameServer = 95.180.0.18 95.180.1.2 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - e:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: mdhcp32 - mdhcp32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\progra~1\micros~2\office12\GRA8E1~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - e:\documents and settings\petar\application data\mozilla\firefox\profiles\nks6f2my.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms} FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: network.proxy.type - 4 FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: e:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2011-6-7 11608] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [2011-6-9 218688] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2011-6-7 136360] R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2011-6-7 269480] R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2011-6-7 61960] S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2011-5-23 136176] S2 hlbbthy;pnqej;e:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ihvqcj;Shell Boot;e:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ncsbmdwrlw;ncsbmdwrlw;"e:\docume~1\petar\locals~1\temp\dat459.tmp.exe" --service --> e:\docume~1\petar\locals~1\temp\DAT459.tmp.exe [?] S2 Netmanm;Network Connections to Monitor;"e:\windows\system32\crssc.exe" --> e:\windows\system32\crssc.exe [?] S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2011-5-10 1691480] S3 FLASHSYS;FLASHSYS;e:\program files\msi\live update 4\lu4\FlashSys.sys [2011-6-10 9216] S3 NTIOLib_1_0_6;NTIOLib_1_0_6;e:\program files\setup files\ms7309v270\NTIOLib.sys [2011-1-6 7680] . =============== Created Last 30 ================ . 2011-06-13 18:34:39 284 ----a-w- e:\documents and settings\petar\zddqj.exe 2011-06-13 18:34:11 122880 ----a-w- e:\windows\system32\48.exe 2011-06-13 18:32:03 155648 ----a-w- e:\documents and settings\petar\application data\BC.tmp 2011-06-13 18:31:02 118784 ----a-w- e:\documents and settings\petar\application data\B8.tmp 2011-06-13 18:25:26 114688 ----a-w- e:\documents and settings\petar\application data\B7.tmp 2011-06-13 18:25:19 118784 ----a-w- e:\documents and settings\petar\application data\B3.tmp 2011-06-13 18:25:14 155648 ----a-w- e:\documents and settings\petar\application data\B2.tmp 2011-06-13 18:25:03 944640 ----a-r- e:\windows\system32\NEW24.tmp 2011-06-13 18:25:03 944640 ----a-r- e:\windows\system32\fdco1.dll 2011-06-13 18:25:03 70912 ----a-r- e:\windows\system32\drivers\NVENETFD.sys 2011-06-13 18:25:01 212224 ----a-r- e:\windows\system32\drivers\nvnrm.sys 2011-06-13 18:25:01 207464 ----a-r- e:\windows\system32\nvconrm.dll 2011-06-13 18:25:01 13824 ----a-r- e:\windows\system32\drivers\nvnetbus.sys 2011-06-13 18:25:01 11264 ----a-r- e:\windows\system32\NEW19.tmp 2011-06-13 18:25:01 11264 ----a-r- e:\windows\system32\bdco1.dll 2011-06-13 18:24:58 215656 ----a-r- e:\windows\system32\NVCOSMB.DLL 2011-06-13 18:05:58 155648 ----a-w- e:\documents and settings\petar\application data\B0.tmp 2011-06-13 18:05:51 118784 ----a-w- e:\documents and settings\petar\application data\AF.tmp 2011-06-13 18:02:31 -------- d-----w- e:\program files\Realtek 2011-06-13 18:02:23 1284712 ------r- e:\windows\RtlExUpd.dll 2011-06-13 17:59:52 118784 ----a-w- e:\documents and settings\petar\application data\AE.tmp 2011-06-13 17:59:47 155648 ----a-w- e:\documents and settings\petar\application data\AD.tmp 2011-06-13 17:55:37 118784 ----a-w- e:\documents and settings\petar\application data\AC.tmp 2011-06-13 17:55:35 155648 ----a-w- e:\documents and settings\petar\application data\AB.tmp 2011-06-13 17:54:02 -------- d-----w- e:\program files\AMD APP 2011-06-13 17:51:37 -------- d-----w- E:\ATI 2011-06-13 17:45:34 114688 ----a-w- e:\documents and settings\petar\application data\AA.tmp 2011-06-13 17:45:29 118784 ----a-w- e:\documents and settings\petar\application data\A9.tmp 2011-06-13 17:45:25 155648 ----a-w- e:\documents and settings\petar\application data\A8.tmp 2011-06-13 09:37:00 95744 ----a-w- e:\documents and settings\petar\application data\A6.tmp 2011-06-13 09:36:57 132608 ----a-w- e:\documents and settings\petar\application data\A4.tmp 2011-06-13 09:36:53 93184 ----a-w- e:\documents and settings\petar\application data\A3.tmp 2011-06-13 09:34:31 95744 ----a-w- e:\documents and settings\petar\application data\A5.tmp 2011-06-13 09:34:29 132608 ----a-w- e:\documents and settings\petar\application data\A2.tmp 2011-06-13 09:19:15 95744 ----a-w- e:\documents and settings\petar\application data\A1.tmp 2011-06-13 09:19:12 93184 ----a-w- e:\documents and settings\petar\application data\A0.tmp 2011-06-13 09:19:09 132608 ----a-w- e:\documents and settings\petar\application data\9F.tmp 2011-06-13 04:22:37 132608 ----a-w- e:\documents and settings\petar\application data\9E.tmp 2011-06-13 04:22:35 95744 ----a-w- e:\documents and settings\petar\application data\9B.tmp 2011-06-12 22:51:02 132608 ----a-w- e:\documents and settings\petar\application data\97.tmp 2011-06-12 22:51:00 95744 ----a-w- e:\documents and settings\petar\application data\96.tmp 2011-06-12 22:29:59 132608 ----a-w- e:\documents and settings\petar\application data\98.tmp 2011-06-12 22:29:57 95744 ----a-w- e:\documents and settings\petar\application data\95.tmp 2011-06-12 21:35:53 95744 ----a-w- e:\documents and settings\petar\application data\94.tmp 2011-06-12 21:35:50 132608 ----a-w- e:\documents and settings\petar\application data\92.tmp 2011-06-12 14:20:42 95744 ----a-w- e:\documents and settings\petar\application data\1B6.tmp 2011-06-12 14:20:37 132608 ----a-w- e:\documents and settings\petar\application data\1B5.tmp 2011-06-12 06:40:16 95744 ----a-w- e:\documents and settings\petar\application data\91.tmp 2011-06-12 06:40:14 132608 ----a-w- e:\documents and settings\petar\application data\8F.tmp 2011-06-11 22:35:22 130560 ----a-w- e:\documents and settings\petar\application data\90.tmp 2011-06-11 19:46:45 130560 ----a-w- e:\documents and settings\petar\application data\B1.tmp 2011-06-11 19:12:40 130560 ----a-w- e:\documents and settings\petar\application data\8D.tmp 2011-06-11 06:38:20 130560 ----a-w- e:\documents and settings\petar\application data\8C.tmp 2011-06-10 17:13:45 133632 ----a-w- e:\documents and settings\petar\application data\8E.tmp 2011-06-10 17:13:41 101376 ----a-w- e:\documents and settings\petar\application data\8B.tmp 2011-06-10 16:54:16 101376 ----a-w- e:\documents and settings\petar\application data\88.tmp 2011-06-10 16:54:13 133632 ----a-w- e:\documents and settings\petar\application data\87.tmp 2011-06-10 16:44:12 729088 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll 2011-06-10 16:44:12 69715 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll 2011-06-10 16:44:12 5632 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe 2011-06-10 16:44:12 266240 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll 2011-06-10 16:44:12 192512 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll 2011-06-10 16:44:07 311428 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll 2011-06-10 16:44:07 188548 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll 2011-06-10 16:38:35 101376 ----a-w- e:\documents and settings\petar\application data\89.tmp 2011-06-10 16:38:32 133632 ----a-w- e:\documents and settings\petar\application data\86.tmp 2011-06-10 16:19:07 101376 ----a-w- e:\documents and settings\petar\application data\85.tmp 2011-06-10 16:19:05 133632 ----a-w- e:\documents and settings\petar\application data\84.tmp 2011-06-10 16:10:52 101376 ----a-w- e:\documents and settings\petar\application data\83.tmp 2011-06-10 16:10:50 133632 ----a-w- e:\documents and settings\petar\application data\82.tmp 2011-06-10 16:07:41 101376 ----a-w- e:\documents and settings\petar\application data\81.tmp 2011-06-10 16:07:36 133632 ----a-w- e:\documents and settings\petar\application data\7B.tmp 2011-06-10 16:04:30 133632 ----a-w- e:\documents and settings\petar\application data\77.tmp 2011-06-10 16:04:05 101376 ----a-w- e:\documents and settings\petar\application data\71.tmp 2011-06-10 15:54:40 98816 ----a-w- e:\documents and settings\petar\application data\75.tmp 2011-06-10 15:54:36 101376 ----a-w- e:\documents and settings\petar\application data\73.tmp 2011-06-10 15:54:31 133632 ----a-w- e:\documents and settings\petar\application data\6F.tmp 2011-06-10 15:54:28 -------- d-----w- e:\windows\system32\LogFiles 2011-06-10 15:49:03 101376 ----a-w- e:\documents and settings\petar\application data\80.tmp 2011-06-10 15:49:01 133632 ----a-w- e:\documents and settings\petar\application data\7F.tmp 2011-06-10 15:20:10 -------- d-----w- e:\program files\MSI 2011-06-10 15:19:08 -------- d-----w- e:\program files\Setup Files 2011-06-10 15:18:36 -------- d-sh--w- e:\documents and settings\petar\PrivacIE 2011-06-10 15:16:28 -------- d-----w- e:\documents and settings\petar\local settings\application data\BitTorrentBar 2011-06-10 15:12:07 101376 ----a-w- e:\documents and settings\petar\application data\6E.tmp 2011-06-10 15:12:04 133632 ----a-w- e:\documents and settings\petar\application data\6B.tmp 2011-06-10 15:05:35 101376 ----a-w- e:\documents and settings\petar\application data\68.tmp 2011-06-10 15:05:32 98816 ----a-w- e:\documents and settings\petar\application data\66.tmp 2011-06-10 15:05:30 133632 ----a-w- e:\documents and settings\petar\application data\63.tmp 2011-06-10 15:04:44 -------- d-sh--w- e:\documents and settings\petar\IETldCache 2011-06-10 15:01:53 -------- dc-h--w- e:\windows\ie8 2011-06-10 14:58:56 101376 ----a-w- e:\documents and settings\petar\application data\61.tmp 2011-06-10 14:58:53 133632 ----a-w- e:\documents and settings\petar\application data\5F.tmp 2011-06-10 14:51:54 98816 ----a-w- e:\documents and settings\petar\application data\5E.tmp 2011-06-10 14:51:52 101376 ----a-w- e:\documents and settings\petar\application data\57.tmp 2011-06-10 14:51:49 133632 ----a-w- e:\documents and settings\petar\application data\56.tmp 2011-06-10 14:50:01 327168 ----a-w- e:\windows\IsUninst.exe 2011-06-10 05:33:12 101376 ----a-w- e:\documents and settings\petar\application data\54.tmp 2011-06-10 05:33:09 133632 ----a-w- e:\documents and settings\petar\application data\52.tmp 2011-06-09 21:39:26 101376 ----a-w- e:\documents and settings\petar\application data\51.tmp 2011-06-09 21:39:23 133632 ----a-w- e:\documents and settings\petar\application data\50.tmp 2011-06-09 21:07:27 133632 ----a-w- e:\documents and settings\petar\application data\43.tmp 2011-06-09 21:07:24 101376 ----a-w- e:\documents and settings\petar\application data\41.tmp 2011-06-09 15:38:51 21840 ----atw- e:\windows\system32\SIntfNT.dll 2011-06-09 15:38:51 17212 ----atw- e:\windows\system32\SIntf32.dll 2011-06-09 15:38:51 12067 ----atw- e:\windows\system32\SIntf16.dll 2011-06-09 15:26:52 94208 ----a-w- e:\windows\DIIUnin.exe 2011-06-09 15:26:52 2829 ----a-w- e:\windows\DIIUnin.pif 2011-06-09 15:20:47 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys 2011-06-09 15:20:42 -------- d-----w- e:\program files\DAEMON Tools Lite 2011-06-09 15:20:22 -------- d-----w- e:\documents and settings\petar\application data\DAEMON Tools Lite 2011-06-09 15:20:22 -------- d-----w- e:\documents and settings\all users\application data\DAEMON Tools Lite 2011-06-09 05:55:15 -------- d-----w- e:\documents and settings\petar\application data\Soldat 2011-06-08 05:15:29 -------- d-----w- e:\windows\system32\NtmsData 2011-06-08 04:58:00 72192 --sh--r- e:\windows\aadrive32.exe 2011-06-08 04:57:58 72192 ----a-w- e:\documents and settings\petar\application data\7C.tmp 2011-06-07 20:02:05 -------- d-----w- e:\documents and settings\petar\application data\Avira 2011-06-07 20:00:56 61960 ----a-w- e:\windows\system32\drivers\avgntflt.sys 2011-06-07 20:00:56 -------- d-----w- e:\program files\Avira 2011-06-07 20:00:56 -------- d-----w- e:\documents and settings\all users\application data\Avira 2011-06-07 17:55:06 72192 ----a-w- e:\documents and settings\petar\application data\78.tmp 2011-06-07 09:54:59 -------- d-----w- e:\documents and settings\petar\local settings\application data\ESET 2011-06-07 08:58:49 72192 ----a-w- e:\documents and settings\petar\application data\FA.tmp 2011-06-07 08:45:13 72192 ----a-w- e:\documents and settings\petar\application data\74.tmp 2011-06-07 05:45:14 72192 ----a-w- e:\documents and settings\petar\application data\72.tmp 2011-06-06 10:47:41 296110 ----a-w- e:\windows\system32\shimg.dll 2011-06-06 10:47:35 327742 ----a-w- e:\windows\system32\drivers\str.sys 2011-06-06 08:43:10 33104 ----a-w- e:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll 2011-06-06 08:43:10 32592 ----a-w- e:\windows\system32\msonpmon.dll 2011-06-06 08:40:30 -------- d-----w- e:\program files\Microsoft Visual Studio 8 2011-06-06 08:39:57 -------- d-----w- e:\windows\SHELLNEW 2011-06-06 08:39:41 -------- d-----w- e:\documents and settings\petar\local settings\application data\Microsoft Help 2011-06-06 08:37:54 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys 2011-06-06 08:37:54 -------- d-----w- e:\program files\MagicDisc 2011-06-06 06:08:48 72192 ----a-w- e:\documents and settings\petar\application data\1B1.tmp 2011-06-06 05:47:42 72192 ----a-w- e:\documents and settings\petar\application data\1AB.tmp 2011-06-05 19:06:42 -------- d-----w- e:\program files\BitTorrent 2011-06-05 19:06:36 -------- d-----w- e:\documents and settings\petar\application data\BitTorrent 2011-06-05 17:58:02 72704 ----a-w- e:\documents and settings\petar\application data\70.tmp 2011-06-03 05:06:00 151552 ----a-w- e:\documents and settings\petar\application data\6D.tmp 2011-06-02 06:56:55 61440 ----a-w- e:\documents and settings\petar\application data\6C.tmp 2011-06-02 05:31:47 61440 ----a-w- e:\documents and settings\petar\application data\67.tmp 2011-06-01 23:21:29 61440 ----a-w- e:\documents and settings\petar\application data\65.tmp 2011-06-01 13:45:36 61440 ----a-w- e:\documents and settings\petar\application data\1C6.tmp 2011-06-01 06:22:16 61440 ----a-w- e:\documents and settings\petar\application data\60.tmp 2011-05-31 16:04:18 57344 ----a-w- e:\documents and settings\petar\application data\64.tmp 2011-05-31 12:28:12 57344 ----a-w- e:\documents and settings\petar\application data\5D.tmp 2011-05-31 11:30:30 57344 ----a-w- e:\documents and settings\petar\application data\355.tmp 2011-05-31 07:22:35 57344 ----a-w- e:\documents and settings\petar\application data\76.tmp 2011-05-31 07:07:58 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-30 21:18:21 5632 ----a-w- e:\windows\system32\ptpusb.dll 2011-05-30 21:18:21 159232 ----a-w- e:\windows\system32\ptpusd.dll 2011-05-30 21:18:21 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys 2011-05-30 21:18:21 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys 2011-05-30 13:27:00 93237 ----a-w- e:\documents and settings\petar\dqw.exe 2011-05-30 13:26:51 57344 ----a-w- e:\documents and settings\petar\application data\59.tmp 2011-05-30 13:26:38 57344 ----a-w- e:\documents and settings\petar\application data\55.tmp 2011-05-29 22:42:06 57344 ----a-w- e:\documents and settings\petar\application data\62.tmp 2011-05-28 20:31:19 -------- d-----w- e:\documents and settings\petar\local settings\application data\Temp 2011-05-27 08:22:01 78336 ----a-w- e:\documents and settings\petar\fbd.exe 2011-05-26 10:53:47 37697 ----a-w- e:\documents and settings\petar\application data\14E.tmp 2011-05-26 08:04:01 59035 ----a-w- e:\documents and settings\petar\application data\5C.tmp 2011-05-26 08:03:52 37697 ----a-w- e:\documents and settings\petar\application data\53.tmp 2011-05-26 08:03:26 37697 ----a-w- e:\documents and settings\petar\application data\4F.tmp 2011-05-26 08:03:25 59035 ----a-w- e:\documents and settings\petar\application data\4E.tmp 2011-05-25 21:33:12 37697 ----a-w- e:\documents and settings\petar\application data\D6.tmp 2011-05-25 21:33:11 59035 ----a-w- e:\documents and settings\petar\application data\D5.tmp 2011-05-25 18:57:22 49943 ----a-w- e:\documents and settings\petar\application data\4D.tmp 2011-05-25 18:57:20 59035 ----a-w- e:\documents and settings\petar\application data\4A.tmp 2011-05-23 21:37:39 49943 ----a-w- e:\documents and settings\petar\application data\F8.tmp 2011-05-23 21:37:38 59398 ----a-w- e:\documents and settings\petar\application data\F7.tmp 2011-05-23 20:27:58 -------- d-----w- e:\documents and settings\petar\local settings\application data\Real 2011-05-23 20:27:44 -------- d-----w- e:\program files\common files\xing shared 2011-05-23 20:26:36 -------- d-----w- e:\documents and settings\petar\local settings\application data\Google 2011-05-23 20:23:40 49943 ----a-w- e:\documents and settings\petar\application data\46.tmp 2011-05-23 20:23:36 59398 ----a-w- e:\documents and settings\petar\application data\45.tmp 2011-05-20 17:44:57 26496 -c--a-w- e:\windows\system32\dllcache\usbstor.sys 2011-05-20 16:50:54 49943 ----a-w- e:\documents and settings\petar\application data\6A.tmp 2011-05-20 16:50:53 50679 ----a-w- e:\documents and settings\petar\application data\69.tmp 2011-05-20 15:30:48 49943 ----a-w- e:\documents and settings\petar\application data\44.tmp 2011-05-20 15:30:35 49943 ----a-w- e:\documents and settings\petar\application data\42.tmp 2011-05-20 13:52:18 49943 ----a-w- e:\documents and settings\petar\application data\3D.tmp 2011-05-20 13:52:16 50679 ----a-w- e:\documents and settings\petar\application data\38.tmp 2011-05-20 09:15:26 49943 ----a-w- e:\documents and settings\petar\application data\A7.tmp 2011-05-20 06:20:50 50679 ----a-w- e:\documents and settings\petar\application data\5B.tmp 2011-05-20 06:20:47 49943 ----a-w- e:\documents and settings\petar\application data\5A.tmp 2011-05-20 04:28:44 49943 ----a-w- e:\documents and settings\petar\application data\37.tmp 2011-05-20 04:28:42 50679 ----a-w- e:\documents and settings\petar\application data\36.tmp 2011-05-19 21:37:24 49943 ----a-w- e:\documents and settings\petar\application data\176.tmp 2011-05-19 21:37:23 50679 ----a-w- e:\documents and settings\petar\application data\175.tmp 2011-05-19 16:43:36 49943 ----a-w- e:\documents and settings\petar\application data\15C.tmp 2011-05-19 16:43:35 54626 ----a-w- e:\documents and settings\petar\application data\15A.tmp 2011-05-19 16:40:15 54626 ----a-w- e:\documents and settings\petar\application data\157.tmp 2011-05-19 16:40:13 49943 ----a-w- e:\documents and settings\petar\application data\156.tmp 2011-05-19 16:36:53 53691 ----a-w- e:\documents and settings\petar\application data\153.tmp 2011-05-19 16:36:49 49943 ----a-w- e:\documents and settings\petar\application data\152.tmp 2011-05-19 15:18:09 49943 ----a-w- e:\documents and settings\petar\application data\13B.tmp 2011-05-19 15:18:07 54626 ----a-w- e:\documents and settings\petar\application data\13A.tmp 2011-05-19 12:59:22 -------- d-----w- e:\documents and settings\petar\local settings\application data\Identities 2011-05-19 11:47:02 49943 ----a-w- e:\documents and settings\petar\application data\40.tmp 2011-05-19 11:47:00 54626 ----a-w- e:\documents and settings\petar\application data\3F.tmp 2011-05-19 08:17:17 49943 ----a-w- e:\documents and settings\petar\application data\35.tmp 2011-05-19 08:17:15 54626 ----a-w- e:\documents and settings\petar\application data\34.tmp 2011-05-19 08:17:04 49943 ----a-w- e:\documents and settings\petar\application data\33.tmp 2011-05-19 08:17:02 54626 ----a-w- e:\documents and settings\petar\application data\32.tmp 2011-05-18 22:15:14 49943 ----a-w- e:\documents and settings\petar\application data\B6.tmp 2011-05-18 22:15:13 54626 ----a-w- e:\documents and settings\petar\application data\B5.tmp 2011-05-18 17:59:34 49943 ----a-w- e:\documents and settings\petar\application data\9A.tmp 2011-05-18 17:59:32 80173 ----a-w- e:\documents and settings\petar\application data\99.tmp 2011-05-18 13:50:10 49943 ----a-w- e:\documents and settings\petar\application data\7E.tmp 2011-05-18 13:50:08 80173 ----a-w- e:\documents and settings\petar\application data\7D.tmp 2011-05-18 09:32:43 49943 ----a-w- e:\documents and settings\petar\application data\4C.tmp 2011-05-18 09:32:41 80173 ----a-w- e:\documents and settings\petar\application data\4B.tmp 2011-05-18 09:05:15 49943 ----a-w- e:\documents and settings\petar\application data\31.tmp 2011-05-18 09:05:13 80408 ----a-w- e:\documents and settings\petar\application data\2F.tmp 2011-05-18 04:11:11 49943 ----a-w- e:\documents and settings\petar\application data\3C.tmp 2011-05-18 04:11:08 80173 ----a-w- e:\documents and settings\petar\application data\3B.tmp 2011-05-18 04:07:48 80408 ----a-w- e:\documents and settings\petar\application data\2E.tmp 2011-05-18 04:07:45 49943 ----a-w- e:\documents and settings\petar\application data\2D.tmp 2011-05-18 04:07:40 93693 ----a-w- e:\documents and settings\petar\dgjdd.exe 2011-05-17 21:05:14 49943 ----a-w- e:\documents and settings\petar\application data\2C.tmp 2011-05-17 21:05:12 59059 ----a-w- e:\documents and settings\petar\application data\2B.tmp 2011-05-17 20:54:41 60234 ----a-w- e:\documents and settings\petar\application data\7A.tmp 2011-05-17 20:54:39 49943 ----a-w- e:\documents and settings\petar\application data\79.tmp 2011-05-17 19:18:57 49943 ----a-w- e:\documents and settings\petar\application data\2A.tmp 2011-05-17 19:18:55 59059 ----a-w- e:\documents and settings\petar\application data\29.tmp 2011-05-17 16:00:50 60234 ----a-w- e:\documents and settings\petar\application data\28.tmp 2011-05-17 16:00:49 49943 ----a-w- e:\documents and settings\petar\application data\27.tmp 2011-05-17 07:39:10 49943 ----a-w- e:\documents and settings\petar\application data\26.tmp 2011-05-17 07:39:08 59059 ----a-w- e:\documents and settings\petar\application data\20.tmp 2011-05-16 19:11:51 -------- d-----w- e:\program files\common files\Wise Installation Wizard 2011-05-16 19:11:45 -------- d-----w- e:\documents and settings\petar\local settings\application data\2K Games 2011-05-16 17:02:41 49943 ----a-w- e:\documents and settings\petar\application data\1F.tmp 2011-05-16 12:25:53 49943 ----a-w- e:\documents and settings\petar\application data\15B.tmp 2011-05-16 12:09:28 49943 ----a-w- e:\documents and settings\petar\application data\147.tmp 2011-05-16 10:21:05 49943 ----a-w- e:\documents and settings\petar\application data\B4.tmp 2011-05-16 08:59:38 49943 ----a-w- e:\documents and settings\petar\application data\1E.tmp 2011-05-16 01:13:33 49943 ----a-w- e:\documents and settings\petar\application data\264.tmp 2011-05-15 21:53:11 49943 ----a-w- e:\documents and settings\petar\application data\3E.tmp 2011-05-15 21:31:05 49943 ----a-w- e:\documents and settings\petar\application data\1D.tmp 2011-05-15 15:18:53 49943 ----a-w- e:\documents and settings\petar\application data\8A.tmp 2011-05-15 11:19:28 49943 ----a-w- e:\documents and settings\petar\application data\58.tmp 2011-05-15 07:01:12 49943 ----a-w- e:\documents and settings\petar\application data\49.tmp 2011-05-15 06:37:04 49943 ----a-w- e:\documents and settings\petar\application data\1C.tmp 2011-05-15 02:39:20 -------- d-----w- e:\documents and settings\all users\application data\UAB 2011-05-15 02:39:18 -------- d-----w- e:\documents and settings\petar\local settings\application data\PC_Drivers_Headquarters 2011-05-15 02:39:14 -------- d-----w- e:\documents and settings\all users\application data\PC Drivers HeadQuarters 2011-05-15 02:38:32 -------- d-----w- e:\program files\PC Drivers HeadQuarters 2011-05-15 02:36:16 49943 ----a-w- e:\documents and settings\petar\application data\1B.tmp 2011-05-15 02:13:55 49943 ----a-w- e:\documents and settings\petar\application data\1A.tmp 2011-05-14 22:35:31 49943 ----a-w- e:\documents and settings\petar\application data\25.tmp 2011-05-14 21:56:12 49943 ----a-w- e:\documents and settings\petar\application data\19.tmp . ==================== Find3M ==================== . 2011-05-23 20:27:35 499712 ----a-w- e:\windows\system32\msvcp71.dll 2011-05-17 16:00:36 92452 ----a-w- e:\documents and settings\petar\djdd.exe 2011-05-14 11:46:11 49943 ----a-w- e:\documents and settings\petar\application data\93.tmp 2011-05-14 06:07:31 49943 ----a-w- e:\documents and settings\petar\application data\18.tmp 2011-05-14 06:07:29 61949 ----a-w- e:\documents and settings\petar\application data\17.tmp 2011-05-14 01:36:36 49943 ----a-w- e:\documents and settings\petar\application data\15.tmp 2011-05-14 01:32:27 49943 ----a-w- e:\documents and settings\petar\application data\14.tmp 2011-05-14 01:09:13 49943 ----a-w- e:\documents and settings\petar\application data\12A.tmp 2011-05-13 22:21:28 49943 ----a-w- e:\documents and settings\petar\application data\24.tmp 2011-05-13 22:21:26 62184 ----a-w- e:\documents and settings\petar\application data\21.tmp 2011-05-13 21:38:34 92217 ----a-w- e:\documents and settings\petar\djd.exe 2011-05-13 21:38:17 49943 ----a-w- e:\documents and settings\petar\application data\F.tmp 2011-05-13 21:38:15 61639 ----a-w- e:\documents and settings\petar\application data\E.tmp 2011-05-13 09:45:06 62184 ----a-w- e:\documents and settings\petar\application data\48.tmp 2011-05-13 09:42:43 49943 ----a-w- e:\documents and settings\petar\application data\47.tmp 2011-05-13 06:31:18 49943 ----a-w- e:\documents and settings\petar\application data\13.tmp 2011-05-13 06:31:16 61639 ----a-w- e:\documents and settings\petar\application data\12.tmp 2011-05-13 06:19:52 49943 ----a-w- e:\documents and settings\petar\application data\B.tmp 2011-05-13 06:19:50 61639 ----a-w- e:\documents and settings\petar\application data\A.tmp 2011-05-12 17:43:45 49943 ----a-w- e:\documents and settings\petar\application data\D.tmp 2011-05-12 17:43:44 58669 ----a-w- e:\documents and settings\petar\application data\C.tmp 2011-05-12 17:40:18 49943 ----a-w- e:\documents and settings\petar\application data\9.tmp 2011-05-12 17:40:17 60469 ----a-w- e:\documents and settings\petar\application data\8.tmp 2011-05-12 15:08:25 49943 ----a-w- e:\documents and settings\petar\application data\23.tmp 2011-05-12 15:08:24 60469 ----a-w- e:\documents and settings\petar\application data\22.tmp 2011-05-12 14:00:32 49943 ----a-w- e:\documents and settings\petar\application data\7.tmp 2011-05-12 14:00:31 47509 ----a-w- e:\documents and settings\petar\application data\6.tmp 2011-05-12 14:00:29 58669 ----a-w- e:\documents and settings\petar\application data\5.tmp 2011-05-12 13:04:11 49943 ----a-w- e:\documents and settings\petar\application data\4.tmp 2011-05-12 13:04:09 60469 ----a-w- e:\documents and settings\petar\application data\3.tmp 2011-05-11 09:09:06 49943 ----a-w- e:\documents and settings\petar\application data\9D.tmp 2011-05-11 09:09:04 75463 ----a-w- e:\documents and settings\petar\application data\9C.tmp 2011-05-11 08:15:05 49943 ----a-w- e:\documents and settings\petar\application data\3A.tmp 2011-05-11 08:15:04 74368 ----a-w- e:\documents and settings\petar\application data\39.tmp 2011-05-11 04:49:55 49943 ----a-w- e:\documents and settings\petar\application data\11.tmp 2011-05-11 04:49:52 75463 ----a-w- e:\documents and settings\petar\application data\10.tmp 2011-05-11 04:42:31 49943 ----a-w- e:\documents and settings\petar\application data\2.tmp 2011-05-11 04:42:29 75463 ----a-w- e:\documents and settings\petar\application data\1.tmp 2011-05-10 17:58:00 61249 ----a-w- e:\documents and settings\petar\application data\30.tmp 2011-05-10 17:19:08 61249 --sh--r- e:\windows\ghdrive32.exe 2011-05-10 17:19:08 61249 ----a-w- e:\documents and settings\petar\application data\16.tmp 2011-05-10 17:01:58 39129 ----a-w- e:\windows\system32\07.exe 2011-05-09 11:58:20 135168 ----a-w- e:\windows\UNDPX2A.exe 2011-05-09 11:58:19 53693 ----a-w- e:\windows\UNDPX2A.sys 2011-05-09 11:58:19 15429 ----a-w- e:\windows\system32\drivers\Sacm2A.sys 2011-05-09 11:44:32 0 ----a-w- e:\windows\ativpsrm.bin 2011-04-20 02:41:56 6537728 ----a-w- e:\windows\system32\drivers\ati2mtag.sys 2011-04-20 02:38:50 311296 ----a-w- e:\windows\system32\atiiiexx.dll 2011-04-20 02:29:06 57344 ----a-w- e:\windows\system32\aticalrt.dll 2011-04-20 02:29:00 53248 ----a-w- e:\windows\system32\aticalcl.dll 2011-04-20 02:24:20 5459968 ----a-w- e:\windows\system32\aticaldd.dll 2011-04-20 02:14:04 17743872 ----a-w- e:\windows\system32\atioglxx.dll 2011-04-20 02:04:00 462848 ----a-w- e:\windows\system32\ATIDEMGX.dll 2011-04-20 02:02:58 302080 ----a-w- e:\windows\system32\ati2dvag.dll 2011-04-20 02:01:50 4017408 ----a-w- e:\windows\system32\ati3duag.dll 2011-04-20 01:55:20 1115008 ----a-w- e:\windows\system32\ativvamv.dll 2011-04-20 01:45:06 3265920 ----a-w- e:\windows\system32\ativvaxx.dll 2011-04-20 01:44:34 212992 ----a-w- e:\windows\system32\atipdlxx.dll 2011-04-20 01:44:22 155648 ----a-w- e:\windows\system32\Oemdspif.dll 2011-04-20 01:44:14 26112 ----a-w- e:\windows\system32\Ati2mdxx.exe 2011-04-20 01:44:06 43520 ----a-w- e:\windows\system32\ati2edxx.dll 2011-04-20 01:43:54 188416 ----a-w- e:\windows\system32\ati2evxx.dll 2011-04-20 01:42:40 643072 ----a-w- e:\windows\system32\ati2evxx.exe 2011-04-20 01:41:22 53248 ----a-w- e:\windows\system32\ATIDDC.DLL 2011-04-20 01:40:08 151552 ----a-w- e:\windows\system32\atiapfxx.exe 2011-04-20 01:36:24 651264 ----a-w- e:\windows\system32\atikvmag.dll 2011-04-20 01:34:10 200704 ----a-w- e:\windows\system32\atiadlxx.dll 2011-04-20 01:33:52 17408 ----a-w- e:\windows\system32\atitvo32.dll 2011-04-20 01:30:48 503808 ----a-w- e:\windows\system32\atiok3x2.dll 2011-04-20 01:28:32 851968 ----a-w- e:\windows\system32\ati2cqag.dll 2011-04-20 01:27:32 64512 ----a-w- e:\windows\system32\atimpc32.dll 2011-04-20 01:27:32 64512 ----a-w- e:\windows\system32\amdpcom32.dll 2011-04-20 01:26:26 53248 ----a-w- e:\windows\system32\drivers\ati2erec.dll 2011-04-19 20:10:32 59904 ----a-w- e:\windows\system32\OVDecode.dll 2011-04-19 20:10:18 51712 ----a-w- e:\windows\system32\OpenCL.dll 2011-04-19 20:10:02 12385280 ----a-w- e:\windows\system32\amdocl.dll . ============= FINISH: 20:38:39.76 =============== [Link mogu videti samo ulogovani korisnici] Dopuna: 14 Jun 2011 0:55 Nisam bas ukapirao tutorial za otvaranje temi ovde iako je napisan detaljno pa nisam okacio gmer logove. Ali ih jesam uradio. Ukoliko su potrebni okacicu ih.

Profil

1l padr1n0 Poslao: 14 Jun 2011 05:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Pek! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Postavi i GMER izvestaje da pogledam. goran9888 (AMF Tim)

Profil

Pek Poslao: 14 Jun 2011 12:39 Idi na vrh
offline Pek Građanin Pridružio: 13 Jun 2011 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

1l padr1n0 Poslao: 14 Jun 2011 13:37 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Pek Poslao: 14 Jun 2011 14:55 Idi na vrh
offline Pek Građanin Pridružio: 13 Jun 2011 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 14 Jun 2011 14:52 Evo doco. ComboFix 11-06-13.06 - petar 06/14/2011 14:37:16.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1519 [GMT 2:00] Running from: e:\documents and settings\petar\My Documents\Downloads\ComboFix.exe AV: AntiVir Desktop Disabled/Outdated {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\recycler\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe e:\documents and settings\petar\Application Data\1.tmp e:\documents and settings\petar\Application Data\10.tmp e:\documents and settings\petar\Application Data\11.tmp e:\documents and settings\petar\Application Data\12.tmp e:\documents and settings\petar\Application Data\12A.tmp e:\documents and settings\petar\Application Data\13.tmp e:\documents and settings\petar\Application Data\13A.tmp e:\documents and settings\petar\Application Data\13B.tmp e:\documents and settings\petar\Application Data\14.tmp e:\documents and settings\petar\Application Data\147.tmp e:\documents and settings\petar\Application Data\14E.tmp e:\documents and settings\petar\Application Data\15.tmp e:\documents and settings\petar\Application Data\152.tmp e:\documents and settings\petar\Application Data\153.tmp e:\documents and settings\petar\Application Data\156.tmp e:\documents and settings\petar\Application Data\157.tmp e:\documents and settings\petar\Application Data\15A.tmp e:\documents and settings\petar\Application Data\15B.tmp e:\documents and settings\petar\Application Data\15C.tmp e:\documents and settings\petar\Application Data\16.tmp e:\documents and settings\petar\Application Data\17.tmp e:\documents and settings\petar\Application Data\175.tmp e:\documents and settings\petar\Application Data\176.tmp e:\documents and settings\petar\Application Data\18.tmp e:\documents and settings\petar\Application Data\19.tmp e:\documents and settings\petar\Application Data\1A.tmp e:\documents and settings\petar\Application Data\1AB.tmp e:\documents and settings\petar\Application Data\1B.tmp e:\documents and settings\petar\Application Data\1B1.tmp e:\documents and settings\petar\Application Data\1B5.tmp e:\documents and settings\petar\Application Data\1B6.tmp e:\documents and settings\petar\Application Data\1C.tmp e:\documents and settings\petar\Application Data\1C6.tmp e:\documents and settings\petar\Application Data\1D.tmp e:\documents and settings\petar\Application Data\1E.tmp e:\documents and settings\petar\Application Data\1F.tmp e:\documents and settings\petar\Application Data\2.tmp e:\documents and settings\petar\Application Data\20.tmp e:\documents and settings\petar\Application Data\21.tmp e:\documents and settings\petar\Application Data\22.tmp e:\documents and settings\petar\Application Data\23.tmp e:\documents and settings\petar\Application Data\24.tmp e:\documents and settings\petar\Application Data\25.tmp e:\documents and settings\petar\Application Data\26.tmp e:\documents and settings\petar\Application Data\264.tmp e:\documents and settings\petar\Application Data\27.tmp e:\documents and settings\petar\Application Data\28.tmp e:\documents and settings\petar\Application Data\29.tmp e:\documents and settings\petar\Application Data\2A.tmp e:\documents and settings\petar\Application Data\2B.tmp e:\documents and settings\petar\Application Data\2C.tmp e:\documents and settings\petar\Application Data\2D.tmp e:\documents and settings\petar\Application Data\2E.tmp e:\documents and settings\petar\Application Data\2F.tmp e:\documents and settings\petar\Application Data\3.tmp e:\documents and settings\petar\Application Data\30.tmp e:\documents and settings\petar\Application Data\31.tmp e:\documents and settings\petar\Application Data\32.tmp e:\documents and settings\petar\Application Data\33.tmp e:\documents and settings\petar\Application Data\34.tmp e:\documents and settings\petar\Application Data\35.tmp e:\documents and settings\petar\Application Data\355.tmp e:\documents and settings\petar\Application Data\36.tmp e:\documents and settings\petar\Application Data\37.tmp e:\documents and settings\petar\Application Data\38.tmp e:\documents and settings\petar\Application Data\39.tmp e:\documents and settings\petar\Application Data\3A.tmp e:\documents and settings\petar\Application Data\3B.tmp e:\documents and settings\petar\Application Data\3C.tmp e:\documents and settings\petar\Application Data\3D.tmp e:\documents and settings\petar\Application Data\3E.tmp e:\documents and settings\petar\Application Data\3F.tmp e:\documents and settings\petar\Application Data\4.tmp e:\documents and settings\petar\Application Data\40.tmp e:\documents and settings\petar\Application Data\41.tmp e:\documents and settings\petar\Application Data\42.tmp e:\documents and settings\petar\Application Data\43.tmp e:\documents and settings\petar\Application Data\44.tmp e:\documents and settings\petar\Application Data\45.tmp e:\documents and settings\petar\Application Data\46.tmp e:\documents and settings\petar\Application Data\47.tmp e:\documents and settings\petar\Application Data\48.tmp e:\documents and settings\petar\Application Data\49.tmp e:\documents and settings\petar\Application Data\4A.tmp e:\documents and settings\petar\Application Data\4B.tmp e:\documents and settings\petar\Application Data\4C.tmp e:\documents and settings\petar\Application Data\4D.tmp e:\documents and settings\petar\Application Data\4E.tmp e:\documents and settings\petar\Application Data\4F.tmp e:\documents and settings\petar\Application Data\5.tmp e:\documents and settings\petar\Application Data\50.tmp e:\documents and settings\petar\Application Data\51.tmp e:\documents and settings\petar\Application Data\52.tmp e:\documents and settings\petar\Application Data\53.tmp e:\documents and settings\petar\Application Data\54.tmp e:\documents and settings\petar\Application Data\55.tmp e:\documents and settings\petar\Application Data\56.tmp e:\documents and settings\petar\Application Data\57.tmp e:\documents and settings\petar\Application Data\58.tmp e:\documents and settings\petar\Application Data\59.tmp e:\documents and settings\petar\Application Data\5A.tmp e:\documents and settings\petar\Application Data\5B.tmp e:\documents and settings\petar\Application Data\5C.tmp e:\documents and settings\petar\Application Data\5D.tmp e:\documents and settings\petar\Application Data\5E.tmp e:\documents and settings\petar\Application Data\5F.tmp e:\documents and settings\petar\Application Data\6.tmp e:\documents and settings\petar\Application Data\60.tmp e:\documents and settings\petar\Application Data\61.tmp e:\documents and settings\petar\Application Data\62.tmp e:\documents and settings\petar\Application Data\63.tmp e:\documents and settings\petar\Application Data\64.tmp e:\documents and settings\petar\Application Data\65.tmp e:\documents and settings\petar\Application Data\66.tmp e:\documents and settings\petar\Application Data\67.tmp e:\documents and settings\petar\Application Data\68.tmp e:\documents and settings\petar\Application Data\69.tmp e:\documents and settings\petar\Application Data\6A.tmp e:\documents and settings\petar\Application Data\6B.tmp e:\documents and settings\petar\Application Data\6C.tmp e:\documents and settings\petar\Application Data\6D.tmp e:\documents and settings\petar\Application Data\6E.tmp e:\documents and settings\petar\Application Data\6F.tmp e:\documents and settings\petar\Application Data\7.tmp e:\documents and settings\petar\Application Data\70.tmp e:\documents and settings\petar\Application Data\71.tmp e:\documents and settings\petar\Application Data\72.tmp e:\documents and settings\petar\Application Data\73.tmp e:\documents and settings\petar\Application Data\74.tmp e:\documents and settings\petar\Application Data\75.tmp e:\documents and settings\petar\Application Data\76.tmp e:\documents and settings\petar\Application Data\77.tmp e:\documents and settings\petar\Application Data\78.tmp e:\documents and settings\petar\Application Data\79.tmp e:\documents and settings\petar\Application Data\7A.tmp e:\documents and settings\petar\Application Data\7B.tmp e:\documents and settings\petar\Application Data\7C.tmp e:\documents and settings\petar\Application Data\7D.tmp e:\documents and settings\petar\Application Data\7E.tmp e:\documents and settings\petar\Application Data\7F.tmp e:\documents and settings\petar\Application Data\8.tmp e:\documents and settings\petar\Application Data\80.tmp e:\documents and settings\petar\Application Data\81.tmp e:\documents and settings\petar\Application Data\82.tmp e:\documents and settings\petar\Application Data\83.tmp e:\documents and settings\petar\Application Data\84.tmp e:\documents and settings\petar\Application Data\85.tmp e:\documents and settings\petar\Application Data\86.tmp e:\documents and settings\petar\Application Data\87.tmp e:\documents and settings\petar\Application Data\88.tmp e:\documents and settings\petar\Application Data\89.tmp e:\documents and settings\petar\Application Data\8A.tmp e:\documents and settings\petar\Application Data\8B.tmp e:\documents and settings\petar\Application Data\8C.tmp e:\documents and settings\petar\Application Data\8D.tmp e:\documents and settings\petar\Application Data\8E.tmp e:\documents and settings\petar\Application Data\8F.tmp e:\documents and settings\petar\Application Data\9.tmp e:\documents and settings\petar\Application Data\90.tmp e:\documents and settings\petar\Application Data\91.tmp e:\documents and settings\petar\Application Data\92.tmp e:\documents and settings\petar\Application Data\93.tmp e:\documents and settings\petar\Application Data\94.tmp e:\documents and settings\petar\Application Data\95.tmp e:\documents and settings\petar\Application Data\96.tmp e:\documents and settings\petar\Application Data\97.tmp e:\documents and settings\petar\Application Data\98.tmp e:\documents and settings\petar\Application Data\99.tmp e:\documents and settings\petar\Application Data\9A.tmp e:\documents and settings\petar\Application Data\9B.tmp e:\documents and settings\petar\Application Data\9C.tmp e:\documents and settings\petar\Application Data\9D.tmp e:\documents and settings\petar\Application Data\9E.tmp e:\documents and settings\petar\Application Data\9F.tmp e:\documents and settings\petar\Application Data\A.tmp e:\documents and settings\petar\Application Data\A0.tmp e:\documents and settings\petar\Application Data\A1.tmp e:\documents and settings\petar\Application Data\A2.tmp e:\documents and settings\petar\Application Data\A3.tmp e:\documents and settings\petar\Application Data\A4.tmp e:\documents and settings\petar\Application Data\A5.tmp e:\documents and settings\petar\Application Data\A6.tmp e:\documents and settings\petar\Application Data\A7.tmp e:\documents and settings\petar\Application Data\A8.tmp e:\documents and settings\petar\Application Data\A9.tmp e:\documents and settings\petar\Application Data\AA.tmp e:\documents and settings\petar\Application Data\AB.tmp e:\documents and settings\petar\Application Data\AC.tmp e:\documents and settings\petar\Application Data\AD.tmp e:\documents and settings\petar\Application Data\AE.tmp e:\documents and settings\petar\Application Data\AF.tmp e:\documents and settings\petar\Application Data\B.tmp e:\documents and settings\petar\Application Data\B0.tmp e:\documents and settings\petar\Application Data\B1.tmp e:\documents and settings\petar\Application Data\B2.tmp e:\documents and settings\petar\Application Data\B3.tmp e:\documents and settings\petar\Application Data\B4.tmp e:\documents and settings\petar\Application Data\B5.tmp e:\documents and settings\petar\Application Data\B6.tmp e:\documents and settings\petar\Application Data\B7.tmp e:\documents and settings\petar\Application Data\B8.tmp e:\documents and settings\petar\Application Data\B9.tmp e:\documents and settings\petar\Application Data\BA.tmp e:\documents and settings\petar\Application Data\BB.tmp e:\documents and settings\petar\Application Data\BC.tmp e:\documents and settings\petar\Application Data\BD.tmp e:\documents and settings\petar\Application Data\BE.tmp e:\documents and settings\petar\Application Data\BF.tmp e:\documents and settings\petar\Application Data\C.tmp e:\documents and settings\petar\Application Data\C0.tmp e:\documents and settings\petar\Application Data\D.tmp e:\documents and settings\petar\Application Data\D2.tmp e:\documents and settings\petar\Application Data\D3.tmp e:\documents and settings\petar\Application Data\D5.tmp e:\documents and settings\petar\Application Data\D6.tmp e:\documents and settings\petar\Application Data\E.tmp e:\documents and settings\petar\Application Data\F.tmp e:\documents and settings\petar\Application Data\F7.tmp e:\documents and settings\petar\Application Data\F8.tmp e:\documents and settings\petar\Application Data\FA.tmp e:\documents and settings\petar\Application Data\Voyayv.exe e:\documents and settings\petar\Desktop\Setup.exe e:\documents and settings\petar\dgjdd.exe e:\documents and settings\petar\djd.exe e:\documents and settings\petar\djdd.exe e:\documents and settings\petar\dqw.exe e:\documents and settings\petar\fbd.exe e:\documents and settings\petar\zddqj.exe e:\windows\aadrive32.exe e:\windows\ghdrive32.exe e:\windows\system32\07.exe e:\windows\system32\48.exe e:\windows\system32\crt.dat e:\windows\system32\drivers\str.sys e:\windows\system32\shimg.dll . . ((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 ))))))))))))))))))))))))))))))) . . 2011-06-13 18:25 . 2010-03-04 16:05 944640 ----a-r- e:\windows\system32\NEW24.tmp 2011-06-13 18:25 . 2010-03-04 16:05 944640 ----a-r- e:\windows\system32\fdco1.dll 2011-06-13 18:25 . 2010-03-04 16:02 70912 ----a-r- e:\windows\system32\drivers\NVENETFD.sys 2011-06-13 18:25 . 2010-03-04 16:05 11264 ----a-r- e:\windows\system32\NEW19.tmp 2011-06-13 18:25 . 2010-03-04 16:05 11264 ----a-r- e:\windows\system32\bdco1.dll 2011-06-13 18:25 . 2010-03-04 16:02 13824 ----a-r- e:\windows\system32\drivers\nvnetbus.sys 2011-06-13 18:25 . 2010-03-04 16:02 212224 ----a-r- e:\windows\system32\drivers\nvnrm.sys 2011-06-13 18:25 . 2010-03-03 23:49 207464 ----a-r- e:\windows\system32\nvconrm.dll 2011-06-13 18:24 . 2010-03-22 10:28 215656 ----a-r- e:\windows\system32\NVCOSMB.DLL 2011-06-13 18:02 . 2011-02-25 17:37 1284712 ------r- e:\windows\RtlExUpd.dll 2011-06-13 17:55 . 2011-06-13 17:55 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI 2011-06-13 17:54 . 2011-06-13 17:54 -------- d-----w- e:\program files\AMD APP 2011-06-13 17:51 . 2011-06-13 17:51 -------- d-----w- E:\ATI 2011-06-10 16:44 . 2003-11-10 16:14 729088 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2011-06-10 16:44 . 2003-11-10 16:13 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2011-06-10 16:44 . 2003-11-10 16:12 266240 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2011-06-10 16:44 . 2003-11-10 16:12 192512 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2011-06-10 16:44 . 2003-11-10 16:11 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2011-06-10 16:44 . 2011-06-10 16:44 311428 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2011-06-10 16:44 . 2011-06-10 16:44 188548 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2011-06-10 15:54 . 2011-06-10 15:54 -------- d-----w- e:\windows\system32\LogFiles 2011-06-10 15:20 . 2011-06-10 15:20 -------- d-----w- e:\program files\MSI 2011-06-10 15:19 . 2011-06-10 16:44 -------- d-----w- e:\program files\Setup Files 2011-06-10 15:18 . 2011-06-10 15:18 -------- d-sh--w- e:\documents and settings\petar\PrivacIE 2011-06-10 15:16 . 2011-06-10 15:16 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\BitTorrentBar 2011-06-10 15:05 . 2011-06-10 15:05 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache 2011-06-10 15:04 . 2011-06-10 15:04 -------- d-sh--w- e:\documents and settings\petar\IETldCache 2011-06-10 15:01 . 2011-06-10 15:03 -------- dc-h--w- e:\windows\ie8 2011-06-10 14:50 . 1998-10-02 17:00 327168 ----a-w- e:\windows\IsUninst.exe 2011-06-09 15:38 . 2011-06-09 15:45 21840 ----atw- e:\windows\system32\SIntfNT.dll 2011-06-09 15:38 . 2011-06-09 15:45 17212 ----atw- e:\windows\system32\SIntf32.dll 2011-06-09 15:38 . 2011-06-09 15:45 12067 ----atw- e:\windows\system32\SIntf16.dll 2011-06-09 15:26 . 2011-06-09 15:26 94208 ----a-w- e:\windows\DIIUnin.exe 2011-06-09 15:26 . 2011-06-09 15:26 2829 ----a-w- e:\windows\DIIUnin.pif 2011-06-09 15:20 . 2011-06-09 15:20 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys 2011-06-09 15:20 . 2011-06-09 15:20 -------- d-----w- e:\program files\DAEMON Tools Lite 2011-06-09 15:20 . 2011-06-09 15:21 -------- d-----w- e:\documents and settings\petar\Application Data\DAEMON Tools Lite 2011-06-09 15:20 . 2011-06-09 15:20 -------- d-----w- e:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2011-06-09 05:55 . 2011-06-09 05:55 -------- d-----w- e:\documents and settings\petar\Application Data\Soldat 2011-06-08 05:15 . 2011-06-13 18:32 -------- d-----w- e:\windows\system32\NtmsData 2011-06-07 20:02 . 2011-06-07 20:02 -------- d-----w- e:\documents and settings\petar\Application Data\Avira 2011-06-07 20:00 . 2011-06-07 20:00 -------- d-----w- e:\program files\Avira 2011-06-07 20:00 . 2011-06-07 20:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Avira 2011-06-07 20:00 . 2011-04-01 15:07 61960 ----a-w- e:\windows\system32\drivers\avgntflt.sys 2011-06-07 20:00 . 2011-04-01 15:07 137656 ----a-w- e:\windows\system32\drivers\avipbb.sys 2011-06-07 20:00 . 2010-06-17 13:27 45416 ----a-w- e:\windows\system32\drivers\avgntdd.sys 2011-06-07 20:00 . 2010-06-17 13:27 22360 ----a-w- e:\windows\system32\drivers\avgntmgr.sys 2011-06-07 09:54 . 2011-06-07 09:54 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\ESET 2011-06-07 08:58 . 2011-06-07 08:58 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\ESET 2011-06-07 08:57 . 2011-06-07 08:57 -------- d-----w- e:\documents and settings\All Users\Application Data\ESET 2011-06-06 08:43 . 2006-10-26 17:56 33104 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2011-06-06 08:43 . 2006-10-26 17:56 32592 ----a-w- e:\windows\system32\msonpmon.dll 2011-06-06 08:42 . 2011-06-06 08:42 -------- d-----w- e:\program files\Microsoft Works 2011-06-06 08:42 . 2011-06-06 08:42 -------- d-----w- e:\program files\MSBuild 2011-06-06 08:41 . 2011-06-06 08:41 -------- d-----w- e:\program files\Microsoft.NET 2011-06-06 08:40 . 2011-06-06 08:40 -------- d-----w- e:\program files\Microsoft Visual Studio 8 2011-06-06 08:39 . 2011-06-06 08:42 -------- d-----w- e:\windows\SHELLNEW 2011-06-06 08:39 . 2011-06-06 08:39 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Microsoft Help 2011-06-06 08:39 . 2011-06-06 08:43 -------- d-----w- e:\documents and settings\All Users\Application Data\Microsoft Help 2011-06-06 08:39 . 2011-06-06 08:39 -------- d-----r- E:\MSOCache 2011-06-06 08:37 . 2011-06-06 08:37 -------- d-----w- e:\program files\MagicDisc 2011-06-06 08:37 . 2009-02-24 16:42 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys 2011-06-05 19:06 . 2011-06-05 19:06 -------- d-----w- e:\program files\BitTorrent 2011-06-05 19:06 . 2011-06-13 17:56 -------- d-----w- e:\documents and settings\petar\Application Data\BitTorrent 2011-05-31 07:07 . 2011-06-07 05:47 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-30 21:18 . 2004-08-03 22:56 159232 ----a-w- e:\windows\system32\ptpusd.dll 2011-05-30 21:18 . 2004-08-03 20:58 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys 2011-05-30 21:18 . 2004-08-03 20:58 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys 2011-05-30 21:18 . 2001-08-17 20:36 5632 ----a-w- e:\windows\system32\ptpusb.dll 2011-05-28 20:31 . 2011-06-08 05:31 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Temp 2011-05-23 20:31 . 2011-05-23 20:31 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Real 2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\program files\Common Files\xing shared 2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\program files\Real 2011-05-23 20:26 . 2011-05-23 20:26 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-05-23 20:26 . 2011-05-31 20:31 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Google 2011-05-23 20:26 . 2011-05-23 20:27 -------- d-----w- e:\program files\Google 2011-05-20 17:44 . 2004-08-03 21:08 26496 -c--a-w- e:\windows\system32\dllcache\usbstor.sys 2011-05-19 12:59 . 2011-05-19 12:59 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Identities 2011-05-16 19:11 . 2011-05-16 19:11 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard 2011-05-16 19:11 . 2011-05-16 19:11 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\2K Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-23 20:27 . 2007-07-03 14:40 499712 ----a-w- e:\windows\system32\msvcp71.dll 2011-05-09 11:58 . 2004-06-11 09:31 135168 ----a-w- e:\windows\UNDPX2A.exe 2011-05-09 11:58 . 2004-06-11 09:34 53693 ----a-w- e:\windows\UNDPX2A.sys 2011-05-09 11:58 . 2004-06-10 18:42 15429 ----a-w- e:\windows\system32\drivers\Sacm2A.sys 2011-04-20 02:41 . 2011-05-09 11:44 6537728 ----a-w- e:\windows\system32\drivers\ati2mtag.sys 2011-04-20 02:38 . 2011-05-09 11:44 311296 ----a-w- e:\windows\system32\atiiiexx.dll 2011-04-20 02:04 . 2011-05-09 11:44 462848 ----a-w- e:\windows\system32\ATIDEMGX.dll 2011-04-20 02:02 . 2011-05-09 11:44 302080 ----a-w- e:\windows\system32\ati2dvag.dll 2011-04-20 02:01 . 2011-05-09 11:44 4017408 ----a-w- e:\windows\system32\ati3duag.dll 2011-04-20 01:45 . 2011-05-09 11:44 3265920 ----a-w- e:\windows\system32\ativvaxx.dll 2011-04-20 01:28 . 2011-05-09 11:44 851968 ----a-w- e:\windows\system32\ati2cqag.dll 2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- e:\windows\system32\OVDecode.dll 2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- e:\windows\system32\OpenCL.dll 2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- e:\windows\system32\amdocl.dll 2011-04-14 16:26 . 2011-05-09 11:24 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . e:\windows\system32\dllcache\tcpip.sys [-] 2004-08-03 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . e:\windows\system32\drivers\tcpip.sys . [-] 2007-08-24 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . e:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "BitTorrent"="e:\documents and settings\petar\My Documents\Downloads\BitTorrent-7.2.1.exe" [2011-06-05 4771184] "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "TkBellExe"="e:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-23 273544] "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] "StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304] . e:\documents and settings\petar\Start Menu\Programs\Startup\ MagicDisc.lnk - e:\program files\MagicDisc\MagicDisc.exe [2011-6-6 576000] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\BitTorrent\\BitTorrent.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Documents and Settings\\petar\\My Documents\\Downloads\\BitTorrent-7.2.1.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1217:TCP"= 1217:TCP:vuxcqanb "7197:TCP"= 7197:TCP:biuanqjz . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [6/9/2011 5:20 PM 218688] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [6/7/2011 10:00 PM 136360] S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [5/23/2011 10:26 PM 136176] S2 hlbbthy;pnqej;e:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336] S2 ihvqcj;Shell Boot;e:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336] S2 ncsbmdwrlw;ncsbmdwrlw;"e:\docume~1\petar\LOCALS~1\Temp\DAT459.tmp.exe" --SERVICE --> e:\docume~1\petar\LOCALS~1\Temp\DAT459.tmp.exe [?] S2 Netmanm;Network Connections to Monitor;"e:\windows\system32\crssc.exe" --> e:\windows\system32\crssc.exe [?] S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5/10/2011 6:20 PM 1691480] S3 FLASHSYS;FLASHSYS;e:\program files\MSI\Live Update 4\LU4\FlashSys.sys [6/10/2011 5:20 PM 9216] S3 NTIOLib_1_0_6;NTIOLib_1_0_6;e:\program files\Setup Files\Ms7309v270\NTIOLib.sys [1/6/2011 11:04 AM 7680] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs hlbbthy ihvqcj rvcgcbp . Contents of the 'Scheduled Tasks' folder . 2011-06-14 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job - e:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 20:26] . 2011-06-14 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job - e:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 20:26] . 2011-06-14 e:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-839522115-1003.job - e:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2011-06-14 e:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-839522115-1003.job - e:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 95.180.0.18 95.180.1.2 FF - ProfilePath - e:\documents and settings\petar\Application Data\Mozilla\Firefox\Profiles\nks6f2my.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms} FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Voyayv - e:\documents and settings\petar\Application Data\Voyayv.exe HKLM-Run-RTHDCPL - RTHDCPL.EXE HKLM-Run-SkyTel - SkyTel.EXE Notify-mdhcp32 - mdhcp32.dll . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2011-06-14 14:48 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hlbbthy] "ServiceDll"="e:\windows\system32\wptpj.dll" -- . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ihvqcj] "ServiceDll"="e:\program files\Movie Maker\wptpj.dll" -- . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rvcgcbp] "ServiceDll"="e:\windows\system32\wptpj.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\Genie"!\FM Genie Scout 11] "GameDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\games" "ShortlistDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists" "FMPath"="" "ScreenshotsDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011" "SaveDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\" "HistoryDir"="d:\\FM Genie Scout 11\\History Points" "LangDB"="d:\\FM Genie Scout 11\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="PSV Eindhoven" "LastUpdateCheck"=dword:00009ee6 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000080 "UniqueID"="34-F675-28D3" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "PlayerSearchFeatureNum"=dword:00000004 "StaffSearchFeatureNum"=dword:00000001 "ClubSearchFeatureNum"=dword:00000001 "FilterByClubFeatureNum"=dword:00000000 "CompareFeatureNum"=dword:00000000 "ShortlistFeatureNum"=dword:00000000 "ExportFeatureNum"=dword:00000000 "HistoryFeatureNum"=dword:00000000 "LanguageDBFeatureNum"=dword:00000003 "HintsFeatureNum"=dword:00000000 "GenieReportFeatureNum"=dword:00000000 "TopFormationFeatureNum"=dword:00000000 "ScreenshotFeatureNum"=dword:00000000 "Currency"=dword:00000056 . [HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\Genie"!\FM Genie Scout 11g] "PicturesNumber"=dword:000001a6 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(672) e:\windows\system32\Ati2evxx.dll e:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(3748-) e:\windows\system32\msi.dll e:\windows\system32\ieframe.dll e:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . e:\windows\system32\Ati2evxx.exe e:\windows\system32\Ati2evxx.exe e:\program files\Avira\AntiVir Desktop\avguard.exe e:\program files\NVIDIA Corporation\nTune\nTuneService.exe e:\program files\Avira\AntiVir Desktop\avshadow.exe e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe e:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe e:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe . ************************************************************************** . Completion time: 2011-06-14 14:50:03 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-14 12:50 . Pre-Run: 134,794,375,168 bytes free Post-Run: 138,634,833,920 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT . - - End Of File - - 8A9412C2C0E9DE7B3855DC04D7E0A772 Dopuna: 14 Jun 2011 14:55 Imam aviru al ne mogu da se konektujem na sajt avirin tako da nije updated. I stalno izbacuje da je pronasla ove .tmp fajlove ali nije uspela da ih obrise.

Profil

1l padr1n0 Poslao: 14 Jun 2011 16:33 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Skini i instaliraj sledeci Security Update: LINK Takodje, ukljuci Windows Firewall: Start -> Control Panel -> Windows Firewall -> ON -> Ok. Korak 2 Otvoriti Notepad i iskopirati sledeci tekst: `File:: e:\windows\system32\wptpj.dll e:\program files\Movie Maker\wptpj.dll e:\windows\system32\wptpj.dll e:\docume~1\petar\LOCALS~1\Temp\DAT459.tmp.exe e:\windows\system32\crssc.exe Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1217:TCP"=- "7197:TCP"=- Driver:: hlbbthy ihvqcj ncsbmdwrlw Netmanm NetSvc:: hlbbthy ihvqcj rvcgcbp` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. goran9888 (AMF Tim)

Profil

Pek Poslao: 14 Jun 2011 16:35 Idi na vrh
offline Pek Građanin Pridružio: 13 Jun 2011 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Link ne radi... Nisam uradio ovo sa skriptom zbog toga sto nisam siguran da li ima veze sa ovim linkom.

Profil

1l padr1n0 Poslao: 14 Jun 2011 17:04 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pek ::Link ne radi... Nisam uradio ovo sa skriptom zbog toga sto nisam siguran da li ima veze sa ovim linkom. A ovaj: LINK

Profil

Pek Poslao: 14 Jun 2011 17:52 Idi na vrh
offline Pek Građanin Pridružio: 13 Jun 2011 Poruke: 49	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 14 Jun 2011 17:16 Ni taj... Ti mozes da otvoris ove linkove? Dopuna: 14 Jun 2011 17:52 Proradio je ovaj drugi link sto si mi dao ComboFix 11-06-13.06 - petar 06/14/2011 17:46:26.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1545 [GMT 2:00] Running from: e:\documents and settings\petar\My Documents\Downloads\ComboFix.exe Command switches used :: e:\documents and settings\petar\Desktop\CFScript.txt . FILE :: "e:\docume~1\petar\LOCALS~1\Temp\DAT459.tmp.exe" "e:\program files\Movie Maker\wptpj.dll" "e:\windows\system32\crssc.exe" "e:\windows\system32\wptpj.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . e:\windows\system32\wptpj.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_HLBBTHY -------\Legacy_IHVQCJ -------\Legacy_NCSBMDWRLW -------\Legacy_NETMANM -------\Service_hlbbthy -------\Service_ihvqcj -------\Service_ncsbmdwrlw -------\Service_Netmanm -------\Legacy_rvcgcbp -------\Service_rvcgcbp . . ((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 ))))))))))))))))))))))))))))))) . . 2011-06-13 18:25 . 2010-03-04 16:05 944640 ----a-r- e:\windows\system32\NEW24.tmp 2011-06-13 18:25 . 2010-03-04 16:05 944640 ----a-r- e:\windows\system32\fdco1.dll 2011-06-13 18:25 . 2010-03-04 16:02 70912 ----a-r- e:\windows\system32\drivers\NVENETFD.sys 2011-06-13 18:25 . 2010-03-04 16:05 11264 ----a-r- e:\windows\system32\NEW19.tmp 2011-06-13 18:25 . 2010-03-04 16:05 11264 ----a-r- e:\windows\system32\bdco1.dll 2011-06-13 18:25 . 2010-03-04 16:02 13824 ----a-r- e:\windows\system32\drivers\nvnetbus.sys 2011-06-13 18:25 . 2010-03-04 16:02 212224 ----a-r- e:\windows\system32\drivers\nvnrm.sys 2011-06-13 18:25 . 2010-03-03 23:49 207464 ----a-r- e:\windows\system32\nvconrm.dll 2011-06-13 18:24 . 2010-03-22 10:28 215656 ----a-r- e:\windows\system32\NVCOSMB.DLL 2011-06-13 18:02 . 2011-02-25 17:37 1284712 ------r- e:\windows\RtlExUpd.dll 2011-06-13 17:55 . 2011-06-13 17:55 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI 2011-06-13 17:54 . 2011-06-13 17:54 -------- d-----w- e:\program files\AMD APP 2011-06-13 17:51 . 2011-06-13 17:51 -------- d-----w- E:\ATI 2011-06-10 16:44 . 2003-11-10 16:14 729088 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2011-06-10 16:44 . 2003-11-10 16:13 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2011-06-10 16:44 . 2003-11-10 16:12 266240 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2011-06-10 16:44 . 2003-11-10 16:12 192512 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2011-06-10 16:44 . 2003-11-10 16:11 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2011-06-10 16:44 . 2011-06-10 16:44 311428 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2011-06-10 16:44 . 2011-06-10 16:44 188548 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2011-06-10 15:54 . 2011-06-10 15:54 -------- d-----w- e:\windows\system32\LogFiles 2011-06-10 15:20 . 2011-06-10 15:20 -------- d-----w- e:\program files\MSI 2011-06-10 15:19 . 2011-06-10 16:44 -------- d-----w- e:\program files\Setup Files 2011-06-10 15:18 . 2011-06-10 15:18 -------- d-sh--w- e:\documents and settings\petar\PrivacIE 2011-06-10 15:16 . 2011-06-10 15:16 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\BitTorrentBar 2011-06-10 15:05 . 2011-06-10 15:05 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache 2011-06-10 15:04 . 2011-06-10 15:04 -------- d-sh--w- e:\documents and settings\petar\IETldCache 2011-06-10 15:01 . 2011-06-10 15:03 -------- dc-h--w- e:\windows\ie8 2011-06-10 14:50 . 1998-10-02 17:00 327168 ----a-w- e:\windows\IsUninst.exe 2011-06-09 15:38 . 2011-06-09 15:45 21840 ----atw- e:\windows\system32\SIntfNT.dll 2011-06-09 15:38 . 2011-06-09 15:45 17212 ----atw- e:\windows\system32\SIntf32.dll 2011-06-09 15:38 . 2011-06-09 15:45 12067 ----atw- e:\windows\system32\SIntf16.dll 2011-06-09 15:26 . 2011-06-09 15:26 94208 ----a-w- e:\windows\DIIUnin.exe 2011-06-09 15:26 . 2011-06-09 15:26 2829 ----a-w- e:\windows\DIIUnin.pif 2011-06-09 15:20 . 2011-06-09 15:20 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys 2011-06-09 15:20 . 2011-06-09 15:20 -------- d-----w- e:\program files\DAEMON Tools Lite 2011-06-09 15:20 . 2011-06-09 15:21 -------- d-----w- e:\documents and settings\petar\Application Data\DAEMON Tools Lite 2011-06-09 15:20 . 2011-06-09 15:20 -------- d-----w- e:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2011-06-09 05:55 . 2011-06-09 05:55 -------- d-----w- e:\documents and settings\petar\Application Data\Soldat 2011-06-08 05:15 . 2011-06-13 18:32 -------- d-----w- e:\windows\system32\NtmsData 2011-06-07 20:02 . 2011-06-07 20:02 -------- d-----w- e:\documents and settings\petar\Application Data\Avira 2011-06-07 20:00 . 2011-06-07 20:00 -------- d-----w- e:\program files\Avira 2011-06-07 20:00 . 2011-06-07 20:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Avira 2011-06-07 20:00 . 2011-04-01 15:07 61960 ----a-w- e:\windows\system32\drivers\avgntflt.sys 2011-06-07 20:00 . 2011-04-01 15:07 137656 ----a-w- e:\windows\system32\drivers\avipbb.sys 2011-06-07 20:00 . 2010-06-17 13:27 45416 ----a-w- e:\windows\system32\drivers\avgntdd.sys 2011-06-07 20:00 . 2010-06-17 13:27 22360 ----a-w- e:\windows\system32\drivers\avgntmgr.sys 2011-06-07 09:54 . 2011-06-07 09:54 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\ESET 2011-06-07 08:58 . 2011-06-07 08:58 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\ESET 2011-06-07 08:57 . 2011-06-07 08:57 -------- d-----w- e:\documents and settings\All Users\Application Data\ESET 2011-06-06 08:43 . 2006-10-26 17:56 33104 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2011-06-06 08:43 . 2006-10-26 17:56 32592 ----a-w- e:\windows\system32\msonpmon.dll 2011-06-06 08:42 . 2011-06-06 08:42 -------- d-----w- e:\program files\Microsoft Works 2011-06-06 08:42 . 2011-06-06 08:42 -------- d-----w- e:\program files\MSBuild 2011-06-06 08:41 . 2011-06-06 08:41 -------- d-----w- e:\program files\Microsoft.NET 2011-06-06 08:40 . 2011-06-06 08:40 -------- d-----w- e:\program files\Microsoft Visual Studio 8 2011-06-06 08:39 . 2011-06-06 08:42 -------- d-----w- e:\windows\SHELLNEW 2011-06-06 08:39 . 2011-06-06 08:39 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Microsoft Help 2011-06-06 08:39 . 2011-06-06 08:43 -------- d-----w- e:\documents and settings\All Users\Application Data\Microsoft Help 2011-06-06 08:39 . 2011-06-06 08:39 -------- d-----r- E:\MSOCache 2011-06-06 08:37 . 2011-06-06 08:37 -------- d-----w- e:\program files\MagicDisc 2011-06-06 08:37 . 2009-02-24 16:42 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys 2011-06-05 19:06 . 2011-06-05 19:06 -------- d-----w- e:\program files\BitTorrent 2011-06-05 19:06 . 2011-06-13 17:56 -------- d-----w- e:\documents and settings\petar\Application Data\BitTorrent 2011-05-31 07:07 . 2011-06-07 05:47 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-30 21:18 . 2004-08-03 22:56 159232 ----a-w- e:\windows\system32\ptpusd.dll 2011-05-30 21:18 . 2004-08-03 20:58 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys 2011-05-30 21:18 . 2004-08-03 20:58 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys 2011-05-30 21:18 . 2001-08-17 20:36 5632 ----a-w- e:\windows\system32\ptpusb.dll 2011-05-28 20:31 . 2011-06-08 05:31 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Temp 2011-05-23 20:31 . 2011-05-23 20:31 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Real 2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\program files\Common Files\xing shared 2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\program files\Real 2011-05-23 20:26 . 2011-05-23 20:26 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-05-23 20:26 . 2011-05-31 20:31 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Google 2011-05-23 20:26 . 2011-05-23 20:27 -------- d-----w- e:\program files\Google 2011-05-20 17:44 . 2004-08-03 21:08 26496 -c--a-w- e:\windows\system32\dllcache\usbstor.sys 2011-05-19 12:59 . 2011-05-19 12:59 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Identities 2011-05-16 19:11 . 2011-05-16 19:11 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard 2011-05-16 19:11 . 2011-05-16 19:11 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\2K Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-23 20:27 . 2007-07-03 14:40 499712 ----a-w- e:\windows\system32\msvcp71.dll 2011-05-09 11:58 . 2004-06-11 09:31 135168 ----a-w- e:\windows\UNDPX2A.exe 2011-05-09 11:58 . 2004-06-11 09:34 53693 ----a-w- e:\windows\UNDPX2A.sys 2011-05-09 11:58 . 2004-06-10 18:42 15429 ----a-w- e:\windows\system32\drivers\Sacm2A.sys 2011-04-20 02:41 . 2011-05-09 11:44 6537728 ----a-w- e:\windows\system32\drivers\ati2mtag.sys 2011-04-20 02:38 . 2011-05-09 11:44 311296 ----a-w- e:\windows\system32\atiiiexx.dll 2011-04-20 02:04 . 2011-05-09 11:44 462848 ----a-w- e:\windows\system32\ATIDEMGX.dll 2011-04-20 02:02 . 2011-05-09 11:44 302080 ----a-w- e:\windows\system32\ati2dvag.dll 2011-04-20 02:01 . 2011-05-09 11:44 4017408 ----a-w- e:\windows\system32\ati3duag.dll 2011-04-20 01:45 . 2011-05-09 11:44 3265920 ----a-w- e:\windows\system32\ativvaxx.dll 2011-04-20 01:28 . 2011-05-09 11:44 851968 ----a-w- e:\windows\system32\ati2cqag.dll 2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- e:\windows\system32\OVDecode.dll 2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- e:\windows\system32\OpenCL.dll 2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- e:\windows\system32\amdocl.dll 2011-04-14 16:26 . 2011-05-09 11:24 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . e:\windows\system32\dllcache\tcpip.sys [-] 2004-08-03 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . e:\windows\system32\drivers\tcpip.sys . [-] 2007-08-24 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . e:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-14 15:50 . 2011-06-14 15:50 16384 e:\windows\Temp\Perflib_Perfdata_52c.dat + 2011-06-14 15:41 . 2007-11-30 11:18 17272 e:\windows\system32\spmsg.dll + 2001-08-23 12:00 . 2011-06-14 15:47 58596 e:\windows\system32\perfc009.dat - 2001-08-23 12:00 . 2011-06-14 04:13 58596 e:\windows\system32\perfc009.dat + 2001-08-23 12:00 . 2011-06-14 15:47 392296 e:\windows\system32\perfh009.dat - 2001-08-23 12:00 . 2011-06-14 04:13 392296 e:\windows\system32\perfh009.dat + 2004-08-03 22:56 . 2008-10-15 16:57 332800 e:\windows\system32\netapi32.dll + 2004-08-03 22:56 . 2008-10-15 16:57 332800 e:\windows\system32\dllcache\netapi32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "BitTorrent"="e:\documents and settings\petar\My Documents\Downloads\BitTorrent-7.2.1.exe" [2011-06-05 4771184] "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "TkBellExe"="e:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-23 273544] "GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] "StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304] . e:\documents and settings\petar\Start Menu\Programs\Startup\ MagicDisc.lnk - e:\program files\MagicDisc\MagicDisc.exe [2011-6-6 576000] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\BitTorrent\\BitTorrent.exe"= "e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "e:\\Documents and Settings\\petar\\My Documents\\Downloads\\BitTorrent-7.2.1.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [6/9/2011 5:20 PM 218688] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [6/7/2011 10:00 PM 136360] S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [5/23/2011 10:26 PM 136176] S2 rvcgcbp;System Task;e:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336] S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5/10/2011 6:20 PM 1691480] S3 FLASHSYS;FLASHSYS;e:\program files\MSI\Live Update 4\LU4\FlashSys.sys [6/10/2011 5:20 PM 9216] S3 NTIOLib_1_0_6;NTIOLib_1_0_6;e:\program files\Setup Files\Ms7309v270\NTIOLib.sys [1/6/2011 11:04 AM 7680] . Contents of the 'Scheduled Tasks' folder . 2011-06-14 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job - e:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 20:26] . 2011-06-14 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job - e:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 20:26] . 2011-06-14 e:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-839522115-1003.job - e:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . 2011-06-14 e:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-839522115-1003.job - e:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 95.180.0.18 95.180.1.2 FF - ProfilePath - e:\documents and settings\petar\Application Data\Mozilla\Firefox\Profiles\nks6f2my.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms} FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: network.proxy.type - 4 . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2011-06-14 17:50 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rvcgcbp] "ServiceDll"="e:\windows\system32\wptpj.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\Genie"!\FM Genie Scout 11] "GameDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\games" "ShortlistDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists" "FMPath"="" "ScreenshotsDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011" "SaveDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\" "HistoryDir"="d:\\FM Genie Scout 11\\History Points" "LangDB"="d:\\FM Genie Scout 11\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="PSV Eindhoven" "LastUpdateCheck"=dword:00009ee6 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000080 "UniqueID"="34-F675-28D3" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "PlayerSearchFeatureNum"=dword:00000004 "StaffSearchFeatureNum"=dword:00000001 "ClubSearchFeatureNum"=dword:00000001 "FilterByClubFeatureNum"=dword:00000000 "CompareFeatureNum"=dword:00000000 "ShortlistFeatureNum"=dword:00000000 "ExportFeatureNum"=dword:00000000 "HistoryFeatureNum"=dword:00000000 "LanguageDBFeatureNum"=dword:00000003 "HintsFeatureNum"=dword:00000000 "GenieReportFeatureNum"=dword:00000000 "TopFormationFeatureNum"=dword:00000000 "ScreenshotFeatureNum"=dword:00000000 "Currency"=dword:00000056 . [HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\Genie"!\FM Genie Scout 11g] "PicturesNumber"=dword:000001a6 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(664) e:\windows\system32\Ati2evxx.dll e:\windows\system32\atiadlxx.dll e:\windows\system32\COMRes.dll . - - - - - - - > 'explorer.exe'(292) e:\windows\system32\msi.dll e:\windows\system32\ieframe.dll e:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . e:\windows\system32\Ati2evxx.exe e:\windows\system32\Ati2evxx.exe e:\program files\Avira\AntiVir Desktop\avguard.exe e:\program files\Avira\AntiVir Desktop\avshadow.exe e:\program files\NVIDIA Corporation\nTune\nTuneService.exe e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe e:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe e:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe e:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-06-14 17:51:38 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-14 15:51 ComboFix2.txt 2011-06-14 12:50 . Pre-Run: 138,621,460,480 bytes free Post-Run: 138,538,467,328 bytes free . - - End Of File - - 01B1DEABD430F77C751787A0BA00E3CD

Profil

1l padr1n0 Poslao: 15 Jun 2011 12:33 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Otvoriti Notepad i iskopirati sledeci tekst: `File:: e:\windows\system32\wptpj.dll e:\program files\Movie Maker\wptpj.dll e:\windows\system32\crssc.exe Driver:: rvcgcbp` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 2 Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: [Link mogu videti samo ulogovani korisnici] Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem sa drajverom

Ko je trenutno na forumu

Ukupno su 997 korisnika na forumu :: 77 registrovanih, 7 sakrivenih i 913 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 6aurora9, Apok, B61, babaroga, bavar357, bbogdan, Ben Roj, bojan581, bojanstros9, bolimejoli, BUDDAR70, Buzdovan, BWG, Cigi, Cili, crazydkure, Dare, darkkran, Darko Jovanovic, Desmond, djboj, Djole3621, draganca, dukajov, Glauber, Grilzz, GveX, Hardenberg, ikan, ivan_8282, Jovan1983, Kanader, kolle.the.kid, kutija11, laurusri, Magistar78, markoni.slo, Marky, MGBRBG, mikidragi, mikrimaus, milan.tatanac1, Milometer, Mineral, mitja2512, mkukoleca, mrav pesadinac, nekdo, nikoladim, Orc, panzerwaffe, Paraglajder, Peruta, Pinchroller, PlayerOne, PMsnow, raf87, raptorsi, raso76, Rogan33, S2M, samo opusteno, Sava89, sevenino, Sir Budimir, SlaKoj, Smajser, sspp, stegonosa, synergia, tachinni, tvlada, ujke, vladulns, vukajlo71, Zvone, ZZZ

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by