MyCity » Ambulanta -> Arhiva Ambulante » Molim za proveru loga

Molim za proveru loga

Napisano na dan: 13.5.2009

Strana:
1
2

Molim za proveru loga

Sledeća strana

Pagination

Odgovori

Strana:
1
2

GLzealot Poslao: 13 Maj 2009 14:22 Idi na vrh
offline GLzealot Novi MyCity građanin Pridružio: 13 Maj 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Prvo bih se zahvalio svima koji pomazu na ovom forumu! Ako neko moze da mi proveri moj log. Nemam ocigledne znakove virusa na kompu, ali imam zarazen USB - ide na univerzitetsku mrezu, tako da... Avira detektuje virus na flashu, ja ga brisem i tako u krug. Kako mogu da ocistim flash? Sto se tice kompa, zanima me da li je i on zarazen (jedan ortak mi kaze da NOD prepoznaje kalendar koji ja koristim - Rainlendar, kao Trojanca i SpyWare...) tako da ako mozete evo pogledajte log i recite mi da li ima Malware-a. Verujem da ima Unapred hvala. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:36:27 PM, on 5/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Aston\aston.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe D:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe d:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE D:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe C:\WINDOWS\system32\svchost.exe D:\wamp\bin\apache\apache2.2.8\bin\httpd.exe D:\wamp\bin\apache\apache2.2.8\bin\httpd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Comodo\COMODO Internet Security\cfp.exe D:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\Zeljko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE D:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Virtual PC\Virtual PC.exe C:\totalcmd\TOTALCMD.EXE D:\Program Files\Comodo\COMODO Internet Security\cfpupdat.exe C:\WINDOWS\explorer.exe C:\program files\WINAMP\Winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\download\sve\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = rol.raiffeisenbank.rs/Retail R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Zeljko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2009\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2009\spy.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - rol.raiffeisenbank.rs/RetailDLL/FSINT.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - d:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - D:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - D:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: wampapache - Apache Software Foundation - D:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - D:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- End of file - 10969 bytes

Profil

dr_Bora Poslao: 13 Maj 2009 16:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati. ------------------------------------------------------------------------------------- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

GLzealot Poslao: 13 Maj 2009 23:15 Idi na vrh
offline GLzealot Novi MyCity građanin Pridružio: 13 Maj 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log ComboFix-a: ComboFix 09-05-12.06 - Zeljko 05/13/2009 22:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1490 [GMT 2:00] Running from: d:\download\sve\Ambulanta\ComboFix.exe AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) FW: COMODO Firewall enabled WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 ))))))))))))))))))))))))))))))) . 2009-05-13 16:27 . 2009-05-13 16:28 -------- d-----w C:\USBNoRisk 2009-05-10 08:36 . 2009-05-10 10:02 -------- d-----w c:\documents and settings\Zeljko\Application Data\Ventrilo 2009-05-10 08:35 . 2009-05-10 08:35 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\documents and settings\Zeljko\Application Data\teamspeak2 2009-04-21 14:11 . 2009-04-21 14:55 77588 ----a-w c:\windows\War3Unin.dat 2009-04-21 14:11 . 2009-04-21 14:18 2829 ----a-w c:\windows\War3Unin.pif 2009-04-21 14:11 . 2009-04-21 14:18 139264 ----a-w c:\windows\War3Unin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-13 21:00 . 2008-12-12 11:37 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2009-05-13 16:28 . 2008-10-22 15:41 -------- d-----w c:\program files\Winamp 2009-05-09 07:02 . 2008-12-12 11:38 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-04-22 08:31 . 2008-08-09 09:33 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-20 10:36 . 2008-08-13 12:42 21840 ----atw c:\windows\system32\SIntfNT.dll 2009-04-20 10:36 . 2008-08-13 12:42 17212 ----atw c:\windows\system32\SIntf32.dll 2009-04-20 10:36 . 2008-08-13 12:42 12067 ----atw c:\windows\system32\SIntf16.dll 2009-03-28 07:54 . 2009-03-28 07:54 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-01 07:54 . 2008-08-09 09:43 72352 ----a-w c:\documents and settings\Zeljko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-01 00:25 . 2009-03-01 00:25 191200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2008-11-26 21:28 . 2008-08-12 17:49 17410080 --sha-w c:\windows\system32\drivers\fidbox.dat . ------- Sigcheck ------- [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-12-01 14:02 359040 27A5959C94EE173A063CA06BD14F021A c:\windows\system32\dllcache\TCPIP.SYS [-] 2008-12-01 14:02 359040 27A5959C94EE173A063CA06BD14F021A c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] "Google Update"="c:\documents and settings\Zeljko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-06 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920] "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "COMODO Internet Security"="d:\program files\Comodo\COMODO Internet Security\cfp.exe" [2008-12-01 1796856] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] c:\documents and settings\Zeljko\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-7 692224] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18589:TCP"= 18589:TCP:BitComet 18589 TCP "18589:UDP"= 18589:UDP:BitComet 18589 UDP R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/1/2008 3:23 PM 99216] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/1/2008 3:23 PM 31504] R2 OracleServiceXE;OracleServiceXE;d:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> d:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] R2 OracleXETNSListener;OracleXETNSListener;d:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 1:49 AM 204800] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;d:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> d:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43dbe031-fc1c-11dd-8a62-001d7d5242bf}] \Shell\AutoRun\command - F:\ \Shell\open\Command - rundll32.exe .\\hbdhe.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2ee3169-6933-11dd-b433-001d7d5242bf}] \Shell\AutoRun\command - F:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b15dfd9e-253b-11de-8aa2-001d7d5242bf}] \Shell\AutoRun\command - 80avp08.com \Shell\explore\Command - 80avp08.com \Shell\open\Command - 80avp08.com . Contents of the 'Scheduled Tasks' folder 2009-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-682003330-1003.job - c:\documents and settings\Zeljko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-06 22:50] . . ------- Supplementary Scan ------- . uStart Page = rol.raiffeisenbank.rs/Retail uInternet Settings,ProxyOverride = .local IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: raiffeisenbank.rs\rol DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT.dll FF - ProfilePath - c:\documents and settings\Zeljko\Application Data\Mozilla\Firefox\Profiles\66fn43p0.default\ FF - component: c:\documents and settings\Zeljko\Application Data\Mozilla\Firefox\Profiles\66fn43p0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Zeljko\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin2.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin3.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin4.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin5.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin6.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin7.dll FF - plugin: d:\program files\Opera\program\plugins\NPSWF32.dll FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-13 23:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\Zeljko\LOCALS~1\Temp\RGI7.tmp 7075 bytes scan completed successfully hidden files: 1 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948-) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(7876) c:\windows\TEMP\logishrd\LVPrcInj01.dll d:\program files\Logitech\SetPoint\GameHook.dll d:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\hnetcfg.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe d:\program files\Comodo\COMODO Internet Security\cmdagent.exe d:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe d:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe c:\windows\system32\wdfmgr.exe d:\wamp\bin\apache\apache2.2.8\bin\httpd.exe d:\wamp\bin\apache\apache2.2.8\bin\httpd.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\MSN Messenger\usnsvc.exe d:\program files\Comodo\COMODO Internet Security\cfpupdat.exe . ************************************************************************ . Completion time: 2009-05-13 23:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-13 21:08 Pre-Run: 6,522,912,768 bytes free Post-Run: 7,274,528,768 bytes free 195 --- E O F --- 2008-11-12 19:28 Log sa USBNoRisk-a: USBNoRisk 2.2 09 May 2009 by bobby Started at 5/13/2009 6:26:28 PM Searching for connected USB Mass storage... ---------------------------------------- I: {624d7cb6-80e5-11dd-897e-001d7d5242bf} ======================================== Searching for other storage... ---------------------------------------- C: {953827cf-6601-11dd-881a-806d6172696f} D: {953827d0-6601-11dd-881a-806d6172696f} ======================================== Scanning removable storage... ---------------------------------------- No blocked files found on I: autorun.inf found on I: ---------------------------------------- File I:\autorun.inf renamed successfully Content of I:\autorun.inf.blocked ---------------------------------------- [autorun] open=SYSTEM\FILES\ARMY.exe ;ªÓÈÅÌÌüÏÐÅÎüÄÅÆÁÕÌÔ‘Î† ;This is Mainly Used by Driver Utility Dont Remove This File. action=Open folder to view files shell\open=Open shell\open\command=SYSTEM\FILES\ARMY.exe shell\open\default=1 ---------------------------------------- Files referenced from I:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- Sanitized mountpoint for 624d7cb6-80e5-11dd-897e-001d7d5242bf No Desktop.ini files found on I: No mimics found on drive I: ---------------------------------------- Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 953827cf-6601-11dd-881a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 953827d0-6601-11dd-881a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ========================================

Profil

dr_Bora Poslao: 13 Maj 2009 23:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upakuj u jedan zip/rar kompletan folder: C:\qoobox i uploaduj tu arhivu. Upload link: http://www.mycity.rs/ambulanta-upload.php Otvoriti Notepad i iskopirati sledeci tekst: `FileLook:: c:\windows\TEMP\logishrd\LVPrcInj01.dll Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43dbe031-fc1c-11dd-8a62-001d7d5242bf}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b15dfd9e-253b-11de-8aa2-001d7d5242bf}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

GLzealot Poslao: 14 Maj 2009 11:50 Idi na vrh
offline GLzealot Novi MyCity građanin Pridružio: 13 Maj 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovano! Evo ide i log iz ComboFix-a: ComboFix 09-05-12.06 - Zeljko 05/14/2009 11:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1315 [GMT 2:00] Running from: c:\documents and settings\Zeljko\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Zeljko\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) FW: COMODO Firewall enabled WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 ))))))))))))))))))))))))))))))) . 2009-05-14 01:03 . 2009-05-14 01:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-05-13 16:27 . 2009-05-13 16:28 -------- d-----w C:\USBNoRisk 2009-05-10 08:36 . 2009-05-10 10:02 -------- d-----w c:\documents and settings\Zeljko\Application Data\Ventrilo 2009-05-10 08:35 . 2009-05-10 08:35 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\documents and settings\Zeljko\Application Data\teamspeak2 2009-04-21 14:11 . 2009-04-21 14:55 77588 ----a-w c:\windows\War3Unin.dat 2009-04-21 14:11 . 2009-04-21 14:18 2829 ----a-w c:\windows\War3Unin.pif 2009-04-21 14:11 . 2009-04-21 14:18 139264 ----a-w c:\windows\War3Unin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-14 09:37 . 2008-12-12 11:38 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-05-14 09:37 . 2008-12-12 11:37 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2009-05-14 07:32 . 2009-03-01 00:30 -------- d-----w c:\program files\Microsoft Silverlight 2009-05-14 01:00 . 2008-11-30 21:36 -------- d-----w c:\program files\Microsoft Virtual PC 2009-05-13 16:28 . 2008-10-22 15:41 -------- d-----w c:\program files\Winamp 2009-04-22 08:31 . 2008-08-09 09:33 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-20 10:36 . 2008-08-13 12:42 21840 ----atw c:\windows\system32\SIntfNT.dll 2009-04-20 10:36 . 2008-08-13 12:42 17212 ----atw c:\windows\system32\SIntf32.dll 2009-04-20 10:36 . 2008-08-13 12:42 12067 ----atw c:\windows\system32\SIntf16.dll 2009-03-28 07:54 . 2009-03-28 07:54 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-06 14:44 . 2004-08-03 22:56 283648 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-08-03 22:56 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-01 07:54 . 2008-08-09 09:43 72352 ----a-w c:\documents and settings\Zeljko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-01 00:25 . 2009-03-01 00:25 191200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-02-20 18:09 . 2004-08-03 22:56 78336 ----a-w c:\windows\system32\ieencode.dll 2008-11-26 21:28 . 2008-08-12 17:49 17410080 --sha-w c:\windows\system32\drivers\fidbox.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- c:\windows\TEMP\logishrd\LVPrcInj01.dll ---- Company: Logitech Inc. File Description: Camera Helper Library. File Version: 11.90.1262.0 Product Name: Logitech QuickCam Copyright: (c) 1996-2008 Logitech. All rights reserved. Original file name: LVPrcInj.dll File Size: 109080 Created Time: 2009-05-14 07:37 Modified Time: 2008-12-16 20:59 Accessed Time: 2009-05-14 08:38 MD5: D20DA789C445936988C8B83F53522374 SHA: B5351671E30A0444F40D1DA184699045E6A823BC ((((((((((((((((((((((((((((( SnapShot@2009-05-13_21.02.35 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-14 09:39 . 2009-05-14 09:39 16384 c:\windows\Temp\Perflib_Perfdata_f8c.dat + 2009-05-14 09:38 . 2009-05-14 09:38 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat - 2004-08-03 22:56 . 2004-08-03 22:56 50176 c:\windows\system32\utilman.exe + 2004-08-03 22:56 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe - 2004-08-03 22:56 . 2004-08-03 22:56 35840 c:\windows\system32\umandlg.dll + 2004-08-03 22:56 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll + 2008-07-14 11:09 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe - 2008-07-14 11:09 . 2008-07-14 11:09 62976 c:\windows\system32\tzchange.exe + 2008-08-09 09:42 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe - 2008-08-09 09:42 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe + 2004-08-03 22:56 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll - 2004-08-03 22:56 . 2004-08-03 22:56 55808 c:\windows\system32\secur32.dll + 2001-08-23 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe + 2004-08-03 22:56 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll - 2004-08-03 22:56 . 2007-08-13 17:36 44544 c:\windows\system32\pngfilt.dll - 2001-08-23 11:00 . 2009-03-29 08:53 79854 c:\windows\system32\perfc009.dat + 2001-08-23 11:00 . 2009-05-14 07:42 79854 c:\windows\system32\perfc009.dat - 2004-08-03 22:56 . 2004-08-03 22:56 53760 c:\windows\system32\narrator.exe + 2004-08-03 22:56 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe + 2008-08-09 09:06 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll + 2004-08-03 22:56 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll - 2004-08-03 22:56 . 2004-08-03 22:56 66560 c:\windows\system32\mtxclu.dll + 2007-08-13 17:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll + 2008-08-09 09:06 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll - 2008-08-09 09:06 . 2004-08-03 22:56 58880 c:\windows\system32\msdtclog.dll + 2004-08-03 22:56 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe - 2004-08-03 22:56 . 2004-08-03 22:56 72704 c:\windows\system32\magnify.exe - 2004-08-03 22:56 . 2005-01-28 11:44 96768 c:\windows\system32\logagent.exe + 2004-08-03 22:56 . 2008-06-10 03:52 96768 c:\windows\system32\logagent.exe + 2004-08-03 22:56 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll + 2007-08-13 17:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe + 2004-08-03 22:56 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll + 2004-08-03 22:56 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe + 2007-08-13 17:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll - 2004-08-03 22:56 . 2004-08-03 22:56 50176 c:\windows\system32\dllcache\utilman.exe + 2004-08-03 22:56 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe + 2004-08-03 22:56 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll - 2004-08-03 22:56 . 2004-08-03 22:56 35840 c:\windows\system32\dllcache\umandlg.dll + 2004-08-03 22:56 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll - 2004-08-03 22:56 . 2004-08-03 22:56 55808 c:\windows\system32\dllcache\secur32.dll + 2001-08-23 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe - 2004-08-03 22:56 . 2007-08-13 17:36 44544 c:\windows\system32\dllcache\pngfilt.dll + 2004-08-03 22:56 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll - 2004-08-03 22:56 . 2004-08-03 22:56 53760 c:\windows\system32\dllcache\narrator.exe + 2004-08-03 22:56 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe + 2008-08-09 09:06 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll - 2004-08-03 22:56 . 2004-08-03 22:56 66560 c:\windows\system32\dllcache\mtxclu.dll + 2004-08-03 22:56 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll + 2009-02-20 18:09 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-08-09 09:06 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll - 2008-08-09 09:06 . 2004-08-03 22:56 58880 c:\windows\system32\dllcache\msdtclog.dll + 2004-08-03 22:56 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe - 2004-08-03 22:56 . 2004-08-03 22:56 72704 c:\windows\system32\dllcache\magnify.exe + 2004-08-03 22:56 . 2008-06-10 03:52 96768 c:\windows\system32\dllcache\logagent.exe - 2004-08-03 22:56 . 2005-01-28 11:44 96768 c:\windows\system32\dllcache\logagent.exe + 2004-08-03 22:56 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll + 2009-02-20 10:20 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe + 2004-08-03 22:56 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll + 2004-08-03 22:56 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll - 2004-08-03 22:56 . 2007-08-13 17:45 78336 c:\windows\system32\dllcache\ieencode.dll + 2004-08-03 22:56 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2009-02-20 18:09 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll + 2008-08-09 09:06 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll + 2008-08-09 09:06 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll + 2008-11-27 11:34 . 2009-05-14 01:02 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-11-27 11:34 . 2009-03-01 00:27 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-11-27 11:34 . 2009-03-01 00:27 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-11-27 11:34 . 2009-05-14 01:02 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-11-27 11:34 . 2009-03-01 00:27 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-11-27 11:34 . 2009-05-14 01:02 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-05-14 01:03 . 2007-08-13 17:36 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll + 2009-05-14 01:03 . 2007-08-13 17:54 50688 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll + 2009-05-14 01:03 . 2007-08-13 17:54 27136 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll + 2009-05-14 01:03 . 2007-08-13 17:39 13312 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe + 2009-05-14 01:03 . 2007-08-13 17:39 43008 c:\windows\ie7updates\KB963027-IE7\iernonce.dll + 2009-05-14 01:03 . 2007-08-13 17:45 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll + 2009-05-14 01:03 . 2007-08-13 17:39 54784 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe + 2009-05-14 01:03 . 2007-08-13 17:36 61952 c:\windows\ie7updates\KB963027-IE7\icardie.dll - 2004-08-03 22:56 . 2004-08-03 22:56 351232 c:\windows\system32\winhttp.dll + 2004-08-03 22:56 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll + 2004-08-03 22:56 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll + 2008-08-09 09:06 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe + 2008-08-09 09:06 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2008-08-09 09:06 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll - 2004-08-03 22:56 . 2007-08-13 17:44 105984 c:\windows\system32\url.dll + 2004-08-03 22:56 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll + 2004-08-03 22:56 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll + 2004-08-03 22:56 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe - 2004-08-03 22:56 . 2004-08-03 22:56 144896 c:\windows\system32\schannel.dll + 2004-08-03 22:56 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll + 2004-08-03 22:56 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll + 2001-08-23 11:00 . 2009-05-14 07:42 463550 c:\windows\system32\perfh009.dat - 2001-08-23 11:00 . 2009-03-29 08:53 463550 c:\windows\system32\perfh009.dat + 2004-08-03 22:56 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe - 2004-08-03 22:56 . 2004-08-03 22:56 215552 c:\windows\system32\osk.exe + 2004-08-03 22:56 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll + 2004-08-03 22:56 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll + 2004-08-03 22:56 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll + 2004-08-03 22:56 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll + 2004-08-03 22:56 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll + 2007-08-13 17:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll + 2008-08-09 09:06 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll + 2008-08-09 09:06 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll + 2008-08-09 09:06 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll + 2004-08-03 22:56 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll + 2004-08-03 22:56 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll + 2007-08-13 17:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll + 2004-08-03 22:56 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll + 2007-07-11 11:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll - 2007-07-11 11:27 . 2007-07-11 11:27 383488 c:\windows\system32\ieapfltr.dll + 2001-08-23 11:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll - 2001-08-23 11:00 . 2007-08-13 16:56 161792 c:\windows\system32\ieakui.dll + 2004-08-03 22:56 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll + 2004-08-03 22:56 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll + 2004-08-03 22:56 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll + 2004-08-03 22:56 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll - 2004-08-03 22:56 . 2007-08-13 17:35 214528 c:\windows\system32\dxtrans.dll + 2004-08-03 22:56 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll + 2004-08-03 22:56 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll + 2004-08-03 21:14 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys + 2004-08-03 21:14 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys + 2008-08-09 09:06 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe + 2008-08-09 09:06 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe + 2008-08-09 09:06 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll + 2004-08-03 22:56 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll - 2004-08-03 22:56 . 2004-08-03 22:56 351232 c:\windows\system32\dllcache\winhttp.dll + 2004-08-03 22:56 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll + 2004-08-03 22:56 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll + 2008-08-09 09:08 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll - 2008-08-09 09:08 . 2007-08-13 17:54 765952 c:\windows\system32\dllcache\VGX.dll + 2004-08-03 22:56 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll - 2004-08-03 22:56 . 2007-08-13 17:44 105984 c:\windows\system32\dllcache\url.dll + 2004-08-03 21:14 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys + 2004-08-03 22:56 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll + 2004-08-03 21:14 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys + 2004-08-03 22:56 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe - 2004-08-03 22:56 . 2004-08-03 22:56 144896 c:\windows\system32\dllcache\schannel.dll + 2004-08-03 22:56 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll + 2004-08-03 22:56 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll + 2004-08-03 22:56 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll - 2004-08-03 22:56 . 2004-08-03 22:56 283648 c:\windows\system32\dllcache\pdh.dll - 2004-08-03 22:56 . 2004-08-03 22:56 215552 c:\windows\system32\dllcache\osk.exe + 2004-08-03 22:56 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe + 2004-08-03 22:56 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll + 2004-08-03 22:56 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll + 2004-08-03 22:56 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll + 2004-08-03 22:56 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll + 2004-08-03 22:56 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll + 2009-02-20 18:09 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll + 2008-08-09 09:06 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2008-08-09 09:06 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll + 2008-08-09 09:06 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll + 2004-08-03 22:56 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll + 2004-08-03 22:56 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll + 2008-08-09 09:08 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe + 2009-02-20 18:09 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll + 2004-08-03 22:56 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll + 2009-02-20 18:09 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll + 2001-08-23 11:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll - 2001-08-23 11:00 . 2007-08-13 16:56 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-03 22:56 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll + 2004-08-03 22:56 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-03 22:56 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll + 2008-08-09 09:06 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll + 2004-08-03 22:56 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll + 2004-08-03 22:56 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-03 22:56 . 2007-08-13 17:35 214528 c:\windows\system32\dllcache\dxtrans.dll + 2004-08-03 22:56 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2004-08-03 22:56 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-03 22:56 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll - 2004-08-03 22:56 . 2004-08-03 22:56 616960 c:\windows\system32\dllcache\advapi32.dll + 2004-08-03 22:56 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll - 2004-08-03 22:56 . 2004-08-03 22:56 616960 c:\windows\system32\advapi32.dll + 2004-08-03 22:56 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll - 2008-11-27 11:34 . 2009-03-01 00:27 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-11-27 11:34 . 2009-05-14 01:02 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-11-27 11:34 . 2009-03-01 00:27 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-11-27 11:34 . 2009-05-14 01:02 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-11-27 11:34 . 2009-03-01 00:27 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-11-27 11:34 . 2009-05-14 01:02 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-11-27 11:34 . 2009-05-14 01:02 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-11-27 11:34 . 2009-03-01 00:27 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-11-27 11:34 . 2009-05-14 01:02 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-11-27 11:34 . 2009-03-01 00:27 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-11-27 11:34 . 2009-05-14 01:02 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-11-27 11:34 . 2009-03-01 00:27 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-11-27 11:34 . 2009-05-14 01:02 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-11-27 11:34 . 2009-03-01 00:27 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2009-05-14 01:03 . 2007-08-13 17:54 818688 c:\windows\ie7updates\KB963027-IE7\wininet.dll + 2009-05-14 01:03 . 2007-08-13 17:54 231424 c:\windows\ie7updates\KB963027-IE7\webcheck.dll + 2009-05-14 01:03 . 2007-08-13 17:44 105984 c:\windows\ie7updates\KB963027-IE7\url.dll + 2009-05-14 01:03 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll + 2009-05-14 01:03 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe + 2009-05-14 01:03 . 2007-08-13 17:44 101376 c:\windows\ie7updates\KB963027-IE7\occache.dll + 2009-05-14 01:03 . 2007-08-13 17:54 670720 c:\windows\ie7updates\KB963027-IE7\mstime.dll + 2009-05-14 01:03 . 2007-08-13 17:44 192000 c:\windows\ie7updates\KB963027-IE7\msrating.dll + 2009-05-14 01:03 . 2007-08-13 17:54 475648 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll + 2009-05-14 01:03 . 2007-08-13 17:54 458752 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll + 2009-05-14 01:03 . 2007-08-13 17:43 622080 c:\windows\ie7updates\KB963027-IE7\iexplore.exe + 2009-05-14 01:03 . 2007-08-13 17:34 266752 c:\windows\ie7updates\KB963027-IE7\iertutil.dll + 2009-05-14 01:03 . 2007-08-13 17:39 382976 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll + 2009-05-14 01:03 . 2007-07-11 11:27 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll + 2009-05-14 01:03 . 2007-08-13 16:56 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll + 2009-05-14 01:03 . 2007-08-13 17:39 229376 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll + 2009-05-14 01:03 . 2007-08-13 17:39 152064 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll + 2009-05-14 01:03 . 2007-08-13 17:54 131584 c:\windows\ie7updates\KB963027-IE7\extmgr.dll + 2009-05-14 01:03 . 2007-08-13 17:35 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll + 2009-05-14 01:03 . 2007-08-13 17:35 346624 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll + 2009-05-14 01:03 . 2007-08-13 17:39 123904 c:\windows\ie7updates\KB963027-IE7\advpack.dll + 2009-05-14 01:03 . 2007-08-13 17:54 765952 c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll + 2009-05-14 01:03 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll + 2009-05-14 01:03 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe + 2004-08-03 22:57 . 2008-06-10 05:07 2376760 c:\windows\system32\WMVCore.dll + 2004-08-03 22:56 . 2008-06-10 04:28 1028096 c:\windows\system32\WMNetmgr.dll + 2004-08-03 21:17 . 2009-02-09 10:19 1846272 c:\windows\system32\win32k.sys + 2004-08-03 22:56 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll + 2004-08-03 22:56 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll + 2004-08-03 22:56 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll - 2004-08-03 22:56 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll - 2004-08-03 21:18 . 2008-08-14 09:58 2136064 c:\windows\system32\ntoskrnl.exe + 2004-08-03 21:18 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe + 2004-08-03 22:59 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe - 2004-08-03 22:59 . 2008-08-14 09:22 2015744 c:\windows\system32\ntkrnlpa.exe + 2008-08-29 18:06 . 2008-08-29 18:06 1350664 c:\windows\system32\msxml6.dll + 2004-08-03 22:56 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll + 2007-08-13 17:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll + 2007-02-12 15:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat + 2008-08-09 11:00 . 2009-05-14 07:32 2144432 c:\windows\system32\FNTCACHE.DAT - 2008-08-09 11:00 . 2009-03-01 07:50 2144432 c:\windows\system32\FNTCACHE.DAT + 2004-08-03 22:57 . 2008-06-10 05:07 2376760 c:\windows\system32\dllcache\WMVCore.dll + 2004-08-03 22:56 . 2008-06-10 04:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll + 2004-08-03 21:17 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys + 2004-08-03 22:56 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll + 2004-08-03 22:56 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll + 2004-08-03 22:56 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll - 2004-08-03 22:56 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll + 2008-10-15 19:01 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe - 2008-10-15 19:01 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-10-15 19:01 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-10-15 19:01 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe - 2008-10-15 19:01 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-10-15 19:01 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe - 2008-10-15 19:01 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe + 2004-08-03 22:56 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll + 2009-02-20 18:09 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll + 2008-07-09 14:25 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat - 2008-11-27 11:34 . 2009-03-01 00:27 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-11-27 11:34 . 2009-05-14 01:02 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-11-27 11:34 . 2009-03-01 00:27 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-11-27 11:34 . 2009-05-14 01:02 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2006-09-15 15:25 . 2006-09-15 15:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT + 2009-05-14 01:03 . 2007-08-13 17:54 1162240 c:\windows\ie7updates\KB963027-IE7\urlmon.dll + 2009-05-14 01:03 . 2007-08-13 17:54 3578368 c:\windows\ie7updates\KB963027-IE7\mshtml.dll + 2009-05-14 01:03 . 2007-08-13 17:54 6049280 c:\windows\ie7updates\KB963027-IE7\ieframe.dll + 2009-05-14 01:03 . 2007-02-12 15:10 2451312 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat + 2008-10-15 19:01 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-10-15 19:01 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2008-10-15 19:01 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-15 19:01 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2008-10-15 19:01 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-10-15 19:01 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2008-10-15 19:01 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-09-22 06:17 . 2009-05-06 22:16 24699336 c:\windows\system32\MRT.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] "Google Update"="c:\documents and settings\Zeljko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-06 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920] "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "COMODO Internet Security"="d:\program files\Comodo\COMODO Internet Security\cfp.exe" [2008-12-01 1796856] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] c:\documents and settings\Zeljko\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-7 692224] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "d:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18589:TCP"= 18589:TCP:BitComet 18589 TCP "18589:UDP"= 18589:UDP:BitComet 18589 UDP R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/1/2008 3:23 PM 99216] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/1/2008 3:23 PM 31504] R2 OracleServiceXE;OracleServiceXE;d:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> d:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] R2 OracleXETNSListener;OracleXETNSListener;d:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 1:49 AM 204800] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;d:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> d:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2ee3169-6933-11dd-b433-001d7d5242bf}] \Shell\AutoRun\command - F:\SETUP.EXE . Contents of the 'Scheduled Tasks' folder 2009-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1614895754-682003330-1003.job - c:\documents and settings\Zeljko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-06 22:50] . . ------- Supplementary Scan ------- . uStart Page = rol.raiffeisenbank.rs/Retail uInternet Settings,ProxyOverride = .local IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: raiffeisenbank.rs\rol DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT.dll FF - ProfilePath - c:\documents and settings\Zeljko\Application Data\Mozilla\Firefox\Profiles\66fn43p0.default\ FF - component: c:\documents and settings\Zeljko\Application Data\Mozilla\Firefox\Profiles\66fn43p0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Zeljko\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin2.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin3.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin4.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin5.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin6.dll FF - plugin: d:\program files\Opera\program\plugins\npqtplugin7.dll FF - plugin: d:\program files\Opera\program\plugins\NPSWF32.dll FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-05-14 11:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(936) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(6180) c:\windows\TEMP\logishrd\LVPrcInj01.dll d:\program files\Logitech\SetPoint\GameHook.dll d:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\hnetcfg.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe d:\program files\Comodo\COMODO Internet Security\cmdagent.exe d:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe d:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe c:\windows\system32\wdfmgr.exe d:\wamp\bin\apache\apache2.2.8\bin\httpd.exe d:\wamp\bin\apache\apache2.2.8\bin\httpd.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\MSN Messenger\usnsvc.exe . ************************************************************************ . Completion time: 2009-05-14 11:45 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-14 09:45 ComboFix2.txt 2009-05-13 21:08 Pre-Run: 6,955,958,272 bytes free Post-Run: 6,940,774,400 bytes free 468 --- E O F --- 2009-05-14 01:04

Profil

dr_Bora Poslao: 14 Maj 2009 17:21 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo pokreni USBNoRisk, priključi flash drive (ako već nije priključen), pređi na Script tab i tamo iskopiraj tekst koji se nalazi unutar Kod polja: `{624d7cb6-80e5-11dd-897e-001d7d5242bf} folder_list_sub: %DRIVE%SYSTEM delete_blocked:` Klikni Run Script. Nakon nekoliko sekundi klikni desnim tasterom u prozor programa (na Monitor tabu) i izaberi Save log. Iskopiraj log u temu.

Profil

GLzealot Poslao: 15 Maj 2009 09:49 Idi na vrh
offline GLzealot Novi MyCity građanin Pridružio: 13 Maj 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga log: USBNoRisk 2.2 09 May 2009 by bobby Started at 5/15/2009 9:45:18 AM Searching for connected USB Mass storage... ---------------------------------------- I: {624d7cb6-80e5-11dd-897e-001d7d5242bf} ======================================== Searching for other storage... ---------------------------------------- C: {953827cf-6601-11dd-881a-806d6172696f} D: {953827d0-6601-11dd-881a-806d6172696f} ======================================== Scanning removable storage... ---------------------------------------- Blocked file found: I:\autorun.inf.blocked ---------------------------------------- Content of I:\autorun.inf.blocked ---------------------------------------- [autorun] open=SYSTEM\FILES\ARMY.exe ;ªÓÈÅÌÌüÏÐÅÎüÄÅÆÁÕÌÔ‘Î† ;This is Mainly Used by Driver Utility Dont Remove This File. action=Open folder to view files shell\open=Open shell\open\command=SYSTEM\FILES\ARMY.exe shell\open\default=1 ---------------------------------------- Files referenced from I:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- No Autorun.inf files found on I: No mountpoint found for 624d7cb6-80e5-11dd-897e-001d7d5242bf No Desktop.ini files found on I: No mimics found on drive I: ---------------------------------------- Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 953827cf-6601-11dd-881a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 953827d0-6601-11dd-881a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== Processing script ---------------------------------------- 624d7cb6-80e5-11dd-897e-001d7d5242bf Drive letter for GUID: I: SectionStart = 0 SectionEnd = 2 ---------------------------------------- Folder list for I:\SYSTEM: ---------------------------------------- d---- I:\SYSTEM\Apps I:\SYSTEM\Apps --a-- I:\SYSTEM\Apps\LPGDB.xml I:\SYSTEM\Apps\LPGDB.xml ----- I:\SYSTEM\Apps\LPDB.xml I:\SYSTEM\Apps\LPDB.xml dr-hs I:\SYSTEM\S-3-7-~1 I:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896 --ahs I:\SYSTEM\S-3-7-~1\Desktop.ini I:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\Desktop.ini -r-hs I:\SYSTEM\S-3-7-~1\explorer.exe I:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe dr-hs I:\SYSTEM\G-923-~1 I:\SYSTEM\G-923-321232-3232-32211-23 --ahs I:\SYSTEM\G-923-~1\Desktop.ini I:\SYSTEM\G-923-321232-3232-32211-23\Desktop.ini dr-hs I:\SYSTEM\FILES I:\SYSTEM\FILES --ahs I:\SYSTEM\FILES\Desktop.ini I:\SYSTEM\FILES\Desktop.ini ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: I:\autorun.inf.blocked > Done! ----------------------------------------

Profil

dr_Bora Poslao: 15 Maj 2009 16:30 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postupak sličan kao i ranije, samo koristi sledeću skriptu: `{624d7cb6-80e5-11dd-897e-001d7d5242bf} chaser: folder_delete: %DRIVE%SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896 folder_delete: %DRIVE%SYSTEM\G-923-321232-3232-32211-23` Sačuvaj i postavi log.

Profil

GLzealot Poslao: 15 Maj 2009 17:06 Idi na vrh
offline GLzealot Novi MyCity građanin Pridružio: 13 Maj 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo stize log: USBNoRisk 2.2 09 May 2009 by bobby Started at 5/15/2009 5:02:11 PM Searching for connected USB Mass storage... ---------------------------------------- I: {624d7cb6-80e5-11dd-897e-001d7d5242bf} ======================================== Searching for other storage... ---------------------------------------- C: {953827cf-6601-11dd-881a-806d6172696f} D: {953827d0-6601-11dd-881a-806d6172696f} ======================================== Scanning removable storage... ---------------------------------------- No blocked files found on I: No Autorun.inf files found on I: No mountpoint found for 624d7cb6-80e5-11dd-897e-001d7d5242bf No Desktop.ini files found on I: No mimics found on drive I: ---------------------------------------- Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 953827cf-6601-11dd-881a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 953827d0-6601-11dd-881a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== Processing script ---------------------------------------- 624d7cb6-80e5-11dd-897e-001d7d5242bf Drive letter for GUID: I: SectionStart = 0 SectionEnd = 3 ---------------------------------------- Find desktop.ini files on I: ---------------------------------------- No Desktop.ini files found on I:\ ---------------------------------------- Delete folder tree I:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896: ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Delete: I:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe > Error! Delete: I:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\Desktop.ini > Done! Delete: I:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896 > Error!

Profil

dr_Bora Poslao: 15 Maj 2009 17:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idemo još jednom. koristi sledeću skriptu: `{624d7cb6-80e5-11dd-897e-001d7d5242bf} f_copy: %DRIVE%SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe > c:\badfile.bak f_delete: %DRIVE%SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe folder_delete: %DRIVE%SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896 folder_delete: %DRIVE%SYSTEM\G-923-321232-3232-32211-23` Postavi log u temu. Upload-uj file: c:\badfile.bak preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Molim za proveru loga

Ko je trenutno na forumu

Ukupno su 851 korisnika na forumu :: 6 registrovanih, 2 sakrivenih i 843 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ALBION101, goxin, mgolub, MilosKop, S-lash, Shilok

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by