Ne mogu da otvorim ni jedan fajl na kompu!

Ne mogu da otvorim ni jedan fajl na kompu!

offline
  • Pridružio: 06 Sep 2005
  • Poruke: 16

Pre dva dana sestra primila neki mail koji je u attach-u imao Word dokument cudnog naziva. I naravno iz znatizelje otvorila! Kaze da se fajl nije mogao otvoriti, vec je izbacivao hijeroglife, a u pozadini se na trenutak pojavio cmd prozorcic. VIRUS!!! Pri pokretanju tog Word dokumenta, na desktopu se pojavio fajl "Update.exe" . Sutradan vec nisam mogao da otvorim ni jedan jedini fajl (word, excel, Pdf, rar..). Kada pokusam Word ili Excel fajl izbacuje hijeroglife, a za PDF fajlove pokazuje corrupted, za .rar takodje.

KAV11 antivirus nije ni reagovao. Vidim u Startup-u Update.exe, u Prog Files folder Windows Update i u njemu Update.exe, par .bat fajlova...
Pomocu Combofix-a sam nasao i ocistio sve, ponovo instalirao Office, Pdf reader... medjutim i dalje ne mogu da otvorim ni jedan fajl ukljucujuci i slike.

Moze li iko da mi pomogne. Pretpostavljam da su ovi fajlovi modifikovani u svom headeru, jer kad pokusam da odradim recover pdf dokumenta kaze da ucitani dokument nije validan, tj kao da nije pravi pdf fajl....

- Skenirao sa MalwareBytes-om 1.75 i nista nije nasao
- Skenirao sa TDSSKiller Rootkit Removal i nista
- verzija Windowsa XP SP2 Home, update do SP3

Please HELP Crying or Very sad Crying or Very sad Crying or Very sad





[ edit by magna86: korigovan naslov ]

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Korak 1.

Isprati uputstvo i dostavi potrebne izvestaje:
- DDS.txt
- Attach.txt


********************


Korak 2.

Na C particiji bi trebao biti ComboFix.txt izvestaj ako ga nisi obrisao. Prikaci ga ovde.
Takodje ako ima folder Qoobox, arhiviraj ga i posalji na ovaj link --> http://www.mycity.rs/ambulanta-upload.php


********************


Korak 3.

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 06 Sep 2005
  • Poruke: 16

Pozdrav,
po uputsvu dostavljam izvestaje i fajlove sortirane po koracima 1, 2, i 3:

-DDS.txt
-Attach.txt
-Qoobox.rar
-Combofix.txt
-Gmer1
-Gmer2
-Gmer3
-TDSKiller izvestaj

Unapred zahvaljujem!


Korak 1: Sadrzaj DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Bozidar Pejcic at 19:07:17 on 2013-04-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2508 [GMT 2:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
C:\Documents and Settings\All Users\Application Data\mts mobilni internet\OnlineUpdate\ouc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\program files\teamviewer\version6\TeamViewer.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Bozidar Pejcic\Desktop\!!!!\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AcronisTibMounterMonitor] c:\program files\common files\acronis\tibmounter\TibMounterMonitor.exe
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Bonus.SSR.FR11] "c:\program files\abbyy finereader 11\Bonus.ScreenshotReader.exe" /autorun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0DF9173C-D4E4-4A58-8A70-80670B556103} - hxxp://[removed].org:5001/plugin_3_3_3_0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358347672859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359445184000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://[removed].org:5004/activex/AMC.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{0C84C5AC-CB3D-4C37-A303-F918CAA21CCF} : NameServer = 192.168.1.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll,c:\progra~1\kasper~1\kasper~1.0fo\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.1.5 server
Hosts: 192.168.4.4 erv
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bozidar pejcic\application data\mozilla\firefox\profiles\9hbjwp8z.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-02-27 09:56; fmconverter@gmail.com; c:\program files\freemake\freemake video converter\browserplugin\Firefox
FF - ExtSQL: 2013-02-28 12:21; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\documents and settings\bozidar pejcic\application data\mozilla\firefox\profiles\9hbjwp8z.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2013-2-22 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2013-2-22 5248]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2013-4-9 93928]
R0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [2013-4-9 689672]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2013-3-28 139336]
R0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\drivers\vidsflt.sys [2013-4-9 99720]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-11-12 126480]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-1-17 231512]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-4-9 3696632]
R2 DraftSight API Service;DraftSight API Service;c:\program files\dassault systemes\draftsight\bin\dsHttpApiService.exe [2012-7-7 78336]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\kaspersky lab\networkagent 8\klnagent.exe [2011-12-8 143960]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2012-8-18 7017888]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2013-1-16 2228008]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-4-9 234752]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-2-13 73216]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2013-3-12 33280]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-9-3 24848]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2011-8-10 176128]
S2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-18 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-18 701512]
S2 mts mobilni internet. RunOuc;mts mobilni internet. OUC;c:\program files\mts mobilni internet\updatedog\ouc.exe [2013-2-13 239968]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-2-13 102784]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\bozida~1\locals~1\temp\f-secure\blacklight\fsblsrv.exe [2013-4-21 167936]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-4-15 12400]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-2-13 90112]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-18 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-18 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-1-17 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-1-17 8576]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2013-3-27 3567]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-4-19 27064]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-3-19 155320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-21 14:05:12 -------- d-----w- c:\windows\ie8updates
2013-04-20 14:14:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-04-20 14:13:58 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-04-20 14:13:35 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-04-20 14:13:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-04-20 14:12:50 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-04-20 14:12:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-04-20 14:12:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-04-20 14:12:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-04-20 14:12:47 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-20 14:12:46 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-04-20 14:12:45 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-20 14:12:43 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-04-20 14:12:00 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-04-20 14:11:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-04-20 14:11:44 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-04-20 14:10:31 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-04-20 14:10:31 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-04-20 14:10:09 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2013-04-20 14:10:09 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2013-04-20 14:10:09 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2013-04-20 14:10:09 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2013-04-20 14:10:09 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2013-04-20 14:10:09 110592 -c----w- c:\windows\system32\dllcache\services.exe
2013-04-20 14:10:08 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2013-04-20 14:09:53 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-20 14:09:53 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-20 14:09:46 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-04-20 14:09:10 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-04-20 14:09:03 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-04-20 14:08:56 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-04-20 14:08:50 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-04-20 14:08:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-04-20 14:08:06 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-04-20 14:06:55 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-04-20 14:04:48 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2013-04-20 14:04:48 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-04-20 14:04:47 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-04-20 14:04:47 2070016 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-04-20 14:04:47 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-04-20 14:04:41 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-04-20 14:04:32 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-04-20 14:03:35 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-04-20 14:03:35 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-20 14:00:56 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-04-20 14:00:49 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-04-20 14:00:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-04-20 14:00:16 -------- d-----w- c:\windows\system32\PreInstall
2013-04-19 17:28:24 -------- d-----w- c:\windows\system32\SoftwareDistribution
2013-04-19 12:44:46 -------- d-----w- c:\documents and settings\all users\Microsoft
2013-04-19 12:42:09 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-04-19 12:41:10 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\Microsoft Help
2013-04-19 11:26:26 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\Ahead
2013-04-19 11:12:29 -------- d-----w- c:\windows\ServicePackFiles
2013-04-19 11:12:17 294912 ------w- c:\program files\windows media player\dlimport.exe
2013-04-19 11:12:13 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-04-19 11:11:39 380445 ----a-w- c:\windows\system32\expsrv.dll
2013-04-19 11:11:31 978944 ----a-w- c:\windows\system32\mfc42.dll
2013-04-19 11:11:23 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2013-04-19 11:09:26 19569 ----a-w- c:\windows\003248_.tmp
2013-04-19 09:53:02 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\Juniper Networks
2013-04-19 09:52:56 -------- d-----w- c:\documents and settings\all users\application data\Juniper Networks
2013-04-19 09:20:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-04-19 09:20:28 -------- d-----w- c:\windows\SHELLNEW
2013-04-19 09:15:17 -------- d-----w- c:\program files\Wondershare
2013-04-19 09:14:45 -------- d-----w- c:\program files\PDF Password Unlocker
2013-04-19 09:12:57 -------- d-----w- c:\program files\Freeware PDF Unlocker
2013-04-19 08:50:21 -------- d-----w- C:\Output
2013-04-19 08:50:00 -------- d-----w- C:\PDFPasswordRemover
2013-04-19 08:07:20 -------- d-----w- c:\program files\Stellar Phoenix Word Recovery
2013-04-19 08:04:25 835584 ----a-w- c:\windows\system32\AxImage.ocx
2013-04-19 08:04:25 -------- d-----w- c:\program files\Kernel for Word Evaluation Ver
2013-04-19 07:37:53 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\VS Revo Group
2013-04-19 07:37:46 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-04-19 07:37:45 -------- d-----w- c:\program files\VS Revo Group
2013-04-18 19:59:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-18 19:12:53 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\Malwarebytes
2013-04-18 19:12:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-04-18 19:12:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-18 19:12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-18 08:14:28 -------- d-----w- c:\program files\Sony Mobile
2013-04-18 07:53:02 -------- d-----w- c:\program files\Android Commander
2013-04-16 07:04:50 -------- d-----w- c:\documents and settings\bozidar pejcic\.android
2013-04-16 07:04:47 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\ERoot
2013-04-15 12:55:49 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-04-15 12:55:49 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-04-15 12:40:20 -------- d-----w- C:\Flashtool
2013-04-15 11:12:23 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2013-04-15 08:22:24 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\ABBYY
2013-04-15 08:11:43 -------- d-----w- c:\program files\ABBYY FineReader 11
2013-04-15 08:11:43 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\ABBYY
2013-04-15 08:11:42 -------- d-----w- c:\documents and settings\all users\application data\ABBYY
2013-04-12 09:41:59 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2013-04-12 06:13:20 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-04-11 08:40:51 20480 ----a-w- c:\program files\windows sidebar\gadgets\pvr2remote.gadget\ClassLibrary1.dll
2013-04-11 08:40:45 -------- d-----w- c:\program files\WinFast
2013-04-10 12:43:19 2 ----a-w- c:\windows\system32\Dvbpws.dll
2013-04-10 12:24:00 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\ArcSoft
2013-04-10 12:23:14 -------- d-----w- C:\WinFast WorkArea
2013-04-10 12:20:51 15232 ----a-w- c:\windows\system32\drivers\mpe.sys
2013-04-10 12:20:42 81408 ----a-w- c:\windows\emMON.exe
2013-04-10 12:20:42 562176 ----a-w- c:\windows\system32\drivers\emOEM.sys
2013-04-10 12:20:42 113664 ----a-w- c:\windows\system32\emPRP.ax
2013-04-10 12:20:41 582016 ----a-w- c:\windows\system32\drivers\emBDA.sys
2013-04-10 12:20:37 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2013-04-10 12:20:37 363520 ----a-w- c:\windows\system32\psisdecd.dll
2013-04-10 12:20:37 33280 ----a-w- c:\windows\system32\psisrndr.ax
2013-04-10 12:20:37 11776 ----a-w- c:\windows\system32\drivers\bdasup.sys
2013-04-10 12:20:36 18432 ----a-w- c:\windows\system32\bdaplgin.ax
2013-04-09 13:42:47 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-04-09 13:42:41 806184 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2013-04-09 13:42:38 689672 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2013-04-09 13:42:23 99720 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2013-04-09 13:42:15 93928 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-03-28 07:17:17 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-03-28 07:17:04 139336 ----a-w- c:\windows\system32\drivers\vididr.sys
2013-03-28 07:17:04 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\2048BB9F-DCDB-45AB-AE02-1790A44F6DEA
2013-03-28 07:16:59 192904 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-03-28 07:12:09 -------- d-----w- c:\program files\Western Digital Corporation
2013-03-27 12:56:20 -------- d-----w- c:\program files\HDD Regenerator
2013-03-27 12:39:01 3567 ----a-w- c:\windows\system32\drivers\PortTalk.sys
2013-03-27 12:38:33 -------- d-----w- c:\program files\HDDGURU LLF Tool
2013-03-25 09:26:04 -------- d-----w- c:\program files\GPU-Z
2013-03-25 09:25:53 -------- d-----w- c:\program files\CPUID
.
==================== Find3M ====================
.
2013-04-17 12:37:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-17 12:37:25 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 18:21:16 17408 ----a-w- C:\psapi.dll
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-13 18:10:14 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 16:53:34 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 19:07:58.75 ===============


Attach.txt:

mycity.rs/must-login.png

Korak 2: Sadrzaj Combofix.txt:

ComboFix 13-04-21.01 - Bozidar Pejcic 21.04.13 23:52:54.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2625 [GMT 2:00]
Running from: d:\install1\!!!!\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\cc32100mt.dll
c:\windows\system32\Dvbpws.dll
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 )))))))))))))))))))))))))))))))
.
.
2013-04-21 20:28 . 2013-04-21 20:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-21 20:28 . 2013-04-21 20:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PrimoPDF
2013-04-21 14:05 . 2013-04-21 14:05 -------- d-----w- c:\windows\ie8updates
2013-04-20 14:14 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-04-20 14:13 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-04-20 14:13 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-04-20 14:13 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-04-20 14:12 . 2013-03-02 02:06 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-04-20 14:12 . 2013-03-02 02:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-04-20 14:12 . 2013-03-02 02:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-04-20 14:12 . 2013-03-02 02:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-04-20 14:12 . 2013-03-02 02:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-20 14:12 . 2013-03-02 02:06 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-04-20 14:12 . 2013-03-02 02:06 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-20 14:12 . 2013-03-02 02:06 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-04-20 14:12 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-04-20 14:11 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-04-20 14:11 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-04-20 14:10 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-04-20 14:10 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-04-20 14:10 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2013-04-20 14:10 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2013-04-20 14:10 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2013-04-20 14:10 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2013-04-20 14:10 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2013-04-20 14:10 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2013-04-20 14:10 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2013-04-20 14:09 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-20 14:09 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-20 14:09 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-04-20 14:09 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-04-20 14:09 . 2012-12-16 12:23 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-04-20 14:08 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-04-20 14:08 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-04-20 14:08 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-04-20 14:08 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-04-20 14:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-04-20 14:04 . 2013-03-07 01:32 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-04-20 14:04 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2013-04-20 14:04 . 2013-03-07 01:28 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-04-20 14:04 . 2013-03-07 00:50 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-04-20 14:04 . 2013-03-07 00:50 2070016 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-04-20 14:04 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-04-20 14:04 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-04-20 14:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-04-20 14:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-20 14:00 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-04-20 14:00 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-04-20 14:00 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-04-19 13:19 . 2013-04-19 13:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\GHISLER
2013-04-19 12:44 . 2013-04-19 12:44 -------- d-----w- c:\documents and settings\All Users\Microsoft
2013-04-19 12:42 . 2013-04-19 12:42 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-04-19 12:41 . 2013-04-19 12:41 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\Microsoft Help
2013-04-19 12:40 . 2013-04-19 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2013-04-19 12:40 . 2013-04-19 12:40 -------- d-----r- C:\MSOCache
2013-04-19 11:26 . 2013-04-19 11:26 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\Ahead
2013-04-19 11:12 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2013-04-19 11:12 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-04-19 11:11 . 2008-04-14 03:41 380445 ----a-w- c:\windows\system32\expsrv.dll
2013-04-19 11:11 . 2011-02-08 13:33 978944 ----a-w- c:\windows\system32\mfc42.dll
2013-04-19 11:11 . 2008-04-14 03:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2013-04-19 11:09 . 2006-12-28 22:31 19569 ----a-w- c:\windows\003248_.tmp
2013-04-19 09:53 . 2013-04-19 09:53 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\Juniper Networks
2013-04-19 09:52 . 2013-04-19 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2013-04-19 09:20 . 2013-04-19 09:20 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-04-19 09:20 . 2013-04-19 09:20 -------- d-----w- c:\windows\SHELLNEW
2013-04-19 09:15 . 2013-04-19 09:15 -------- d-----w- c:\program files\Wondershare
2013-04-19 09:14 . 2013-04-19 09:18 -------- d-----w- c:\program files\PDF Password Unlocker
2013-04-19 09:12 . 2013-04-19 09:12 -------- d-----w- c:\program files\Freeware PDF Unlocker
2013-04-19 08:50 . 2013-04-19 08:50 -------- d-----w- C:\Output
2013-04-19 08:50 . 2013-04-19 08:50 -------- d-----w- C:\PDFPasswordRemover
2013-04-19 08:07 . 2013-04-19 08:07 -------- d-----w- c:\program files\Stellar Phoenix Word Recovery
2013-04-19 08:04 . 2013-04-19 08:04 -------- d-----w- c:\program files\Kernel for Word Evaluation Ver
2013-04-19 08:04 . 2004-10-17 02:08 835584 ----a-w- c:\windows\system32\AxImage.ocx
2013-04-19 07:37 . 2013-04-19 07:37 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\VS Revo Group
2013-04-19 07:37 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-04-19 07:37 . 2013-04-19 07:37 -------- d-----w- c:\program files\VS Revo Group
2013-04-18 19:59 . 2013-04-18 19:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-18 19:29 . 2013-04-18 19:29 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\Lavasoft
2013-04-18 19:12 . 2013-04-18 19:12 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\Malwarebytes
2013-04-18 19:12 . 2013-04-18 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-18 19:12 . 2013-04-18 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-18 19:12 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-18 08:14 . 2013-04-18 08:14 -------- d-----w- c:\program files\Sony Mobile
2013-04-18 07:53 . 2013-04-18 07:58 -------- d-----w- c:\program files\Android Commander
2013-04-16 07:04 . 2013-04-16 07:04 -------- d-----w- c:\documents and settings\Bozidar Pejcic\.android
2013-04-16 07:04 . 2013-04-16 07:04 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\ERoot
2013-04-15 12:55 . 2013-02-13 18:10 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-04-15 12:55 . 2013-02-13 18:10 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-04-15 12:40 . 2013-04-15 12:50 -------- d-----w- C:\Flashtool
2013-04-15 11:12 . 2013-04-15 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2013-04-15 08:22 . 2013-04-15 08:22 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\ABBYY
2013-04-15 08:11 . 2013-04-17 07:12 -------- d-----w- c:\program files\ABBYY FineReader 11
2013-04-15 08:11 . 2013-04-15 08:11 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\ABBYY
2013-04-15 08:11 . 2013-04-15 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2013-04-12 09:41 . 2007-10-12 13:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2013-04-11 08:40 . 2013-04-11 08:40 -------- d-----w- c:\program files\Windows Sidebar
2013-04-11 08:40 . 2013-04-11 08:40 -------- d-----w- c:\program files\WinFast
2013-04-11 08:40 . 2013-04-11 08:40 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\InstallShield Installation Information
2013-04-10 12:24 . 2013-04-10 12:24 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\ArcSoft
2013-04-10 12:23 . 2013-04-10 12:23 -------- d-----w- C:\WinFast WorkArea
2013-04-10 12:20 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\mpe.sys
2013-04-10 12:20 . 2010-02-24 16:12 81408 ----a-w- c:\windows\emMON.exe
2013-04-10 12:20 . 2010-02-24 16:04 113664 ----a-w- c:\windows\system32\emPRP.ax
2013-04-10 12:20 . 2010-02-24 16:04 562176 ----a-w- c:\windows\system32\drivers\emOEM.sys
2013-04-10 12:20 . 2010-02-24 16:04 582016 ----a-w- c:\windows\system32\drivers\emBDA.sys
2013-04-10 12:20 . 2008-04-14 03:42 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2013-04-10 12:20 . 2008-04-14 03:42 33280 ----a-w- c:\windows\system32\psisrndr.ax
2013-04-10 12:20 . 2008-04-14 03:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2013-04-10 12:20 . 2008-04-13 22:16 11776 ----a-w- c:\windows\system32\drivers\bdasup.sys
2013-04-10 12:20 . 2008-04-14 03:42 18432 ----a-w- c:\windows\system32\bdaplgin.ax
2013-03-28 07:12 . 2013-03-28 07:12 -------- d-----w- c:\program files\Western Digital Corporation
2013-03-27 12:56 . 2013-03-27 14:59 -------- d-----w- c:\program files\HDD Regenerator
2013-03-27 12:39 . 2002-01-12 15:30 3567 ----a-w- c:\windows\system32\drivers\PortTalk.sys
2013-03-27 12:38 . 2013-03-27 12:38 -------- d-----w- c:\program files\HDDGURU LLF Tool
2013-03-25 09:26 . 2013-03-25 09:26 -------- d-----w- c:\program files\GPU-Z
2013-03-25 09:25 . 2013-03-25 09:25 -------- d-----w- c:\program files\CPUID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 12:37 . 2013-02-26 08:01 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-17 12:37 . 2013-01-16 17:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 18:21 . 2013-01-16 17:31 17408 ----a-w- C:\psapi.dll
2013-03-08 08:36 . 2007-07-27 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2007-07-27 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2007-07-27 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2013-01-16 14:17 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-13 18:10 . 2013-01-17 11:03 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-02-13 10:39 . 2013-02-13 10:40 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-02-13 10:39 . 2013-02-13 10:40 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-02-13 10:39 . 2013-02-13 10:40 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-02-13 10:39 . 2013-02-13 10:40 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-02-13 10:39 . 2013-02-13 10:40 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2013-02-13 10:39 . 2013-02-13 10:40 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-02-13 10:39 . 2013-02-13 10:40 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-02-13 10:39 . 2013-02-13 10:40 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-02-13 10:39 . 2013-02-13 10:40 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-02-13 10:39 . 2013-02-13 10:40 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-02-13 10:39 . 2013-02-13 10:40 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2013-02-13 10:39 . 2013-02-13 10:40 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-02-13 10:39 . 2013-02-13 10:40 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-02-12 00:32 . 2007-07-27 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 16:53 . 2013-03-15 07:12 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-02-05 16:52 . 2013-02-05 16:52 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 569344 ----a-w- c:\windows\system32\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52 491520 ----a-w- c:\windows\system32\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52 245760 ----a-w- c:\windows\system32\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52 200704 ----a-w- c:\windows\system32\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52 155648 ----a-w- c:\windows\system32\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52 143360 ----a-w- c:\windows\system32\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52 135168 ----a-w- c:\windows\system32\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52 122880 ----a-w- c:\windows\system32\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52 118784 ----a-w- c:\windows\system32\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2013-01-26 03:55 . 2007-07-27 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-12 06:13 . 2013-04-12 06:13 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2007-07-27 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-11-26 13:46 2610312 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-11-26 13:46 2610312 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-11-26 13:46 2610312 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2010-09-30 1290240]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2012-08-28 2916352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-11-26 6010784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-11-21 407736]
"AcronisTibMounterMonitor"="c:\program files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 941440]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2012-09-10 101888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-06 934152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\ABControl\\ABCONTROL.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [22.02.13 10:13 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [22.02.13 10:13 5248]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [09.04.13 15:42 93928]
R0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [09.04.13 15:42 689672]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [28.03.13 09:17 139336]
R0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\drivers\vidsflt.sys [09.04.13 15:42 99720]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.04.07 13:03 82200]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [09.04.13 15:42 3696632]
R2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [07.07.12 08:00 78336]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14.03.11 17:27 271712]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [08.12.11 16:46 143960]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [18.04.13 21:12 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18.04.13 21:12 701512]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [18.08.12 21:18 7017888]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [16.01.13 16:37 2228008]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [09.04.13 15:42 234752]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [13.02.13 12:40 73216]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [12.03.13 12:00 33280]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [03.09.09 16:24 24848]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.09.09 14:42 32272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18.04.13 21:12 22856]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10.08.11 10:21 176128]
S2 mts mobilni internet. RunOuc;mts mobilni internet. OUC;c:\program files\mts mobilni internet\UpdateDog\ouc.exe [13.02.13 12:39 239968]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [13.02.13 12:40 102784]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\BOZIDA~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe --> c:\docume~1\BOZIDA~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15.04.13 14:55 12400]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [13.02.13 12:40 90112]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.04.13 21:59 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17.01.13 13:03 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17.01.13 13:03 8576]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [27.03.13 14:39 3567]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [19.04.13 09:37 27064]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19.03.13 13:01 155320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 12:37]
.
2013-04-21 c:\windows\Tasks\User_Feed_Synchronization-{E7E5F1EC-A7ED-4329-993B-50A83356D758}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{0C84C5AC-CB3D-4C37-A303-F918CAA21CCF}: NameServer = 192.168.1.5
DPF: {0DF9173C-D4E4-4A58-8A70-80670B556103} - hxxp://[removed].org:5001/plugin_3_3_3_0.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://[removed]
.org:5004/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Bozidar Pejcic\Application Data\Mozilla\Firefox\Profiles\9hbjwp8z.default\
FF - ExtSQL: 2013-02-27 09:56; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - ExtSQL: 2013-02-28 12:21; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\documents and settings\Bozidar Pejcic\Application Data\Mozilla\Firefox\Profiles\9hbjwp8z.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-IPCameraDSFilter - c:\program files\wLite\ipds-uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-04-22 00:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(384)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\WININET.dll
c:\program files\Acronis\TrueImageHome\tishell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\All Users\Application Data\mts mobilni internet\OnlineUpdate\ouc.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\teamviewer\version6\TeamViewer.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-04-22 00:12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-21 22:12
.
Pre-Run: 21,609,242,624 bytes free
Post-Run: 21,594,636,288 bytes free
.
- - End Of File - - 26EA3A93AFA6100A8E046D7E3B4E8E10

Sadrzaj Qoobox.rar-> UPLOADED

Korak 3: Gmer 1, Gmer 2 i Gmer 3

Gmer 1
mycity.rs/must-login.png

Gmer 2
mycity.rs/must-login.png

Gmer 3
mycity.rs/must-login.png

TDSKiller.txt izvestaj:

08:52:59.0765 1504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:52:59.0781 1504 ============================================================
08:52:59.0781 1504 Current date / time: 2013/04/22 08:52:59.0781
08:52:59.0781 1504 SystemInfo:
08:52:59.0781 1504
08:52:59.0781 1504 OS Version: 5.1.2600 ServicePack: 3.0
08:52:59.0781 1504 Product type: Workstation
08:52:59.0781 1504 ComputerName: NISSAL1
08:52:59.0781 1504 UserName: Administrator
08:52:59.0781 1504 Windows directory: C:\WINDOWS
08:52:59.0781 1504 System windows directory: C:\WINDOWS
08:52:59.0781 1504 Processor architecture: Intel x86
08:52:59.0781 1504 Number of processors: 4
08:52:59.0781 1504 Page size: 0x1000
08:52:59.0781 1504 Boot type: Safe boot
08:52:59.0781 1504 ============================================================
08:53:01.0250 1504 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:53:01.0250 1504 ============================================================
08:53:01.0250 1504 \Device\Harddisk0\DR0:
08:53:01.0250 1504 MBR partitions:
08:53:01.0250 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x80014A4
08:53:01.0250 1504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x80014E3, BlocksNum 0x2711676
08:53:01.0265 1504 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA712B98, BlocksNum 0x12AB19E9
08:53:01.0265 1504 ============================================================
08:53:01.0296 1504 C: <-> \Device\Harddisk0\DR0\Partition1
08:53:01.0375 1504 D: <-> \Device\Harddisk0\DR0\Partition3
08:53:01.0406 1504 E: <-> \Device\Harddisk0\DR0\Partition2
08:53:01.0406 1504 ============================================================
08:53:01.0406 1504 Initialize success
08:53:01.0406 1504 ============================================================
08:53:17.0578 1628 ============================================================
08:53:17.0578 1628 Scan started
08:53:17.0578 1628 Mode: Manual; TDLFS;
08:53:17.0578 1628 ============================================================
08:53:18.0515 1628 ================ Scan system memory ========================
08:53:18.0515 1628 System memory - ok
08:53:18.0515 1628 ================ Scan services =============================
08:53:19.0015 1628 [ 1F61CACACB521215F39061789147968C ] a347bus C:\WINDOWS\system32\DRIVERS\a347bus.sys
08:53:19.0046 1628 a347bus - ok
08:53:19.0062 1628 [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi C:\WINDOWS\system32\Drivers\a347scsi.sys
08:53:19.0062 1628 a347scsi - ok
08:53:19.0078 1628 Abiosdsk - ok
08:53:19.0093 1628 abp480n5 - ok
08:53:19.0218 1628 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:53:19.0250 1628 ACDaemon - ok
08:53:19.0312 1628 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:53:19.0359 1628 ACPI - ok
08:53:19.0375 1628 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:53:19.0390 1628 ACPIEC - ok
08:53:19.0671 1628 [ 6A1BAC055310619836592E2C0F5584FF ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
08:53:19.0875 1628 AcrSch2Svc - ok
08:53:20.0015 1628 [ F277C43C2E0672EED28CCA0D13CE175F ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:53:20.0093 1628 ADIHdAudAddService - ok
08:53:20.0156 1628 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:53:20.0187 1628 Adobe LM Service - ok
08:53:20.0312 1628 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:53:20.0390 1628 AdobeFlashPlayerUpdateSvc - ok
08:53:20.0390 1628 adpu160m - ok
08:53:20.0437 1628 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
08:53:20.0468 1628 AEAudio - ok
08:53:20.0562 1628 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:53:20.0593 1628 aec - ok
08:53:20.0687 1628 [ DF139E5866C19E0B3217EF210198D875 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
08:53:20.0750 1628 afcdp - ok
08:53:21.0703 1628 [ 30346435058C56903C9F07BC7CABC9EA ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
08:53:22.0640 1628 afcdpsrv - ok
08:53:22.0703 1628 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:53:22.0734 1628 AFD - ok
08:53:22.0750 1628 Aha154x - ok
08:53:22.0765 1628 aic78u2 - ok
08:53:22.0781 1628 aic78xx - ok
08:53:22.0812 1628 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:53:22.0828 1628 Alerter - ok
08:53:22.0859 1628 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:53:22.0859 1628 ALG - ok
08:53:22.0875 1628 AliIde - ok
08:53:22.0890 1628 amsint - ok
08:53:22.0968 1628 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:53:23.0015 1628 AppMgmt - ok
08:53:23.0062 1628 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:53:23.0078 1628 Arp1394 - ok
08:53:23.0078 1628 asc - ok
08:53:23.0093 1628 asc3350p - ok
08:53:23.0109 1628 asc3550 - ok
08:53:23.0265 1628 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:53:23.0296 1628 aspnet_state - ok
08:53:23.0312 1628 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:53:23.0328 1628 AsyncMac - ok
08:53:23.0375 1628 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:53:23.0375 1628 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: CDFE4411A69C224BD1D11B2DA92DAC51
08:53:23.0375 1628 atapi ( LockedFile.Multi.Generic ) - warning
08:53:23.0375 1628 atapi - detected LockedFile.Multi.Generic (1)
08:53:23.0390 1628 Atdisk - ok
08:53:23.0593 1628 [ 288E9F9CB529B4F7C6B58FC53940FB46 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
08:53:23.0750 1628 Ati HotKey Poller - ok
08:53:25.0578 1628 [ 913DA327AD22C6FA44C41D36FD8CC570 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:53:27.0359 1628 ati2mtag - ok
08:53:27.0437 1628 [ 7E13F3F0F4C4C337A6949A18D1D23089 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
08:53:27.0468 1628 AtiHdmiService - ok
08:53:27.0515 1628 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:53:27.0531 1628 Atmarpc - ok
08:53:27.0578 1628 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:53:27.0593 1628 AudioSrv - ok
08:53:27.0625 1628 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:53:27.0625 1628 audstub - ok
08:53:27.0781 1628 [ 5E3F0AAEA4642BF184DEEA311C7201DE ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
08:53:27.0859 1628 AVP - ok
08:53:27.0890 1628 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:53:27.0890 1628 Beep - ok
08:53:28.0046 1628 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:53:28.0250 1628 BITS - ok
08:53:28.0281 1628 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:53:28.0312 1628 Browser - ok
08:53:28.0328 1628 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:53:28.0343 1628 BthEnum - ok
08:53:28.0390 1628 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
08:53:28.0390 1628 BTHMODEM - ok
08:53:28.0453 1628 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:53:28.0484 1628 BthPan - ok
08:53:28.0593 1628 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
08:53:28.0656 1628 BTHPORT - ok
08:53:28.0703 1628 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
08:53:28.0703 1628 BthServ - ok
08:53:28.0734 1628 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:53:28.0734 1628 BTHUSB - ok
08:53:28.0812 1628 catchme - ok
08:53:28.0859 1628 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:53:28.0859 1628 cbidf2k - ok
08:53:28.0890 1628 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:53:28.0890 1628 CCDECODE - ok
08:53:28.0906 1628 cd20xrnt - ok
08:53:28.0937 1628 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:53:28.0937 1628 Cdaudio - ok
08:53:29.0000 1628 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:53:29.0015 1628 Cdfs - ok
08:53:29.0078 1628 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:53:29.0093 1628 Cdrom - ok
08:53:29.0093 1628 Changer - ok
08:53:29.0140 1628 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:53:29.0140 1628 CiSvc - ok
08:53:29.0203 1628 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:53:29.0203 1628 ClipSrv - ok
08:53:29.0281 1628 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:53:29.0312 1628 clr_optimization_v2.0.50727_32 - ok
08:53:29.0390 1628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:53:29.0484 1628 clr_optimization_v4.0.30319_32 - ok
08:53:29.0484 1628 CmdIde - ok
08:53:29.0500 1628 COMSysApp - ok
08:53:29.0531 1628 Cpqarray - ok
08:53:29.0562 1628 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:53:29.0578 1628 CryptSvc - ok
08:53:29.0593 1628 dac2w2k - ok
08:53:29.0609 1628 dac960nt - ok
08:53:29.0734 1628 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:53:29.0828 1628 DcomLaunch - ok
08:53:29.0843 1628 dgderdrv - ok
08:53:29.0937 1628 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:53:29.0968 1628 Dhcp - ok
08:53:30.0015 1628 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:53:30.0031 1628 Disk - ok
08:53:30.0031 1628 dmadmin - ok
08:53:30.0296 1628 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:53:30.0500 1628 dmboot - ok
08:53:30.0546 1628 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:53:30.0593 1628 dmio - ok
08:53:30.0609 1628 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:53:30.0609 1628 dmload - ok
08:53:30.0656 1628 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:53:30.0656 1628 dmserver - ok
08:53:30.0703 1628 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:53:30.0718 1628 DMusic - ok
08:53:30.0750 1628 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:53:30.0765 1628 Dnscache - ok
08:53:30.0859 1628 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:53:30.0890 1628 Dot3svc - ok
08:53:30.0906 1628 dpti2o - ok
08:53:31.0000 1628 [ 3B4273C47CFB4416A99F4B1DF80C9C16 ] DraftSight API Service C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
08:53:31.0015 1628 DraftSight API Service - ok
08:53:31.0046 1628 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:53:31.0046 1628 drmkaud - ok
08:53:31.0078 1628 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:53:31.0078 1628 EapHost - ok
08:53:31.0125 1628 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:53:31.0125 1628 ERSvc - ok
08:53:31.0171 1628 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:53:31.0187 1628 Eventlog - ok
08:53:31.0281 1628 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:53:31.0343 1628 EventSystem - ok
08:53:31.0421 1628 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
08:53:31.0453 1628 ew_hwusbdev - ok
08:53:31.0453 1628 F-Secure BlackLight Sensor - ok
08:53:31.0546 1628 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:53:31.0578 1628 Fastfat - ok
08:53:31.0656 1628 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:53:31.0687 1628 FastUserSwitchingCompatibility - ok
08:53:31.0734 1628 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:53:31.0734 1628 Fdc - ok
08:53:31.0765 1628 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:53:31.0781 1628 Fips - ok
08:53:31.0812 1628 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:53:31.0812 1628 Flpydisk - ok
08:53:31.0875 1628 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:53:31.0906 1628 FltMgr - ok
08:53:31.0953 1628 [ E20D64EDF74D80874837B16506D58166 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
08:53:31.0968 1628 fltsrv - ok
08:53:32.0000 1628 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:53:32.0000 1628 Fs_Rec - ok
08:53:32.0046 1628 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:53:32.0078 1628 Ftdisk - ok
08:53:32.0109 1628 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
08:53:32.0109 1628 ggflt - ok
08:53:32.0140 1628 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
08:53:32.0140 1628 ggsemc - ok
08:53:32.0187 1628 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:53:32.0218 1628 Gpc - ok
08:53:32.0296 1628 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:53:32.0328 1628 gusvc - ok
08:53:32.0406 1628 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:53:32.0406 1628 HDAudBus - ok
08:53:32.0468 1628 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:53:32.0468 1628 helpsvc - ok
08:53:32.0500 1628 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:53:32.0515 1628 HidServ - ok
08:53:32.0546 1628 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:53:32.0546 1628 hidusb - ok
08:53:32.0609 1628 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:53:32.0625 1628 hkmsvc - ok
08:53:32.0640 1628 hpn - ok
08:53:32.0812 1628 [ 5EAACBB733C8C360247239F6874B14B4 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:53:32.0875 1628 hpqcxs08 - ok
08:53:32.0921 1628 [ 8FE93079A7C053DAFE9A0E5753E3D698 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:53:32.0953 1628 hpqddsvc - ok
08:53:33.0078 1628 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:53:33.0140 1628 HTTP - ok
08:53:33.0187 1628 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:53:33.0187 1628 HTTPFilter - ok
08:53:33.0234 1628 [ 42A64382A0607B80C99C37170911B346 ] huawei_cdcacm C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
08:53:33.0265 1628 huawei_cdcacm - ok
08:53:33.0296 1628 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
08:53:33.0312 1628 huawei_enumerator - ok
08:53:33.0484 1628 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
08:53:33.0546 1628 HWDeviceService.exe - ok
08:53:33.0562 1628 i2omgmt - ok
08:53:33.0578 1628 i2omp - ok
08:53:33.0640 1628 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:53:33.0656 1628 i8042prt - ok
08:53:33.0718 1628 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:53:33.0750 1628 IDriverT - ok
08:53:33.0781 1628 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:53:33.0796 1628 Imapi - ok
08:53:33.0875 1628 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:53:33.0906 1628 ImapiService - ok
08:53:33.0921 1628 ini910u - ok
08:53:33.0937 1628 IntelIde - ok
08:53:33.0984 1628 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:53:33.0984 1628 intelppm - ok
08:53:34.0015 1628 [ 7F4D4971E87C3C2563F86A4232F56A60 ] IOMap C:\WINDOWS\system32\drivers\IOMap.sys
08:53:34.0031 1628 IOMap - ok
08:53:34.0078 1628 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:53:34.0078 1628 Ip6Fw - ok
08:53:34.0125 1628 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:53:34.0125 1628 IpFilterDriver - ok
08:53:34.0156 1628 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:53:34.0156 1628 IpInIp - ok
08:53:34.0250 1628 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:53:34.0281 1628 IpNat - ok
08:53:34.0328 1628 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:53:34.0359 1628 IPSec - ok
08:53:34.0375 1628 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:53:34.0375 1628 IRENUM - ok
08:53:34.0437 1628 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:53:34.0437 1628 isapnp - ok
08:53:34.0562 1628 [ E731921DB2E17DCD3DB472FAD5549C57 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:53:34.0609 1628 JavaQuickStarterService - ok
08:53:34.0656 1628 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:53:34.0656 1628 Kbdclass - ok
08:53:34.0718 1628 [ A884729B0E98CD93D6511DE6D58CDC98 ] kl1 C:\WINDOWS\system32\drivers\kl1.sys
08:53:34.0750 1628 kl1 - ok
08:53:34.0765 1628 [ ADDA474C9B18FD829A6C8351485C4842 ] KLFLTDEV C:\WINDOWS\system32\DRIVERS\klfltdev.sys
08:53:34.0765 1628 KLFLTDEV - ok
08:53:34.0843 1628 [ 8561637834A84BFC5743607432FD9F41 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
08:53:34.0906 1628 KLIF - ok
08:53:34.0953 1628 [ FBDC2034B58D2135D25FE99EB8B747C3 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
08:53:34.0953 1628 klim5 - ok
08:53:35.0015 1628 [ 9159D43C5B7E324F2933DA569B7DA7CD ] klnagent C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
08:53:35.0062 1628 klnagent - ok
08:53:35.0140 1628 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:53:35.0187 1628 kmixer - ok
08:53:35.0234 1628 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:53:35.0250 1628 KSecDD - ok
08:53:35.0328 1628 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:53:35.0359 1628 lanmanserver - ok
08:53:35.0421 1628 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:53:35.0453 1628 lanmanworkstation - ok
08:53:35.0453 1628 lbrtfdc - ok
08:53:35.0531 1628 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:53:35.0531 1628 LmHosts - ok
08:53:35.0531 1628 massfilter - ok
08:53:35.0593 1628 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
08:53:35.0593 1628 MBAMProtector - ok
08:53:35.0734 1628 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:53:35.0843 1628 MBAMScheduler - ok
08:53:36.0046 1628 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:53:36.0218 1628 MBAMService - ok
08:53:36.0265 1628 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
08:53:36.0265 1628 MBAMSwissArmy - ok
08:53:36.0328 1628 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:53:36.0328 1628 Messenger - ok
08:53:36.0375 1628 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:53:36.0375 1628 mnmdd - ok
08:53:36.0406 1628 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:53:36.0421 1628 mnmsrvc - ok
08:53:36.0453 1628 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:53:36.0453 1628 Modem - ok
08:53:36.0484 1628 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:53:36.0484 1628 Mouclass - ok
08:53:36.0515 1628 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:53:36.0515 1628 mouhid - ok
08:53:36.0546 1628 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:53:36.0562 1628 MountMgr - ok
08:53:36.0640 1628 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:53:36.0671 1628 MozillaMaintenance - ok
08:53:36.0703 1628 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
08:53:36.0703 1628 MPE - ok
08:53:36.0703 1628 mraid35x - ok
08:53:36.0765 1628 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:53:36.0812 1628 MRxDAV - ok
08:53:36.0968 1628 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:53:37.0078 1628 MRxSmb - ok
08:53:37.0125 1628 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:53:37.0125 1628 MSDTC - ok
08:53:37.0156 1628 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:53:37.0156 1628 Msfs - ok
08:53:37.0171 1628 MSIServer - ok
08:53:37.0203 1628 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:53:37.0203 1628 MSKSSRV - ok
08:53:37.0218 1628 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:53:37.0234 1628 MSPCLOCK - ok
08:53:37.0265 1628 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:53:37.0265 1628 MSPQM - ok
08:53:37.0281 1628 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:53:37.0296 1628 mssmbios - ok
08:53:37.0312 1628 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:53:37.0312 1628 MSTEE - ok
08:53:37.0437 1628 [ 60AC73EB57682F361E07AE26A62DFD6A ] mts mobilni internet. RunOuc C:\Program Files\mts mobilni internet\UpdateDog\ouc.exe
08:53:37.0500 1628 mts mobilni internet. RunOuc - ok
08:53:37.0531 1628 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:53:37.0531 1628 MTsensor - ok
08:53:37.0609 1628 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:53:37.0625 1628 Mup - ok
08:53:37.0671 1628 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:53:37.0703 1628 NABTSFEC - ok
08:53:37.0796 1628 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:53:37.0875 1628 napagent - ok
08:53:37.0953 1628 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:53:37.0984 1628 NDIS - ok
08:53:38.0031 1628 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:53:38.0031 1628 NdisIP - ok
08:53:38.0062 1628 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:53:38.0062 1628 NdisTapi - ok
08:53:38.0109 1628 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:53:38.0109 1628 Ndisuio - ok
08:53:38.0140 1628 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:53:38.0171 1628 NdisWan - ok
08:53:38.0218 1628 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:53:38.0218 1628 NDProxy - ok
08:53:38.0250 1628 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:53:38.0265 1628 NetBIOS - ok
08:53:38.0343 1628 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:53:38.0390 1628 NetBT - ok
08:53:38.0468 1628 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:53:38.0500 1628 NetDDE - ok
08:53:38.0531 1628 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:53:38.0531 1628 NetDDEdsdm - ok
08:53:38.0562 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:53:38.0562 1628 Netlogon - ok
08:53:38.0656 1628 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:53:38.0703 1628 Netman - ok
08:53:38.0765 1628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:53:38.0828 1628 NetTcpPortSharing - ok
08:53:38.0921 1628 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:53:38.0937 1628 NIC1394 - ok
08:53:39.0031 1628 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:53:39.0078 1628 Nla - ok
08:53:39.0250 1628 [ C8F536FB328AFE64A7F18BBFC00B10EE ] nlsvc C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
08:53:39.0390 1628 nlsvc - ok
08:53:39.0437 1628 [ 3EE27BCFF781F07A12DF75E8BE852B0E ] nltdi C:\WINDOWS\system32\drivers\nltdi.sys
08:53:39.0468 1628 nltdi - ok
08:53:39.0500 1628 [ 33A4B24A4C4DCF3C168E2C1151A62FC5 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
08:53:39.0500 1628 nmwcd - ok
08:53:39.0531 1628 [ A77265EF7BF998B8BB22A1A23E72B45D ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
08:53:39.0546 1628 nmwcdc - ok
08:53:39.0609 1628 [ 62A8B306AACFC53D6FB08D8D36EAF61F ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
08:53:39.0640 1628 nmwcdnsu - ok
08:53:39.0656 1628 [ C0AD13045C82CC9569595223C7568B7F ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
08:53:39.0656 1628 nmwcdnsuc - ok
08:53:39.0703 1628 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:53:39.0718 1628 Npfs - ok
08:53:39.0875 1628 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:53:40.0031 1628 Ntfs - ok
08:53:40.0062 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:53:40.0062 1628 NtLmSsp - ok
08:53:40.0250 1628 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:53:40.0343 1628 NtmsSvc - ok
08:53:40.0375 1628 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:53:40.0375 1628 Null - ok
08:53:40.0421 1628 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:53:40.0421 1628 NwlnkFlt - ok
08:53:40.0437 1628 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:53:40.0453 1628 NwlnkFwd - ok
08:53:40.0484 1628 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:53:40.0500 1628 ohci1394 - ok
08:53:40.0625 1628 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:53:40.0656 1628 ose - ok
08:53:41.0968 1628 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:53:43.0156 1628 osppsvc - ok
08:53:43.0218 1628 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
08:53:43.0234 1628 Parport - ok
08:53:43.0265 1628 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:53:43.0281 1628 PartMgr - ok
08:53:43.0312 1628 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:53:43.0312 1628 ParVdm - ok
08:53:43.0343 1628 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
08:53:43.0343 1628 pccsmcfd - ok
08:53:43.0375 1628 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:53:43.0390 1628 PCI - ok
08:53:43.0406 1628 PCIDump - ok
08:53:43.0421 1628 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:53:43.0421 1628 PCIIde - ok
08:53:43.0484 1628 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:53:43.0515 1628 Pcmcia - ok
08:53:43.0515 1628 PDCOMP - ok
08:53:43.0531 1628 PDFRAME - ok
08:53:43.0546 1628 PDRELI - ok
08:53:43.0562 1628 PDRFRAME - ok
08:53:43.0578 1628 perc2 - ok
08:53:43.0593 1628 perc2hib - ok
08:53:43.0671 1628 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:53:43.0671 1628 PlugPlay - ok
08:53:43.0703 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:53:43.0703 1628 PolicyAgent - ok
08:53:43.0734 1628 [ 7D5A2D755B6C6579F63657B527D6FF1B ] PortTalk C:\WINDOWS\system32\Drivers\PortTalk.sys
08:53:43.0734 1628 PortTalk - ok
08:53:43.0765 1628 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:53:43.0781 1628 PptpMiniport - ok
08:53:43.0796 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:53:43.0796 1628 ProtectedStorage - ok
08:53:43.0843 1628 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:53:43.0859 1628 PSched - ok
08:53:43.0890 1628 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:53:43.0906 1628 Ptilink - ok
08:53:43.0906 1628 ql1080 - ok
08:53:43.0921 1628 Ql10wnt - ok
08:53:43.0937 1628 ql12160 - ok
08:53:43.0953 1628 ql1240 - ok
08:53:43.0968 1628 ql1280 - ok
08:53:44.0000 1628 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:53:44.0000 1628 RasAcd - ok
08:53:44.0062 1628 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:53:44.0093 1628 RasAuto - ok
08:53:44.0125 1628 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:53:44.0140 1628 Rasl2tp - ok
08:53:44.0234 1628 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:53:44.0281 1628 RasMan - ok
08:53:44.0312 1628 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:53:44.0328 1628 RasPppoe - ok
08:53:44.0343 1628 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:53:44.0343 1628 Raspti - ok
08:53:44.0421 1628 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:53:44.0468 1628 Rdbss - ok
08:53:44.0484 1628 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:53:44.0484 1628 RDPCDD - ok
08:53:44.0578 1628 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:53:44.0640 1628 rdpdr - ok
08:53:44.0703 1628 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:53:44.0750 1628 RDPWD - ok
08:53:44.0843 1628 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:53:44.0875 1628 RDSessMgr - ok
08:53:44.0937 1628 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:53:44.0953 1628 redbook - ok
08:53:45.0015 1628 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:53:45.0031 1628 RemoteAccess - ok
08:53:45.0093 1628 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:53:45.0109 1628 RemoteRegistry - ok
08:53:45.0140 1628 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
08:53:45.0156 1628 Revoflt - ok
08:53:45.0203 1628 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:53:45.0218 1628 RFCOMM - ok
08:53:45.0265 1628 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:53:45.0296 1628 RpcLocator - ok
08:53:45.0421 1628 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:53:45.0421 1628 RpcSs - ok
08:53:45.0484 1628 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:53:45.0515 1628 RSVP - ok
08:53:45.0578 1628 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
08:53:45.0593 1628 RTL8023xp - ok
08:53:45.0671 1628 [ 05552E37B5C0B53B7E4B95A850447E85 ] RTLWUSB C:\WINDOWS\system32\DRIVERS\RTL8187.sys
08:53:45.0718 1628 RTLWUSB - ok
08:53:45.0750 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:53:45.0750 1628 SamSs - ok
08:53:45.0812 1628 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:53:45.0828 1628 SCardSvr - ok
08:53:45.0953 1628 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:53:46.0000 1628 Schedule - ok
08:53:46.0046 1628 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:53:46.0046 1628 Secdrv - ok
08:53:46.0078 1628 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:53:46.0078 1628 seclogon - ok
08:53:46.0203 1628 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
08:53:46.0296 1628 SenFiltService - ok
08:53:46.0328 1628 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:53:46.0328 1628 SENS - ok
08:53:46.0359 1628 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:53:46.0359 1628 serenum - ok
08:53:46.0406 1628 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:53:46.0421 1628 Serial - ok
08:53:46.0671 1628 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
08:53:46.0859 1628 ServiceLayer - ok
08:53:46.0921 1628 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:53:46.0921 1628 Sfloppy - ok
08:53:47.0062 1628 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:53:47.0140 1628 SharedAccess - ok
08:53:47.0187 1628 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:53:47.0203 1628 ShellHWDetection - ok
08:53:47.0203 1628 Simbad - ok
08:53:47.0234 1628 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:53:47.0234 1628 SLIP - ok
08:53:47.0328 1628 [ 851310C1B742D2DF2D334603836FFDF5 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
08:53:47.0375 1628 snapman - ok
08:53:50.0375 1628 [ 92F7A6C3AB7DF4634A7323589C6BBB38 ] SNP2STD C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
08:53:53.0359 1628 SNP2STD - ok
08:53:53.0453 1628 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
08:53:53.0500 1628 Sony PC Companion - ok
08:53:53.0531 1628 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
08:53:53.0531 1628 SONYPVU1 - ok
08:53:53.0546 1628 Sparrow - ok
08:53:53.0593 1628 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:53:53.0593 1628 splitter - ok
08:53:53.0640 1628 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:53:53.0656 1628 Spooler - ok
08:53:53.0703 1628 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:53:53.0718 1628 sr - ok
08:53:53.0812 1628 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:53:53.0859 1628 srservice - ok
08:53:54.0000 1628 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:53:54.0078 1628 Srv - ok
08:53:54.0140 1628 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:53:54.0156 1628 SSDPSRV - ok
08:53:54.0296 1628 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:53:54.0375 1628 stisvc - ok
08:53:54.0406 1628 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:53:54.0406 1628 streamip - ok
08:53:54.0437 1628 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:53:54.0437 1628 swenum - ok
08:53:54.0484 1628 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:53:54.0484 1628 swmidi - ok
08:53:54.0500 1628 SwPrv - ok
08:53:54.0515 1628 symc810 - ok
08:53:54.0531 1628 symc8xx - ok
08:53:54.0546 1628 sym_hi - ok
08:53:54.0562 1628 sym_u3 - ok
08:53:56.0421 1628 [ 1D8C612D6589430AD8F981F615B7C528 ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
08:53:58.0328 1628 syncagentsrv - ok
08:53:58.0375 1628 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:53:58.0390 1628 sysaudio - ok
08:53:58.0453 1628 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:53:58.0468 1628 SysmonLog - ok
08:53:58.0578 1628 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:53:58.0640 1628 TapiSrv - ok
08:53:58.0765 1628 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:53:58.0843 1628 Tcpip - ok
08:53:58.0890 1628 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:53:58.0890 1628 TDPIPE - ok
08:53:59.0125 1628 [ 6345E3829FD130A144454F9F5C2A3B9E ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys
08:53:59.0328 1628 tdrpman - ok
08:53:59.0359 1628 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:53:59.0375 1628 TDTCP - ok
08:53:59.0968 1628 [ 839E88DB24D2D8F05B72E12B175951CA ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
08:54:00.0546 1628 TeamViewer6 - ok
08:54:00.0609 1628 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:54:00.0609 1628 TermDD - ok
08:54:00.0734 1628 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:54:00.0812 1628 TermService - ok
08:54:00.0859 1628 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:54:00.0859 1628 Themes - ok
08:54:01.0093 1628 [ A8C31102F448231596168FFC9F568B9A ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
08:54:01.0250 1628 tib_mounter - ok
08:54:01.0421 1628 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
08:54:01.0578 1628 timounter - ok
08:54:01.0640 1628 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:54:01.0656 1628 TlntSvr - ok
08:54:01.0656 1628 TosIde - ok
08:54:01.0718 1628 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:54:01.0750 1628 TrkWks - ok
08:54:01.0812 1628 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:54:01.0828 1628 Udfs - ok
08:54:01.0875 1628 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
08:54:01.0890 1628 UleadBurningHelper - ok
08:54:01.0906 1628 ultra - ok
08:54:02.0046 1628 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:54:02.0156 1628 Update - ok
08:54:02.0250 1628 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:54:02.0296 1628 upnphost - ok
08:54:02.0328 1628 [ B671514497DF7417F83919A6A5BD6BB9 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
08:54:02.0328 1628 upperdev - ok
08:54:02.0359 1628 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:54:02.0359 1628 UPS - ok
08:54:02.0546 1628 [ 5A1161EE3ACDB3BDAFE1ED6F2049C437 ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
08:54:02.0687 1628 USB28xxBGA - ok
08:54:02.0859 1628 [ 75DD893D53DDDAB0012DB6DB8BF0BA45 ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
08:54:03.0015 1628 USB28xxOEM - ok
08:54:03.0078 1628 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:54:03.0093 1628 usbaudio - ok
08:54:03.0125 1628 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:54:03.0125 1628 usbccgp - ok
08:54:03.0156 1628 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:54:03.0171 1628 usbehci - ok
08:54:03.0203 1628 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:54:03.0218 1628 usbhub - ok
08:54:03.0250 1628 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:54:03.0250 1628 usbprint - ok
08:54:03.0281 1628 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
08:54:03.0281 1628 usbser - ok
08:54:03.0328 1628 [ FF358FD3176B2E5605C4ACCD5026A5AC ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
08:54:03.0328 1628 UsbserFilt - ok
08:54:03.0343 1628 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:54:03.0359 1628 USBSTOR - ok
08:54:03.0375 1628 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:54:03.0390 1628 usbuhci - ok
08:54:03.0406 1628 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:54:03.0406 1628 VgaSave - ok
08:54:03.0421 1628 ViaIde - ok
08:54:03.0500 1628 [ 26B75DCB58B006867EFD659E845CD65E ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
08:54:03.0531 1628 vididr - ok
08:54:03.0562 1628 [ 40AFA68F81F90636D1300099E9CFC8CE ] vidsflt C:\WINDOWS\system32\DRIVERS\vidsflt.sys
08:54:03.0593 1628 vidsflt - ok
08:54:03.0609 1628 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:54:03.0625 1628 VolSnap - ok
08:54:03.0765 1628 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:54:03.0828 1628 VSS - ok
08:54:03.0953 1628 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:54:03.0984 1628 W32Time - ok
08:54:04.0031 1628 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:54:04.0046 1628 Wanarp - ok
08:54:04.0171 1628 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
08:54:04.0187 1628 Wdf01000 - ok
08:54:04.0187 1628 WDICA - ok
08:54:04.0265 1628 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:54:04.0281 1628 wdmaud - ok
08:54:04.0328 1628 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:54:04.0343 1628 WebClient - ok
08:54:04.0484 1628 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:54:04.0515 1628 winmgmt - ok
08:54:04.0578 1628 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:54:04.0578 1628 WinUSB - ok
08:54:04.0625 1628 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
08:54:04.0625 1628 WmdmPmSN - ok
08:54:04.0796 1628 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:54:04.0937 1628 Wmi - ok
08:54:05.0031 1628 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:54:05.0062 1628 WmiApSrv - ok
08:54:05.0093 1628 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:54:05.0109 1628 WpdUsb - ok
08:54:05.0343 1628 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:54:05.0546 1628 WPFFontCache_v0400 - ok
08:54:05.0578 1628 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:54:05.0578 1628 WS2IFSL - ok
08:54:05.0640 1628 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:54:05.0687 1628 wscsvc - ok
08:54:05.0703 1628 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:54:05.0703 1628 WSTCODEC - ok
08:54:05.0734 1628 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:54:05.0734 1628 wuauserv - ok
08:54:05.0796 1628 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:54:05.0828 1628 WudfPf - ok
08:54:05.0875 1628 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:54:05.0906 1628 WudfRd - ok
08:54:05.0968 1628 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:54:05.0984 1628 WudfSvc - ok
08:54:06.0140 1628 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:54:06.0265 1628 WZCSVC - ok
08:54:06.0328 1628 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:54:06.0390 1628 xmlprov - ok
08:54:06.0390 1628 yksvc - ok
08:54:06.0500 1628 [ F364E873C0F30E874AA4B1C919016AF6 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
08:54:06.0562 1628 yukonwxp - ok
08:54:06.0578 1628 ZTEusbmdm6k - ok
08:54:06.0593 1628 ZTEusbnmea - ok
08:54:06.0609 1628 ZTEusbser6k - ok
08:54:06.0671 1628 ================ Scan global ===============================
08:54:06.0703 1628 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:54:06.0812 1628 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:54:06.0953 1628 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:54:07.0000 1628 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:54:07.0000 1628 [Global] - ok
08:54:07.0000 1628 ================ Scan MBR ==================================
08:54:07.0015 1628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:54:07.0390 1628 \Device\Harddisk0\DR0 - ok
08:54:07.0390 1628 ================ Scan VBR ==================================
08:54:07.0406 1628 [ FFBC08E069C1DF63E193E9D8C5DF9C00 ] \Device\Harddisk0\DR0\Partition1
08:54:07.0406 1628 \Device\Harddisk0\DR0\Partition1 - ok
08:54:07.0453 1628 [ 605B53B13418FD40F8B0D512542F02A1 ] \Device\Harddisk0\DR0\Partition2
08:54:07.0453 1628 \Device\Harddisk0\DR0\Partition2 - ok
08:54:07.0453 1628 [ FD972537A4C3F0D04D5AD91752066CA3 ] \Device\Harddisk0\DR0\Partition3
08:54:07.0453 1628 \Device\Harddisk0\DR0\Partition3 - ok
08:54:07.0468 1628 ============================================================
08:54:07.0468 1628 Scan finished
08:54:07.0468 1628 ============================================================
08:54:07.0500 1608 Detected object count: 1
08:54:07.0500 1608 Actual detected object count: 1
08:54:22.0390 1608 atapi ( LockedFile.Multi.Generic ) - skipped by user
08:54:22.0390 1608 atapi ( LockedFile.Multi.Generic ) - User select action: Skip




[edit by magna86: cenzurisan deo loga na molbu korisnika]

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Malware nije prisutan, da li i dalje imas problema sa ekstenzijama?

offline
  • Pridružio: 06 Sep 2005
  • Poruke: 16

Imam problem sa otvaranjem postojecih dokumenata, tacnije ponasaju se kao da su izmenjeni u shell-u. Ne mogu da otvorim ni .doc, .xls, .pdf, .jpg. Novo kreirane dokumente mogu kasnije da otvorim i editujem, ali one od pre ulaska virusa ne mogu.

Kad otvorim neki office dokument, otvaraju se hijeroglifi.

Pise: The file you are trying to open, "Uporedna tabela.xls", is in different format than specified by the file extension. Verify that the file is not corrupted and is form a trusted source before opening the file. Do you want to open the file now?

Probao sam na drugom kompu da otvorim neki od fajlova i takodje se otvaraju hijeroglifi i pokusava da se startuje konvertor kodiranja.

evo primera:
Ovo je Word dokument od nekih 20 recenica:

Ü ZY]™Ñ ¨%– •E c-¾ }?¨5X ä¡ß´Q¶ ­™FÅÕD{F€yýuÎȯâ 0(ÅÑ[¼ÿbz¢L™FŁWñÁK9/ƒêYsäš­`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š­`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š­`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š­`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š­`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š­`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š­`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbQ? A±ÿ4Û]°Kµ }?–H=½^ìÇ

Mogao bih i da odradim upload Word fajla u kome je virus. Zipovao bih ga.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ok, posalji ga na http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 06 Sep 2005
  • Poruke: 16

Uploadovano!
Hvala na strpljenju

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Racunar je cist sto se tice malware-a. Sto se tice fajlova koje ne mozes da otvoris, mislim da je njih nemoguce povratiti. No, otvori temu u Windows potforumu i tamo objasni problem. Neko ce ti dati upute sta da radis.



Arrow Imas ostatke F-Secure antivirusa, koje je potrebno ukloniti. Nije preporucljivo imati dva antivirusa na racunaru iz vise razloga. Preuzmi i pokreni sledeci alat

ftp://ftp.f-secure.com/support/tools/uitool/UninstallationTool.zip


Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow Preuzmi i pokreni OTC. Klikni na CleanUp. Ovim ce biti obrisani korisceni alati.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

offline
  • Pridružio: 06 Sep 2005
  • Poruke: 16

PUNO HVALA NA TRUDU!

Pozdrav

Ko je trenutno na forumu
 

Ukupno su 1000 korisnika na forumu :: 55 registrovanih, 7 sakrivenih i 938 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Rade, arsa, babaroga, bojank, dane007, DeerHunter, Djokkinen, Doca, doklevise, DonRumataEstorski, Dorcolac, dragoljub11987, dule10savic, GandorCC, gorican, havoc995, ikan, Još malo pa deda, Klecaviks, KOV, Krusarac, kunktator, kybonacci, ljuba, lord sir giga, LUDI, Luka Blažević, mercedesamg, Metanoja, mgolub, milenko crazy north, MiroslavD, Misirac, mnn2, mrav pesadinac, Nemanja.M, nemkea71, Neretva, oldtimer, pein, S2M, sap, sasa87, slonic_tonic, Stoilkovic, tubular, vathra, VJ, vladulns, voja64, Volkhov-M, Wrangler, yufighter, zlaya011