MyCity » Ambulanta -> Arhiva Ambulante » problem sa drajverom

problem sa drajverom

Napisano na dan: 14.6.2011
1

problem sa drajverom
Sledeća strana Pagination

Idi na vrh

Poslao: 14 Jun 2011 00:55
Idi na vrh
offline
  • Pek 
  • Građanin
  • Pridružio: 13 Jun 2011
  • Poruke: 49

Napisano: 14 Jun 2011 0:52

Uput za ambulantu sam dobio od doktora "goran9888"
Receno mi je da preskocim opis problema je je goran sa problemom vec upoznat u drugoj temi. A evo i trazenih izvestaja Smile

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by petar at 20:37:42 on 2011-06-13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1405 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
E:\WINDOWS\system32\svchost -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Real\RealPlayer\update\realsched.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\WINDOWS\aadrive32.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\WINDOWS\System32\vssvc.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\msdtc.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
e:\program files\avira\antivir desktop\avcenter.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
mWinlogon: Taskman=c:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [NVIDIA nTune] "e:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [Tnaww] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
uRun: [BitTorrent] "e:\documents and settings\petar\my documents\downloads\BitTorrent-7.2.1.exe"
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "e:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [TkBellExe] "e:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Microsoft Driver Setup] e:\windows\aadrive32.exe
mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mExplorerRun: [Microsoft Driver Setup] e:\windows\aadrive32.exe
StartupFolder: e:\docume~1\petar\startm~1\programs\startup\magicd~1.lnk - e:\program files\magicdisc\MagicDisc.exe
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 95.180.0.18 95.180.1.2
TCP: Interfaces\{2351BE20-F994-45B3-91FC-292A618DCF64} : DhcpNameServer = 95.180.0.18 95.180.1.2
TCP: Interfaces\{5F5EE84C-4E8C-43A3-9147-E8B57A1A3FC8} : DhcpNameServer = 95.180.0.18 95.180.1.2
TCP: Interfaces\{EF71537F-16C5-426E-A4CC-AD4FED0AFD8E} : DhcpNameServer = 95.180.0.18 95.180.1.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - e:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: mdhcp32 - mdhcp32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\petar\application data\mozilla\firefox\profiles\nks6f2my.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: e:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2011-6-7 11608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [2011-6-9 218688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2011-6-7 136360]
R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2011-6-7 269480]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2011-6-7 61960]
S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2011-5-23 136176]
S2 hlbbthy;pnqej;e:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ihvqcj;Shell Boot;e:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ncsbmdwrlw;ncsbmdwrlw;"e:\docume~1\petar\locals~1\temp\dat459.tmp.exe" --service --> e:\docume~1\petar\locals~1\temp\DAT459.tmp.exe [?]
S2 Netmanm;Network Connections to Monitor;"e:\windows\system32\crssc.exe" --> e:\windows\system32\crssc.exe [?]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2011-5-10 1691480]
S3 FLASHSYS;FLASHSYS;e:\program files\msi\live update 4\lu4\FlashSys.sys [2011-6-10 9216]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;e:\program files\setup files\ms7309v270\NTIOLib.sys [2011-1-6 7680]
.
=============== Created Last 30 ================
.
2011-06-13 18:34:39 284 ----a-w- e:\documents and settings\petar\zddqj.exe
2011-06-13 18:34:11 122880 ----a-w- e:\windows\system32\48.exe
2011-06-13 18:32:03 155648 ----a-w- e:\documents and settings\petar\application data\BC.tmp
2011-06-13 18:31:02 118784 ----a-w- e:\documents and settings\petar\application data\B8.tmp
2011-06-13 18:25:26 114688 ----a-w- e:\documents and settings\petar\application data\B7.tmp
2011-06-13 18:25:19 118784 ----a-w- e:\documents and settings\petar\application data\B3.tmp
2011-06-13 18:25:14 155648 ----a-w- e:\documents and settings\petar\application data\B2.tmp
2011-06-13 18:25:03 944640 ----a-r- e:\windows\system32\NEW24.tmp
2011-06-13 18:25:03 944640 ----a-r- e:\windows\system32\fdco1.dll
2011-06-13 18:25:03 70912 ----a-r- e:\windows\system32\drivers\NVENETFD.sys
2011-06-13 18:25:01 212224 ----a-r- e:\windows\system32\drivers\nvnrm.sys
2011-06-13 18:25:01 207464 ----a-r- e:\windows\system32\nvconrm.dll
2011-06-13 18:25:01 13824 ----a-r- e:\windows\system32\drivers\nvnetbus.sys
2011-06-13 18:25:01 11264 ----a-r- e:\windows\system32\NEW19.tmp
2011-06-13 18:25:01 11264 ----a-r- e:\windows\system32\bdco1.dll
2011-06-13 18:24:58 215656 ----a-r- e:\windows\system32\NVCOSMB.DLL
2011-06-13 18:05:58 155648 ----a-w- e:\documents and settings\petar\application data\B0.tmp
2011-06-13 18:05:51 118784 ----a-w- e:\documents and settings\petar\application data\AF.tmp
2011-06-13 18:02:31 -------- d-----w- e:\program files\Realtek
2011-06-13 18:02:23 1284712 ------r- e:\windows\RtlExUpd.dll
2011-06-13 17:59:52 118784 ----a-w- e:\documents and settings\petar\application data\AE.tmp
2011-06-13 17:59:47 155648 ----a-w- e:\documents and settings\petar\application data\AD.tmp
2011-06-13 17:55:37 118784 ----a-w- e:\documents and settings\petar\application data\AC.tmp
2011-06-13 17:55:35 155648 ----a-w- e:\documents and settings\petar\application data\AB.tmp
2011-06-13 17:54:02 -------- d-----w- e:\program files\AMD APP
2011-06-13 17:51:37 -------- d-----w- E:\ATI
2011-06-13 17:45:34 114688 ----a-w- e:\documents and settings\petar\application data\AA.tmp
2011-06-13 17:45:29 118784 ----a-w- e:\documents and settings\petar\application data\A9.tmp
2011-06-13 17:45:25 155648 ----a-w- e:\documents and settings\petar\application data\A8.tmp
2011-06-13 09:37:00 95744 ----a-w- e:\documents and settings\petar\application data\A6.tmp
2011-06-13 09:36:57 132608 ----a-w- e:\documents and settings\petar\application data\A4.tmp
2011-06-13 09:36:53 93184 ----a-w- e:\documents and settings\petar\application data\A3.tmp
2011-06-13 09:34:31 95744 ----a-w- e:\documents and settings\petar\application data\A5.tmp
2011-06-13 09:34:29 132608 ----a-w- e:\documents and settings\petar\application data\A2.tmp
2011-06-13 09:19:15 95744 ----a-w- e:\documents and settings\petar\application data\A1.tmp
2011-06-13 09:19:12 93184 ----a-w- e:\documents and settings\petar\application data\A0.tmp
2011-06-13 09:19:09 132608 ----a-w- e:\documents and settings\petar\application data\9F.tmp
2011-06-13 04:22:37 132608 ----a-w- e:\documents and settings\petar\application data\9E.tmp
2011-06-13 04:22:35 95744 ----a-w- e:\documents and settings\petar\application data\9B.tmp
2011-06-12 22:51:02 132608 ----a-w- e:\documents and settings\petar\application data\97.tmp
2011-06-12 22:51:00 95744 ----a-w- e:\documents and settings\petar\application data\96.tmp
2011-06-12 22:29:59 132608 ----a-w- e:\documents and settings\petar\application data\98.tmp
2011-06-12 22:29:57 95744 ----a-w- e:\documents and settings\petar\application data\95.tmp
2011-06-12 21:35:53 95744 ----a-w- e:\documents and settings\petar\application data\94.tmp
2011-06-12 21:35:50 132608 ----a-w- e:\documents and settings\petar\application data\92.tmp
2011-06-12 14:20:42 95744 ----a-w- e:\documents and settings\petar\application data\1B6.tmp
2011-06-12 14:20:37 132608 ----a-w- e:\documents and settings\petar\application data\1B5.tmp
2011-06-12 06:40:16 95744 ----a-w- e:\documents and settings\petar\application data\91.tmp
2011-06-12 06:40:14 132608 ----a-w- e:\documents and settings\petar\application data\8F.tmp
2011-06-11 22:35:22 130560 ----a-w- e:\documents and settings\petar\application data\90.tmp
2011-06-11 19:46:45 130560 ----a-w- e:\documents and settings\petar\application data\B1.tmp
2011-06-11 19:12:40 130560 ----a-w- e:\documents and settings\petar\application data\8D.tmp
2011-06-11 06:38:20 130560 ----a-w- e:\documents and settings\petar\application data\8C.tmp
2011-06-10 17:13:45 133632 ----a-w- e:\documents and settings\petar\application data\8E.tmp
2011-06-10 17:13:41 101376 ----a-w- e:\documents and settings\petar\application data\8B.tmp
2011-06-10 16:54:16 101376 ----a-w- e:\documents and settings\petar\application data\88.tmp
2011-06-10 16:54:13 133632 ----a-w- e:\documents and settings\petar\application data\87.tmp
2011-06-10 16:44:12 729088 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-06-10 16:44:12 69715 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-06-10 16:44:12 5632 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-06-10 16:44:12 266240 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-06-10 16:44:12 192512 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-06-10 16:44:07 311428 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-06-10 16:44:07 188548 ----a-w- e:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-06-10 16:38:35 101376 ----a-w- e:\documents and settings\petar\application data\89.tmp
2011-06-10 16:38:32 133632 ----a-w- e:\documents and settings\petar\application data\86.tmp
2011-06-10 16:19:07 101376 ----a-w- e:\documents and settings\petar\application data\85.tmp
2011-06-10 16:19:05 133632 ----a-w- e:\documents and settings\petar\application data\84.tmp
2011-06-10 16:10:52 101376 ----a-w- e:\documents and settings\petar\application data\83.tmp
2011-06-10 16:10:50 133632 ----a-w- e:\documents and settings\petar\application data\82.tmp
2011-06-10 16:07:41 101376 ----a-w- e:\documents and settings\petar\application data\81.tmp
2011-06-10 16:07:36 133632 ----a-w- e:\documents and settings\petar\application data\7B.tmp
2011-06-10 16:04:30 133632 ----a-w- e:\documents and settings\petar\application data\77.tmp
2011-06-10 16:04:05 101376 ----a-w- e:\documents and settings\petar\application data\71.tmp
2011-06-10 15:54:40 98816 ----a-w- e:\documents and settings\petar\application data\75.tmp
2011-06-10 15:54:36 101376 ----a-w- e:\documents and settings\petar\application data\73.tmp
2011-06-10 15:54:31 133632 ----a-w- e:\documents and settings\petar\application data\6F.tmp
2011-06-10 15:54:28 -------- d-----w- e:\windows\system32\LogFiles
2011-06-10 15:49:03 101376 ----a-w- e:\documents and settings\petar\application data\80.tmp
2011-06-10 15:49:01 133632 ----a-w- e:\documents and settings\petar\application data\7F.tmp
2011-06-10 15:20:10 -------- d-----w- e:\program files\MSI
2011-06-10 15:19:08 -------- d-----w- e:\program files\Setup Files
2011-06-10 15:18:36 -------- d-sh--w- e:\documents and settings\petar\PrivacIE
2011-06-10 15:16:28 -------- d-----w- e:\documents and settings\petar\local settings\application data\BitTorrentBar
2011-06-10 15:12:07 101376 ----a-w- e:\documents and settings\petar\application data\6E.tmp
2011-06-10 15:12:04 133632 ----a-w- e:\documents and settings\petar\application data\6B.tmp
2011-06-10 15:05:35 101376 ----a-w- e:\documents and settings\petar\application data\68.tmp
2011-06-10 15:05:32 98816 ----a-w- e:\documents and settings\petar\application data\66.tmp
2011-06-10 15:05:30 133632 ----a-w- e:\documents and settings\petar\application data\63.tmp
2011-06-10 15:04:44 -------- d-sh--w- e:\documents and settings\petar\IETldCache
2011-06-10 15:01:53 -------- dc-h--w- e:\windows\ie8
2011-06-10 14:58:56 101376 ----a-w- e:\documents and settings\petar\application data\61.tmp
2011-06-10 14:58:53 133632 ----a-w- e:\documents and settings\petar\application data\5F.tmp
2011-06-10 14:51:54 98816 ----a-w- e:\documents and settings\petar\application data\5E.tmp
2011-06-10 14:51:52 101376 ----a-w- e:\documents and settings\petar\application data\57.tmp
2011-06-10 14:51:49 133632 ----a-w- e:\documents and settings\petar\application data\56.tmp
2011-06-10 14:50:01 327168 ----a-w- e:\windows\IsUninst.exe
2011-06-10 05:33:12 101376 ----a-w- e:\documents and settings\petar\application data\54.tmp
2011-06-10 05:33:09 133632 ----a-w- e:\documents and settings\petar\application data\52.tmp
2011-06-09 21:39:26 101376 ----a-w- e:\documents and settings\petar\application data\51.tmp
2011-06-09 21:39:23 133632 ----a-w- e:\documents and settings\petar\application data\50.tmp
2011-06-09 21:07:27 133632 ----a-w- e:\documents and settings\petar\application data\43.tmp
2011-06-09 21:07:24 101376 ----a-w- e:\documents and settings\petar\application data\41.tmp
2011-06-09 15:38:51 21840 ----atw- e:\windows\system32\SIntfNT.dll
2011-06-09 15:38:51 17212 ----atw- e:\windows\system32\SIntf32.dll
2011-06-09 15:38:51 12067 ----atw- e:\windows\system32\SIntf16.dll
2011-06-09 15:26:52 94208 ----a-w- e:\windows\DIIUnin.exe
2011-06-09 15:26:52 2829 ----a-w- e:\windows\DIIUnin.pif
2011-06-09 15:20:47 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-06-09 15:20:42 -------- d-----w- e:\program files\DAEMON Tools Lite
2011-06-09 15:20:22 -------- d-----w- e:\documents and settings\petar\application data\DAEMON Tools Lite
2011-06-09 15:20:22 -------- d-----w- e:\documents and settings\all users\application data\DAEMON Tools Lite
2011-06-09 05:55:15 -------- d-----w- e:\documents and settings\petar\application data\Soldat
2011-06-08 05:15:29 -------- d-----w- e:\windows\system32\NtmsData
2011-06-08 04:58:00 72192 --sh--r- e:\windows\aadrive32.exe
2011-06-08 04:57:58 72192 ----a-w- e:\documents and settings\petar\application data\7C.tmp
2011-06-07 20:02:05 -------- d-----w- e:\documents and settings\petar\application data\Avira
2011-06-07 20:00:56 61960 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2011-06-07 20:00:56 -------- d-----w- e:\program files\Avira
2011-06-07 20:00:56 -------- d-----w- e:\documents and settings\all users\application data\Avira
2011-06-07 17:55:06 72192 ----a-w- e:\documents and settings\petar\application data\78.tmp
2011-06-07 09:54:59 -------- d-----w- e:\documents and settings\petar\local settings\application data\ESET
2011-06-07 08:58:49 72192 ----a-w- e:\documents and settings\petar\application data\FA.tmp
2011-06-07 08:45:13 72192 ----a-w- e:\documents and settings\petar\application data\74.tmp
2011-06-07 05:45:14 72192 ----a-w- e:\documents and settings\petar\application data\72.tmp
2011-06-06 10:47:41 296110 ----a-w- e:\windows\system32\shimg.dll
2011-06-06 10:47:35 327742 ----a-w- e:\windows\system32\drivers\str.sys
2011-06-06 08:43:10 33104 ----a-w- e:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 08:43:10 32592 ----a-w- e:\windows\system32\msonpmon.dll
2011-06-06 08:40:30 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2011-06-06 08:39:57 -------- d-----w- e:\windows\SHELLNEW
2011-06-06 08:39:41 -------- d-----w- e:\documents and settings\petar\local settings\application data\Microsoft Help
2011-06-06 08:37:54 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys
2011-06-06 08:37:54 -------- d-----w- e:\program files\MagicDisc
2011-06-06 06:08:48 72192 ----a-w- e:\documents and settings\petar\application data\1B1.tmp
2011-06-06 05:47:42 72192 ----a-w- e:\documents and settings\petar\application data\1AB.tmp
2011-06-05 19:06:42 -------- d-----w- e:\program files\BitTorrent
2011-06-05 19:06:36 -------- d-----w- e:\documents and settings\petar\application data\BitTorrent
2011-06-05 17:58:02 72704 ----a-w- e:\documents and settings\petar\application data\70.tmp
2011-06-03 05:06:00 151552 ----a-w- e:\documents and settings\petar\application data\6D.tmp
2011-06-02 06:56:55 61440 ----a-w- e:\documents and settings\petar\application data\6C.tmp
2011-06-02 05:31:47 61440 ----a-w- e:\documents and settings\petar\application data\67.tmp
2011-06-01 23:21:29 61440 ----a-w- e:\documents and settings\petar\application data\65.tmp
2011-06-01 13:45:36 61440 ----a-w- e:\documents and settings\petar\application data\1C6.tmp
2011-06-01 06:22:16 61440 ----a-w- e:\documents and settings\petar\application data\60.tmp
2011-05-31 16:04:18 57344 ----a-w- e:\documents and settings\petar\application data\64.tmp
2011-05-31 12:28:12 57344 ----a-w- e:\documents and settings\petar\application data\5D.tmp
2011-05-31 11:30:30 57344 ----a-w- e:\documents and settings\petar\application data\355.tmp
2011-05-31 07:22:35 57344 ----a-w- e:\documents and settings\petar\application data\76.tmp
2011-05-31 07:07:58 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-30 21:18:21 5632 ----a-w- e:\windows\system32\ptpusb.dll
2011-05-30 21:18:21 159232 ----a-w- e:\windows\system32\ptpusd.dll
2011-05-30 21:18:21 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
2011-05-30 21:18:21 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
2011-05-30 13:27:00 93237 ----a-w- e:\documents and settings\petar\dqw.exe
2011-05-30 13:26:51 57344 ----a-w- e:\documents and settings\petar\application data\59.tmp
2011-05-30 13:26:38 57344 ----a-w- e:\documents and settings\petar\application data\55.tmp
2011-05-29 22:42:06 57344 ----a-w- e:\documents and settings\petar\application data\62.tmp
2011-05-28 20:31:19 -------- d-----w- e:\documents and settings\petar\local settings\application data\Temp
2011-05-27 08:22:01 78336 ----a-w- e:\documents and settings\petar\fbd.exe
2011-05-26 10:53:47 37697 ----a-w- e:\documents and settings\petar\application data\14E.tmp
2011-05-26 08:04:01 59035 ----a-w- e:\documents and settings\petar\application data\5C.tmp
2011-05-26 08:03:52 37697 ----a-w- e:\documents and settings\petar\application data\53.tmp
2011-05-26 08:03:26 37697 ----a-w- e:\documents and settings\petar\application data\4F.tmp
2011-05-26 08:03:25 59035 ----a-w- e:\documents and settings\petar\application data\4E.tmp
2011-05-25 21:33:12 37697 ----a-w- e:\documents and settings\petar\application data\D6.tmp
2011-05-25 21:33:11 59035 ----a-w- e:\documents and settings\petar\application data\D5.tmp
2011-05-25 18:57:22 49943 ----a-w- e:\documents and settings\petar\application data\4D.tmp
2011-05-25 18:57:20 59035 ----a-w- e:\documents and settings\petar\application data\4A.tmp
2011-05-23 21:37:39 49943 ----a-w- e:\documents and settings\petar\application data\F8.tmp
2011-05-23 21:37:38 59398 ----a-w- e:\documents and settings\petar\application data\F7.tmp
2011-05-23 20:27:58 -------- d-----w- e:\documents and settings\petar\local settings\application data\Real
2011-05-23 20:27:44 -------- d-----w- e:\program files\common files\xing shared
2011-05-23 20:26:36 -------- d-----w- e:\documents and settings\petar\local settings\application data\Google
2011-05-23 20:23:40 49943 ----a-w- e:\documents and settings\petar\application data\46.tmp
2011-05-23 20:23:36 59398 ----a-w- e:\documents and settings\petar\application data\45.tmp
2011-05-20 17:44:57 26496 -c--a-w- e:\windows\system32\dllcache\usbstor.sys
2011-05-20 16:50:54 49943 ----a-w- e:\documents and settings\petar\application data\6A.tmp
2011-05-20 16:50:53 50679 ----a-w- e:\documents and settings\petar\application data\69.tmp
2011-05-20 15:30:48 49943 ----a-w- e:\documents and settings\petar\application data\44.tmp
2011-05-20 15:30:35 49943 ----a-w- e:\documents and settings\petar\application data\42.tmp
2011-05-20 13:52:18 49943 ----a-w- e:\documents and settings\petar\application data\3D.tmp
2011-05-20 13:52:16 50679 ----a-w- e:\documents and settings\petar\application data\38.tmp
2011-05-20 09:15:26 49943 ----a-w- e:\documents and settings\petar\application data\A7.tmp
2011-05-20 06:20:50 50679 ----a-w- e:\documents and settings\petar\application data\5B.tmp
2011-05-20 06:20:47 49943 ----a-w- e:\documents and settings\petar\application data\5A.tmp
2011-05-20 04:28:44 49943 ----a-w- e:\documents and settings\petar\application data\37.tmp
2011-05-20 04:28:42 50679 ----a-w- e:\documents and settings\petar\application data\36.tmp
2011-05-19 21:37:24 49943 ----a-w- e:\documents and settings\petar\application data\176.tmp
2011-05-19 21:37:23 50679 ----a-w- e:\documents and settings\petar\application data\175.tmp
2011-05-19 16:43:36 49943 ----a-w- e:\documents and settings\petar\application data\15C.tmp
2011-05-19 16:43:35 54626 ----a-w- e:\documents and settings\petar\application data\15A.tmp
2011-05-19 16:40:15 54626 ----a-w- e:\documents and settings\petar\application data\157.tmp
2011-05-19 16:40:13 49943 ----a-w- e:\documents and settings\petar\application data\156.tmp
2011-05-19 16:36:53 53691 ----a-w- e:\documents and settings\petar\application data\153.tmp
2011-05-19 16:36:49 49943 ----a-w- e:\documents and settings\petar\application data\152.tmp
2011-05-19 15:18:09 49943 ----a-w- e:\documents and settings\petar\application data\13B.tmp
2011-05-19 15:18:07 54626 ----a-w- e:\documents and settings\petar\application data\13A.tmp
2011-05-19 12:59:22 -------- d-----w- e:\documents and settings\petar\local settings\application data\Identities
2011-05-19 11:47:02 49943 ----a-w- e:\documents and settings\petar\application data\40.tmp
2011-05-19 11:47:00 54626 ----a-w- e:\documents and settings\petar\application data\3F.tmp
2011-05-19 08:17:17 49943 ----a-w- e:\documents and settings\petar\application data\35.tmp
2011-05-19 08:17:15 54626 ----a-w- e:\documents and settings\petar\application data\34.tmp
2011-05-19 08:17:04 49943 ----a-w- e:\documents and settings\petar\application data\33.tmp
2011-05-19 08:17:02 54626 ----a-w- e:\documents and settings\petar\application data\32.tmp
2011-05-18 22:15:14 49943 ----a-w- e:\documents and settings\petar\application data\B6.tmp
2011-05-18 22:15:13 54626 ----a-w- e:\documents and settings\petar\application data\B5.tmp
2011-05-18 17:59:34 49943 ----a-w- e:\documents and settings\petar\application data\9A.tmp
2011-05-18 17:59:32 80173 ----a-w- e:\documents and settings\petar\application data\99.tmp
2011-05-18 13:50:10 49943 ----a-w- e:\documents and settings\petar\application data\7E.tmp
2011-05-18 13:50:08 80173 ----a-w- e:\documents and settings\petar\application data\7D.tmp
2011-05-18 09:32:43 49943 ----a-w- e:\documents and settings\petar\application data\4C.tmp
2011-05-18 09:32:41 80173 ----a-w- e:\documents and settings\petar\application data\4B.tmp
2011-05-18 09:05:15 49943 ----a-w- e:\documents and settings\petar\application data\31.tmp
2011-05-18 09:05:13 80408 ----a-w- e:\documents and settings\petar\application data\2F.tmp
2011-05-18 04:11:11 49943 ----a-w- e:\documents and settings\petar\application data\3C.tmp
2011-05-18 04:11:08 80173 ----a-w- e:\documents and settings\petar\application data\3B.tmp
2011-05-18 04:07:48 80408 ----a-w- e:\documents and settings\petar\application data\2E.tmp
2011-05-18 04:07:45 49943 ----a-w- e:\documents and settings\petar\application data\2D.tmp
2011-05-18 04:07:40 93693 ----a-w- e:\documents and settings\petar\dgjdd.exe
2011-05-17 21:05:14 49943 ----a-w- e:\documents and settings\petar\application data\2C.tmp
2011-05-17 21:05:12 59059 ----a-w- e:\documents and settings\petar\application data\2B.tmp
2011-05-17 20:54:41 60234 ----a-w- e:\documents and settings\petar\application data\7A.tmp
2011-05-17 20:54:39 49943 ----a-w- e:\documents and settings\petar\application data\79.tmp
2011-05-17 19:18:57 49943 ----a-w- e:\documents and settings\petar\application data\2A.tmp
2011-05-17 19:18:55 59059 ----a-w- e:\documents and settings\petar\application data\29.tmp
2011-05-17 16:00:50 60234 ----a-w- e:\documents and settings\petar\application data\28.tmp
2011-05-17 16:00:49 49943 ----a-w- e:\documents and settings\petar\application data\27.tmp
2011-05-17 07:39:10 49943 ----a-w- e:\documents and settings\petar\application data\26.tmp
2011-05-17 07:39:08 59059 ----a-w- e:\documents and settings\petar\application data\20.tmp
2011-05-16 19:11:51 -------- d-----w- e:\program files\common files\Wise Installation Wizard
2011-05-16 19:11:45 -------- d-----w- e:\documents and settings\petar\local settings\application data\2K Games
2011-05-16 17:02:41 49943 ----a-w- e:\documents and settings\petar\application data\1F.tmp
2011-05-16 12:25:53 49943 ----a-w- e:\documents and settings\petar\application data\15B.tmp
2011-05-16 12:09:28 49943 ----a-w- e:\documents and settings\petar\application data\147.tmp
2011-05-16 10:21:05 49943 ----a-w- e:\documents and settings\petar\application data\B4.tmp
2011-05-16 08:59:38 49943 ----a-w- e:\documents and settings\petar\application data\1E.tmp
2011-05-16 01:13:33 49943 ----a-w- e:\documents and settings\petar\application data\264.tmp
2011-05-15 21:53:11 49943 ----a-w- e:\documents and settings\petar\application data\3E.tmp
2011-05-15 21:31:05 49943 ----a-w- e:\documents and settings\petar\application data\1D.tmp
2011-05-15 15:18:53 49943 ----a-w- e:\documents and settings\petar\application data\8A.tmp
2011-05-15 11:19:28 49943 ----a-w- e:\documents and settings\petar\application data\58.tmp
2011-05-15 07:01:12 49943 ----a-w- e:\documents and settings\petar\application data\49.tmp
2011-05-15 06:37:04 49943 ----a-w- e:\documents and settings\petar\application data\1C.tmp
2011-05-15 02:39:20 -------- d-----w- e:\documents and settings\all users\application data\UAB
2011-05-15 02:39:18 -------- d-----w- e:\documents and settings\petar\local settings\application data\PC_Drivers_Headquarters
2011-05-15 02:39:14 -------- d-----w- e:\documents and settings\all users\application data\PC Drivers HeadQuarters
2011-05-15 02:38:32 -------- d-----w- e:\program files\PC Drivers HeadQuarters
2011-05-15 02:36:16 49943 ----a-w- e:\documents and settings\petar\application data\1B.tmp
2011-05-15 02:13:55 49943 ----a-w- e:\documents and settings\petar\application data\1A.tmp
2011-05-14 22:35:31 49943 ----a-w- e:\documents and settings\petar\application data\25.tmp
2011-05-14 21:56:12 49943 ----a-w- e:\documents and settings\petar\application data\19.tmp
.
==================== Find3M ====================
.
2011-05-23 20:27:35 499712 ----a-w- e:\windows\system32\msvcp71.dll
2011-05-17 16:00:36 92452 ----a-w- e:\documents and settings\petar\djdd.exe
2011-05-14 11:46:11 49943 ----a-w- e:\documents and settings\petar\application data\93.tmp
2011-05-14 06:07:31 49943 ----a-w- e:\documents and settings\petar\application data\18.tmp
2011-05-14 06:07:29 61949 ----a-w- e:\documents and settings\petar\application data\17.tmp
2011-05-14 01:36:36 49943 ----a-w- e:\documents and settings\petar\application data\15.tmp
2011-05-14 01:32:27 49943 ----a-w- e:\documents and settings\petar\application data\14.tmp
2011-05-14 01:09:13 49943 ----a-w- e:\documents and settings\petar\application data\12A.tmp
2011-05-13 22:21:28 49943 ----a-w- e:\documents and settings\petar\application data\24.tmp
2011-05-13 22:21:26 62184 ----a-w- e:\documents and settings\petar\application data\21.tmp
2011-05-13 21:38:34 92217 ----a-w- e:\documents and settings\petar\djd.exe
2011-05-13 21:38:17 49943 ----a-w- e:\documents and settings\petar\application data\F.tmp
2011-05-13 21:38:15 61639 ----a-w- e:\documents and settings\petar\application data\E.tmp
2011-05-13 09:45:06 62184 ----a-w- e:\documents and settings\petar\application data\48.tmp
2011-05-13 09:42:43 49943 ----a-w- e:\documents and settings\petar\application data\47.tmp
2011-05-13 06:31:18 49943 ----a-w- e:\documents and settings\petar\application data\13.tmp
2011-05-13 06:31:16 61639 ----a-w- e:\documents and settings\petar\application data\12.tmp
2011-05-13 06:19:52 49943 ----a-w- e:\documents and settings\petar\application data\B.tmp
2011-05-13 06:19:50 61639 ----a-w- e:\documents and settings\petar\application data\A.tmp
2011-05-12 17:43:45 49943 ----a-w- e:\documents and settings\petar\application data\D.tmp
2011-05-12 17:43:44 58669 ----a-w- e:\documents and settings\petar\application data\C.tmp
2011-05-12 17:40:18 49943 ----a-w- e:\documents and settings\petar\application data\9.tmp
2011-05-12 17:40:17 60469 ----a-w- e:\documents and settings\petar\application data\8.tmp
2011-05-12 15:08:25 49943 ----a-w- e:\documents and settings\petar\application data\23.tmp
2011-05-12 15:08:24 60469 ----a-w- e:\documents and settings\petar\application data\22.tmp
2011-05-12 14:00:32 49943 ----a-w- e:\documents and settings\petar\application data\7.tmp
2011-05-12 14:00:31 47509 ----a-w- e:\documents and settings\petar\application data\6.tmp
2011-05-12 14:00:29 58669 ----a-w- e:\documents and settings\petar\application data\5.tmp
2011-05-12 13:04:11 49943 ----a-w- e:\documents and settings\petar\application data\4.tmp
2011-05-12 13:04:09 60469 ----a-w- e:\documents and settings\petar\application data\3.tmp
2011-05-11 09:09:06 49943 ----a-w- e:\documents and settings\petar\application data\9D.tmp
2011-05-11 09:09:04 75463 ----a-w- e:\documents and settings\petar\application data\9C.tmp
2011-05-11 08:15:05 49943 ----a-w- e:\documents and settings\petar\application data\3A.tmp
2011-05-11 08:15:04 74368 ----a-w- e:\documents and settings\petar\application data\39.tmp
2011-05-11 04:49:55 49943 ----a-w- e:\documents and settings\petar\application data\11.tmp
2011-05-11 04:49:52 75463 ----a-w- e:\documents and settings\petar\application data\10.tmp
2011-05-11 04:42:31 49943 ----a-w- e:\documents and settings\petar\application data\2.tmp
2011-05-11 04:42:29 75463 ----a-w- e:\documents and settings\petar\application data\1.tmp
2011-05-10 17:58:00 61249 ----a-w- e:\documents and settings\petar\application data\30.tmp
2011-05-10 17:19:08 61249 --sh--r- e:\windows\ghdrive32.exe
2011-05-10 17:19:08 61249 ----a-w- e:\documents and settings\petar\application data\16.tmp
2011-05-10 17:01:58 39129 ----a-w- e:\windows\system32\07.exe
2011-05-09 11:58:20 135168 ----a-w- e:\windows\UNDPX2A.exe
2011-05-09 11:58:19 53693 ----a-w- e:\windows\UNDPX2A.sys
2011-05-09 11:58:19 15429 ----a-w- e:\windows\system32\drivers\Sacm2A.sys
2011-05-09 11:44:32 0 ----a-w- e:\windows\ativpsrm.bin
2011-04-20 02:41:56 6537728 ----a-w- e:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38:50 311296 ----a-w- e:\windows\system32\atiiiexx.dll
2011-04-20 02:29:06 57344 ----a-w- e:\windows\system32\aticalrt.dll
2011-04-20 02:29:00 53248 ----a-w- e:\windows\system32\aticalcl.dll
2011-04-20 02:24:20 5459968 ----a-w- e:\windows\system32\aticaldd.dll
2011-04-20 02:14:04 17743872 ----a-w- e:\windows\system32\atioglxx.dll
2011-04-20 02:04:00 462848 ----a-w- e:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02:58 302080 ----a-w- e:\windows\system32\ati2dvag.dll
2011-04-20 02:01:50 4017408 ----a-w- e:\windows\system32\ati3duag.dll
2011-04-20 01:55:20 1115008 ----a-w- e:\windows\system32\ativvamv.dll
2011-04-20 01:45:06 3265920 ----a-w- e:\windows\system32\ativvaxx.dll
2011-04-20 01:44:34 212992 ----a-w- e:\windows\system32\atipdlxx.dll
2011-04-20 01:44:22 155648 ----a-w- e:\windows\system32\Oemdspif.dll
2011-04-20 01:44:14 26112 ----a-w- e:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44:06 43520 ----a-w- e:\windows\system32\ati2edxx.dll
2011-04-20 01:43:54 188416 ----a-w- e:\windows\system32\ati2evxx.dll
2011-04-20 01:42:40 643072 ----a-w- e:\windows\system32\ati2evxx.exe
2011-04-20 01:41:22 53248 ----a-w- e:\windows\system32\ATIDDC.DLL
2011-04-20 01:40:08 151552 ----a-w- e:\windows\system32\atiapfxx.exe
2011-04-20 01:36:24 651264 ----a-w- e:\windows\system32\atikvmag.dll
2011-04-20 01:34:10 200704 ----a-w- e:\windows\system32\atiadlxx.dll
2011-04-20 01:33:52 17408 ----a-w- e:\windows\system32\atitvo32.dll
2011-04-20 01:30:48 503808 ----a-w- e:\windows\system32\atiok3x2.dll
2011-04-20 01:28:32 851968 ----a-w- e:\windows\system32\ati2cqag.dll
2011-04-20 01:27:32 64512 ----a-w- e:\windows\system32\atimpc32.dll
2011-04-20 01:27:32 64512 ----a-w- e:\windows\system32\amdpcom32.dll
2011-04-20 01:26:26 53248 ----a-w- e:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10:32 59904 ----a-w- e:\windows\system32\OVDecode.dll
2011-04-19 20:10:18 51712 ----a-w- e:\windows\system32\OpenCL.dll
2011-04-19 20:10:02 12385280 ----a-w- e:\windows\system32\amdocl.dll
.
============= FINISH: 20:38:39.76 ===============



mycity.rs/must-login.png

Dopuna: 14 Jun 2011 0:55

Nisam bas ukapirao tutorial za otvaranje temi ovde iako je napisan detaljno pa nisam okacio gmer logove. Ali ih jesam uradio. Ukoliko su potrebni okacicu ih.

Poslao: 14 Jun 2011 05:28
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav Pek!







U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow

Postavi i GMER izvestaje da pogledam.









goran9888 (AMF Tim)

Poslao: 14 Jun 2011 12:39
Idi na vrh
offline
  • Pek 
  • Građanin
  • Pridružio: 13 Jun 2011
  • Poruke: 49

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 14 Jun 2011 13:37
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 14 Jun 2011 14:55
Idi na vrh
offline
  • Pek 
  • Građanin
  • Pridružio: 13 Jun 2011
  • Poruke: 49

Napisano: 14 Jun 2011 14:52

Evo doco. Smile

ComboFix 11-06-13.06 - petar 06/14/2011 14:37:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1519 [GMT 2:00]
Running from: e:\documents and settings\petar\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\recycler\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
e:\documents and settings\petar\Application Data\1.tmp
e:\documents and settings\petar\Application Data\10.tmp
e:\documents and settings\petar\Application Data\11.tmp
e:\documents and settings\petar\Application Data\12.tmp
e:\documents and settings\petar\Application Data\12A.tmp
e:\documents and settings\petar\Application Data\13.tmp
e:\documents and settings\petar\Application Data\13A.tmp
e:\documents and settings\petar\Application Data\13B.tmp
e:\documents and settings\petar\Application Data\14.tmp
e:\documents and settings\petar\Application Data\147.tmp
e:\documents and settings\petar\Application Data\14E.tmp
e:\documents and settings\petar\Application Data\15.tmp
e:\documents and settings\petar\Application Data\152.tmp
e:\documents and settings\petar\Application Data\153.tmp
e:\documents and settings\petar\Application Data\156.tmp
e:\documents and settings\petar\Application Data\157.tmp
e:\documents and settings\petar\Application Data\15A.tmp
e:\documents and settings\petar\Application Data\15B.tmp
e:\documents and settings\petar\Application Data\15C.tmp
e:\documents and settings\petar\Application Data\16.tmp
e:\documents and settings\petar\Application Data\17.tmp
e:\documents and settings\petar\Application Data\175.tmp
e:\documents and settings\petar\Application Data\176.tmp
e:\documents and settings\petar\Application Data\18.tmp
e:\documents and settings\petar\Application Data\19.tmp
e:\documents and settings\petar\Application Data\1A.tmp
e:\documents and settings\petar\Application Data\1AB.tmp
e:\documents and settings\petar\Application Data\1B.tmp
e:\documents and settings\petar\Application Data\1B1.tmp
e:\documents and settings\petar\Application Data\1B5.tmp
e:\documents and settings\petar\Application Data\1B6.tmp
e:\documents and settings\petar\Application Data\1C.tmp
e:\documents and settings\petar\Application Data\1C6.tmp
e:\documents and settings\petar\Application Data\1D.tmp
e:\documents and settings\petar\Application Data\1E.tmp
e:\documents and settings\petar\Application Data\1F.tmp
e:\documents and settings\petar\Application Data\2.tmp
e:\documents and settings\petar\Application Data\20.tmp
e:\documents and settings\petar\Application Data\21.tmp
e:\documents and settings\petar\Application Data\22.tmp
e:\documents and settings\petar\Application Data\23.tmp
e:\documents and settings\petar\Application Data\24.tmp
e:\documents and settings\petar\Application Data\25.tmp
e:\documents and settings\petar\Application Data\26.tmp
e:\documents and settings\petar\Application Data\264.tmp
e:\documents and settings\petar\Application Data\27.tmp
e:\documents and settings\petar\Application Data\28.tmp
e:\documents and settings\petar\Application Data\29.tmp
e:\documents and settings\petar\Application Data\2A.tmp
e:\documents and settings\petar\Application Data\2B.tmp
e:\documents and settings\petar\Application Data\2C.tmp
e:\documents and settings\petar\Application Data\2D.tmp
e:\documents and settings\petar\Application Data\2E.tmp
e:\documents and settings\petar\Application Data\2F.tmp
e:\documents and settings\petar\Application Data\3.tmp
e:\documents and settings\petar\Application Data\30.tmp
e:\documents and settings\petar\Application Data\31.tmp
e:\documents and settings\petar\Application Data\32.tmp
e:\documents and settings\petar\Application Data\33.tmp
e:\documents and settings\petar\Application Data\34.tmp
e:\documents and settings\petar\Application Data\35.tmp
e:\documents and settings\petar\Application Data\355.tmp
e:\documents and settings\petar\Application Data\36.tmp
e:\documents and settings\petar\Application Data\37.tmp
e:\documents and settings\petar\Application Data\38.tmp
e:\documents and settings\petar\Application Data\39.tmp
e:\documents and settings\petar\Application Data\3A.tmp
e:\documents and settings\petar\Application Data\3B.tmp
e:\documents and settings\petar\Application Data\3C.tmp
e:\documents and settings\petar\Application Data\3D.tmp
e:\documents and settings\petar\Application Data\3E.tmp
e:\documents and settings\petar\Application Data\3F.tmp
e:\documents and settings\petar\Application Data\4.tmp
e:\documents and settings\petar\Application Data\40.tmp
e:\documents and settings\petar\Application Data\41.tmp
e:\documents and settings\petar\Application Data\42.tmp
e:\documents and settings\petar\Application Data\43.tmp
e:\documents and settings\petar\Application Data\44.tmp
e:\documents and settings\petar\Application Data\45.tmp
e:\documents and settings\petar\Application Data\46.tmp
e:\documents and settings\petar\Application Data\47.tmp
e:\documents and settings\petar\Application Data\48.tmp
e:\documents and settings\petar\Application Data\49.tmp
e:\documents and settings\petar\Application Data\4A.tmp
e:\documents and settings\petar\Application Data\4B.tmp
e:\documents and settings\petar\Application Data\4C.tmp
e:\documents and settings\petar\Application Data\4D.tmp
e:\documents and settings\petar\Application Data\4E.tmp
e:\documents and settings\petar\Application Data\4F.tmp
e:\documents and settings\petar\Application Data\5.tmp
e:\documents and settings\petar\Application Data\50.tmp
e:\documents and settings\petar\Application Data\51.tmp
e:\documents and settings\petar\Application Data\52.tmp
e:\documents and settings\petar\Application Data\53.tmp
e:\documents and settings\petar\Application Data\54.tmp
e:\documents and settings\petar\Application Data\55.tmp
e:\documents and settings\petar\Application Data\56.tmp
e:\documents and settings\petar\Application Data\57.tmp
e:\documents and settings\petar\Application Data\58.tmp
e:\documents and settings\petar\Application Data\59.tmp
e:\documents and settings\petar\Application Data\5A.tmp
e:\documents and settings\petar\Application Data\5B.tmp
e:\documents and settings\petar\Application Data\5C.tmp
e:\documents and settings\petar\Application Data\5D.tmp
e:\documents and settings\petar\Application Data\5E.tmp
e:\documents and settings\petar\Application Data\5F.tmp
e:\documents and settings\petar\Application Data\6.tmp
e:\documents and settings\petar\Application Data\60.tmp
e:\documents and settings\petar\Application Data\61.tmp
e:\documents and settings\petar\Application Data\62.tmp
e:\documents and settings\petar\Application Data\63.tmp
e:\documents and settings\petar\Application Data\64.tmp
e:\documents and settings\petar\Application Data\65.tmp
e:\documents and settings\petar\Application Data\66.tmp
e:\documents and settings\petar\Application Data\67.tmp
e:\documents and settings\petar\Application Data\68.tmp
e:\documents and settings\petar\Application Data\69.tmp
e:\documents and settings\petar\Application Data\6A.tmp
e:\documents and settings\petar\Application Data\6B.tmp
e:\documents and settings\petar\Application Data\6C.tmp
e:\documents and settings\petar\Application Data\6D.tmp
e:\documents and settings\petar\Application Data\6E.tmp
e:\documents and settings\petar\Application Data\6F.tmp
e:\documents and settings\petar\Application Data\7.tmp
e:\documents and settings\petar\Application Data\70.tmp
e:\documents and settings\petar\Application Data\71.tmp
e:\documents and settings\petar\Application Data\72.tmp
e:\documents and settings\petar\Application Data\73.tmp
e:\documents and settings\petar\Application Data\74.tmp
e:\documents and settings\petar\Application Data\75.tmp
e:\documents and settings\petar\Application Data\76.tmp
e:\documents and settings\petar\Application Data\77.tmp
e:\documents and settings\petar\Application Data\78.tmp
e:\documents and settings\petar\Application Data\79.tmp
e:\documents and settings\petar\Application Data\7A.tmp
e:\documents and settings\petar\Application Data\7B.tmp
e:\documents and settings\petar\Application Data\7C.tmp
e:\documents and settings\petar\Application Data\7D.tmp
e:\documents and settings\petar\Application Data\7E.tmp
e:\documents and settings\petar\Application Data\7F.tmp
e:\documents and settings\petar\Application Data\8.tmp
e:\documents and settings\petar\Application Data\80.tmp
e:\documents and settings\petar\Application Data\81.tmp
e:\documents and settings\petar\Application Data\82.tmp
e:\documents and settings\petar\Application Data\83.tmp
e:\documents and settings\petar\Application Data\84.tmp
e:\documents and settings\petar\Application Data\85.tmp
e:\documents and settings\petar\Application Data\86.tmp
e:\documents and settings\petar\Application Data\87.tmp
e:\documents and settings\petar\Application Data\88.tmp
e:\documents and settings\petar\Application Data\89.tmp
e:\documents and settings\petar\Application Data\8A.tmp
e:\documents and settings\petar\Application Data\8B.tmp
e:\documents and settings\petar\Application Data\8C.tmp
e:\documents and settings\petar\Application Data\8D.tmp
e:\documents and settings\petar\Application Data\8E.tmp
e:\documents and settings\petar\Application Data\8F.tmp
e:\documents and settings\petar\Application Data\9.tmp
e:\documents and settings\petar\Application Data\90.tmp
e:\documents and settings\petar\Application Data\91.tmp
e:\documents and settings\petar\Application Data\92.tmp
e:\documents and settings\petar\Application Data\93.tmp
e:\documents and settings\petar\Application Data\94.tmp
e:\documents and settings\petar\Application Data\95.tmp
e:\documents and settings\petar\Application Data\96.tmp
e:\documents and settings\petar\Application Data\97.tmp
e:\documents and settings\petar\Application Data\98.tmp
e:\documents and settings\petar\Application Data\99.tmp
e:\documents and settings\petar\Application Data\9A.tmp
e:\documents and settings\petar\Application Data\9B.tmp
e:\documents and settings\petar\Application Data\9C.tmp
e:\documents and settings\petar\Application Data\9D.tmp
e:\documents and settings\petar\Application Data\9E.tmp
e:\documents and settings\petar\Application Data\9F.tmp
e:\documents and settings\petar\Application Data\A.tmp
e:\documents and settings\petar\Application Data\A0.tmp
e:\documents and settings\petar\Application Data\A1.tmp
e:\documents and settings\petar\Application Data\A2.tmp
e:\documents and settings\petar\Application Data\A3.tmp
e:\documents and settings\petar\Application Data\A4.tmp
e:\documents and settings\petar\Application Data\A5.tmp
e:\documents and settings\petar\Application Data\A6.tmp
e:\documents and settings\petar\Application Data\A7.tmp
e:\documents and settings\petar\Application Data\A8.tmp
e:\documents and settings\petar\Application Data\A9.tmp
e:\documents and settings\petar\Application Data\AA.tmp
e:\documents and settings\petar\Application Data\AB.tmp
e:\documents and settings\petar\Application Data\AC.tmp
e:\documents and settings\petar\Application Data\AD.tmp
e:\documents and settings\petar\Application Data\AE.tmp
e:\documents and settings\petar\Application Data\AF.tmp
e:\documents and settings\petar\Application Data\B.tmp
e:\documents and settings\petar\Application Data\B0.tmp
e:\documents and settings\petar\Application Data\B1.tmp
e:\documents and settings\petar\Application Data\B2.tmp
e:\documents and settings\petar\Application Data\B3.tmp
e:\documents and settings\petar\Application Data\B4.tmp
e:\documents and settings\petar\Application Data\B5.tmp
e:\documents and settings\petar\Application Data\B6.tmp
e:\documents and settings\petar\Application Data\B7.tmp
e:\documents and settings\petar\Application Data\B8.tmp
e:\documents and settings\petar\Application Data\B9.tmp
e:\documents and settings\petar\Application Data\BA.tmp
e:\documents and settings\petar\Application Data\BB.tmp
e:\documents and settings\petar\Application Data\BC.tmp
e:\documents and settings\petar\Application Data\BD.tmp
e:\documents and settings\petar\Application Data\BE.tmp
e:\documents and settings\petar\Application Data\BF.tmp
e:\documents and settings\petar\Application Data\C.tmp
e:\documents and settings\petar\Application Data\C0.tmp
e:\documents and settings\petar\Application Data\D.tmp
e:\documents and settings\petar\Application Data\D2.tmp
e:\documents and settings\petar\Application Data\D3.tmp
e:\documents and settings\petar\Application Data\D5.tmp
e:\documents and settings\petar\Application Data\D6.tmp
e:\documents and settings\petar\Application Data\E.tmp
e:\documents and settings\petar\Application Data\F.tmp
e:\documents and settings\petar\Application Data\F7.tmp
e:\documents and settings\petar\Application Data\F8.tmp
e:\documents and settings\petar\Application Data\FA.tmp
e:\documents and settings\petar\Application Data\Voyayv.exe
e:\documents and settings\petar\Desktop\Setup.exe
e:\documents and settings\petar\dgjdd.exe
e:\documents and settings\petar\djd.exe
e:\documents and settings\petar\djdd.exe
e:\documents and settings\petar\dqw.exe
e:\documents and settings\petar\fbd.exe
e:\documents and settings\petar\zddqj.exe
e:\windows\aadrive32.exe
e:\windows\ghdrive32.exe
e:\windows\system32\07.exe
e:\windows\system32\48.exe
e:\windows\system32\crt.dat
e:\windows\system32\drivers\str.sys
e:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-13 18:25 . 2010-03-04 16:05 944640 ----a-r- e:\windows\system32\NEW24.tmp
2011-06-13 18:25 . 2010-03-04 16:05 944640 ----a-r- e:\windows\system32\fdco1.dll
2011-06-13 18:25 . 2010-03-04 16:02 70912 ----a-r- e:\windows\system32\drivers\NVENETFD.sys
2011-06-13 18:25 . 2010-03-04 16:05 11264 ----a-r- e:\windows\system32\NEW19.tmp
2011-06-13 18:25 . 2010-03-04 16:05 11264 ----a-r- e:\windows\system32\bdco1.dll
2011-06-13 18:25 . 2010-03-04 16:02 13824 ----a-r- e:\windows\system32\drivers\nvnetbus.sys
2011-06-13 18:25 . 2010-03-04 16:02 212224 ----a-r- e:\windows\system32\drivers\nvnrm.sys
2011-06-13 18:25 . 2010-03-03 23:49 207464 ----a-r- e:\windows\system32\nvconrm.dll
2011-06-13 18:24 . 2010-03-22 10:28 215656 ----a-r- e:\windows\system32\NVCOSMB.DLL
2011-06-13 18:02 . 2011-02-25 17:37 1284712 ------r- e:\windows\RtlExUpd.dll
2011-06-13 17:55 . 2011-06-13 17:55 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI
2011-06-13 17:54 . 2011-06-13 17:54 -------- d-----w- e:\program files\AMD APP
2011-06-13 17:51 . 2011-06-13 17:51 -------- d-----w- E:\ATI
2011-06-10 16:44 . 2003-11-10 16:14 729088 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-06-10 16:44 . 2003-11-10 16:13 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-06-10 16:44 . 2003-11-10 16:12 266240 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-06-10 16:44 . 2003-11-10 16:12 192512 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-06-10 16:44 . 2003-11-10 16:11 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-06-10 16:44 . 2011-06-10 16:44 311428 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-06-10 16:44 . 2011-06-10 16:44 188548 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-06-10 15:54 . 2011-06-10 15:54 -------- d-----w- e:\windows\system32\LogFiles
2011-06-10 15:20 . 2011-06-10 15:20 -------- d-----w- e:\program files\MSI
2011-06-10 15:19 . 2011-06-10 16:44 -------- d-----w- e:\program files\Setup Files
2011-06-10 15:18 . 2011-06-10 15:18 -------- d-sh--w- e:\documents and settings\petar\PrivacIE
2011-06-10 15:16 . 2011-06-10 15:16 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\BitTorrentBar
2011-06-10 15:05 . 2011-06-10 15:05 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache
2011-06-10 15:04 . 2011-06-10 15:04 -------- d-sh--w- e:\documents and settings\petar\IETldCache
2011-06-10 15:01 . 2011-06-10 15:03 -------- dc-h--w- e:\windows\ie8
2011-06-10 14:50 . 1998-10-02 17:00 327168 ----a-w- e:\windows\IsUninst.exe
2011-06-09 15:38 . 2011-06-09 15:45 21840 ----atw- e:\windows\system32\SIntfNT.dll
2011-06-09 15:38 . 2011-06-09 15:45 17212 ----atw- e:\windows\system32\SIntf32.dll
2011-06-09 15:38 . 2011-06-09 15:45 12067 ----atw- e:\windows\system32\SIntf16.dll
2011-06-09 15:26 . 2011-06-09 15:26 94208 ----a-w- e:\windows\DIIUnin.exe
2011-06-09 15:26 . 2011-06-09 15:26 2829 ----a-w- e:\windows\DIIUnin.pif
2011-06-09 15:20 . 2011-06-09 15:20 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-06-09 15:20 . 2011-06-09 15:20 -------- d-----w- e:\program files\DAEMON Tools Lite
2011-06-09 15:20 . 2011-06-09 15:21 -------- d-----w- e:\documents and settings\petar\Application Data\DAEMON Tools Lite
2011-06-09 15:20 . 2011-06-09 15:20 -------- d-----w- e:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2011-06-09 05:55 . 2011-06-09 05:55 -------- d-----w- e:\documents and settings\petar\Application Data\Soldat
2011-06-08 05:15 . 2011-06-13 18:32 -------- d-----w- e:\windows\system32\NtmsData
2011-06-07 20:02 . 2011-06-07 20:02 -------- d-----w- e:\documents and settings\petar\Application Data\Avira
2011-06-07 20:00 . 2011-06-07 20:00 -------- d-----w- e:\program files\Avira
2011-06-07 20:00 . 2011-06-07 20:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Avira
2011-06-07 20:00 . 2011-04-01 15:07 61960 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2011-06-07 20:00 . 2011-04-01 15:07 137656 ----a-w- e:\windows\system32\drivers\avipbb.sys
2011-06-07 20:00 . 2010-06-17 13:27 45416 ----a-w- e:\windows\system32\drivers\avgntdd.sys
2011-06-07 20:00 . 2010-06-17 13:27 22360 ----a-w- e:\windows\system32\drivers\avgntmgr.sys
2011-06-07 09:54 . 2011-06-07 09:54 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\ESET
2011-06-07 08:58 . 2011-06-07 08:58 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-06-07 08:57 . 2011-06-07 08:57 -------- d-----w- e:\documents and settings\All Users\Application Data\ESET
2011-06-06 08:43 . 2006-10-26 17:56 33104 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 08:43 . 2006-10-26 17:56 32592 ----a-w- e:\windows\system32\msonpmon.dll
2011-06-06 08:42 . 2011-06-06 08:42 -------- d-----w- e:\program files\Microsoft Works
2011-06-06 08:42 . 2011-06-06 08:42 -------- d-----w- e:\program files\MSBuild
2011-06-06 08:41 . 2011-06-06 08:41 -------- d-----w- e:\program files\Microsoft.NET
2011-06-06 08:40 . 2011-06-06 08:40 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2011-06-06 08:39 . 2011-06-06 08:42 -------- d-----w- e:\windows\SHELLNEW
2011-06-06 08:39 . 2011-06-06 08:39 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Microsoft Help
2011-06-06 08:39 . 2011-06-06 08:43 -------- d-----w- e:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-06 08:39 . 2011-06-06 08:39 -------- d-----r- E:\MSOCache
2011-06-06 08:37 . 2011-06-06 08:37 -------- d-----w- e:\program files\MagicDisc
2011-06-06 08:37 . 2009-02-24 16:42 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys
2011-06-05 19:06 . 2011-06-05 19:06 -------- d-----w- e:\program files\BitTorrent
2011-06-05 19:06 . 2011-06-13 17:56 -------- d-----w- e:\documents and settings\petar\Application Data\BitTorrent
2011-05-31 07:07 . 2011-06-07 05:47 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-30 21:18 . 2004-08-03 22:56 159232 ----a-w- e:\windows\system32\ptpusd.dll
2011-05-30 21:18 . 2004-08-03 20:58 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
2011-05-30 21:18 . 2004-08-03 20:58 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
2011-05-30 21:18 . 2001-08-17 20:36 5632 ----a-w- e:\windows\system32\ptpusb.dll
2011-05-28 20:31 . 2011-06-08 05:31 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Temp
2011-05-23 20:31 . 2011-05-23 20:31 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Real
2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\program files\Common Files\xing shared
2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\program files\Real
2011-05-23 20:26 . 2011-05-23 20:26 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-23 20:26 . 2011-05-31 20:31 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Google
2011-05-23 20:26 . 2011-05-23 20:27 -------- d-----w- e:\program files\Google
2011-05-20 17:44 . 2004-08-03 21:08 26496 -c--a-w- e:\windows\system32\dllcache\usbstor.sys
2011-05-19 12:59 . 2011-05-19 12:59 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Identities
2011-05-16 19:11 . 2011-05-16 19:11 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2011-05-16 19:11 . 2011-05-16 19:11 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\2K Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-23 20:27 . 2007-07-03 14:40 499712 ----a-w- e:\windows\system32\msvcp71.dll
2011-05-09 11:58 . 2004-06-11 09:31 135168 ----a-w- e:\windows\UNDPX2A.exe
2011-05-09 11:58 . 2004-06-11 09:34 53693 ----a-w- e:\windows\UNDPX2A.sys
2011-05-09 11:58 . 2004-06-10 18:42 15429 ----a-w- e:\windows\system32\drivers\Sacm2A.sys
2011-04-20 02:41 . 2011-05-09 11:44 6537728 ----a-w- e:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2011-05-09 11:44 311296 ----a-w- e:\windows\system32\atiiiexx.dll
2011-04-20 02:04 . 2011-05-09 11:44 462848 ----a-w- e:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2011-05-09 11:44 302080 ----a-w- e:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2011-05-09 11:44 4017408 ----a-w- e:\windows\system32\ati3duag.dll
2011-04-20 01:45 . 2011-05-09 11:44 3265920 ----a-w- e:\windows\system32\ativvaxx.dll
2011-04-20 01:28 . 2011-05-09 11:44 851968 ----a-w- e:\windows\system32\ati2cqag.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- e:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- e:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- e:\windows\system32\amdocl.dll
2011-04-14 16:26 . 2011-05-09 11:24 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . e:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . e:\windows\system32\drivers\tcpip.sys
.
[-] 2007-08-24 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . e:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BitTorrent"="e:\documents and settings\petar\My Documents\Downloads\BitTorrent-7.2.1.exe" [2011-06-05 4771184]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="e:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-23 273544]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
.
e:\documents and settings\petar\Start Menu\Programs\Startup\
MagicDisc.lnk - e:\program files\MagicDisc\MagicDisc.exe [2011-6-6 576000]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Documents and Settings\\petar\\My Documents\\Downloads\\BitTorrent-7.2.1.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1217:TCP"= 1217:TCP:vuxcqanb
"7197:TCP"= 7197:TCP:biuanqjz
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [6/9/2011 5:20 PM 218688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [6/7/2011 10:00 PM 136360]
S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [5/23/2011 10:26 PM 136176]
S2 hlbbthy;pnqej;e:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ihvqcj;Shell Boot;e:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ncsbmdwrlw;ncsbmdwrlw;"e:\docume~1\petar\LOCALS~1\Temp\DAT459.tmp.exe" --SERVICE --> e:\docume~1\petar\LOCALS~1\Temp\DAT459.tmp.exe [?]
S2 Netmanm;Network Connections to Monitor;"e:\windows\system32\crssc.exe" --> e:\windows\system32\crssc.exe [?]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5/10/2011 6:20 PM 1691480]
S3 FLASHSYS;FLASHSYS;e:\program files\MSI\Live Update 4\LU4\FlashSys.sys [6/10/2011 5:20 PM 9216]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;e:\program files\Setup Files\Ms7309v270\NTIOLib.sys [1/6/2011 11:04 AM 7680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hlbbthy
ihvqcj
rvcgcbp
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-14 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 20:26]
.
2011-06-14 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 20:26]
.
2011-06-14 e:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-839522115-1003.job
- e:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-06-14 e:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-839522115-1003.job
- e:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 95.180.0.18 95.180.1.2
FF - ProfilePath - e:\documents and settings\petar\Application Data\Mozilla\Firefox\Profiles\nks6f2my.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Voyayv - e:\documents and settings\petar\Application Data\Voyayv.exe
HKLM-Run-RTHDCPL - RTHDCPL.EXE
HKLM-Run-SkyTel - SkyTel.EXE
Notify-mdhcp32 - mdhcp32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-06-14 14:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hlbbthy]
"ServiceDll"="e:\windows\system32\wptpj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ihvqcj]
"ServiceDll"="e:\program files\Movie Maker\wptpj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rvcgcbp]
"ServiceDll"="e:\windows\system32\wptpj.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"=""
"ScreenshotsDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="d:\\FM Genie Scout 11\\History Points"
"LangDB"="d:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009ee6
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="34-F675-28D3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000004
"StaffSearchFeatureNum"=dword:00000001
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000003
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:000001a6
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3748-)
e:\windows\system32\msi.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program files\Avira\AntiVir Desktop\avguard.exe
e:\program files\NVIDIA Corporation\nTune\nTuneService.exe
e:\program files\Avira\AntiVir Desktop\avshadow.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
.
**************************************************************************
.
Completion time: 2011-06-14 14:50:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-14 12:50
.
Pre-Run: 134,794,375,168 bytes free
Post-Run: 138,634,833,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 8A9412C2C0E9DE7B3855DC04D7E0A772

Dopuna: 14 Jun 2011 14:55

Imam aviru al ne mogu da se konektujem na sajt avirin tako da nije updated. I stalno izbacuje da je pronasla ove .tmp fajlove ali nije uspela da ih obrise.

Poslao: 14 Jun 2011 16:33
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow Korak 1

Skini i instaliraj sledeci Security Update: LINK
Takodje, ukljuci Windows Firewall: Start -> Control Panel -> Windows Firewall -> ON -> Ok.



Arrow Korak 2


Otvoriti Notepad i iskopirati sledeci tekst:

File::
e:\windows\system32\wptpj.dll
e:\program files\Movie Maker\wptpj.dll
e:\windows\system32\wptpj.dll
e:\docume~1\petar\LOCALS~1\Temp\DAT459.tmp.exe
e:\windows\system32\crssc.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1217:TCP"=-
"7197:TCP"=-

Driver::
hlbbthy
ihvqcj
ncsbmdwrlw
Netmanm

NetSvc::
hlbbthy
ihvqcj
rvcgcbp

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.






goran9888 (AMF Tim)

Poslao: 14 Jun 2011 16:35
Idi na vrh
offline
  • Pek 
  • Građanin
  • Pridružio: 13 Jun 2011
  • Poruke: 49

Link ne radi... Nisam uradio ovo sa skriptom zbog toga sto nisam siguran da li ima veze sa ovim linkom.

Poslao: 14 Jun 2011 17:04
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pek ::Link ne radi... Nisam uradio ovo sa skriptom zbog toga sto nisam siguran da li ima veze sa ovim linkom.



A ovaj: LINK

Poslao: 14 Jun 2011 17:52
Idi na vrh
offline
  • Pek 
  • Građanin
  • Pridružio: 13 Jun 2011
  • Poruke: 49

Napisano: 14 Jun 2011 17:16

Ni taj... Ti mozes da otvoris ove linkove?

Dopuna: 14 Jun 2011 17:52

Proradio je ovaj drugi link sto si mi dao Wink

ComboFix 11-06-13.06 - petar 06/14/2011 17:46:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1545 [GMT 2:00]
Running from: e:\documents and settings\petar\My Documents\Downloads\ComboFix.exe
Command switches used :: e:\documents and settings\petar\Desktop\CFScript.txt
.
FILE ::
"e:\docume~1\petar\LOCALS~1\Temp\DAT459.tmp.exe"
"e:\program files\Movie Maker\wptpj.dll"
"e:\windows\system32\crssc.exe"
"e:\windows\system32\wptpj.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\windows\system32\wptpj.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HLBBTHY
-------\Legacy_IHVQCJ
-------\Legacy_NCSBMDWRLW
-------\Legacy_NETMANM
-------\Service_hlbbthy
-------\Service_ihvqcj
-------\Service_ncsbmdwrlw
-------\Service_Netmanm
-------\Legacy_rvcgcbp
-------\Service_rvcgcbp
.
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-13 18:25 . 2010-03-04 16:05 944640 ----a-r- e:\windows\system32\NEW24.tmp
2011-06-13 18:25 . 2010-03-04 16:05 944640 ----a-r- e:\windows\system32\fdco1.dll
2011-06-13 18:25 . 2010-03-04 16:02 70912 ----a-r- e:\windows\system32\drivers\NVENETFD.sys
2011-06-13 18:25 . 2010-03-04 16:05 11264 ----a-r- e:\windows\system32\NEW19.tmp
2011-06-13 18:25 . 2010-03-04 16:05 11264 ----a-r- e:\windows\system32\bdco1.dll
2011-06-13 18:25 . 2010-03-04 16:02 13824 ----a-r- e:\windows\system32\drivers\nvnetbus.sys
2011-06-13 18:25 . 2010-03-04 16:02 212224 ----a-r- e:\windows\system32\drivers\nvnrm.sys
2011-06-13 18:25 . 2010-03-03 23:49 207464 ----a-r- e:\windows\system32\nvconrm.dll
2011-06-13 18:24 . 2010-03-22 10:28 215656 ----a-r- e:\windows\system32\NVCOSMB.DLL
2011-06-13 18:02 . 2011-02-25 17:37 1284712 ------r- e:\windows\RtlExUpd.dll
2011-06-13 17:55 . 2011-06-13 17:55 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI
2011-06-13 17:54 . 2011-06-13 17:54 -------- d-----w- e:\program files\AMD APP
2011-06-13 17:51 . 2011-06-13 17:51 -------- d-----w- E:\ATI
2011-06-10 16:44 . 2003-11-10 16:14 729088 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-06-10 16:44 . 2003-11-10 16:13 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-06-10 16:44 . 2003-11-10 16:12 266240 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-06-10 16:44 . 2003-11-10 16:12 192512 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-06-10 16:44 . 2003-11-10 16:11 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-06-10 16:44 . 2011-06-10 16:44 311428 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-06-10 16:44 . 2011-06-10 16:44 188548 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-06-10 15:54 . 2011-06-10 15:54 -------- d-----w- e:\windows\system32\LogFiles
2011-06-10 15:20 . 2011-06-10 15:20 -------- d-----w- e:\program files\MSI
2011-06-10 15:19 . 2011-06-10 16:44 -------- d-----w- e:\program files\Setup Files
2011-06-10 15:18 . 2011-06-10 15:18 -------- d-sh--w- e:\documents and settings\petar\PrivacIE
2011-06-10 15:16 . 2011-06-10 15:16 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\BitTorrentBar
2011-06-10 15:05 . 2011-06-10 15:05 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache
2011-06-10 15:04 . 2011-06-10 15:04 -------- d-sh--w- e:\documents and settings\petar\IETldCache
2011-06-10 15:01 . 2011-06-10 15:03 -------- dc-h--w- e:\windows\ie8
2011-06-10 14:50 . 1998-10-02 17:00 327168 ----a-w- e:\windows\IsUninst.exe
2011-06-09 15:38 . 2011-06-09 15:45 21840 ----atw- e:\windows\system32\SIntfNT.dll
2011-06-09 15:38 . 2011-06-09 15:45 17212 ----atw- e:\windows\system32\SIntf32.dll
2011-06-09 15:38 . 2011-06-09 15:45 12067 ----atw- e:\windows\system32\SIntf16.dll
2011-06-09 15:26 . 2011-06-09 15:26 94208 ----a-w- e:\windows\DIIUnin.exe
2011-06-09 15:26 . 2011-06-09 15:26 2829 ----a-w- e:\windows\DIIUnin.pif
2011-06-09 15:20 . 2011-06-09 15:20 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys
2011-06-09 15:20 . 2011-06-09 15:20 -------- d-----w- e:\program files\DAEMON Tools Lite
2011-06-09 15:20 . 2011-06-09 15:21 -------- d-----w- e:\documents and settings\petar\Application Data\DAEMON Tools Lite
2011-06-09 15:20 . 2011-06-09 15:20 -------- d-----w- e:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2011-06-09 05:55 . 2011-06-09 05:55 -------- d-----w- e:\documents and settings\petar\Application Data\Soldat
2011-06-08 05:15 . 2011-06-13 18:32 -------- d-----w- e:\windows\system32\NtmsData
2011-06-07 20:02 . 2011-06-07 20:02 -------- d-----w- e:\documents and settings\petar\Application Data\Avira
2011-06-07 20:00 . 2011-06-07 20:00 -------- d-----w- e:\program files\Avira
2011-06-07 20:00 . 2011-06-07 20:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Avira
2011-06-07 20:00 . 2011-04-01 15:07 61960 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2011-06-07 20:00 . 2011-04-01 15:07 137656 ----a-w- e:\windows\system32\drivers\avipbb.sys
2011-06-07 20:00 . 2010-06-17 13:27 45416 ----a-w- e:\windows\system32\drivers\avgntdd.sys
2011-06-07 20:00 . 2010-06-17 13:27 22360 ----a-w- e:\windows\system32\drivers\avgntmgr.sys
2011-06-07 09:54 . 2011-06-07 09:54 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\ESET
2011-06-07 08:58 . 2011-06-07 08:58 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-06-07 08:57 . 2011-06-07 08:57 -------- d-----w- e:\documents and settings\All Users\Application Data\ESET
2011-06-06 08:43 . 2006-10-26 17:56 33104 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 08:43 . 2006-10-26 17:56 32592 ----a-w- e:\windows\system32\msonpmon.dll
2011-06-06 08:42 . 2011-06-06 08:42 -------- d-----w- e:\program files\Microsoft Works
2011-06-06 08:42 . 2011-06-06 08:42 -------- d-----w- e:\program files\MSBuild
2011-06-06 08:41 . 2011-06-06 08:41 -------- d-----w- e:\program files\Microsoft.NET
2011-06-06 08:40 . 2011-06-06 08:40 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2011-06-06 08:39 . 2011-06-06 08:42 -------- d-----w- e:\windows\SHELLNEW
2011-06-06 08:39 . 2011-06-06 08:39 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Microsoft Help
2011-06-06 08:39 . 2011-06-06 08:43 -------- d-----w- e:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-06 08:39 . 2011-06-06 08:39 -------- d-----r- E:\MSOCache
2011-06-06 08:37 . 2011-06-06 08:37 -------- d-----w- e:\program files\MagicDisc
2011-06-06 08:37 . 2009-02-24 16:42 116736 ----a-w- e:\windows\system32\drivers\mcdbus.sys
2011-06-05 19:06 . 2011-06-05 19:06 -------- d-----w- e:\program files\BitTorrent
2011-06-05 19:06 . 2011-06-13 17:56 -------- d-----w- e:\documents and settings\petar\Application Data\BitTorrent
2011-05-31 07:07 . 2011-06-07 05:47 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-30 21:18 . 2004-08-03 22:56 159232 ----a-w- e:\windows\system32\ptpusd.dll
2011-05-30 21:18 . 2004-08-03 20:58 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
2011-05-30 21:18 . 2004-08-03 20:58 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
2011-05-30 21:18 . 2001-08-17 20:36 5632 ----a-w- e:\windows\system32\ptpusb.dll
2011-05-28 20:31 . 2011-06-08 05:31 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Temp
2011-05-23 20:31 . 2011-05-23 20:31 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Real
2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\program files\Common Files\xing shared
2011-05-23 20:27 . 2011-05-23 20:27 -------- d-----w- e:\program files\Real
2011-05-23 20:26 . 2011-05-23 20:26 -------- d-----w- e:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-23 20:26 . 2011-05-31 20:31 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Google
2011-05-23 20:26 . 2011-05-23 20:27 -------- d-----w- e:\program files\Google
2011-05-20 17:44 . 2004-08-03 21:08 26496 -c--a-w- e:\windows\system32\dllcache\usbstor.sys
2011-05-19 12:59 . 2011-05-19 12:59 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\Identities
2011-05-16 19:11 . 2011-05-16 19:11 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2011-05-16 19:11 . 2011-05-16 19:11 -------- d-----w- e:\documents and settings\petar\Local Settings\Application Data\2K Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-23 20:27 . 2007-07-03 14:40 499712 ----a-w- e:\windows\system32\msvcp71.dll
2011-05-09 11:58 . 2004-06-11 09:31 135168 ----a-w- e:\windows\UNDPX2A.exe
2011-05-09 11:58 . 2004-06-11 09:34 53693 ----a-w- e:\windows\UNDPX2A.sys
2011-05-09 11:58 . 2004-06-10 18:42 15429 ----a-w- e:\windows\system32\drivers\Sacm2A.sys
2011-04-20 02:41 . 2011-05-09 11:44 6537728 ----a-w- e:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2011-05-09 11:44 311296 ----a-w- e:\windows\system32\atiiiexx.dll
2011-04-20 02:04 . 2011-05-09 11:44 462848 ----a-w- e:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2011-05-09 11:44 302080 ----a-w- e:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2011-05-09 11:44 4017408 ----a-w- e:\windows\system32\ati3duag.dll
2011-04-20 01:45 . 2011-05-09 11:44 3265920 ----a-w- e:\windows\system32\ativvaxx.dll
2011-04-20 01:28 . 2011-05-09 11:44 851968 ----a-w- e:\windows\system32\ati2cqag.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- e:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- e:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- e:\windows\system32\amdocl.dll
2011-04-14 16:26 . 2011-05-09 11:24 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . e:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . e:\windows\system32\drivers\tcpip.sys
.
[-] 2007-08-24 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . e:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-06-14_12.48.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-14 15:50 . 2011-06-14 15:50 16384 e:\windows\Temp\Perflib_Perfdata_52c.dat
+ 2011-06-14 15:41 . 2007-11-30 11:18 17272 e:\windows\system32\spmsg.dll
+ 2001-08-23 12:00 . 2011-06-14 15:47 58596 e:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2011-06-14 04:13 58596 e:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-06-14 15:47 392296 e:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-06-14 04:13 392296 e:\windows\system32\perfh009.dat
+ 2004-08-03 22:56 . 2008-10-15 16:57 332800 e:\windows\system32\netapi32.dll
+ 2004-08-03 22:56 . 2008-10-15 16:57 332800 e:\windows\system32\dllcache\netapi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"BitTorrent"="e:\documents and settings\petar\My Documents\Downloads\BitTorrent-7.2.1.exe" [2011-06-05 4771184]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="e:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-23 273544]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
.
e:\documents and settings\petar\Start Menu\Programs\Startup\
MagicDisc.lnk - e:\program files\MagicDisc\MagicDisc.exe [2011-6-6 576000]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Documents and Settings\\petar\\My Documents\\Downloads\\BitTorrent-7.2.1.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [6/9/2011 5:20 PM 218688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [6/7/2011 10:00 PM 136360]
S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [5/23/2011 10:26 PM 136176]
S2 rvcgcbp;System Task;e:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5/10/2011 6:20 PM 1691480]
S3 FLASHSYS;FLASHSYS;e:\program files\MSI\Live Update 4\LU4\FlashSys.sys [6/10/2011 5:20 PM 9216]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;e:\program files\Setup Files\Ms7309v270\NTIOLib.sys [1/6/2011 11:04 AM 7680]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-14 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 20:26]
.
2011-06-14 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 20:26]
.
2011-06-14 e:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-839522115-1003.job
- e:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-06-14 e:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-839522115-1003.job
- e:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 95.180.0.18 95.180.1.2
FF - ProfilePath - e:\documents and settings\petar\Application Data\Mozilla\Firefox\Profiles\nks6f2my.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-06-14 17:50
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rvcgcbp]
"ServiceDll"="e:\windows\system32\wptpj.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"=""
"ScreenshotsDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="e:\\Documents and Settings\\petar\\My Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="d:\\FM Genie Scout 11\\History Points"
"LangDB"="d:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009ee6
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="34-F675-28D3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000004
"StaffSearchFeatureNum"=dword:00000001
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000003
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:000001a6
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
e:\windows\system32\COMRes.dll
.
- - - - - - - > 'explorer.exe'(292)
e:\windows\system32\msi.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program files\Avira\AntiVir Desktop\avguard.exe
e:\program files\Avira\AntiVir Desktop\avshadow.exe
e:\program files\NVIDIA Corporation\nTune\nTuneService.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
e:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-14 17:51:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-14 15:51
ComboFix2.txt 2011-06-14 12:50
.
Pre-Run: 138,621,460,480 bytes free
Post-Run: 138,538,467,328 bytes free
.
- - End Of File - - 01B1DEABD430F77C751787A0BA00E3CD

Poslao: 15 Jun 2011 12:33
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow Korak 1

Otvoriti Notepad i iskopirati sledeci tekst:

File::
e:\windows\system32\wptpj.dll
e:\program files\Movie Maker\wptpj.dll
e:\windows\system32\crssc.exe

Driver::
rvcgcbp

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.




Arrow Korak 2


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).





goran9888 (AMF Tim)

MyCity » Ambulanta -> Arhiva Ambulante » problem sa drajverom

Ko je trenutno na forumu
 

Ukupno su 1020 korisnika na forumu :: 42 registrovanih, 9 sakrivenih i 969 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., amaterSRB, babaroga, bojankrstc, Bokiboks, ccoogg123, Centauro, comi_pfc, debeli, djolew, Dvojac005, FOX, Georgius, gorican, HrcAk47, Karla, kobaja77, kolle.the.kid, Kubovac, kubura91, kunktator, loon123, mercedesamg, Mercury, mikrimaus, milenko crazy north, mnn2, mocnijogurt, nenad81, novator, ObelixSRB, pein, pera bager, randja26, RJ, sasa87, slonic_tonic, stegonosa, Sumadija34, tubular, Vladko