|
Poslao: 19 Apr 2013 15:11
|
offline
- pejcicbozidar
- Novi MyCity građanin
- Pridružio: 06 Sep 2005
- Poruke: 16
|
Pre dva dana sestra primila neki mail koji je u attach-u imao Word dokument cudnog naziva. I naravno iz znatizelje otvorila! Kaze da se fajl nije mogao otvoriti, vec je izbacivao hijeroglife, a u pozadini se na trenutak pojavio cmd prozorcic. VIRUS!!! Pri pokretanju tog Word dokumenta, na desktopu se pojavio fajl "Update.exe" . Sutradan vec nisam mogao da otvorim ni jedan jedini fajl (word, excel, Pdf, rar..). Kada pokusam Word ili Excel fajl izbacuje hijeroglife, a za PDF fajlove pokazuje corrupted, za .rar takodje.
KAV11 antivirus nije ni reagovao. Vidim u Startup-u Update.exe, u Prog Files folder Windows Update i u njemu Update.exe, par .bat fajlova...
Pomocu Combofix-a sam nasao i ocistio sve, ponovo instalirao Office, Pdf reader... medjutim i dalje ne mogu da otvorim ni jedan fajl ukljucujuci i slike.
Moze li iko da mi pomogne. Pretpostavljam da su ovi fajlovi modifikovani u svom headeru, jer kad pokusam da odradim recover pdf dokumenta kaze da ucitani dokument nije validan, tj kao da nije pravi pdf fajl....
- Skenirao sa MalwareBytes-om 1.75 i nista nije nasao
- Skenirao sa TDSSKiller Rootkit Removal i nista
- verzija Windowsa XP SP2 Home, update do SP3
Please HELP 
[ edit by magna86: korigovan naslov ]
|
|
|
|
|
|
|
|
|
Poslao: 22 Apr 2013 09:41
|
offline
- pejcicbozidar
- Novi MyCity građanin
- Pridružio: 06 Sep 2005
- Poruke: 16
|
Pozdrav,
po uputsvu dostavljam izvestaje i fajlove sortirane po koracima 1, 2, i 3:
-DDS.txt
-Attach.txt
-Qoobox.rar
-Combofix.txt
-Gmer1
-Gmer2
-Gmer3
-TDSKiller izvestaj
Unapred zahvaljujem!
Korak 1: Sadrzaj DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Bozidar Pejcic at 19:07:17 on 2013-04-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2508 [GMT 2:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
C:\Documents and Settings\All Users\Application Data\mts mobilni internet\OnlineUpdate\ouc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
c:\program files\teamviewer\version6\TeamViewer.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Bozidar Pejcic\Desktop\!!!!\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AcronisTibMounterMonitor] c:\program files\common files\acronis\tibmounter\TibMounterMonitor.exe
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Bonus.SSR.FR11] "c:\program files\abbyy finereader 11\Bonus.ScreenshotReader.exe" /autorun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0DF9173C-D4E4-4A58-8A70-80670B556103} - hxxp://[removed].org:5001/plugin_3_3_3_0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358347672859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359445184000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://[removed].org:5004/activex/AMC.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{0C84C5AC-CB3D-4C37-A303-F918CAA21CCF} : NameServer = 192.168.1.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll,c:\progra~1\kasper~1\kasper~1.0fo\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.1.5 server
Hosts: 192.168.4.4 erv
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bozidar pejcic\application data\mozilla\firefox\profiles\9hbjwp8z.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-02-27 09:56; fmconverter@gmail.com; c:\program files\freemake\freemake video converter\browserplugin\Firefox
FF - ExtSQL: 2013-02-28 12:21; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\documents and settings\bozidar pejcic\application data\mozilla\firefox\profiles\9hbjwp8z.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2013-2-22 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2013-2-22 5248]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2013-4-9 93928]
R0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [2013-4-9 689672]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2013-3-28 139336]
R0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\drivers\vidsflt.sys [2013-4-9 99720]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-11-12 126480]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-1-17 231512]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-4-9 3696632]
R2 DraftSight API Service;DraftSight API Service;c:\program files\dassault systemes\draftsight\bin\dsHttpApiService.exe [2012-7-7 78336]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\kaspersky lab\networkagent 8\klnagent.exe [2011-12-8 143960]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2012-8-18 7017888]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2013-1-16 2228008]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-4-9 234752]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-2-13 73216]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2013-3-12 33280]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-9-3 24848]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2011-8-10 176128]
S2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-18 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-18 701512]
S2 mts mobilni internet. RunOuc;mts mobilni internet. OUC;c:\program files\mts mobilni internet\updatedog\ouc.exe [2013-2-13 239968]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-2-13 102784]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\bozida~1\locals~1\temp\f-secure\blacklight\fsblsrv.exe [2013-4-21 167936]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2013-4-15 12400]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-2-13 90112]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-18 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-18 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-1-17 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-1-17 8576]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2013-3-27 3567]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-4-19 27064]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2013-3-19 155320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-21 14:05:12 -------- d-----w- c:\windows\ie8updates
2013-04-20 14:14:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-04-20 14:13:58 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-04-20 14:13:35 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-04-20 14:13:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-04-20 14:12:50 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-04-20 14:12:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-04-20 14:12:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-04-20 14:12:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-04-20 14:12:47 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-20 14:12:46 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-04-20 14:12:45 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-20 14:12:43 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-04-20 14:12:00 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-04-20 14:11:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-04-20 14:11:44 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-04-20 14:10:31 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-04-20 14:10:31 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-04-20 14:10:09 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2013-04-20 14:10:09 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2013-04-20 14:10:09 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2013-04-20 14:10:09 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2013-04-20 14:10:09 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2013-04-20 14:10:09 110592 -c----w- c:\windows\system32\dllcache\services.exe
2013-04-20 14:10:08 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2013-04-20 14:09:53 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-20 14:09:53 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-20 14:09:46 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-04-20 14:09:10 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-04-20 14:09:03 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-04-20 14:08:56 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-04-20 14:08:50 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-04-20 14:08:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-04-20 14:08:06 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-04-20 14:06:55 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-04-20 14:04:48 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2013-04-20 14:04:48 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-04-20 14:04:47 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-04-20 14:04:47 2070016 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-04-20 14:04:47 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-04-20 14:04:41 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-04-20 14:04:32 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-04-20 14:03:35 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-04-20 14:03:35 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-20 14:00:56 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-04-20 14:00:49 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-04-20 14:00:48 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-04-20 14:00:16 -------- d-----w- c:\windows\system32\PreInstall
2013-04-19 17:28:24 -------- d-----w- c:\windows\system32\SoftwareDistribution
2013-04-19 12:44:46 -------- d-----w- c:\documents and settings\all users\Microsoft
2013-04-19 12:42:09 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-04-19 12:41:10 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\Microsoft Help
2013-04-19 11:26:26 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\Ahead
2013-04-19 11:12:29 -------- d-----w- c:\windows\ServicePackFiles
2013-04-19 11:12:17 294912 ------w- c:\program files\windows media player\dlimport.exe
2013-04-19 11:12:13 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-04-19 11:11:39 380445 ----a-w- c:\windows\system32\expsrv.dll
2013-04-19 11:11:31 978944 ----a-w- c:\windows\system32\mfc42.dll
2013-04-19 11:11:23 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2013-04-19 11:09:26 19569 ----a-w- c:\windows\003248_.tmp
2013-04-19 09:53:02 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\Juniper Networks
2013-04-19 09:52:56 -------- d-----w- c:\documents and settings\all users\application data\Juniper Networks
2013-04-19 09:20:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-04-19 09:20:28 -------- d-----w- c:\windows\SHELLNEW
2013-04-19 09:15:17 -------- d-----w- c:\program files\Wondershare
2013-04-19 09:14:45 -------- d-----w- c:\program files\PDF Password Unlocker
2013-04-19 09:12:57 -------- d-----w- c:\program files\Freeware PDF Unlocker
2013-04-19 08:50:21 -------- d-----w- C:\Output
2013-04-19 08:50:00 -------- d-----w- C:\PDFPasswordRemover
2013-04-19 08:07:20 -------- d-----w- c:\program files\Stellar Phoenix Word Recovery
2013-04-19 08:04:25 835584 ----a-w- c:\windows\system32\AxImage.ocx
2013-04-19 08:04:25 -------- d-----w- c:\program files\Kernel for Word Evaluation Ver
2013-04-19 07:37:53 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\VS Revo Group
2013-04-19 07:37:46 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-04-19 07:37:45 -------- d-----w- c:\program files\VS Revo Group
2013-04-18 19:59:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-18 19:12:53 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\Malwarebytes
2013-04-18 19:12:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-04-18 19:12:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-18 19:12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-18 08:14:28 -------- d-----w- c:\program files\Sony Mobile
2013-04-18 07:53:02 -------- d-----w- c:\program files\Android Commander
2013-04-16 07:04:50 -------- d-----w- c:\documents and settings\bozidar pejcic\.android
2013-04-16 07:04:47 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\ERoot
2013-04-15 12:55:49 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-04-15 12:55:49 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-04-15 12:40:20 -------- d-----w- C:\Flashtool
2013-04-15 11:12:23 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2013-04-15 08:22:24 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\ABBYY
2013-04-15 08:11:43 -------- d-----w- c:\program files\ABBYY FineReader 11
2013-04-15 08:11:43 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\ABBYY
2013-04-15 08:11:42 -------- d-----w- c:\documents and settings\all users\application data\ABBYY
2013-04-12 09:41:59 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2013-04-12 06:13:20 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-04-11 08:40:51 20480 ----a-w- c:\program files\windows sidebar\gadgets\pvr2remote.gadget\ClassLibrary1.dll
2013-04-11 08:40:45 -------- d-----w- c:\program files\WinFast
2013-04-10 12:43:19 2 ----a-w- c:\windows\system32\Dvbpws.dll
2013-04-10 12:24:00 -------- d-----w- c:\documents and settings\bozidar pejcic\local settings\application data\ArcSoft
2013-04-10 12:23:14 -------- d-----w- C:\WinFast WorkArea
2013-04-10 12:20:51 15232 ----a-w- c:\windows\system32\drivers\mpe.sys
2013-04-10 12:20:42 81408 ----a-w- c:\windows\emMON.exe
2013-04-10 12:20:42 562176 ----a-w- c:\windows\system32\drivers\emOEM.sys
2013-04-10 12:20:42 113664 ----a-w- c:\windows\system32\emPRP.ax
2013-04-10 12:20:41 582016 ----a-w- c:\windows\system32\drivers\emBDA.sys
2013-04-10 12:20:37 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2013-04-10 12:20:37 363520 ----a-w- c:\windows\system32\psisdecd.dll
2013-04-10 12:20:37 33280 ----a-w- c:\windows\system32\psisrndr.ax
2013-04-10 12:20:37 11776 ----a-w- c:\windows\system32\drivers\bdasup.sys
2013-04-10 12:20:36 18432 ----a-w- c:\windows\system32\bdaplgin.ax
2013-04-09 13:42:47 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-04-09 13:42:41 806184 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2013-04-09 13:42:38 689672 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2013-04-09 13:42:23 99720 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2013-04-09 13:42:15 93928 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-03-28 07:17:17 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-03-28 07:17:04 139336 ----a-w- c:\windows\system32\drivers\vididr.sys
2013-03-28 07:17:04 -------- d-----w- c:\documents and settings\bozidar pejcic\application data\2048BB9F-DCDB-45AB-AE02-1790A44F6DEA
2013-03-28 07:16:59 192904 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-03-28 07:12:09 -------- d-----w- c:\program files\Western Digital Corporation
2013-03-27 12:56:20 -------- d-----w- c:\program files\HDD Regenerator
2013-03-27 12:39:01 3567 ----a-w- c:\windows\system32\drivers\PortTalk.sys
2013-03-27 12:38:33 -------- d-----w- c:\program files\HDDGURU LLF Tool
2013-03-25 09:26:04 -------- d-----w- c:\program files\GPU-Z
2013-03-25 09:25:53 -------- d-----w- c:\program files\CPUID
.
==================== Find3M ====================
.
2013-04-17 12:37:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-17 12:37:25 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 18:21:16 17408 ----a-w- C:\psapi.dll
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-13 18:10:14 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 16:53:34 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 19:07:58.75 ===============
Attach.txt:
mycity.rs/must-login.png
Korak 2: Sadrzaj Combofix.txt:
ComboFix 13-04-21.01 - Bozidar Pejcic 21.04.13 23:52:54.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2625 [GMT 2:00]
Running from: d:\install1\!!!!\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\cc32100mt.dll
c:\windows\system32\Dvbpws.dll
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 )))))))))))))))))))))))))))))))
.
.
2013-04-21 20:28 . 2013-04-21 20:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-04-21 20:28 . 2013-04-21 20:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PrimoPDF
2013-04-21 14:05 . 2013-04-21 14:05 -------- d-----w- c:\windows\ie8updates
2013-04-20 14:14 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-04-20 14:13 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-04-20 14:13 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-04-20 14:13 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-04-20 14:12 . 2013-03-02 02:06 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-04-20 14:12 . 2013-03-02 02:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-04-20 14:12 . 2013-03-02 02:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-04-20 14:12 . 2013-03-02 02:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-04-20 14:12 . 2013-03-02 02:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-20 14:12 . 2013-03-02 02:06 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-04-20 14:12 . 2013-03-02 02:06 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-20 14:12 . 2013-03-02 02:06 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-04-20 14:12 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-04-20 14:11 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-04-20 14:11 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-04-20 14:10 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-04-20 14:10 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-04-20 14:10 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2013-04-20 14:10 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2013-04-20 14:10 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2013-04-20 14:10 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2013-04-20 14:10 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2013-04-20 14:10 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2013-04-20 14:10 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2013-04-20 14:09 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-20 14:09 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-20 14:09 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-04-20 14:09 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-04-20 14:09 . 2012-12-16 12:23 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-04-20 14:08 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-04-20 14:08 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-04-20 14:08 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-04-20 14:08 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-04-20 14:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-04-20 14:04 . 2013-03-07 01:32 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-04-20 14:04 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2013-04-20 14:04 . 2013-03-07 01:28 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-04-20 14:04 . 2013-03-07 00:50 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-04-20 14:04 . 2013-03-07 00:50 2070016 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-04-20 14:04 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-04-20 14:04 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-04-20 14:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-04-20 14:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-20 14:00 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-04-20 14:00 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-04-20 14:00 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-04-19 13:19 . 2013-04-19 13:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\GHISLER
2013-04-19 12:44 . 2013-04-19 12:44 -------- d-----w- c:\documents and settings\All Users\Microsoft
2013-04-19 12:42 . 2013-04-19 12:42 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-04-19 12:41 . 2013-04-19 12:41 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\Microsoft Help
2013-04-19 12:40 . 2013-04-19 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2013-04-19 12:40 . 2013-04-19 12:40 -------- d-----r- C:\MSOCache
2013-04-19 11:26 . 2013-04-19 11:26 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\Ahead
2013-04-19 11:12 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2013-04-19 11:12 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-04-19 11:11 . 2008-04-14 03:41 380445 ----a-w- c:\windows\system32\expsrv.dll
2013-04-19 11:11 . 2011-02-08 13:33 978944 ----a-w- c:\windows\system32\mfc42.dll
2013-04-19 11:11 . 2008-04-14 03:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2013-04-19 11:09 . 2006-12-28 22:31 19569 ----a-w- c:\windows\003248_.tmp
2013-04-19 09:53 . 2013-04-19 09:53 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\Juniper Networks
2013-04-19 09:52 . 2013-04-19 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2013-04-19 09:20 . 2013-04-19 09:20 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-04-19 09:20 . 2013-04-19 09:20 -------- d-----w- c:\windows\SHELLNEW
2013-04-19 09:15 . 2013-04-19 09:15 -------- d-----w- c:\program files\Wondershare
2013-04-19 09:14 . 2013-04-19 09:18 -------- d-----w- c:\program files\PDF Password Unlocker
2013-04-19 09:12 . 2013-04-19 09:12 -------- d-----w- c:\program files\Freeware PDF Unlocker
2013-04-19 08:50 . 2013-04-19 08:50 -------- d-----w- C:\Output
2013-04-19 08:50 . 2013-04-19 08:50 -------- d-----w- C:\PDFPasswordRemover
2013-04-19 08:07 . 2013-04-19 08:07 -------- d-----w- c:\program files\Stellar Phoenix Word Recovery
2013-04-19 08:04 . 2013-04-19 08:04 -------- d-----w- c:\program files\Kernel for Word Evaluation Ver
2013-04-19 08:04 . 2004-10-17 02:08 835584 ----a-w- c:\windows\system32\AxImage.ocx
2013-04-19 07:37 . 2013-04-19 07:37 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\VS Revo Group
2013-04-19 07:37 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-04-19 07:37 . 2013-04-19 07:37 -------- d-----w- c:\program files\VS Revo Group
2013-04-18 19:59 . 2013-04-18 19:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-04-18 19:29 . 2013-04-18 19:29 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\Lavasoft
2013-04-18 19:12 . 2013-04-18 19:12 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\Malwarebytes
2013-04-18 19:12 . 2013-04-18 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-18 19:12 . 2013-04-18 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-18 19:12 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-18 08:14 . 2013-04-18 08:14 -------- d-----w- c:\program files\Sony Mobile
2013-04-18 07:53 . 2013-04-18 07:58 -------- d-----w- c:\program files\Android Commander
2013-04-16 07:04 . 2013-04-16 07:04 -------- d-----w- c:\documents and settings\Bozidar Pejcic\.android
2013-04-16 07:04 . 2013-04-16 07:04 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\ERoot
2013-04-15 12:55 . 2013-02-13 18:10 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-04-15 12:55 . 2013-02-13 18:10 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-04-15 12:40 . 2013-04-15 12:50 -------- d-----w- C:\Flashtool
2013-04-15 11:12 . 2013-04-15 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2013-04-15 08:22 . 2013-04-15 08:22 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\ABBYY
2013-04-15 08:11 . 2013-04-17 07:12 -------- d-----w- c:\program files\ABBYY FineReader 11
2013-04-15 08:11 . 2013-04-15 08:11 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\ABBYY
2013-04-15 08:11 . 2013-04-15 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2013-04-12 09:41 . 2007-10-12 13:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2013-04-11 08:40 . 2013-04-11 08:40 -------- d-----w- c:\program files\Windows Sidebar
2013-04-11 08:40 . 2013-04-11 08:40 -------- d-----w- c:\program files\WinFast
2013-04-11 08:40 . 2013-04-11 08:40 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Application Data\InstallShield Installation Information
2013-04-10 12:24 . 2013-04-10 12:24 -------- d-----w- c:\documents and settings\Bozidar Pejcic\Local Settings\Application Data\ArcSoft
2013-04-10 12:23 . 2013-04-10 12:23 -------- d-----w- C:\WinFast WorkArea
2013-04-10 12:20 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\mpe.sys
2013-04-10 12:20 . 2010-02-24 16:12 81408 ----a-w- c:\windows\emMON.exe
2013-04-10 12:20 . 2010-02-24 16:04 113664 ----a-w- c:\windows\system32\emPRP.ax
2013-04-10 12:20 . 2010-02-24 16:04 562176 ----a-w- c:\windows\system32\drivers\emOEM.sys
2013-04-10 12:20 . 2010-02-24 16:04 582016 ----a-w- c:\windows\system32\drivers\emBDA.sys
2013-04-10 12:20 . 2008-04-14 03:42 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2013-04-10 12:20 . 2008-04-14 03:42 33280 ----a-w- c:\windows\system32\psisrndr.ax
2013-04-10 12:20 . 2008-04-14 03:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2013-04-10 12:20 . 2008-04-13 22:16 11776 ----a-w- c:\windows\system32\drivers\bdasup.sys
2013-04-10 12:20 . 2008-04-14 03:42 18432 ----a-w- c:\windows\system32\bdaplgin.ax
2013-03-28 07:12 . 2013-03-28 07:12 -------- d-----w- c:\program files\Western Digital Corporation
2013-03-27 12:56 . 2013-03-27 14:59 -------- d-----w- c:\program files\HDD Regenerator
2013-03-27 12:39 . 2002-01-12 15:30 3567 ----a-w- c:\windows\system32\drivers\PortTalk.sys
2013-03-27 12:38 . 2013-03-27 12:38 -------- d-----w- c:\program files\HDDGURU LLF Tool
2013-03-25 09:26 . 2013-03-25 09:26 -------- d-----w- c:\program files\GPU-Z
2013-03-25 09:25 . 2013-03-25 09:25 -------- d-----w- c:\program files\CPUID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 12:37 . 2013-02-26 08:01 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-17 12:37 . 2013-01-16 17:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 18:21 . 2013-01-16 17:31 17408 ----a-w- C:\psapi.dll
2013-03-08 08:36 . 2007-07-27 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2007-07-27 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2007-07-27 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2013-01-16 14:17 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-13 18:10 . 2013-01-17 11:03 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-02-13 10:39 . 2013-02-13 10:40 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-02-13 10:39 . 2013-02-13 10:40 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-02-13 10:39 . 2013-02-13 10:40 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-02-13 10:39 . 2013-02-13 10:40 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-02-13 10:39 . 2013-02-13 10:40 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2013-02-13 10:39 . 2013-02-13 10:40 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-02-13 10:39 . 2013-02-13 10:40 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-02-13 10:39 . 2013-02-13 10:40 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-02-13 10:39 . 2013-02-13 10:40 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-02-13 10:39 . 2013-02-13 10:40 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-02-13 10:39 . 2013-02-13 10:40 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2013-02-13 10:39 . 2013-02-13 10:40 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-02-13 10:39 . 2013-02-13 10:40 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-02-12 00:32 . 2007-07-27 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 16:53 . 2013-03-15 07:12 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-02-05 16:52 . 2013-02-05 16:52 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52 569344 ----a-w- c:\windows\system32\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52 491520 ----a-w- c:\windows\system32\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52 245760 ----a-w- c:\windows\system32\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52 200704 ----a-w- c:\windows\system32\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52 155648 ----a-w- c:\windows\system32\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52 143360 ----a-w- c:\windows\system32\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52 135168 ----a-w- c:\windows\system32\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52 122880 ----a-w- c:\windows\system32\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52 118784 ----a-w- c:\windows\system32\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2013-01-26 03:55 . 2007-07-27 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-12 06:13 . 2013-04-12 06:13 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2007-07-27 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-11-26 13:46 2610312 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-11-26 13:46 2610312 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-11-26 13:46 2610312 ----a-w- c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2010-09-30 1290240]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2012-08-28 2916352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-11-26 6010784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-11-21 407736]
"AcronisTibMounterMonitor"="c:\program files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 941440]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2012-09-10 101888]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-06 934152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\ABControl\\ABCONTROL.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [22.02.13 10:13 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [22.02.13 10:13 5248]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [09.04.13 15:42 93928]
R0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [09.04.13 15:42 689672]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [28.03.13 09:17 139336]
R0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\drivers\vidsflt.sys [09.04.13 15:42 99720]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.04.07 13:03 82200]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [09.04.13 15:42 3696632]
R2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [07.07.12 08:00 78336]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14.03.11 17:27 271712]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [08.12.11 16:46 143960]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [18.04.13 21:12 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18.04.13 21:12 701512]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [18.08.12 21:18 7017888]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [16.01.13 16:37 2228008]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [09.04.13 15:42 234752]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [13.02.13 12:40 73216]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [12.03.13 12:00 33280]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [03.09.09 16:24 24848]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.09.09 14:42 32272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18.04.13 21:12 22856]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10.08.11 10:21 176128]
S2 mts mobilni internet. RunOuc;mts mobilni internet. OUC;c:\program files\mts mobilni internet\UpdateDog\ouc.exe [13.02.13 12:39 239968]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [13.02.13 12:40 102784]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\BOZIDA~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe --> c:\docume~1\BOZIDA~1\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15.04.13 14:55 12400]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [13.02.13 12:40 90112]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.04.13 21:59 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17.01.13 13:03 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17.01.13 13:03 8576]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [27.03.13 14:39 3567]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [19.04.13 09:37 27064]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19.03.13 13:01 155320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 12:37]
.
2013-04-21 c:\windows\Tasks\User_Feed_Synchronization-{E7E5F1EC-A7ED-4329-993B-50A83356D758}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{0C84C5AC-CB3D-4C37-A303-F918CAA21CCF}: NameServer = 192.168.1.5
DPF: {0DF9173C-D4E4-4A58-8A70-80670B556103} - hxxp://[removed].org:5001/plugin_3_3_3_0.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://[removed]
.org:5004/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Bozidar Pejcic\Application Data\Mozilla\Firefox\Profiles\9hbjwp8z.default\
FF - ExtSQL: 2013-02-27 09:56; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - ExtSQL: 2013-02-28 12:21; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\documents and settings\Bozidar Pejcic\Application Data\Mozilla\Firefox\Profiles\9hbjwp8z.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-IPCameraDSFilter - c:\program files\wLite\ipds-uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-04-22 00:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(384)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\WININET.dll
c:\program files\Acronis\TrueImageHome\tishell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\All Users\Application Data\mts mobilni internet\OnlineUpdate\ouc.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\teamviewer\version6\TeamViewer.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-04-22 00:12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-21 22:12
.
Pre-Run: 21,609,242,624 bytes free
Post-Run: 21,594,636,288 bytes free
.
- - End Of File - - 26EA3A93AFA6100A8E046D7E3B4E8E10
Sadrzaj Qoobox.rar-> UPLOADED
Korak 3: Gmer 1, Gmer 2 i Gmer 3
Gmer 1
mycity.rs/must-login.png
Gmer 2
mycity.rs/must-login.png
Gmer 3
mycity.rs/must-login.png
TDSKiller.txt izvestaj:
08:52:59.0765 1504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:52:59.0781 1504 ============================================================
08:52:59.0781 1504 Current date / time: 2013/04/22 08:52:59.0781
08:52:59.0781 1504 SystemInfo:
08:52:59.0781 1504
08:52:59.0781 1504 OS Version: 5.1.2600 ServicePack: 3.0
08:52:59.0781 1504 Product type: Workstation
08:52:59.0781 1504 ComputerName: NISSAL1
08:52:59.0781 1504 UserName: Administrator
08:52:59.0781 1504 Windows directory: C:\WINDOWS
08:52:59.0781 1504 System windows directory: C:\WINDOWS
08:52:59.0781 1504 Processor architecture: Intel x86
08:52:59.0781 1504 Number of processors: 4
08:52:59.0781 1504 Page size: 0x1000
08:52:59.0781 1504 Boot type: Safe boot
08:52:59.0781 1504 ============================================================
08:53:01.0250 1504 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:53:01.0250 1504 ============================================================
08:53:01.0250 1504 \Device\Harddisk0\DR0:
08:53:01.0250 1504 MBR partitions:
08:53:01.0250 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x80014A4
08:53:01.0250 1504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x80014E3, BlocksNum 0x2711676
08:53:01.0265 1504 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA712B98, BlocksNum 0x12AB19E9
08:53:01.0265 1504 ============================================================
08:53:01.0296 1504 C: <-> \Device\Harddisk0\DR0\Partition1
08:53:01.0375 1504 D: <-> \Device\Harddisk0\DR0\Partition3
08:53:01.0406 1504 E: <-> \Device\Harddisk0\DR0\Partition2
08:53:01.0406 1504 ============================================================
08:53:01.0406 1504 Initialize success
08:53:01.0406 1504 ============================================================
08:53:17.0578 1628 ============================================================
08:53:17.0578 1628 Scan started
08:53:17.0578 1628 Mode: Manual; TDLFS;
08:53:17.0578 1628 ============================================================
08:53:18.0515 1628 ================ Scan system memory ========================
08:53:18.0515 1628 System memory - ok
08:53:18.0515 1628 ================ Scan services =============================
08:53:19.0015 1628 [ 1F61CACACB521215F39061789147968C ] a347bus C:\WINDOWS\system32\DRIVERS\a347bus.sys
08:53:19.0046 1628 a347bus - ok
08:53:19.0062 1628 [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi C:\WINDOWS\system32\Drivers\a347scsi.sys
08:53:19.0062 1628 a347scsi - ok
08:53:19.0078 1628 Abiosdsk - ok
08:53:19.0093 1628 abp480n5 - ok
08:53:19.0218 1628 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:53:19.0250 1628 ACDaemon - ok
08:53:19.0312 1628 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:53:19.0359 1628 ACPI - ok
08:53:19.0375 1628 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:53:19.0390 1628 ACPIEC - ok
08:53:19.0671 1628 [ 6A1BAC055310619836592E2C0F5584FF ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
08:53:19.0875 1628 AcrSch2Svc - ok
08:53:20.0015 1628 [ F277C43C2E0672EED28CCA0D13CE175F ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:53:20.0093 1628 ADIHdAudAddService - ok
08:53:20.0156 1628 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:53:20.0187 1628 Adobe LM Service - ok
08:53:20.0312 1628 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:53:20.0390 1628 AdobeFlashPlayerUpdateSvc - ok
08:53:20.0390 1628 adpu160m - ok
08:53:20.0437 1628 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
08:53:20.0468 1628 AEAudio - ok
08:53:20.0562 1628 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:53:20.0593 1628 aec - ok
08:53:20.0687 1628 [ DF139E5866C19E0B3217EF210198D875 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
08:53:20.0750 1628 afcdp - ok
08:53:21.0703 1628 [ 30346435058C56903C9F07BC7CABC9EA ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
08:53:22.0640 1628 afcdpsrv - ok
08:53:22.0703 1628 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:53:22.0734 1628 AFD - ok
08:53:22.0750 1628 Aha154x - ok
08:53:22.0765 1628 aic78u2 - ok
08:53:22.0781 1628 aic78xx - ok
08:53:22.0812 1628 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:53:22.0828 1628 Alerter - ok
08:53:22.0859 1628 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:53:22.0859 1628 ALG - ok
08:53:22.0875 1628 AliIde - ok
08:53:22.0890 1628 amsint - ok
08:53:22.0968 1628 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:53:23.0015 1628 AppMgmt - ok
08:53:23.0062 1628 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:53:23.0078 1628 Arp1394 - ok
08:53:23.0078 1628 asc - ok
08:53:23.0093 1628 asc3350p - ok
08:53:23.0109 1628 asc3550 - ok
08:53:23.0265 1628 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:53:23.0296 1628 aspnet_state - ok
08:53:23.0312 1628 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:53:23.0328 1628 AsyncMac - ok
08:53:23.0375 1628 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:53:23.0375 1628 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: CDFE4411A69C224BD1D11B2DA92DAC51
08:53:23.0375 1628 atapi ( LockedFile.Multi.Generic ) - warning
08:53:23.0375 1628 atapi - detected LockedFile.Multi.Generic (1)
08:53:23.0390 1628 Atdisk - ok
08:53:23.0593 1628 [ 288E9F9CB529B4F7C6B58FC53940FB46 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
08:53:23.0750 1628 Ati HotKey Poller - ok
08:53:25.0578 1628 [ 913DA327AD22C6FA44C41D36FD8CC570 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:53:27.0359 1628 ati2mtag - ok
08:53:27.0437 1628 [ 7E13F3F0F4C4C337A6949A18D1D23089 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
08:53:27.0468 1628 AtiHdmiService - ok
08:53:27.0515 1628 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:53:27.0531 1628 Atmarpc - ok
08:53:27.0578 1628 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:53:27.0593 1628 AudioSrv - ok
08:53:27.0625 1628 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:53:27.0625 1628 audstub - ok
08:53:27.0781 1628 [ 5E3F0AAEA4642BF184DEEA311C7201DE ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
08:53:27.0859 1628 AVP - ok
08:53:27.0890 1628 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:53:27.0890 1628 Beep - ok
08:53:28.0046 1628 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:53:28.0250 1628 BITS - ok
08:53:28.0281 1628 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:53:28.0312 1628 Browser - ok
08:53:28.0328 1628 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:53:28.0343 1628 BthEnum - ok
08:53:28.0390 1628 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
08:53:28.0390 1628 BTHMODEM - ok
08:53:28.0453 1628 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:53:28.0484 1628 BthPan - ok
08:53:28.0593 1628 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
08:53:28.0656 1628 BTHPORT - ok
08:53:28.0703 1628 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
08:53:28.0703 1628 BthServ - ok
08:53:28.0734 1628 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:53:28.0734 1628 BTHUSB - ok
08:53:28.0812 1628 catchme - ok
08:53:28.0859 1628 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:53:28.0859 1628 cbidf2k - ok
08:53:28.0890 1628 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:53:28.0890 1628 CCDECODE - ok
08:53:28.0906 1628 cd20xrnt - ok
08:53:28.0937 1628 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:53:28.0937 1628 Cdaudio - ok
08:53:29.0000 1628 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:53:29.0015 1628 Cdfs - ok
08:53:29.0078 1628 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:53:29.0093 1628 Cdrom - ok
08:53:29.0093 1628 Changer - ok
08:53:29.0140 1628 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:53:29.0140 1628 CiSvc - ok
08:53:29.0203 1628 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:53:29.0203 1628 ClipSrv - ok
08:53:29.0281 1628 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:53:29.0312 1628 clr_optimization_v2.0.50727_32 - ok
08:53:29.0390 1628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:53:29.0484 1628 clr_optimization_v4.0.30319_32 - ok
08:53:29.0484 1628 CmdIde - ok
08:53:29.0500 1628 COMSysApp - ok
08:53:29.0531 1628 Cpqarray - ok
08:53:29.0562 1628 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:53:29.0578 1628 CryptSvc - ok
08:53:29.0593 1628 dac2w2k - ok
08:53:29.0609 1628 dac960nt - ok
08:53:29.0734 1628 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:53:29.0828 1628 DcomLaunch - ok
08:53:29.0843 1628 dgderdrv - ok
08:53:29.0937 1628 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:53:29.0968 1628 Dhcp - ok
08:53:30.0015 1628 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:53:30.0031 1628 Disk - ok
08:53:30.0031 1628 dmadmin - ok
08:53:30.0296 1628 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:53:30.0500 1628 dmboot - ok
08:53:30.0546 1628 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:53:30.0593 1628 dmio - ok
08:53:30.0609 1628 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:53:30.0609 1628 dmload - ok
08:53:30.0656 1628 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:53:30.0656 1628 dmserver - ok
08:53:30.0703 1628 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:53:30.0718 1628 DMusic - ok
08:53:30.0750 1628 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:53:30.0765 1628 Dnscache - ok
08:53:30.0859 1628 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:53:30.0890 1628 Dot3svc - ok
08:53:30.0906 1628 dpti2o - ok
08:53:31.0000 1628 [ 3B4273C47CFB4416A99F4B1DF80C9C16 ] DraftSight API Service C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
08:53:31.0015 1628 DraftSight API Service - ok
08:53:31.0046 1628 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:53:31.0046 1628 drmkaud - ok
08:53:31.0078 1628 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:53:31.0078 1628 EapHost - ok
08:53:31.0125 1628 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:53:31.0125 1628 ERSvc - ok
08:53:31.0171 1628 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:53:31.0187 1628 Eventlog - ok
08:53:31.0281 1628 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:53:31.0343 1628 EventSystem - ok
08:53:31.0421 1628 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
08:53:31.0453 1628 ew_hwusbdev - ok
08:53:31.0453 1628 F-Secure BlackLight Sensor - ok
08:53:31.0546 1628 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:53:31.0578 1628 Fastfat - ok
08:53:31.0656 1628 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:53:31.0687 1628 FastUserSwitchingCompatibility - ok
08:53:31.0734 1628 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:53:31.0734 1628 Fdc - ok
08:53:31.0765 1628 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:53:31.0781 1628 Fips - ok
08:53:31.0812 1628 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:53:31.0812 1628 Flpydisk - ok
08:53:31.0875 1628 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:53:31.0906 1628 FltMgr - ok
08:53:31.0953 1628 [ E20D64EDF74D80874837B16506D58166 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
08:53:31.0968 1628 fltsrv - ok
08:53:32.0000 1628 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:53:32.0000 1628 Fs_Rec - ok
08:53:32.0046 1628 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:53:32.0078 1628 Ftdisk - ok
08:53:32.0109 1628 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
08:53:32.0109 1628 ggflt - ok
08:53:32.0140 1628 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
08:53:32.0140 1628 ggsemc - ok
08:53:32.0187 1628 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:53:32.0218 1628 Gpc - ok
08:53:32.0296 1628 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:53:32.0328 1628 gusvc - ok
08:53:32.0406 1628 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:53:32.0406 1628 HDAudBus - ok
08:53:32.0468 1628 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:53:32.0468 1628 helpsvc - ok
08:53:32.0500 1628 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:53:32.0515 1628 HidServ - ok
08:53:32.0546 1628 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:53:32.0546 1628 hidusb - ok
08:53:32.0609 1628 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:53:32.0625 1628 hkmsvc - ok
08:53:32.0640 1628 hpn - ok
08:53:32.0812 1628 [ 5EAACBB733C8C360247239F6874B14B4 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:53:32.0875 1628 hpqcxs08 - ok
08:53:32.0921 1628 [ 8FE93079A7C053DAFE9A0E5753E3D698 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:53:32.0953 1628 hpqddsvc - ok
08:53:33.0078 1628 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:53:33.0140 1628 HTTP - ok
08:53:33.0187 1628 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:53:33.0187 1628 HTTPFilter - ok
08:53:33.0234 1628 [ 42A64382A0607B80C99C37170911B346 ] huawei_cdcacm C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
08:53:33.0265 1628 huawei_cdcacm - ok
08:53:33.0296 1628 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
08:53:33.0312 1628 huawei_enumerator - ok
08:53:33.0484 1628 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
08:53:33.0546 1628 HWDeviceService.exe - ok
08:53:33.0562 1628 i2omgmt - ok
08:53:33.0578 1628 i2omp - ok
08:53:33.0640 1628 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:53:33.0656 1628 i8042prt - ok
08:53:33.0718 1628 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:53:33.0750 1628 IDriverT - ok
08:53:33.0781 1628 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:53:33.0796 1628 Imapi - ok
08:53:33.0875 1628 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:53:33.0906 1628 ImapiService - ok
08:53:33.0921 1628 ini910u - ok
08:53:33.0937 1628 IntelIde - ok
08:53:33.0984 1628 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:53:33.0984 1628 intelppm - ok
08:53:34.0015 1628 [ 7F4D4971E87C3C2563F86A4232F56A60 ] IOMap C:\WINDOWS\system32\drivers\IOMap.sys
08:53:34.0031 1628 IOMap - ok
08:53:34.0078 1628 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:53:34.0078 1628 Ip6Fw - ok
08:53:34.0125 1628 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:53:34.0125 1628 IpFilterDriver - ok
08:53:34.0156 1628 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:53:34.0156 1628 IpInIp - ok
08:53:34.0250 1628 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:53:34.0281 1628 IpNat - ok
08:53:34.0328 1628 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:53:34.0359 1628 IPSec - ok
08:53:34.0375 1628 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:53:34.0375 1628 IRENUM - ok
08:53:34.0437 1628 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:53:34.0437 1628 isapnp - ok
08:53:34.0562 1628 [ E731921DB2E17DCD3DB472FAD5549C57 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:53:34.0609 1628 JavaQuickStarterService - ok
08:53:34.0656 1628 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:53:34.0656 1628 Kbdclass - ok
08:53:34.0718 1628 [ A884729B0E98CD93D6511DE6D58CDC98 ] kl1 C:\WINDOWS\system32\drivers\kl1.sys
08:53:34.0750 1628 kl1 - ok
08:53:34.0765 1628 [ ADDA474C9B18FD829A6C8351485C4842 ] KLFLTDEV C:\WINDOWS\system32\DRIVERS\klfltdev.sys
08:53:34.0765 1628 KLFLTDEV - ok
08:53:34.0843 1628 [ 8561637834A84BFC5743607432FD9F41 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
08:53:34.0906 1628 KLIF - ok
08:53:34.0953 1628 [ FBDC2034B58D2135D25FE99EB8B747C3 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
08:53:34.0953 1628 klim5 - ok
08:53:35.0015 1628 [ 9159D43C5B7E324F2933DA569B7DA7CD ] klnagent C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
08:53:35.0062 1628 klnagent - ok
08:53:35.0140 1628 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:53:35.0187 1628 kmixer - ok
08:53:35.0234 1628 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:53:35.0250 1628 KSecDD - ok
08:53:35.0328 1628 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:53:35.0359 1628 lanmanserver - ok
08:53:35.0421 1628 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:53:35.0453 1628 lanmanworkstation - ok
08:53:35.0453 1628 lbrtfdc - ok
08:53:35.0531 1628 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:53:35.0531 1628 LmHosts - ok
08:53:35.0531 1628 massfilter - ok
08:53:35.0593 1628 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
08:53:35.0593 1628 MBAMProtector - ok
08:53:35.0734 1628 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:53:35.0843 1628 MBAMScheduler - ok
08:53:36.0046 1628 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:53:36.0218 1628 MBAMService - ok
08:53:36.0265 1628 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
08:53:36.0265 1628 MBAMSwissArmy - ok
08:53:36.0328 1628 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:53:36.0328 1628 Messenger - ok
08:53:36.0375 1628 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:53:36.0375 1628 mnmdd - ok
08:53:36.0406 1628 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:53:36.0421 1628 mnmsrvc - ok
08:53:36.0453 1628 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:53:36.0453 1628 Modem - ok
08:53:36.0484 1628 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:53:36.0484 1628 Mouclass - ok
08:53:36.0515 1628 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:53:36.0515 1628 mouhid - ok
08:53:36.0546 1628 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:53:36.0562 1628 MountMgr - ok
08:53:36.0640 1628 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:53:36.0671 1628 MozillaMaintenance - ok
08:53:36.0703 1628 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
08:53:36.0703 1628 MPE - ok
08:53:36.0703 1628 mraid35x - ok
08:53:36.0765 1628 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:53:36.0812 1628 MRxDAV - ok
08:53:36.0968 1628 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:53:37.0078 1628 MRxSmb - ok
08:53:37.0125 1628 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:53:37.0125 1628 MSDTC - ok
08:53:37.0156 1628 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:53:37.0156 1628 Msfs - ok
08:53:37.0171 1628 MSIServer - ok
08:53:37.0203 1628 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:53:37.0203 1628 MSKSSRV - ok
08:53:37.0218 1628 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:53:37.0234 1628 MSPCLOCK - ok
08:53:37.0265 1628 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:53:37.0265 1628 MSPQM - ok
08:53:37.0281 1628 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:53:37.0296 1628 mssmbios - ok
08:53:37.0312 1628 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:53:37.0312 1628 MSTEE - ok
08:53:37.0437 1628 [ 60AC73EB57682F361E07AE26A62DFD6A ] mts mobilni internet. RunOuc C:\Program Files\mts mobilni internet\UpdateDog\ouc.exe
08:53:37.0500 1628 mts mobilni internet. RunOuc - ok
08:53:37.0531 1628 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:53:37.0531 1628 MTsensor - ok
08:53:37.0609 1628 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:53:37.0625 1628 Mup - ok
08:53:37.0671 1628 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:53:37.0703 1628 NABTSFEC - ok
08:53:37.0796 1628 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:53:37.0875 1628 napagent - ok
08:53:37.0953 1628 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:53:37.0984 1628 NDIS - ok
08:53:38.0031 1628 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:53:38.0031 1628 NdisIP - ok
08:53:38.0062 1628 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:53:38.0062 1628 NdisTapi - ok
08:53:38.0109 1628 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:53:38.0109 1628 Ndisuio - ok
08:53:38.0140 1628 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:53:38.0171 1628 NdisWan - ok
08:53:38.0218 1628 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:53:38.0218 1628 NDProxy - ok
08:53:38.0250 1628 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:53:38.0265 1628 NetBIOS - ok
08:53:38.0343 1628 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:53:38.0390 1628 NetBT - ok
08:53:38.0468 1628 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:53:38.0500 1628 NetDDE - ok
08:53:38.0531 1628 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:53:38.0531 1628 NetDDEdsdm - ok
08:53:38.0562 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:53:38.0562 1628 Netlogon - ok
08:53:38.0656 1628 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:53:38.0703 1628 Netman - ok
08:53:38.0765 1628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:53:38.0828 1628 NetTcpPortSharing - ok
08:53:38.0921 1628 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:53:38.0937 1628 NIC1394 - ok
08:53:39.0031 1628 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:53:39.0078 1628 Nla - ok
08:53:39.0250 1628 [ C8F536FB328AFE64A7F18BBFC00B10EE ] nlsvc C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
08:53:39.0390 1628 nlsvc - ok
08:53:39.0437 1628 [ 3EE27BCFF781F07A12DF75E8BE852B0E ] nltdi C:\WINDOWS\system32\drivers\nltdi.sys
08:53:39.0468 1628 nltdi - ok
08:53:39.0500 1628 [ 33A4B24A4C4DCF3C168E2C1151A62FC5 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
08:53:39.0500 1628 nmwcd - ok
08:53:39.0531 1628 [ A77265EF7BF998B8BB22A1A23E72B45D ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
08:53:39.0546 1628 nmwcdc - ok
08:53:39.0609 1628 [ 62A8B306AACFC53D6FB08D8D36EAF61F ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
08:53:39.0640 1628 nmwcdnsu - ok
08:53:39.0656 1628 [ C0AD13045C82CC9569595223C7568B7F ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
08:53:39.0656 1628 nmwcdnsuc - ok
08:53:39.0703 1628 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:53:39.0718 1628 Npfs - ok
08:53:39.0875 1628 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:53:40.0031 1628 Ntfs - ok
08:53:40.0062 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:53:40.0062 1628 NtLmSsp - ok
08:53:40.0250 1628 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:53:40.0343 1628 NtmsSvc - ok
08:53:40.0375 1628 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:53:40.0375 1628 Null - ok
08:53:40.0421 1628 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:53:40.0421 1628 NwlnkFlt - ok
08:53:40.0437 1628 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:53:40.0453 1628 NwlnkFwd - ok
08:53:40.0484 1628 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:53:40.0500 1628 ohci1394 - ok
08:53:40.0625 1628 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:53:40.0656 1628 ose - ok
08:53:41.0968 1628 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:53:43.0156 1628 osppsvc - ok
08:53:43.0218 1628 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
08:53:43.0234 1628 Parport - ok
08:53:43.0265 1628 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:53:43.0281 1628 PartMgr - ok
08:53:43.0312 1628 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:53:43.0312 1628 ParVdm - ok
08:53:43.0343 1628 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
08:53:43.0343 1628 pccsmcfd - ok
08:53:43.0375 1628 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:53:43.0390 1628 PCI - ok
08:53:43.0406 1628 PCIDump - ok
08:53:43.0421 1628 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:53:43.0421 1628 PCIIde - ok
08:53:43.0484 1628 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:53:43.0515 1628 Pcmcia - ok
08:53:43.0515 1628 PDCOMP - ok
08:53:43.0531 1628 PDFRAME - ok
08:53:43.0546 1628 PDRELI - ok
08:53:43.0562 1628 PDRFRAME - ok
08:53:43.0578 1628 perc2 - ok
08:53:43.0593 1628 perc2hib - ok
08:53:43.0671 1628 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:53:43.0671 1628 PlugPlay - ok
08:53:43.0703 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:53:43.0703 1628 PolicyAgent - ok
08:53:43.0734 1628 [ 7D5A2D755B6C6579F63657B527D6FF1B ] PortTalk C:\WINDOWS\system32\Drivers\PortTalk.sys
08:53:43.0734 1628 PortTalk - ok
08:53:43.0765 1628 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:53:43.0781 1628 PptpMiniport - ok
08:53:43.0796 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:53:43.0796 1628 ProtectedStorage - ok
08:53:43.0843 1628 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:53:43.0859 1628 PSched - ok
08:53:43.0890 1628 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:53:43.0906 1628 Ptilink - ok
08:53:43.0906 1628 ql1080 - ok
08:53:43.0921 1628 Ql10wnt - ok
08:53:43.0937 1628 ql12160 - ok
08:53:43.0953 1628 ql1240 - ok
08:53:43.0968 1628 ql1280 - ok
08:53:44.0000 1628 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:53:44.0000 1628 RasAcd - ok
08:53:44.0062 1628 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:53:44.0093 1628 RasAuto - ok
08:53:44.0125 1628 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:53:44.0140 1628 Rasl2tp - ok
08:53:44.0234 1628 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:53:44.0281 1628 RasMan - ok
08:53:44.0312 1628 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:53:44.0328 1628 RasPppoe - ok
08:53:44.0343 1628 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:53:44.0343 1628 Raspti - ok
08:53:44.0421 1628 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:53:44.0468 1628 Rdbss - ok
08:53:44.0484 1628 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:53:44.0484 1628 RDPCDD - ok
08:53:44.0578 1628 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:53:44.0640 1628 rdpdr - ok
08:53:44.0703 1628 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:53:44.0750 1628 RDPWD - ok
08:53:44.0843 1628 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:53:44.0875 1628 RDSessMgr - ok
08:53:44.0937 1628 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:53:44.0953 1628 redbook - ok
08:53:45.0015 1628 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:53:45.0031 1628 RemoteAccess - ok
08:53:45.0093 1628 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:53:45.0109 1628 RemoteRegistry - ok
08:53:45.0140 1628 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
08:53:45.0156 1628 Revoflt - ok
08:53:45.0203 1628 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:53:45.0218 1628 RFCOMM - ok
08:53:45.0265 1628 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:53:45.0296 1628 RpcLocator - ok
08:53:45.0421 1628 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:53:45.0421 1628 RpcSs - ok
08:53:45.0484 1628 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:53:45.0515 1628 RSVP - ok
08:53:45.0578 1628 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
08:53:45.0593 1628 RTL8023xp - ok
08:53:45.0671 1628 [ 05552E37B5C0B53B7E4B95A850447E85 ] RTLWUSB C:\WINDOWS\system32\DRIVERS\RTL8187.sys
08:53:45.0718 1628 RTLWUSB - ok
08:53:45.0750 1628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:53:45.0750 1628 SamSs - ok
08:53:45.0812 1628 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:53:45.0828 1628 SCardSvr - ok
08:53:45.0953 1628 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:53:46.0000 1628 Schedule - ok
08:53:46.0046 1628 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:53:46.0046 1628 Secdrv - ok
08:53:46.0078 1628 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:53:46.0078 1628 seclogon - ok
08:53:46.0203 1628 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
08:53:46.0296 1628 SenFiltService - ok
08:53:46.0328 1628 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:53:46.0328 1628 SENS - ok
08:53:46.0359 1628 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:53:46.0359 1628 serenum - ok
08:53:46.0406 1628 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:53:46.0421 1628 Serial - ok
08:53:46.0671 1628 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
08:53:46.0859 1628 ServiceLayer - ok
08:53:46.0921 1628 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:53:46.0921 1628 Sfloppy - ok
08:53:47.0062 1628 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:53:47.0140 1628 SharedAccess - ok
08:53:47.0187 1628 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:53:47.0203 1628 ShellHWDetection - ok
08:53:47.0203 1628 Simbad - ok
08:53:47.0234 1628 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:53:47.0234 1628 SLIP - ok
08:53:47.0328 1628 [ 851310C1B742D2DF2D334603836FFDF5 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
08:53:47.0375 1628 snapman - ok
08:53:50.0375 1628 [ 92F7A6C3AB7DF4634A7323589C6BBB38 ] SNP2STD C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
08:53:53.0359 1628 SNP2STD - ok
08:53:53.0453 1628 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
08:53:53.0500 1628 Sony PC Companion - ok
08:53:53.0531 1628 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
08:53:53.0531 1628 SONYPVU1 - ok
08:53:53.0546 1628 Sparrow - ok
08:53:53.0593 1628 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:53:53.0593 1628 splitter - ok
08:53:53.0640 1628 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:53:53.0656 1628 Spooler - ok
08:53:53.0703 1628 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:53:53.0718 1628 sr - ok
08:53:53.0812 1628 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:53:53.0859 1628 srservice - ok
08:53:54.0000 1628 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:53:54.0078 1628 Srv - ok
08:53:54.0140 1628 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:53:54.0156 1628 SSDPSRV - ok
08:53:54.0296 1628 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:53:54.0375 1628 stisvc - ok
08:53:54.0406 1628 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:53:54.0406 1628 streamip - ok
08:53:54.0437 1628 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:53:54.0437 1628 swenum - ok
08:53:54.0484 1628 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:53:54.0484 1628 swmidi - ok
08:53:54.0500 1628 SwPrv - ok
08:53:54.0515 1628 symc810 - ok
08:53:54.0531 1628 symc8xx - ok
08:53:54.0546 1628 sym_hi - ok
08:53:54.0562 1628 sym_u3 - ok
08:53:56.0421 1628 [ 1D8C612D6589430AD8F981F615B7C528 ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
08:53:58.0328 1628 syncagentsrv - ok
08:53:58.0375 1628 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:53:58.0390 1628 sysaudio - ok
08:53:58.0453 1628 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:53:58.0468 1628 SysmonLog - ok
08:53:58.0578 1628 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:53:58.0640 1628 TapiSrv - ok
08:53:58.0765 1628 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:53:58.0843 1628 Tcpip - ok
08:53:58.0890 1628 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:53:58.0890 1628 TDPIPE - ok
08:53:59.0125 1628 [ 6345E3829FD130A144454F9F5C2A3B9E ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys
08:53:59.0328 1628 tdrpman - ok
08:53:59.0359 1628 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:53:59.0375 1628 TDTCP - ok
08:53:59.0968 1628 [ 839E88DB24D2D8F05B72E12B175951CA ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
08:54:00.0546 1628 TeamViewer6 - ok
08:54:00.0609 1628 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:54:00.0609 1628 TermDD - ok
08:54:00.0734 1628 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:54:00.0812 1628 TermService - ok
08:54:00.0859 1628 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:54:00.0859 1628 Themes - ok
08:54:01.0093 1628 [ A8C31102F448231596168FFC9F568B9A ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
08:54:01.0250 1628 tib_mounter - ok
08:54:01.0421 1628 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
08:54:01.0578 1628 timounter - ok
08:54:01.0640 1628 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:54:01.0656 1628 TlntSvr - ok
08:54:01.0656 1628 TosIde - ok
08:54:01.0718 1628 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:54:01.0750 1628 TrkWks - ok
08:54:01.0812 1628 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:54:01.0828 1628 Udfs - ok
08:54:01.0875 1628 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
08:54:01.0890 1628 UleadBurningHelper - ok
08:54:01.0906 1628 ultra - ok
08:54:02.0046 1628 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:54:02.0156 1628 Update - ok
08:54:02.0250 1628 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:54:02.0296 1628 upnphost - ok
08:54:02.0328 1628 [ B671514497DF7417F83919A6A5BD6BB9 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
08:54:02.0328 1628 upperdev - ok
08:54:02.0359 1628 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:54:02.0359 1628 UPS - ok
08:54:02.0546 1628 [ 5A1161EE3ACDB3BDAFE1ED6F2049C437 ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
08:54:02.0687 1628 USB28xxBGA - ok
08:54:02.0859 1628 [ 75DD893D53DDDAB0012DB6DB8BF0BA45 ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
08:54:03.0015 1628 USB28xxOEM - ok
08:54:03.0078 1628 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:54:03.0093 1628 usbaudio - ok
08:54:03.0125 1628 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:54:03.0125 1628 usbccgp - ok
08:54:03.0156 1628 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:54:03.0171 1628 usbehci - ok
08:54:03.0203 1628 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:54:03.0218 1628 usbhub - ok
08:54:03.0250 1628 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:54:03.0250 1628 usbprint - ok
08:54:03.0281 1628 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
08:54:03.0281 1628 usbser - ok
08:54:03.0328 1628 [ FF358FD3176B2E5605C4ACCD5026A5AC ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
08:54:03.0328 1628 UsbserFilt - ok
08:54:03.0343 1628 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:54:03.0359 1628 USBSTOR - ok
08:54:03.0375 1628 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:54:03.0390 1628 usbuhci - ok
08:54:03.0406 1628 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:54:03.0406 1628 VgaSave - ok
08:54:03.0421 1628 ViaIde - ok
08:54:03.0500 1628 [ 26B75DCB58B006867EFD659E845CD65E ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
08:54:03.0531 1628 vididr - ok
08:54:03.0562 1628 [ 40AFA68F81F90636D1300099E9CFC8CE ] vidsflt C:\WINDOWS\system32\DRIVERS\vidsflt.sys
08:54:03.0593 1628 vidsflt - ok
08:54:03.0609 1628 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:54:03.0625 1628 VolSnap - ok
08:54:03.0765 1628 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:54:03.0828 1628 VSS - ok
08:54:03.0953 1628 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:54:03.0984 1628 W32Time - ok
08:54:04.0031 1628 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:54:04.0046 1628 Wanarp - ok
08:54:04.0171 1628 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
08:54:04.0187 1628 Wdf01000 - ok
08:54:04.0187 1628 WDICA - ok
08:54:04.0265 1628 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:54:04.0281 1628 wdmaud - ok
08:54:04.0328 1628 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:54:04.0343 1628 WebClient - ok
08:54:04.0484 1628 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:54:04.0515 1628 winmgmt - ok
08:54:04.0578 1628 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:54:04.0578 1628 WinUSB - ok
08:54:04.0625 1628 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
08:54:04.0625 1628 WmdmPmSN - ok
08:54:04.0796 1628 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:54:04.0937 1628 Wmi - ok
08:54:05.0031 1628 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:54:05.0062 1628 WmiApSrv - ok
08:54:05.0093 1628 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:54:05.0109 1628 WpdUsb - ok
08:54:05.0343 1628 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:54:05.0546 1628 WPFFontCache_v0400 - ok
08:54:05.0578 1628 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:54:05.0578 1628 WS2IFSL - ok
08:54:05.0640 1628 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:54:05.0687 1628 wscsvc - ok
08:54:05.0703 1628 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:54:05.0703 1628 WSTCODEC - ok
08:54:05.0734 1628 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:54:05.0734 1628 wuauserv - ok
08:54:05.0796 1628 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:54:05.0828 1628 WudfPf - ok
08:54:05.0875 1628 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:54:05.0906 1628 WudfRd - ok
08:54:05.0968 1628 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:54:05.0984 1628 WudfSvc - ok
08:54:06.0140 1628 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:54:06.0265 1628 WZCSVC - ok
08:54:06.0328 1628 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:54:06.0390 1628 xmlprov - ok
08:54:06.0390 1628 yksvc - ok
08:54:06.0500 1628 [ F364E873C0F30E874AA4B1C919016AF6 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
08:54:06.0562 1628 yukonwxp - ok
08:54:06.0578 1628 ZTEusbmdm6k - ok
08:54:06.0593 1628 ZTEusbnmea - ok
08:54:06.0609 1628 ZTEusbser6k - ok
08:54:06.0671 1628 ================ Scan global ===============================
08:54:06.0703 1628 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:54:06.0812 1628 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:54:06.0953 1628 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:54:07.0000 1628 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:54:07.0000 1628 [Global] - ok
08:54:07.0000 1628 ================ Scan MBR ==================================
08:54:07.0015 1628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:54:07.0390 1628 \Device\Harddisk0\DR0 - ok
08:54:07.0390 1628 ================ Scan VBR ==================================
08:54:07.0406 1628 [ FFBC08E069C1DF63E193E9D8C5DF9C00 ] \Device\Harddisk0\DR0\Partition1
08:54:07.0406 1628 \Device\Harddisk0\DR0\Partition1 - ok
08:54:07.0453 1628 [ 605B53B13418FD40F8B0D512542F02A1 ] \Device\Harddisk0\DR0\Partition2
08:54:07.0453 1628 \Device\Harddisk0\DR0\Partition2 - ok
08:54:07.0453 1628 [ FD972537A4C3F0D04D5AD91752066CA3 ] \Device\Harddisk0\DR0\Partition3
08:54:07.0453 1628 \Device\Harddisk0\DR0\Partition3 - ok
08:54:07.0468 1628 ============================================================
08:54:07.0468 1628 Scan finished
08:54:07.0468 1628 ============================================================
08:54:07.0500 1608 Detected object count: 1
08:54:07.0500 1608 Actual detected object count: 1
08:54:22.0390 1608 atapi ( LockedFile.Multi.Generic ) - skipped by user
08:54:22.0390 1608 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
[edit by magna86: cenzurisan deo loga na molbu korisnika]
|
|
|
|
|
|
|
|
|
Poslao: 22 Apr 2013 11:43
|
offline
- pejcicbozidar
- Novi MyCity građanin
- Pridružio: 06 Sep 2005
- Poruke: 16
|
Imam problem sa otvaranjem postojecih dokumenata, tacnije ponasaju se kao da su izmenjeni u shell-u. Ne mogu da otvorim ni .doc, .xls, .pdf, .jpg. Novo kreirane dokumente mogu kasnije da otvorim i editujem, ali one od pre ulaska virusa ne mogu.
Kad otvorim neki office dokument, otvaraju se hijeroglifi.
Pise: The file you are trying to open, "Uporedna tabela.xls", is in different format than specified by the file extension. Verify that the file is not corrupted and is form a trusted source before opening the file. Do you want to open the file now?
Probao sam na drugom kompu da otvorim neki od fajlova i takodje se otvaraju hijeroglifi i pokusava da se startuje konvertor kodiranja.
evo primera:
Ovo je Word dokument od nekih 20 recenica:
Ü ZY]™Ñ ¨%– •E c-¾ }?¨5X ä¡ß´Q¶ ™FÅÕD{F€yýuÎȯâ 0(ÅÑ[¼ÿbz¢L™FÅWñÁK9/ƒêYsäš`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbB• ‰Cž@n24}S!Ê»š`øœ÷™Ç‹Ö¬z# ó ¹QØõOŽ½äæ/ p|lé_ ª1N¨ç Ú>%]ÉÔbQ? A±ÿ4Û]°Kµ }?–H=½^ìÇ
Mogao bih i da odradim upload Word fajla u kome je virus. Zipovao bih ga.
|
|
|
|
|
|
|
|
|
|
|
Poslao: 22 Apr 2013 21:43
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
 Racunar je cist sto se tice malware-a. Sto se tice fajlova koje ne mozes da otvoris, mislim da je njih nemoguce povratiti. No, otvori temu u Windows potforumu i tamo objasni problem. Neko ce ti dati upute sta da radis.
Imas ostatke F-Secure antivirusa, koje je potrebno ukloniti. Nije preporucljivo imati dva antivirusa na racunaru iz vise razloga. Preuzmi i pokreni sledeci alat
ftp://ftp.f-secure.com/support/tools/uitool/UninstallationTool.zip
Potrebno je deinstalirati ComboFix:
klikni start (ili  ), a zatim RUN.
Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.
U liniju za unos teksta ukucaj (iskopiraj) sljedeće:
ComboFix /Uninstall
Primjeti da postoji razmak između "ComboFix" i "/Uninstall".
a zatim klikni OK (ili pritisni Enter).
Sačekaj da se proces deinstalacije završi.
Preuzmi i pokreni OTC. Klikni na CleanUp. Ovim ce biti obrisani korisceni alati.
Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.
Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/
Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html
Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html
Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html
TwinHeadedEagle (AMF Tim)
|
|
|
|
|
|
|
|
Preuzmite program 
