Virus ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:11, on 2.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Korisnik\Desktop\help\br.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Windows Image Viewer Service] imageviewer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11080 bytes



Koristim NOD 32, prijavio je infekciju sa variant of Win32/AutoRun.AC worm gg.exe koji je stavio u karantin medjutim nakon toga ne mogu da otvorim diskove C, D, E dvostrukim klikom jer trazi da izaberem program preko koga bih mogla da ih otvorim, isto se desava i sa bilo kojom fles memorijom uz pomoc koje bi nesto trebalo da se prebaci na drugi kompijuter koji odmah registruje virus i opet trazi program preko kojeg bi je otvorio. Sve ostalo za sad deluje normalno.
Unapred zahvalna za pomoc

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-04-01.01 - Korisnik 2009-04-02 21:46:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.650 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-02 16:12 . 2009-04-02 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2009-04-02 16:11 . 2009-04-02 16:11 <DIR> d-------- c:\program files\WorldOfGoo
2009-04-02 16:11 . 2008-12-31 12:35 30,989 -r-hs---- c:\windows\imageviewer.exe
2009-04-02 13:24 . 2009-04-02 13:24 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-04-02 13:24 . 2009-04-02 13:24 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-04-02 13:24 . 2008-11-24 13:19 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-04-02 13:22 . 2009-04-02 13:24 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-04-02 13:22 . 2009-04-02 13:22 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\TuneUp Software
2009-04-02 13:22 . 2009-04-02 13:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-02 13:22 . 2009-04-02 13:22 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-02 11:04 . 2009-04-02 11:04 <DIR> d--hs---- C:\found.002
2009-03-28 01:02 . 2009-03-28 01:03 921,632 --a------ C:\SPC230NC.DAT
2009-03-26 18:10 . 2009-03-26 18:10 <DIR> d-------- c:\program files\Picasa2
2009-03-24 16:47 . 2009-03-24 16:47 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\ArcSoft
2009-03-24 16:36 . 2004-08-04 01:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-03-24 16:36 . 2004-08-04 01:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-03-24 16:36 . 2004-08-04 00:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-03-24 16:36 . 2004-08-04 00:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-03-24 16:36 . 2004-08-04 00:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-03-24 16:36 . 2004-08-04 00:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-03-24 16:36 . 2004-08-04 00:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-03-24 16:36 . 2004-08-04 00:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-03-24 16:36 . 2004-08-03 23:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-03-24 16:36 . 2004-08-03 23:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-03-24 16:30 . 2009-03-24 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Philips
2009-03-24 16:28 . 2009-03-24 16:28 <DIR> d-------- c:\program files\ArcSoft
2009-03-24 16:28 . 1995-08-01 05:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2009-03-24 16:27 . 2009-03-24 16:27 <DIR> d-------- c:\windows\Philips
2009-03-24 16:27 . 2009-03-24 16:30 <DIR> d-------- c:\program files\Philips
2009-03-24 16:27 . 2007-12-31 17:19 461,056 --a------ c:\windows\system32\drivers\SPC230NC.SYS
2009-03-24 16:27 . 2008-01-04 11:25 135,680 --a------ c:\windows\system32\SPC230NC.AX
2009-03-24 16:27 . 2007-09-26 15:28 8,576 --a------ c:\windows\system32\drivers\PAEAFLT.sys
2009-03-24 16:27 . 2007-11-02 12:07 6,656 --a------ c:\windows\system32\CoInst.dll
2009-03-24 16:27 . 2007-12-10 17:08 842 --a------ c:\windows\system32\SPC230NC.INI
2009-03-10 11:27 . 2009-04-02 12:55 <DIR> d-------- c:\documents and settings\Korisnik\Tracing
2009-03-10 11:24 . 2009-03-10 11:24 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-10 11:24 . 2009-03-10 11:24 <DIR> d-------- c:\program files\Microsoft
2009-03-10 11:17 . 2009-03-10 11:17 <DIR> d-------- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-02 15:11 --------- d-----w c:\documents and settings\Korisnik\Application Data\StarOffice8
2009-04-01 23:45 --------- d-----w c:\program files\Media Key
2009-03-31 23:10 --------- d-----w c:\program files\SweetIM
2009-03-27 10:36 --------- d-----w c:\program files\Java
2009-03-26 16:08 --------- d-----w c:\program files\Google
2009-03-24 14:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 14:27 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-23 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-21 16:16 --------- d-----w c:\program files\Common Files\Adobe
2009-03-10 09:24 --------- d-----w c:\program files\Windows Live
2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-10 21:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-10 21:12 --------- dc-h--w c:\documents and settings\All Users\Application Data\{96F5B506-0F68-4EDB-AD12-CF915081579C}
2009-02-10 21:12 --------- d-----w c:\program files\Stardock
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 15:08 --------- d-----w c:\program files\PDFCreator
2009-02-06 15:08 --------- d-----w c:\documents and settings\Korisnik\Application Data\PDFCreator
2009-02-06 15:05 --------- d-----w c:\documents and settings\Korisnik\Application Data\Autodesk
2009-02-06 15:03 --------- d-----w c:\program files\turbo squid tentacles
2009-02-06 15:03 --------- d-----w c:\program files\Microsoft WSE
2009-02-06 15:00 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-06 14:59 --------- d-----w c:\program files\Autodesk
2009-02-06 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-02-05 20:01 --------- d-----w c:\program files\Common Files\Apple
2009-02-05 18:36 --------- d-----w c:\program files\Winamp Remote
2009-02-05 18:27 --------- d-----w c:\program files\Winamp
2007-12-05 22:28 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-12-31 10:35 30,989 --sh--r c:\windows\imageviewer.exe
.

------- Sigcheck -------

2004-08-04 01:05 2021888 be339024b98f48eba0a5f1cac7be205d c:\windows\system32\ntkrnlpa.exe
2004-08-04 01:05 2015232 fb142b7007ca2eea76966c6c5cc12150 c:\windows\system32\VITrans\ntkrnlpa.exe

2004-08-03 23:18 2155008 543cdcccaefda9f4e0c2be01d18bf945 c:\windows\system32\ntoskrnl.exe
2004-08-03 23:18 2148352 626309040459c3915997ef98ec1c8d40 c:\windows\system32\VITrans\ntoskrnl.exe

2004-08-04 00:56 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 c:\windows\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 c:\windows\system32\dllcache\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-09-07 173368]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-09-07 18:06 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-10-03 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-17 921600]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"VisualTooltip"="c:\program files\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-14 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-09-28 111928]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"Windows Image Viewer Service"="imageviewer.exe" [2008-12-31 c:\windows\imageviewer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-12 113664]
Media Key.lnk - c:\program files\Media Key\MagicKey.exe [2007-10-18 159744]
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2009-03-24 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^StarOffice 8.lnk]
path=c:\documents and settings\Korisnik\Start Menu\Programs\Startup\StarOffice 8.lnk
backup=c:\windows\pss\StarOffice 8.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-21 03:18 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-09-28 18:18 111928 c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-11 19:16 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-14 12:06 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
--a------ 2008-11-12 12:28 602112 c:\program files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2007-04-25 10:45 956928 c:\program files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2007-10-18 12856]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [2007-10-18 8576]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-04-02 603904]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2009-03-24 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2009-03-24 461056]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - TUNEUP.DEFRAG
*NewlyCreated* - TUNEUP.PROGRAMSTATISTICSSVC
*NewlyCreated* - UXTUNEUP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01aef341-34be-11dd-88e2-0019dbd0b9c2}]
\Shell\AutoRun\command - vy.cmd
\Shell\explore\Command - vy.cmd
\Shell\open\Command - vy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a09361b-7cf7-11dc-b9df-806d6172696f}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a09361c-7cf7-11dc-b9df-806d6172696f}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a09361d-7cf7-11dc-b9df-806d6172696f}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{535465aa-1e74-11dd-88ab-0019dbd0b9c2}]
\Shell\AutoRun\command - oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e972c2-c6c0-11dd-8a53-0019dbd0b9c2}]
\Shell\AutoRun\command - G:\gg.exe 0o
\Shell\explore\Command - G:\gg.exe 0e
\Shell\open\Command - G:\gg.exe 0o

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae48af80-df5b-11dd-8a99-0019dbd0b9c2}]
\Shell\AutoRun\command - g:\driver\usb\driver.exe
\Shell\open\command - g:\driver\usb\driver.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 16:46]

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 10:12]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{93994DE8-8239-4655-B1D1-5F4E91300429} - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\wfb9m4r5.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\wfb9m4r5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-04-02 21:47:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(748-)
c:\windows\system32\imon.dll
.
Completion time: 2009-04-02 21:49:53
ComboFix-quarantined-files.txt 2009-04-02 19:49:51

Pre-Run: 4.775.591.936 bytes free
Post-Run: 7,234,981,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NoExecute=AlwaysOff /fastdetect /usepmtimer

315

Dopuna: 02 Apr 2009 22:02

Sad vise nemam one probleme, sve je ok
Hvala puno!
Da li treba da uradim jos nesto?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

USBNoRisk 1.6 by bobby

Started at 2.4.2009 22:44:35

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {4a09361b-7cf7-11dc-b9df-806d6172696f}
D: {4a09361c-7cf7-11dc-b9df-806d6172696f}
E: {4a09361d-7cf7-11dc-b9df-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 4a09361b-7cf7-11dc-b9df-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 4a09361c-7cf7-11dc-b9df-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for 4a09361d-7cf7-11dc-b9df-806d6172696f
========================================

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------
Content of C:\QooBox\Quarantine\E\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------


New device connected at 2.4.2009 22:45:53

Scanning for connected USB mass storage...
----------------------------------------
H: {c30f56e7-87e6-11dc-878f-0019dbd0b9c2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized c30f56e7-87e6-11dc-878f-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

========================================
Removed H:
========================================


New device connected at 2.4.2009 22:46:34

Scanning for connected USB mass storage...
----------------------------------------
G: {f2cfc787-19c3-11dd-889f-0019dbd0b9c2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on G: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for f2cfc787-19c3-11dd-889f-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on G: - None
----------------------------------------

========================================

========================================
Removed G:
========================================


New device connected at 2.4.2009 22:47:42

Scanning for connected USB mass storage...
----------------------------------------
G: {c8e63404-7d7c-11dc-8779-0019dbd0b9c2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on G: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized c8e63404-7d7c-11dc-8779-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on G: - None
----------------------------------------

========================================

========================================
Removed G:
========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@branka.dj
Kasno je sad moram da ustajem rano, nastavicemo sutra ako se slazes.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Naravno.
Hvala puno!
Mnogo ste mi pomogli!

Dopuna: 03 Apr 2009 11:59

Pozdrav
Opet ja
Svaka od ovih gore skeniranih fles memorija kad se skenira na drugom kompijuteru koji ima avast prijavi WIN 32:Rootkit-gen[RTK] a kad se virus obrise vise nece da se otvori.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\imageviewer.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Image Viewer Service"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01aef341-34be-11dd-88e2-0019dbd0b9c2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a09361b-7cf7-11dc-b9df-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a09361c-7cf7-11dc-b9df-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a09361d-7cf7-11dc-b9df-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{535465aa-1e74-11dd-88ab-0019dbd0b9c2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e972c2-c6c0-11dd-8a53-0019dbd0b9c2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae48af80-df5b-11dd-8a99-0019dbd0b9c2}]

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Dopuna: 04 Apr 2009 8:43

@branka.dj, dok cistimo racunar i usb flash, nemoj da ubadas flash u drugi racunar koji je mozda zarazen i automatski inficira drajv. Nisam najbolje razumeo sta ne moze da se otvori, usb drajv ? Mozes li malo da pojasnis.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-04-01.01 - Korisnik 2009-04-04 12:40:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.580 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\imageviewer.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\imageviewer.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

2009-04-03 02:58 . 2009-04-03 02:58 <DIR> d-------- c:\program files\MSXML 6.0
2009-04-03 02:53 . 2009-04-03 02:53 <DIR> d-------- c:\program files\MSXML 4.0
2009-04-03 02:29 . 2008-06-13 15:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-04-03 02:29 . 2008-06-13 15:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-04-03 02:22 . 2008-08-14 12:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-03 02:22 . 2008-08-14 11:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-03 02:22 . 2008-08-14 11:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-03 02:22 . 2008-08-14 11:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-03 02:14 . 2008-10-24 13:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-04-03 02:12 . 2008-12-21 01:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-04-03 02:12 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-03 02:12 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-03 02:12 . 2008-12-21 01:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-04-03 02:12 . 2008-12-21 01:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-03 02:12 . 2008-12-21 01:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-04-03 02:12 . 2008-12-21 01:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-04-03 02:12 . 2008-12-21 01:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-03 02:12 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-04-02 23:57 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-04-02 23:57 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-04-02 23:57 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-04-02 22:48 . 2009-04-03 13:16 <DIR> d-------- C:\USBNoRisk
2009-04-02 16:12 . 2009-04-02 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2009-04-02 16:11 . 2009-04-02 16:11 <DIR> d-------- c:\program files\WorldOfGoo
2009-04-02 13:24 . 2009-04-02 13:24 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-04-02 13:24 . 2009-04-02 13:24 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-04-02 13:24 . 2008-11-24 13:19 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-04-02 13:22 . 2009-04-02 13:24 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-04-02 13:22 . 2009-04-02 13:22 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\TuneUp Software
2009-04-02 13:22 . 2009-04-02 13:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-02 13:22 . 2009-04-02 13:22 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-02 11:04 . 2009-04-02 11:04 <DIR> d--hs---- C:\found.002
2009-03-28 01:02 . 2009-03-28 01:03 921,632 --a------ C:\SPC230NC.DAT
2009-03-26 18:10 . 2009-03-26 18:10 <DIR> d-------- c:\program files\Picasa2
2009-03-24 16:47 . 2009-03-24 16:47 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\ArcSoft
2009-03-24 16:36 . 2004-08-04 01:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-03-24 16:36 . 2004-08-04 01:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-03-24 16:36 . 2004-08-04 00:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-03-24 16:36 . 2004-08-04 00:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-03-24 16:36 . 2004-08-04 00:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-03-24 16:36 . 2004-08-04 00:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-03-24 16:36 . 2004-08-04 00:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-03-24 16:36 . 2004-08-04 00:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-03-24 16:36 . 2004-08-03 23:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-03-24 16:36 . 2004-08-03 23:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-03-24 16:30 . 2009-03-24 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Philips
2009-03-24 16:28 . 2009-03-24 16:28 <DIR> d-------- c:\program files\ArcSoft
2009-03-24 16:28 . 1995-08-01 05:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2009-03-24 16:27 . 2009-03-24 16:27 <DIR> d-------- c:\windows\Philips
2009-03-24 16:27 . 2009-03-24 16:30 <DIR> d-------- c:\program files\Philips
2009-03-24 16:27 . 2007-12-31 17:19 461,056 --a------ c:\windows\system32\drivers\SPC230NC.SYS
2009-03-24 16:27 . 2008-01-04 11:25 135,680 --a------ c:\windows\system32\SPC230NC.AX
2009-03-24 16:27 . 2007-09-26 15:28 8,576 --a------ c:\windows\system32\drivers\PAEAFLT.sys
2009-03-24 16:27 . 2007-11-02 12:07 6,656 --a------ c:\windows\system32\CoInst.dll
2009-03-24 16:27 . 2007-12-10 17:08 842 --a------ c:\windows\system32\SPC230NC.INI
2009-03-10 11:27 . 2009-04-04 11:32 <DIR> d-------- c:\documents and settings\Korisnik\Tracing
2009-03-10 11:24 . 2009-03-10 11:24 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-10 11:24 . 2009-03-10 11:24 <DIR> d-------- c:\program files\Microsoft
2009-03-10 11:17 . 2009-03-10 11:17 <DIR> d-------- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-03 09:15 --------- d-----w c:\documents and settings\Korisnik\Application Data\StarOffice8
2009-04-03 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-01 23:45 --------- d-----w c:\program files\Media Key
2009-03-31 23:10 --------- d-----w c:\program files\SweetIM
2009-03-27 10:36 --------- d-----w c:\program files\Java
2009-03-26 16:08 --------- d-----w c:\program files\Google
2009-03-24 14:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 14:27 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-21 16:16 --------- d-----w c:\program files\Common Files\Adobe
2009-03-10 09:24 --------- d-----w c:\program files\Windows Live
2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-10 21:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-10 21:12 --------- dc-h--w c:\documents and settings\All Users\Application Data\{96F5B506-0F68-4EDB-AD12-CF915081579C}
2009-02-10 21:12 --------- d-----w c:\program files\Stardock
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 15:08 --------- d-----w c:\program files\PDFCreator
2009-02-06 15:08 --------- d-----w c:\documents and settings\Korisnik\Application Data\PDFCreator
2009-02-06 15:05 --------- d-----w c:\documents and settings\Korisnik\Application Data\Autodesk
2009-02-06 15:03 --------- d-----w c:\program files\turbo squid tentacles
2009-02-06 15:03 --------- d-----w c:\program files\Microsoft WSE
2009-02-06 15:00 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-06 14:59 --------- d-----w c:\program files\Autodesk
2009-02-06 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-02-05 20:01 --------- d-----w c:\program files\Common Files\Apple
2009-02-05 18:36 --------- d-----w c:\program files\Winamp Remote
2009-02-05 18:27 --------- d-----w c:\program files\Winamp
2007-12-05 22:28 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2004-08-04 00:56 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 c:\windows\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 c:\windows\system32\dllcache\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 c:\windows\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],75 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-29 23:23:19 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-04-03 00:57:09 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 16:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 16:39:00 123,904 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2007-08-13 16:35:46 346,624 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2007-08-13 16:35:38 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2007-08-13 16:54:10 131,584 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2007-08-13 16:36:26 61,952 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2007-08-13 16:39:06 54,784 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2007-08-13 16:39:26 152,064 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2007-08-13 16:39:54 229,376 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2007-08-13 15:56:54 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2007-02-12 14:10:12 2,451,312 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dat
+ 2007-07-11 10:27:48 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2007-08-13 16:39:50 382,976 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2007-08-13 16:54:10 6,049,280 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2007-08-13 16:39:10 43,008 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2007-08-13 16:34:04 266,752 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2007-08-13 16:39:10 13,312 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2007-08-13 16:43:56 622,080 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2007-08-13 16:54:10 27,136 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2007-08-13 16:54:10 458,752 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2007-08-13 16:54:10 50,688 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2007-08-13 16:54:12 3,787,264 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2007-08-13 16:54:10 475,648 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2007-08-13 16:44:26 192,000 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2007-08-13 16:54:10 670,720 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2007-08-13 16:44:06 101,376 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2007-08-13 16:36:12 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2007-08-13 16:44:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2007-08-13 16:54:10 1,162,240 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2007-08-13 16:54:10 356,352 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2007-08-13 16:54:10 818,688 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2006-10-27 14:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 19:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 14:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 19:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 14:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 14:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 14:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 19:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 14:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 14:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 19:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 19:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 19:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 14:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-26 19:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 19:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 19:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 14:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-09-15 15:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 14:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 14:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 14:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 14:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 14:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-26 19:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 19:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 14:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 19:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 19:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 14:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 14:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 14:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 14:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 20:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 20:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2009-01-29 23:23:19 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2009-04-03 00:54:00 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2009-01-11 16:18:53 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-03 01:02:34 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-01-11 16:18:53 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-03 01:02:34 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-01-11 16:18:53 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-04-03 01:02:34 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-11 16:18:52 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-04-03 01:02:34 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-11 16:18:53 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-03 01:02:34 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-11 16:18:53 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-03 01:02:34 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-11 16:18:53 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-04-03 01:02:34 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-11 16:18:53 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-03 01:02:34 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-11 16:18:52 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-03 01:02:34 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-11 16:18:52 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-03 01:02:34 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-01-11 16:18:54 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-03 01:02:34 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-11 16:18:52 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-03 01:02:34 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-11 16:18:52 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-03 01:02:34 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-01-10 23:25:13 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 01:04:37 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-10 23:25:14 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-03 01:04:37 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-10 23:25:13 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-03 01:04:37 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-10 23:25:13 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-03 01:04:37 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-10 23:25:13 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-03 01:04:37 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-10 23:25:14 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-03 01:04:37 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-10 23:25:14 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-03 01:04:37 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-10 23:25:13 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-03 01:04:37 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-10 23:25:13 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-03 01:04:37 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-10 23:25:13 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-04-03 01:04:37 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-10 23:25:14 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-03 01:04:37 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-10 23:25:13 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 01:04:37 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-29 23:23:40 20,240 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-03 01:04:51 20,240 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-29 23:23:40 217,864 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-03 01:04:51 217,864 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-29 23:23:40 18,704 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-03 01:04:51 18,704 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-29 23:23:40 35,088 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-03 01:04:51 35,088 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-29 23:23:40 845,584 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-03 01:04:51 845,584 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-29 23:23:40 922,384 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-03 01:04:51 922,384 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-29 23:23:40 888,080 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-03 01:04:51 888,080 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-29 23:23:40 1,172,240 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 01:04:51 1,172,240 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-23 17:44:40 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 01:04:44 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-03-23 17:44:41 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-03 01:04:45 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-23 17:44:41 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-03 01:04:45 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-23 17:44:41 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-03 01:04:45 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-23 17:44:41 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-03 01:04:45 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-23 17:44:41 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-03 01:04:45 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-03-23 17:44:41 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-03 01:04:45 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-23 17:44:41 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-04-03 01:04:45 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-03-23 17:44:41 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-03 01:04:45 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-23 17:44:41 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 01:04:45 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2004-08-03 22:56:42 100,352 ----a-w c:\windows\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w c:\windows\system32\6to4svc.dll
- 2007-08-13 16:39:00 123,904 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2007-07-30 17:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 12:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2004-08-03 22:56:42 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll
- 2007-08-13 16:39:00 123,904 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 21:14:16 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys
- 2007-07-30 17:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 12:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2004-08-03 22:56:44 148,480 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll
- 2007-08-13 16:35:46 346,624 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 16:35:38 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-03 22:56:44 243,200 -c--a-w c:\windows\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 -c--a-w c:\windows\system32\dllcache\es.dll
- 2007-08-13 16:54:10 131,584 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-03 22:56:44 278,016 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2007-08-13 16:39:06 54,784 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:39:26 152,064 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 16:39:54 229,376 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 15:56:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 16:39:50 382,976 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 16:39:10 43,008 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 16:43:56 622,080 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2004-08-03 22:56:44 678,400 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll
- 2007-08-13 16:54:10 27,136 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 03:52:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-03 22:56:52 72,704 -c--a-w c:\windows\system32\dllcache\magnify.exe
+ 2006-10-04 08:48:36 72,704 -c--a-w c:\windows\system32\dllcache\magnify.exe
- 2004-08-03 22:56:44 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
- 2004-08-03 22:56:44 73,728 -c--a-w c:\windows\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll
- 2007-08-13 16:54:12 3,578,368 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 19:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2007-08-13 16:54:10 475,648 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 16:44:26 192,000 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 16:54:10 670,720 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2004-08-03 22:56:46 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll
- 2004-08-03 22:56:46 1,236,480 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2004-08-03 22:56:56 53,760 -c--a-w c:\windows\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:36 53,760 -c--a-w c:\windows\system32\dllcache\narrator.exe
- 2004-08-03 22:56:46 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2007-08-13 16:44:06 101,376 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2004-08-03 22:56:56 215,552 -c--a-w c:\windows\system32\dllcache\osk.exe
+ 2006-10-04 08:48:37 215,552 -c--a-w c:\windows\system32\dllcache\osk.exe
- 2007-08-13 16:36:12 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-03 22:56:46 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll
- 2001-08-23 10:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
- 2004-08-03 22:56:46 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 07:12:45 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll
- 2004-08-03 22:56:46 8,384,000 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-07-03 13:16:57 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2004-08-03 21:14:46 336,256 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2004-08-03 22:56:46 246,302 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2004-08-03 21:14:42 359,040 -c--a-w c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys
- 2004-08-03 21:07:46 223,616 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys
- 2004-08-03 22:56:48 35,840 -c--a-w c:\windows\system32\dllcache\umandlg.dll
+ 2006-10-04 13:33:38 35,840 -c--a-w c:\windows\system32\dllcache\umandlg.dll
- 2007-08-13 16:44:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2007-08-13 16:54:10 1,162,240 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2004-08-03 22:56:58 50,176 -c--a-w c:\windows\system32\dllcache\utilman.exe
+ 2006-10-04 08:48:37 50,176 -c--a-w c:\windows\system32\dllcache\utilman.exe
- 2007-08-13 16:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
- 2007-08-13 16:54:10 231,424 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2004-08-03 21:17:42 1,835,904 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 10:19:34 1,846,272 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2007-08-13 16:54:10 818,688 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2005-01-28 12:44:28 224,768 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-27 15:40:06 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2005-01-28 12:44:28 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 04:28:36 1,028,096 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2005-01-28 12:44:28 5,525,504 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2007-04-30 06:20:24 5,537,792 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2005-01-28 12:44:28 2,370,296 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-10 05:07:24 2,376,760 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2007-07-30 17:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 12:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 17:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 12:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 17:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 12:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 17:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 12:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 17:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 12:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-30 17:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 12:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2004-08-03 22:56:44 148,480 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll
- 2004-08-03 21:14:16 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2007-10-27 16:51:47 82,380 ----a-w c:\windows\system32\drivers\AFS2K.SYS
+ 2004-10-08 01:16:04 35,840 ----a-w c:\windows\system32\drivers\AFS2K.SYS
- 2004-08-03 21:15:18 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2001-08-23 10:00:00 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2004-08-03 21:14:46 336,256 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2004-08-03 21:14:42 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2004-08-03 21:07:46 223,616 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2007-08-13 16:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2007-08-13 16:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2004-08-03 22:56:44 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2007-08-13 16:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2009-03-23 23:16:25 2,229,104 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-03 06:26:30 2,225,952 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-03 22:56:44 278,016 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2007-08-13 16:36:26 61,952 ------w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2007-08-13 16:39:06 54,784 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2007-08-13 16:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2007-08-13 16:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2007-08-13 15:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2007-02-12 14:10:12 2,451,312 ------w c:\windows\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
- 2007-07-11 10:27:48 383,488 ------w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2007-08-13 16:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2007-08-13 16:54:10 6,049,280 ------w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2007-08-13 16:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2007-08-13 16:34:04 266,752 ------w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2007-08-13 16:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2004-08-03 22:56:44 678,400 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2007-08-13 16:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 03:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
- 2004-08-03 22:56:52 72,704 ----a-w c:\windows\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w c:\windows\system32\magnify.exe
- 2004-08-03 22:56:44 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
- 2007-08-13 16:54:10 458,752 ------w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2007-08-13 16:54:10 50,688 ------w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:54:12 3,787,264 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 19:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2007-08-13 16:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2007-08-13 16:44:26 192,000 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
- 2007-08-13 16:54:10 670,720 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
- 2004-08-03 22:56:46 245,248 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll
- 2004-08-03 22:56:46 1,236,480 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2002-02-04 01:52:54 1,230,336 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 14:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2006-09-01 11:08:02 1,334,032 ----a-w c:\windows\system32\msxml6.dll
+ 2008-08-29 18:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2004-08-03 22:56:56 53,760 ----a-w c:\windows\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w c:\windows\system32\narrator.exe
- 2004-08-03 22:56:46 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2004-08-03 23:05:44 2,021,888 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 21:18:32 2,155,008 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe
- 2007-08-13 16:44:06 101,376 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
- 2004-08-03 22:56:56 215,552 ----a-w c:\windows\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w c:\windows\system32\osk.exe
- 2007-08-13 16:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2004-08-03 22:56:46 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
- 2004-08-03 22:56:46 144,896 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll
- 2004-08-03 22:56:46 14,505,472 ----a-w c:\windows\system32\shell32.dll
+ 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll
+ 2008-10-16 12:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 12:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2006-10-16 15:10:58 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2004-08-03 22:56:46 246,302 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2004-08-03 22:56:48 35,840 ----a-w c:\windows\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w c:\windows\system32\umandlg.dll
- 2007-08-13 16:44:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2007-08-13 16:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2004-08-03 22:56:58 50,176 ----a-w c:\windows\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w c:\windows\system32\utilman.exe
- 2007-08-13 16:54:10 356,352 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2007-08-13 16:54:10 818,688 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
- 2005-01-28 12:44:28 224,768 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-27 15:40:06 227,328 ----a-w c:\windows\system32\wmasf.dll
- 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 04:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
- 2005-01-28 12:44:28 5,525,504 ----a-w c:\windows\system32\wmp.dll
+ 2007-04-30 06:20:24 5,537,792 ----a-w c:\windows\system32\wmp.dll
- 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 05:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll
- 2007-07-30 17:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 12:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-30 17:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 12:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-30 17:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 12:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-30 17:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 12:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-30 17:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 12:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-30 17:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 12:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2007-07-30 17:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 12:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2009-04-04 09:32:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_660.dat
+ 2008-09-30 14:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 14:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-09-07 173368]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-09-07 18:06 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-10-03 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-17 921600]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"VisualTooltip"="c:\program files\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-14 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-09-28 111928]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-12 113664]
Media Key.lnk - c:\program files\Media Key\MagicKey.exe [2007-10-18 159744]
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2009-03-24 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^StarOffice 8.lnk]
path=c:\documents and settings\Korisnik\Start Menu\Programs\Startup\StarOffice 8.lnk
backup=c:\windows\pss\StarOffice 8.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-21 03:18 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-09-28 18:18 111928 c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-11 19:16 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-14 12:06 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
--a------ 2008-11-12 12:28 602112 c:\program files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2007-04-25 10:45 956928 c:\program files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2007-10-18 12856]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [2007-10-18 8576]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-04-02 603904]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2009-03-24 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2009-03-24 461056]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 16:46]

2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 10:12]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\wfb9m4r5.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\wfb9m4r5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-04-04 12:41:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\imon.dll
.
Completion time: 2009-04-04 12:43:37
ComboFix-quarantined-files.txt 2009-04-04 10:43:34
ComboFix2.txt 2009-04-02 19:49:54

Pre-Run: 6.461.636.608 bytes free
Post-Run: 6,466,453,504 bytes free

740 --- E O F --- 2009-04-03 01:04:52

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, necu vise.
Inace juce sam pokusala da pebacim diplomski sa kompijutera na svoj laptop koji ima instaliran avast i prilikom skeniranja fles memorije na laptopu prijavio je virus ( nepisala sam u prethodnoj poruci kako se zove) dala sam komandu da obrise virus, skenirala fles ponovo, sad nije prijavio viruse, i kad sam pokusala da ga otvorim da bi prebacila dokument, dobila obavestenje da ne moze da se otvori, pa sam isto pokusala i sa drugim flesom i desilo se isto. Od trenutka kad su skenirani u onom programu koji ste mi poslali usbnorisk, nisu bili u kontaktu ni sa jednim drugim kompijuterom sem s mojim. Nisu bili ni u lap topu dok nisam pokusala da prebacim diplomski.
Izvinjavam se ako sam napravila neki problem ovako