problem exe virus

1

problem exe virus

offline
  • Pridružio: 14 Apr 2009
  • Poruke: 28

Napisano: 14 Apr 2009 17:35

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:33 PM, on 4/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DNA\btdna.exe
C:\Users\Olja\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Olja\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe
C:\Users\Olja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Olja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Olja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Olja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Users\Olja\Desktop\New Folder\TR3.exe.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Winamp\elevator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\Windows\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsvc32] winsvc32.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] D:\programs\instalirano\emule\emule.exe -AutoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Olja\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - D:\programs\instalirano\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - D:\programs\instalirano\IExif 2.3\IExifCom.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7C583E3-B0CD-48B4-A474-816824EBB2F1}: NameServer = 195.178.38.3 195.178.38.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15785 bytes



problem mi je sa flashom.....svi folderi su pretvoreni u .exe fajlove, ne mogu da formatiram ili bilo sta da obrisem....kasperski, avast i nod su prepoznali trojance ali ne mogu da izbrisu....

Dopuna: 14 Apr 2009 17:52

evo opet sam skenirala sa avastom, on pronadje trojanca...izaberem DELETE on ne moze da ga nadje..isto kada stavim MOVE TO CHEST....jednostavno ne moze da izbrise...

virusi su se pojavili kada sam ubacila na faxu, dosla kuci i nisam mogla da pokrenem fles. jos ranije mi se desavalo da bude jedan ovakav trojanac i mogla sam da izbrisem...tj. jedan fajl je bio pretvoren u .exe ...a sada je jedno deset foldera....

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Nemoj priključivati flash drive dok ti ne kažem da to uradiš.
Prvo ćemo proveriti kakvo je stanje na PC-u...


Arrow Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.



Arrow Privremeno isključi Ad-Watch: http://www.lavasoftsupport.com/index.php?showtopic=19804



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 14 Apr 2009
  • Poruke: 28

ComboFix 09-04-14.09 - Olja 04/14/2009 18:48:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1088 [GMT 2:00]
Running from: C:\Users\Olja\Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 11:50:38 . 2009-02-05 20:06:59 51792 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2009-03-29 20:23:34 . 2009-03-29 20:23:34 0 d-----w C:\Users\All Users\ALM
2009-03-29 20:23:34 . 2009-03-29 20:23:34 0 d-----w C:\ProgramData\ALM
2009-03-29 20:13:08 . 2007-03-23 02:05:38 29272 ----a-r C:\Windows\system32\AdobePDF.dll
2009-03-19 00:25:05 . 2009-03-29 22:14:30 2 ----a-w C:\Windows\Twain001.Mtx
2009-03-19 00:25:05 . 2009-03-29 22:14:30 156 ----a-w C:\Windows\Twunk001.MTX
2009-03-19 00:25:05 . 2009-03-19 00:25:05 0 ----a-w C:\Windows\Twunk002.MTX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 16:47:32 . 2008-12-31 19:00:08 0 d-----w C:\Program Files\MODEM Mobile Connection
2009-04-14 16:46:03 . 2008-06-19 17:26:54 0 d-----w C:\Users\Olja\AppData\Roaming\DNA
2009-04-14 16:45:02 . 2007-10-24 07:06:21 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-14 16:45:02 . 2007-10-24 07:06:21 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-14 16:45:02 . 2007-10-24 07:06:21 16384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-14 16:24:17 . 2008-12-08 17:52:12 0 d-----w C:\Users\Olja\AppData\Roaming\Skype
2009-04-14 15:16:22 . 2008-12-08 17:54:57 0 d-----w C:\Users\Olja\AppData\Roaming\skypePM
2009-04-14 15:15:52 . 2009-04-14 10:14:46 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009041420090415\index.dat
2009-04-14 15:15:52 . 2008-06-19 17:26:54 0 d-----w C:\Program Files\DNA
2009-04-14 14:53:49 . 2009-04-14 14:53:49 2048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-14 14:53:49 . 2009-04-14 14:53:49 2048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-14 13:01:13 . 2009-03-14 14:22:01 9852 ----a-w C:\aaw7boot.log
2009-04-14 11:50:36 . 2009-04-14 11:50:36 0 d-----w C:\Program Files\Alwil Software
2009-04-14 11:36:05 . 2006-11-02 10:25:05 51200 ----a-w C:\Windows\Inf\infpub.dat
2009-04-14 11:36:04 . 2006-11-02 10:25:05 86016 ----a-w C:\Windows\Inf\infstor.dat
2009-04-14 11:36:04 . 2006-11-02 10:25:05 143360 ----a-w C:\Windows\Inf\infstrng.dat
2009-04-14 10:34:19 . 2008-10-20 16:26:42 268 ---ha-w C:\sqmdata04.sqm
2009-04-14 10:34:19 . 2008-10-20 16:26:42 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-14 10:27:50 . 2009-03-09 00:31:01 0 d-----w C:\ProgramData\Kaspersky Lab Setup Files
2009-04-14 10:25:28 . 2009-01-16 21:12:45 0 d-----w C:\Program Files\SpeedFan
2009-04-14 10:22:46 . 2008-10-20 11:31:37 268 ---ha-w C:\sqmdata03.sqm
2009-04-14 10:22:46 . 2008-10-20 11:31:37 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-14 10:22:17 . 2008-11-15 21:54:35 0 d-----w C:\Program Files\Kaspersky Lab
2009-04-14 10:20:23 . 2008-05-22 16:15:17 0 d-----w C:\Users\Olja\AppData\Roaming\ZoomBrowser EX
2009-04-14 10:20:11 . 2008-05-22 16:10:35 0 d-----w C:\ProgramData\ZoomBrowser
2009-04-14 10:14:45 . 2009-04-14 10:14:46 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009033020090406\index.dat
2009-04-01 20:27:49 . 2008-09-06 07:57:54 2828 --sha-w C:\Users\All Users\KGyGaAvL.sys
2009-04-01 20:27:49 . 2008-09-06 07:57:54 2828 --sha-w C:\ProgramData\KGyGaAvL.sys
2009-03-29 20:33:11 . 2008-05-12 05:43:08 161136 ----a-w C:\Users\Olja\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-29 20:30:58 . 2007-07-25 11:05:54 0 d-----w C:\Program Files\Common Files\Adobe
2009-03-29 20:27:23 . 2009-03-29 20:27:23 0 d-----w C:\Program Files\Common Files\Control Panels
2009-03-29 19:53:00 . 2009-03-29 19:53:00 0 d-----w C:\Program Files\Bonjour
2009-03-29 18:48:33 . 2009-03-29 08:03:45 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009032920090330\index.dat
2009-03-29 14:41:44 . 2008-06-19 17:27:07 0 d-----w C:\Users\Olja\AppData\Roaming\BitTorrent
2009-03-29 12:11:06 . 2008-07-19 00:22:19 0 d-----w C:\Users\Olja\AppData\Roaming\Thinstall
2009-03-28 21:54:57 . 2008-10-06 22:45:12 0 d-----w C:\Program Files\Planplus
2009-03-28 09:12:49 . 2009-03-28 09:12:57 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009032820090329\index.dat
2009-03-27 07:53:45 . 2007-10-24 07:10:31 0 d-----w C:\Program Files\Launch Manager
2009-03-27 07:52:32 . 2009-03-27 07:52:35 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009032720090328\index.dat
2009-03-26 21:30:54 . 2009-03-26 11:15:52 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009032620090327\index.dat
2009-03-25 21:32:14 . 2008-07-02 16:28:13 0 d-----w C:\Program Files\EA GAMES
2009-03-25 12:46:32 . 2009-03-25 12:46:33 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009032520090326\index.dat
2009-03-24 10:17:28 . 2009-03-23 23:20:21 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009032420090325\index.dat
2009-03-23 21:52:14 . 2008-05-12 06:17:56 55144 ----a-w C:\Users\Olja\AppData\Roaming\nvModes.dat
2009-03-23 18:41:44 . 2009-03-23 09:28:38 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009032320090324\index.dat
2009-03-22 08:23:43 . 2009-03-22 08:23:12 594 ----a-w C:\updatedatfix.log
2009-03-19 13:03:26 . 2009-03-19 13:03:26 0 d-----w C:\Program Files\Common Files\Windows Live
2009-03-15 16:20:53 . 2009-03-15 16:20:53 0 d-----w C:\ProgramData\WinZip
2009-03-14 10:10:53 . 2009-03-14 09:57:38 0 dc-h--w C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-14 10:10:37 . 2008-08-07 20:37:17 0 d-----w C:\Program Files\Lavasoft
2009-03-14 09:58:20 . 2006-11-02 11:18:33 0 d-----w C:\Program Files\Windows Mail
2009-03-13 14:44:43 . 2009-03-13 14:44:40 0 d-----w C:\Program Files\LimeWire
2009-03-13 06:49:21 . 2009-03-06 17:37:10 0 d-----w C:\ProgramData\HP Product Assistant
2009-03-13 06:49:21 . 2008-05-13 19:24:45 0 d-----w C:\Program Files\Winamp
2009-03-13 06:49:21 . 2008-05-12 18:29:02 0 d-----w C:\Program Files\Mv2Player
2009-03-13 06:49:21 . 2008-05-12 17:56:33 0 d-----w C:\ProgramData\FLEXnet
2009-03-09 19:06:57 . 2009-03-14 10:23:29 15688 ----a-w C:\Windows\System32\lsdelete.exe
2009-03-09 19:06:56 . 2009-03-14 10:13:30 64160 ----a-w C:\Windows\system32\drivers\Lbd.sys
2009-03-09 17:52:22 . 2007-07-25 09:36:51 0 d--h--w C:\Program Files\InstallShield Installation Information
2009-03-09 17:52:10 . 2009-01-02 01:31:43 0 d-----w C:\Program Files\QuickTime
2009-03-09 00:29:05 . 2008-05-12 06:35:33 0 d-----w C:\Program Files\ESET
2009-03-09 00:09:10 . 2009-03-09 00:09:10 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009030220090309\index.dat
2009-03-07 10:12:17 . 2009-03-06 17:30:24 0 d-----w C:\ProgramData\HP
2009-03-07 10:05:46 . 2009-03-06 17:45:59 0 d-----w C:\Users\Olja\AppData\Roaming\HP
2009-03-06 17:44:35 . 2009-03-06 17:30:37 157457 ----a-w C:\Windows\hpoins27.dat
2009-03-06 17:44:18 . 2009-03-06 17:44:18 0 d-----w C:\ProgramData\WEBREG
2009-03-06 17:42:45 . 2009-03-06 17:42:45 0 d-----w C:\ProgramData\Hewlett-Packard
2009-03-06 17:37:10 . 2009-03-06 17:33:59 0 d-----w C:\Program Files\HP
2009-03-06 17:36:47 . 2009-03-06 17:36:47 0 d-----w C:\Program Files\Hewlett-Packard
2009-03-06 17:36:41 . 2009-03-06 17:36:41 0 d-----w C:\Program Files\Common Files\Hewlett-Packard
2009-03-06 17:35:55 . 2009-03-06 17:35:55 0 d-----w C:\Program Files\Common Files\HP
2009-02-27 18:25:15 . 2009-02-27 18:25:15 107888 ----a-w C:\Windows\System32\CmdLineExt.dll
2009-02-18 10:06:57 . 2009-01-02 01:39:29 0 d-----w C:\Program Files\Quark
2009-02-18 10:06:45 . 2009-01-02 01:39:29 0 d-----w C:\ProgramData\Quark
2009-02-16 10:40:15 . 2009-02-16 10:40:15 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020920090216\index.dat
2009-02-13 22:23:59 . 2009-01-22 19:49:02 0 d-----w C:\Program Files\Valve
2009-02-09 03:10:34 . 2009-03-13 10:10:16 2033152 ----a-w C:\Windows\System32\win32k.sys
2009-02-08 18:21:43 . 2009-02-08 18:21:45 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020820090209\index.dat
2009-02-07 09:50:02 . 2009-02-07 09:50:04 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020720090208\index.dat
2009-02-06 09:32:38 . 2009-02-06 09:32:39 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020620090207\index.dat
2009-02-05 08:40:22 . 2009-02-05 08:40:22 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020520090206\index.dat
2009-02-04 16:46:09 . 2009-02-04 11:09:01 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020420090205\index.dat
2009-02-03 16:53:52 . 2009-02-03 16:53:52 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
2009-02-02 10:05:07 . 2009-02-02 10:05:09 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020220090203\index.dat
2009-02-01 11:21:11 . 2009-02-01 11:21:11 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009020120090202\index.dat
2009-01-31 22:29:41 . 2009-01-31 11:07:43 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009013120090201\index.dat
2009-01-30 19:28:11 . 2009-01-30 11:06:27 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009013020090131\index.dat
2009-01-29 21:05:49 . 2009-01-29 09:59:23 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012920090130\index.dat
2009-01-28 22:23:13 . 2009-01-28 08:10:10 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012820090129\index.dat
2009-01-27 16:49:35 . 2009-01-27 08:15:23 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012720090128\index.dat
2009-01-26 15:27:21 . 2009-01-26 08:34:10 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012620090127\index.dat
2009-01-25 22:56:22 . 2009-01-25 01:18:52 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012520090126\index.dat
2009-01-24 12:55:41 . 2009-01-24 12:55:41 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012420090125\index.dat
2009-01-23 20:10:34 . 2009-01-22 23:45:28 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012320090124\index.dat
2009-01-22 11:41:16 . 2009-01-22 11:41:18 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012220090123\index.dat
2009-01-21 08:38:23 . 2009-01-21 08:38:25 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012120090122\index.dat
2009-01-20 19:42:39 . 2009-01-20 10:40:39 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012020090121\index.dat
2009-01-19 18:44:57 . 2009-01-19 09:50:36 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009011920090120\index.dat
2009-01-18 10:18:33 . 2009-01-18 10:18:35 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009011820090119\index.dat
2009-01-17 13:59:47 . 2009-01-17 10:42:04 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009011720090118\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 17:10:56 1688872]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 09:34:02 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]
"Search Protection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 15:23:46 111856]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 15:23:46 111856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2009-01-01 15:56:45 342848]
"Google Update"="C:\Users\Olja\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-16 16:00:16 133104]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-11-07 13:31:38 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 23:33:36 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 21:54:58 1286144]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 09:21:38 772616]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 20:38:22 206952]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 08:06:44 159744]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 22:49:04 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 19:48:22 57344]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 12:57:24 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 12:21:24 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 20:16:38 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-07 13:47:59 136600]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 15:23:46 111856]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 12:53:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 12:53:00 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 12:53:00 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 20:17:32 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 07:55:22 80896]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 19:06:55 515416]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 20:46:20 624248]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 20:08:45 81000]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2007-07-06 03:06:52 4669440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-25 723760]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-7-25 535336]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2911883805-3122994826-1824005577-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D5107B99-FAD3-484B-B1FD-0F99B02215B0}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{F2979B51-C7D7-4432-AC71-A5771C73BB2D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{9C8B4F34-9FE3-4EEC-9D40-CAEA3189C548}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{A287267E-E282-4EE2-89E6-DBF838D4E07D}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{1536AA30-8E77-4097-BC10-7D892106F156}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{B91807D8-8B6E-4F6D-9FE0-D7DA87A29571}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{427B2E9C-3A51-44DC-B961-B2850745000A}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"TCP Query User{38942B7A-EB29-4090-8E31-443181C042D4}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{241FC030-FC44-40D3-BADF-CAC5636F4CA6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{F5C09B11-A711-4A90-A7E9-F3D585F86529}D:\\programs\\instalirano\\emule\\emule.exe"= UDP:D:\programs\instalirano\emule\emule.exe:eMule
"UDP Query User{7DB14DC7-77C4-4E9C-BC20-BB8F910C1174}D:\\programs\\instalirano\\emule\\emule.exe"= TCP:D:\programs\instalirano\emule\emule.exe:eMule
"{870D7472-C010-45DB-83C3-6DD0F5187435}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{73F31353-891F-45BC-ABCD-91D8FFF155EE}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{520F6523-F4CC-4A2A-A5EF-BE1AC5946174}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0000B53D-7C18-42EB-A93C-71763C34353A}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{5A5E88B8-5821-456C-8560-0C297FCE6786}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F27570C9-B4E8-41D9-98ED-B80EE872EC1F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{A3D7DBA1-BFF3-41C2-8843-3758C2F89C83}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{95174650-0A5E-47E7-9509-B7ECA9634086}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{771F0C22-C8E2-42A1-8EEF-0001D43B3586}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{214A1A0F-173F-4564-8871-9ECB1B81C7D7}D:\\programs\\instalirano\\emule\\emule.exe"= UDP:D:\programs\instalirano\emule\emule.exe:eMule
"UDP Query User{2042E856-109C-44E2-BF95-47076AE75C87}D:\\programs\\instalirano\\emule\\emule.exe"= TCP:D:\programs\instalirano\emule\emule.exe:eMule
"TCP Query User{7D52F516-2D99-43AE-95EA-C470D86EE07E}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{2EF2429B-5DAF-4307-81A6-EEDEC0FEDB67}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{6095361F-618A-4D42-A4C1-628E4A427476}C:\\program files\\dna\\btdna.exe"= UDP:C:\program files\dna\btdna.exe:DNA
"UDP Query User{671590E4-B507-4572-897B-A489F6F00443}C:\\program files\\dna\\btdna.exe"= TCP:C:\program files\dna\btdna.exe:DNA
"TCP Query User{4DA224ED-4792-4C75-9C40-C970030CA8D4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8342A6BC-2A83-48A7-88C8-684E0A779F58}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{11C78670-396A-4894-97A9-40E4CB318E47}D:\\programs\\instalirano\\orbitdownloader\\orbitnet.exe"= UDP:D:\programs\instalirano\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{D6B062BF-2AE8-4A49-A19B-3754D6AF4890}D:\\programs\\instalirano\\orbitdownloader\\orbitnet.exe"= TCP:D:\programs\instalirano\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"{640C2310-32CC-445B-951A-64A2D86FFA50}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{083D81D6-8B12-4013-82E9-B42D74EE52DA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{69A8E43A-7D51-42BA-B246-F1A5C049011F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E642359E-B693-4A29-8D69-F0A6BC4152DB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{7F15A7E6-2F46-4F37-BD05-81C79F32F872}D:\\games\\cs\\hl.exe"= UDP:D:\games\cs\hl.exe:Half-Life Launcher
"UDP Query User{A71E79F2-C591-410E-870E-21A006116755}D:\\games\\cs\\hl.exe"= TCP:D:\games\cs\hl.exe:Half-Life Launcher
"{D365C5C7-6DAE-4872-B786-4E73160551FA}"= UDP:3703:Adobe Version Cue CS3 Server
"{5FB81DF8-2D1C-4D02-B8FA-9DE2CE76970B}"= UDP:3704:Adobe Version Cue CS3 Server
"{731FB9C2-213D-4E82-B900-44722738CC8D}"= UDP:50900:Adobe Version Cue CS3 Server
"{BACBB72F-EA2F-45BA-8353-FB92AE6C23C7}"= UDP:50901:Adobe Version Cue CS3 Server
"{4318FC84-311A-444A-A103-7C59B34C9ECF}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{66D724AF-AB8C-45FB-B26F-3439A1C355ED}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{1D93EE7C-DBF9-41E8-B865-BEEE0E949CA5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C906A6FB-E0B5-44B7-BA82-35818AF5CA13}"= UDP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{B2F42B82-333D-436C-B16A-1C7C1271CD3B}"= TCP:C:\Program Files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{26D17925-BF66-42E2-9BB0-868DCCB89952}C:\\users\\olja\\program files\\dna\\btdna.exe"= UDP:C:\users\olja\program files\dna\btdna.exe:btdna.exe
"UDP Query User{A4FE9612-4EA7-41EE-A4D4-2B13E552067F}C:\\users\\olja\\program files\\dna\\btdna.exe"= TCP:C:\users\olja\program files\dna\btdna.exe:btdna.exe
"TCP Query User{7B664920-D93F-4016-8224-AA410999403E}C:\\users\\olja\\program files\\dna\\btdna.exe"= UDP:C:\users\olja\program files\dna\btdna.exe:btdna.exe
"UDP Query User{78FCCBF6-B61C-437A-B163-B508DDFF0DE0}C:\\users\\olja\\program files\\dna\\btdna.exe"= TCP:C:\users\olja\program files\dna\btdna.exe:btdna.exe
"{9685515D-E4E2-4BB3-B62A-F09CF8E791A4}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D8696ACA-74D4-4551-A9B9-883D879ACCB3}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{4D9EAA29-D7CE-42B4-9AA9-B0F9D178AF5C}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{1CDCBA62-2CEB-4F49-AC01-508F919A3F02}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{372218D6-E204-4F3E-95C5-CE228CE20698}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{7D81E1ED-0359-4D4C-9702-3481701F8120}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{5A41AE61-F2CF-474A-A7E5-3E684E3242FE}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{8DF13777-41BF-4ED1-B575-81A2352246BA}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"{6938A65C-B606-43E1-B410-1E2A2C153A19}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{531459CE-44DD-41E2-A766-B3E121B18C72}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{C5A6EDD5-ADA5-4F39-8467-7FC83C0D0D37}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{94E32E71-8BE2-4D53-8866-C989B6A58B34}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{940BE593-DB0A-4834-AB2D-13632012EE11}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{C8AD9685-28DE-476D-BB5B-FC3B28BB19C6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{3CDED7D4-19CE-44C6-9E75-226FF47EF344}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{AD0E3678-8622-4F06-9C8C-EDCBC8D99007}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{1A9DDA90-1050-4E94-8E1D-14281B2B2405}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{BDB71E7A-3D69-4D15-8A1B-54FAD2E675D5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{552745FE-9825-4C68-9B2C-4AEDE89AA746}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{3928062F-571C-4A17-91E9-25EBEC581AC0}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{69D600AD-FC34-4DA1-ADB0-1A5AF3738D3E}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{428D41EA-B742-435D-B434-36FD4418605E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 AmdTools;AMD Special Tools Driver; [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 19:06:55 951632]
S0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys [2009-03-09 19:06:56 64160]
S1 aswSP;avast! Self Protection; [x]
S1 nltdi;nltdi;C:\Windows\system32\drivers\nltdi.sys [2007-04-23 16:08:52 81688]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 23:51:58 13560]
S2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 21:24:42 50688]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20:07:12 20560]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 20:06:59 51792]
S3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 12:47:44 32256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95640c48-28f3-11dd-88a4-001dd96659e0}]
\shell\Auto\command - Autorun.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 C:\Windows\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06:56 . 2009-03-09 19:06:56]

2009-04-01 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2911883805-3122994826-1824005577-1000.job
- C:\Users\Olja\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-16 16:00:28 . 2008-11-16 16:00:16]

2009-04-14 C:\Windows\Tasks\User_Feed_Synchronization-{8A9CC55C-9B82-46CA-9FA3-59D242B7D616}.job
- C:\Windows\system32\msfeedssync.exe [2008-06-26 07:41:39 . 2008-01-19 07:33:16]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-eMuleAutoStart - D:\programs\instalirano\emule\emule.exe
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-ALaunch - C:\Acer\ALaunch\AlaunchClient.exe
HKLM-Run-SetPanel - C:\Acer\APanel\APanel.cmd
HKLM-Run-Samsung Common SM - C:\Windows\Samsung\ComSMMgr\ssmmgr.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-winsvc32 - winsvc32.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - D:\programs\instalirano\IExif 2.3\IExifMap.htm
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: View Exif/GPS/IPTC with IExif - D:\programs\instalirano\IExif 2.3\IExifCom.htm
.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 14 Apr 2009
  • Poruke: 28

Napisano: 14 Apr 2009 22:03

samo jedan fles...

USBNoRisk 1.6 by bobby

Started at 4/14/2009 10:00:50 PM

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {0430d1ac-81ff-11dc-998d-806e6f6e6963}
D: {0430d1ad-81ff-11dc-998d-806e6f6e6963}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 0430d1ac-81ff-11dc-998d-806e6f6e6963
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 0430d1ad-81ff-11dc-998d-806e6f6e6963
========================================



New device connected at 4/14/2009 10:01:10 PM

Scanning for connected USB mass storage...
----------------------------------------
H: {0a034528-0a2a-11de-be4d-001b385ddd7a}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized 0a034528-0a2a-11de-be4d-001b385ddd7a
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

Dopuna: 14 Apr 2009 22:04

autorun sam danas iskljucila....jer sam procitala da treba da iskljucim za sve...vidim da pokazuje da nema...

i sta smo sad tacno uradili?

Dopuna: 14 Apr 2009 22:05

i da li je kompjuter u redu?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kompjuter je čist. Treba da proverimo u kakvom je stanju flash...


Ponovo pokreni USBNoRisk, priključi flash drive (ako već nije priključen), pređi na Script tab i tamo iskopiraj sve što se nalazi unutar kod polja:


{0a034528-0a2a-11de-be4d-001b385ddd7a}
folder_list: %DRIVE%



Klikni Run Script.

Zatim na Monitor tabu klikni desnim tasterom i izaberi opciju Save log.

Iskopiraj dobijeni log u temu na forumu.

offline
  • Pridružio: 14 Apr 2009
  • Poruke: 28

USBNoRisk 1.6 by bobby

Started at 4/14/2009 10:38:16 PM

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {0430d1ac-81ff-11dc-998d-806e6f6e6963}
D: {0430d1ad-81ff-11dc-998d-806e6f6e6963}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 0430d1ac-81ff-11dc-998d-806e6f6e6963
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 0430d1ad-81ff-11dc-998d-806e6f6e6963
========================================



New device connected at 4/14/2009 10:38:22 PM

Scanning for connected USB mass storage...
----------------------------------------
H: {0a034528-0a2a-11de-be4d-001b385ddd7a}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized 0a034528-0a2a-11de-be4d-001b385ddd7a
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================


Processing script
----------------------------------------
Drive letter for GUID: H:\
0a034528-0a2a-11de-be4d-001b385ddd7a
SectionStart = 0
SectionEnd = 1
----------------------------------------
Folder list for H:\:
----------------------------------------
--a-- H:\skenirano.exe
dr-hs H:\Znakovi pored puta
--a-- H:\Znakovi pored puta\znakovipored.cdr
--a-- H:\Znakovi pored puta\kicma.psd
--a-- H:\Znakovi pored puta\background_old_paper_v3.jpg
--a-- H:\Znakovi pored puta\Има народних прича које су толико општечовечанске да заборавимо кад и где смо их чули или читали.doc
--a-- H:\Znakovi pored puta\klapna1.psd
d---- H:\Znakovi pored puta\jpg
--a-- H:\Znakovi pored puta\jpg\naslovna2.jpg
--a-- H:\Znakovi pored puta\jpg\rikna.jpg
--a-- H:\Znakovi pored puta\jpg\klapna1.jpg
--a-- H:\Znakovi pored puta\jpg\zadnja.jpg
--a-- H:\Znakovi pored puta\zadnjakorica.psd
--a-- H:\Znakovi pored puta\prednja.psd
dr-hs H:\skenirano
--a-- H:\skenirano\scan0011.jpg
--a-- H:\skenirano\scan0012.jpg
--a-- H:\skenirano\scan0013.jpg
--a-- H:\skenirano\scan0014.jpg
--a-- H:\skenirano\scan0015.jpg
--a-- H:\skenirano\scan0016.jpg
--a-- H:\skenirano\scan0017.jpg
--a-- H:\skenirano\scan0019.jpg
--a-- H:\skenirano\scan0020.jpg
--a-- H:\skenirano\scan0021.jpg
--a-- H:\skenirano\scan0022.jpg
--a-- H:\skenirano\scan0023.jpg
--a-- H:\skenirano\scan0024.jpg
--a-- H:\skenirano\scan0025.jpg
--a-- H:\skenirano\scan0026.jpg
--a-- H:\skenirano\scan0027.jpg
--a-- H:\skenirano\scan0028.jpg
--a-- H:\skenirano\scan0029.jpg
--a-- H:\skenirano\scan0030.jpg
--a-- H:\skenirano\scan0031.jpg
--a-- H:\skenirano\scan0032.jpg
--a-- H:\skenirano\scan0035.jpg
--a-- H:\skenirano\scan0001.tif
--a-- H:\skenirano\scan0002.tif
--a-- H:\skenirano\scan0007.jpg
--a-- H:\skenirano\scan0010.jpg
--a-- H:\paseri klinovi cajtne linije savijanja.ai
--a-- H:\oliveramiletic.psd
dr-hs H:\Ivo Andric Znakovi pored puta_ (excerpts) [Borut's Literature Collection]_files
--a-- H:\Ivo Andric Znakovi pored puta_ (excerpts) [Borut's Literature Collection]_files\ssll.css
--a-- H:\Ivo Andric Znakovi pored puta_ (excerpts) [Borut's Literature Collection].htm
--a-- H:\Znakovi pored puta.exe
--a-- H:\Ivo Andric Znakovi pored puta_ (excerpts) [Borut's Literature Collection]_files.exe
--a-- H:\knjiga1.exe
--a-- H:\engleski.exe
dr-hs H:\knjiga1
--a-- H:\knjiga1\zimskidan.jpg
--a-- H:\knjiga1\groblje1.jpg
--a-- H:\knjiga1\magla.jpg
--a-- H:\knjiga1\om 486.jpg
--a-- H:\knjiga1\uz brdo.jpg
--a-- H:\knjiga1\scan0060.jpg
--a-- H:\knjiga1\2.cdr
--a-- H:\knjiga1\3.cdr
--a-- H:\knjiga1\ivo_andric.jpg
--a-- H:\knjiga1\scan0059.jpg
--a-- H:\knjiga1\иво.jpg
--a-- H:\knjiga1\иво2.jpg
--a-- H:\knjiga1\1.cdr
--a-- H:\knjiga1\Backup_of_1.cdr
dr-hs H:\плакат
--a-- H:\плакат\476x666_004.pdf
--a-- H:\плакат\plakat2.pdf
--a-- H:\плакат.exe
--a-- H:\KNJIGA.exe
--a-- H:\CorelDraw X4 [torrent by Gert] + (zabranjeno).exe
--a-- H:\YAMB.exe
dr-hs H:\engleski
--a-- H:\engleski\Henri Cartier Bresson.ppt
--a-- H:\engleski\Henri Cartier Bresson.doc
...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Log nije kompletan.

Prikači ga uz poruku (lokacija loga je C:\USBNoRisk\USBNoRisk.txt).

offline
  • Pridružio: 14 Apr 2009
  • Poruke: 28

Evo......
mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Opet ćemo koristiti USBNoRisk. Na Script tab iskopiraj sve što se nalazi u sledećem file-u:

https://www.mycity.rs/must-login.png

Klikni Run Script.

Na kraju postupka sačuvaj log i prikači ga uz poruku.

Ko je trenutno na forumu
 

Ukupno su 734 korisnika na forumu :: 31 registrovanih, 3 sakrivenih i 700 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, A.R.Chafee.Jr., alkatraz080, Atomski čoban, BSD, celik, cikadeda, cvrle312, Dimitrise93, Djole, FOX, goxin, h8propaganda, hyla, ILGromovnik, janezek67, Marko Marković, mercedesamg, Mercury, MrNo, nenad81, Oluj2.1, ostoja, pavle_pzs, radoznao, repac, Toni, vlvl, Wisdomseeker, zodiac94, Živković