Citat:
kristi1: Preuzmi
FRST - (Farbar Recovery Scan Tool) i sacuvaj ga na
Desktop
Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
[/color]
[list][*]Dvoklikom pokreni FRST;
[*] Kada se alat startuje, klikni
Yes na disclaimer.
[*]Klikni na dugme
Scan;
[*]Alat ce kreirati izvestaj (
FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
[*] Iskopiraj sadrzaj tog loga u poruku.
[*]Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (
Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".
Na zalost (moju), ovaj program ne mogu da pokrenem u normalnom rezimu (preuzeo sam 32-bitnu verziju programa).
Pokrenuo sam ga u safe rezimu. Ako nesto znaci, evo kako izgleda sadrzaj log fajla (FRST.txt):
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by Milovan (administrator) on IVING1 on 31-12-2013 15:04:11
Running from C:\Documents and Settings\Milovan\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) ===================
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Malware Defender] - C:\Program Files\Malware Defender\MalwareDefender.exe [2436952 2012-01-10] (360.cn)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi...mp;pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.conduit.com/Resu...rchSource=4&ctid=CT2560206
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.conduit.com/Resu...rchSource=4&ctid=CT2560206
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71}
http://download.microsoft.com/...-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://windowsupdate.microsoft...t/wuweb_site.cab?1368734887046
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/mi...t/muweb_site.cab?1383217740062
DPF: {73848533-39E1-49F1-9363-28054268C094}
https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7...tall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
http://java.sun.com/products/p.../jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.7...tall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7...tall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com...ockwave/cabs/flash/swflash.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323}
https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Milovan\Application Data\Mozilla\Firefox\Profiles\7fgsg3zr.default
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.google.rs/
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\Milovan\Application Data\Mozilla\Firefox\Profiles\7fgsg3zr.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Documents and Settings\Milovan\Application Data\Mozilla\Firefox\Profiles\7fgsg3zr.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Documents and Settings\Milovan\Application Data\Mozilla\Firefox\Profiles\7fgsg3zr.default\Extensions\
[email protected]
FF Extension: Adblock Plus - C:\Documents and Settings\Milovan\Application Data\Mozilla\Firefox\Profiles\7fgsg3zr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\
Chrome:
=======
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Milovan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx
========================== Services (Whitelisted) =================
S2 gupdate1ca227b4401f542; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-21] (Google Inc.)
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [535807 2007-03-15] (Aladdin Knowledge Systems Ltd.)
S2 MalwareDefenderService; c:\program files\malware defender\mdservice.exe [90968 2012-01-10] (360.cn)
S2 MSSQL$SQLEXPRESS_2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS_2008\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll [567600 2013-10-03] (Symantec Corporation)
S4 OpcEnum; C:\WINDOWS\system32\opcenum.exe [135168 2007-04-17] (OPC Foundation)
S4 POSPerformanceCounters; C:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [42056 2008-02-29] (Microsoft Corporation)
S4 Printer Control; C:\WINDOWS\system32\PrintCtrl.exe [65536 2009-10-28] (ActMask Co.,Ltd -
HTTP://WWW.ALL2PDF.COM)
S3 SophosVirusRemovalTool; C:\Documents and Settings\Milovan\My Documents\Downloads\Sophos Virus Removal Tool\SVRTservice.exe [151848 2013-10-15] (Sophos Limited)
S4 SQLAgent$SQLEXPRESS_2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS_2008\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S4 CCFLIC0; C:\Program Files\GE Fanuc\Proficy Common\M4 Common Licensing\CCFLIC0.exe [x]
S2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [x]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S4 Proficy Driver Runtime; C:\Program Files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe [x]
S2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [x]
S2 W3SVC; %SystemRoot%\system32\inetsrv\inetinfo.exe [x]
==================== Drivers (Whitelisted) ====================
S2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [351744 2007-03-12] (Aladdin Knowledge Systems Ltd.)
S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [530861 2007-02-14] (Broadcom Corporation.)
S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30459 2007-02-14] (Broadcom Corporation.)
S3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [868298 2007-02-14] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [149123 2007-02-14] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [67960 2007-02-14] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
S1 dlhpnmlg; c:\windows\system32\drivers\dlhpnmlg.sys [258392 2012-01-10] (360.cn)
S3 EIO; C:\WINDOWS\system32\drivers\EIO.sys [8703 2003-01-29] (ASUSTeK Computer Inc.)
R0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [26872 2014-12-25] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [24209 2004-04-20] (FTDI Ltd.)
S2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [694272 2007-03-06] (Aladdin Knowledge Systems Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3636864 2008-11-17] (Intel Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-06-17] (TCT International Mobile Ltd)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S3 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [46336 2007-10-19] (SEIKO EPSON Corp.)
S3 ajugfk; \??\C:\WINDOWS\system32\051.tmp [x]
S3 catchme; \??\C:\DOCUME~1\Milovan\LOCALS~1\Temp\catchme.sys [x]
S3 elyhlr; \??\C:\WINDOWS\system32\02D.tmp [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 hxzbyrtx; \??\C:\WINDOWS\system32\0E.tmp [x]
S4 IntelIde; No ImagePath
S3 lbacps; \??\C:\WINDOWS\system32\01A.tmp [x]
S3 mbncm; \??\C:\WINDOWS\system32\0A.tmp [x]
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]
S3 tlgvmb; \??\C:\WINDOWS\system32\054.tmp [x]
S3 uituqghb; \??\C:\WINDOWS\system32\0F.tmp [x]
S3 xlbvjtv; \??\C:\WINDOWS\system32\06.tmp [x]
S3 ykndj; \??\C:\WINDOWS\system32\09.tmp [x]
==================== NetSvcs (Whitelisted) ===================
NETSVC: cjibrsitz -> No Registry Path.
NETSVC: kefwcrr -> No Registry Path.
NETSVC: emxtcu -> No Registry Path.
NETSVC: uicwczrk -> No Registry Path.
NETSVC: kcbkkxo -> No Registry Path.
NETSVC: czoxyxyal -> No Registry Path.
NETSVC: vhjqgzyy -> No Registry Path.
==================== One Month Created Files and Folders ========
2014-12-25 12:06 - 2014-12-25 13:05 - 00026872 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\FixTDSS.sys
2014-12-25 12:06 - 2014-12-25 12:06 - 00000000 ____D C:\Documents and Settings\Milovan\Application Data\FixTDSS
2014-12-25 11:55 - 2014-12-25 11:57 - 00000178 ___SH C:\Documents and Settings\NoviAdmin\ntuser.ini
2014-12-25 11:55 - 2014-12-25 11:55 - 00000695 _____ C:\Documents and Settings\NoviAdmin\Start Menu\Programs\Windows Media Player.lnk
2014-12-25 11:55 - 2014-12-25 11:55 - 00000649 _____ C:\Documents and Settings\NoviAdmin\Start Menu\Programs\Outlook Express.lnk
2014-12-25 11:55 - 2014-12-25 11:55 - 00000000 ____D C:\Documents and Settings\NoviAdmin
2014-12-25 11:55 - 2013-12-10 21:34 - 00001599 _____ C:\Documents and Settings\NoviAdmin\Start Menu\Programs\Remote Assistance.lnk
2014-12-25 11:55 - 2010-04-22 22:28 - 00000000 ____D C:\Documents and Settings\NoviAdmin\Application Data\Macromedia
2014-12-25 11:55 - 2009-08-01 03:49 - 00000000 ___RD C:\Documents and Settings\NoviAdmin\Start Menu\Programs\Accessories
2013-12-31 15:03 - 2013-12-31 15:03 - 01064333 _____ (Farbar) C:\Documents and Settings\Milovan\Desktop\FRST.exe
2013-12-31 14:59 - 2013-12-31 14:59 - 00019044 _____ C:\Documents and Settings\Milovan\Desktop\Addition.txt
2013-12-31 14:58 - 2013-12-31 15:04 - 00014315 _____ C:\Documents and Settings\Milovan\Desktop\FRST.txt
2013-12-31 14:58 - 2013-12-31 15:03 - 00000000 ____D C:\FRST
2013-12-26 20:57 - 2013-12-26 20:57 - 00395820 _____ C:\Documents and Settings\Milovan\Desktop\3rdpartyscan_26122013.txt
2013-12-26 20:17 - 2013-12-26 20:17 - 00183772 _____ C:\Documents and Settings\Milovan\Desktop\rootkitscan_26122013.txt
2013-12-26 18:45 - 2013-12-26 18:50 - 00000000 ___SD C:\ComboFix
2013-12-26 17:21 - 2013-12-26 17:21 - 02972548 _____ C:\Documents and Settings\Milovan\Desktop\26122013_3rd.txt
2013-12-26 14:42 - 2013-12-26 14:42 - 00146761 _____ C:\Documents and Settings\Milovan\Desktop\26122013_scan.txt
2013-12-26 12:03 - 2008-04-14 13:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2013-12-26 10:38 - 2013-12-26 10:38 - 01658485 _____ C:\Documents and Settings\Milovan\Desktop\2612bbb.txt
2013-12-26 01:23 - 2012-01-10 04:21 - 00258392 ____N (360.cn) C:\WINDOWS\system32\Drivers\dlhpnmlg.sys
2013-12-26 01:02 - 2013-12-26 19:49 - 00000406 _____ C:\Documents and Settings\Milovan\Desktop\catchme.log
2013-12-26 01:02 - 2013-12-26 00:31 - 00147456 _____ C:\Documents and Settings\Milovan\Desktop\98887tf44.exe
2013-12-26 01:01 - 2013-12-26 19:42 - 00000294 _____ C:\Documents and Settings\Milovan\Desktop\mbr.log
2013-12-26 01:01 - 2013-12-26 00:17 - 00089088 _____ C:\Documents and Settings\Milovan\Desktop\0123rrrd.exe
2013-12-26 00:59 - 2013-12-26 00:59 - 00156959 _____ C:\Documents and Settings\Milovan\Desktop\2512AAA.txt
2013-12-26 00:02 - 2013-12-26 00:02 - 00000000 _____ C:\Documents and Settings\Milovan\Desktop\52fokxzl.reg
2013-12-25 23:45 - 2013-12-25 23:16 - 00377856 _____ C:\Documents and Settings\Milovan\Desktop\52fokxzl.exe
2013-12-25 23:15 - 2013-12-25 23:16 - 00040170 _____ C:\Documents and Settings\Milovan\My Documents\aswMBR.txt
2013-12-25 23:15 - 2013-12-25 23:16 - 00000512 _____ C:\Documents and Settings\Milovan\My Documents\MBR.dat
2013-12-25 19:49 - 2013-12-25 19:48 - 130469680 _____ C:\Documents and Settings\Milovan\Desktop\setup_11.0.1.1245.x01_2013_12_25_21_35.exe
2013-12-25 11:26 - 2013-12-25 11:26 - 00000000 ____D C:\Documents and Settings\Milovan\Start Menu\Programs\WinRAR
2013-12-25 11:26 - 2013-12-25 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2013-12-25 09:01 - 2013-12-26 01:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2013-12-25 09:01 - 2013-12-25 09:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
2013-12-25 09:01 - 2013-12-25 09:01 - 00000000 ____D C:\WINDOWS\system32\Drivers\NST
2013-12-25 09:01 - 2013-12-25 09:01 - 00000000 ____D C:\Program Files\Norton Identity Safe
2013-12-25 08:45 - 2013-12-18 23:27 - 02799296 _____ (Sysinternals -
www.sysinternals.com) C:\Documents and Settings\Milovan\Desktop\notepad.exe
2013-12-18 23:38 - 2013-12-18 23:27 - 02799296 _____ (Sysinternals -
www.sysinternals.com) C:\Documents and Settings\Milovan\Desktop\procexp.exe
2013-12-18 17:53 - 2013-12-26 18:48 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VOLSNAP.SYS
2013-12-18 15:56 - 2013-12-18 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SecTaskMan
2013-12-18 15:33 - 2013-12-18 15:33 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-18 15:33 - 2013-12-18 15:33 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-16 21:06 - 2013-12-16 21:06 - 00000825 _____ C:\Documents and Settings\Milovan\Desktop\dolphins.txt
2013-12-16 17:18 - 2013-12-16 17:18 - 00309320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\TrufosAlt.sys
2013-12-16 01:17 - 2013-12-16 01:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-12-14 23:27 - 2008-04-14 13:00 - 00052352 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\volsnap.sys
2013-12-11 10:31 - 2013-12-11 10:31 - 00000428 _____ C:\Documents and Settings\Milovan\Desktop\Router Settings.txt
2013-12-10 21:27 - 2013-12-10 22:47 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-10 21:26 - 2013-12-10 21:26 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-09 23:30 - 2013-12-10 19:27 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-09 23:07 - 2013-12-12 11:20 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-09 23:07 - 2013-12-09 23:07 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-09 23:07 - 2013-12-09 23:07 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-09 23:07 - 2013-12-09 23:07 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-09 23:07 - 2013-12-09 23:07 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-09 21:29 - 2013-12-31 14:56 - 00000000 ____D C:\Program Files\Malware Defender
2013-12-09 21:29 - 2013-12-09 21:29 - 00001669 _____ C:\Documents and Settings\All Users\Desktop\Malware Defender.lnk
2013-12-09 21:29 - 2013-12-09 21:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malware Defender
2013-12-07 21:21 - 2013-12-07 21:21 - 00000000 _RSHD C:\cmdcons
2013-12-07 21:21 - 2013-11-30 22:28 - 00000211 _____ C:\Boot.bak
2013-12-07 21:21 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-12-07 21:19 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-07 21:19 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-07 21:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-07 21:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-07 21:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-07 21:19 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-07 21:19 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-07 21:19 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-07 21:19 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-07 21:18 - 2013-12-18 19:23 - 00000000 ____D C:\Qoobox
2013-12-07 21:18 - 2013-12-18 18:47 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-07 20:37 - 2013-12-07 20:37 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-07 20:37 - 2013-12-07 20:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-07 20:37 - 2013-12-07 20:37 - 00000000 ____D C:\Documents and Settings\Milovan\Application Data\Malwarebytes
2013-12-07 20:37 - 2013-12-07 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-07 20:37 - 2013-12-07 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-07 20:37 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-07 20:36 - 2013-12-07 20:36 - 00000000 ____D C:\WINDOWS\PIF
2013-12-06 01:36 - 2013-12-06 01:36 - 00000016 _____ C:\Documents and Settings\Milovan\My Documents\IdeaSuperKartica.txt
2013-12-04 22:13 - 2013-12-04 22:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini120413-01.dmp
2013-12-04 15:59 - 2013-12-18 18:10 - 00000000 ____D C:\Documents and Settings\Milovan\Application Data\AVAST Software
2013-12-02 16:49 - 2013-10-03 19:38 - 00608256 _____ C:\Documents and Settings\Milovan\My Documents\GeografijaAleksandra.ppt
==================== One Month Modified Files and Folders =======
2014-12-25 13:05 - 2014-12-25 12:06 - 00026872 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\FixTDSS.sys
2014-12-25 12:08 - 2013-02-19 17:43 - 00000178 ___SH C:\Documents and Settings\alibra\ntuser.ini
2014-12-25 12:08 - 2013-02-19 17:43 - 00000000 ____D C:\Documents and Settings\alibra
2014-12-25 12:06 - 2014-12-25 12:06 - 00000000 ____D C:\Documents and Settings\Milovan\Application Data\FixTDSS
2014-12-25 11:57 - 2014-12-25 11:55 - 00000178 ___SH C:\Documents and Settings\NoviAdmin\ntuser.ini
2014-12-25 11:55 - 2014-12-25 11:55 - 00000695 _____ C:\Documents and Settings\NoviAdmin\Start Menu\Programs\Windows Media Player.lnk
2014-12-25 11:55 - 2014-12-25 11:55 - 00000649 _____ C:\Documents and Settings\NoviAdmin\Start Menu\Programs\Outlook Express.lnk
2014-12-25 11:55 - 2014-12-25 11:55 - 00000000 ____D C:\Documents and Settings\NoviAdmin
2014-12-25 11:55 - 2009-08-01 03:46 - 00028544 _____ C:\WINDOWS\wmsetup.log
2013-12-31 15:04 - 2013-12-31 14:58 - 00014315 _____ C:\Documents and Settings\Milovan\Desktop\FRST.txt
2013-12-31 15:03 - 2013-12-31 15:03 - 01064333 _____ (Farbar) C:\Documents and Settings\Milovan\Desktop\FRST.exe
2013-12-31 15:03 - 2013-12-31 14:58 - 00000000 ____D C:\FRST
2013-12-31 15:01 - 2009-07-31 15:53 - 00859072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-31 14:59 - 2013-12-31 14:59 - 00019044 _____ C:\Documents and Settings\Milovan\Desktop\Addition.txt
2013-12-31 14:56 - 2013-12-09 21:29 - 00000000 ____D C:\Program Files\Malware Defender
2013-12-31 14:56 - 2009-08-01 03:55 - 00000278 ___SH C:\Documents and Settings\Milovan\ntuser.ini
2013-12-31 14:56 - 2009-08-01 03:52 - 00032542 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-31 14:56 - 2009-08-01 03:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-31 14:56 - 2009-08-01 03:48 - 01611568 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-31 14:56 - 2009-07-31 15:55 - 00000216 _____ C:\WINDOWS\wiadebug.log
2013-12-31 14:56 - 2009-07-31 15:55 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-31 14:50 - 2013-11-17 18:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-31 14:28 - 2009-08-21 17:35 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-31 11:19 - 2009-08-21 17:35 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 12:24 - 2009-07-31 15:52 - 00941456 _____ C:\WINDOWS\setupapi.log
2013-12-26 20:57 - 2013-12-26 20:57 - 00395820 _____ C:\Documents and Settings\Milovan\Desktop\3rdpartyscan_26122013.txt
2013-12-26 20:17 - 2013-12-26 20:17 - 00183772 _____ C:\Documents and Settings\Milovan\Desktop\rootkitscan_26122013.txt
2013-12-26 19:49 - 2013-12-26 01:02 - 00000406 _____ C:\Documents and Settings\Milovan\Desktop\catchme.log
2013-12-26 19:42 - 2013-12-26 01:01 - 00000294 _____ C:\Documents and Settings\Milovan\Desktop\mbr.log
2013-12-26 18:50 - 2013-12-26 18:45 - 00000000 ___SD C:\ComboFix
2013-12-26 18:48 - 2013-12-18 17:53 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VOLSNAP.SYS
2013-12-26 17:21 - 2013-12-26 17:21 - 02972548 _____ C:\Documents and Settings\Milovan\Desktop\26122013_3rd.txt
2013-12-26 14:42 - 2013-12-26 14:42 - 00146761 _____ C:\Documents and Settings\Milovan\Desktop\26122013_scan.txt
2013-12-26 14:25 - 2009-08-26 18:40 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-26 11:17 - 2009-08-01 03:52 - 00000178 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2013-12-26 11:16 - 2009-08-01 03:52 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2013-12-26 10:56 - 2009-07-31 15:46 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2013-12-26 10:38 - 2013-12-26 10:38 - 01658485 _____ C:\Documents and Settings\Milovan\Desktop\2612bbb.txt
2013-12-26 01:24 - 2013-12-25 09:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2013-12-26 00:59 - 2013-12-26 00:59 - 00156959 _____ C:\Documents and Settings\Milovan\Desktop\2512AAA.txt
2013-12-26 00:31 - 2013-12-26 01:02 - 00147456 _____ C:\Documents and Settings\Milovan\Desktop\98887tf44.exe
2013-12-26 00:17 - 2013-12-26 01:01 - 00089088 _____ C:\Documents and Settings\Milovan\Desktop\0123rrrd.exe
2013-12-26 00:02 - 2013-12-26 00:02 - 00000000 _____ C:\Documents and Settings\Milovan\Desktop\52fokxzl.reg
2013-12-25 23:16 - 2013-12-25 23:45 - 00377856 _____ C:\Documents and Settings\Milovan\Desktop\52fokxzl.exe
2013-12-25 23:16 - 2013-12-25 23:15 - 00040170 _____ C:\Documents and Settings\Milovan\My Documents\aswMBR.txt
2013-12-25 23:16 - 2013-12-25 23:15 - 00000512 _____ C:\Documents and Settings\Milovan\My Documents\MBR.dat
2013-12-25 19:48 - 2013-12-25 19:49 - 130469680 _____ C:\Documents and Settings\Milovan\Desktop\setup_11.0.1.1245.x01_2013_12_25_21_35.exe
2013-12-25 19:44 - 2008-04-14 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-25 11:26 - 2013-12-25 11:26 - 00000000 ____D C:\Documents and Settings\Milovan\Start Menu\Programs\WinRAR
2013-12-25 11:26 - 2013-12-25 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2013-12-25 11:26 - 2009-10-07 12:18 - 00000000 ____D C:\Program Files\WinRAR
2013-12-25 09:02 - 2013-12-25 09:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
2013-12-25 09:01 - 2013-12-25 09:01 - 00000000 ____D C:\WINDOWS\system32\Drivers\NST
2013-12-25 09:01 - 2013-12-25 09:01 - 00000000 ____D C:\Program Files\Norton Identity Safe
2013-12-18 23:27 - 2013-12-25 08:45 - 02799296 _____ (Sysinternals -
www.sysinternals.com) C:\Documents and Settings\Milovan\Desktop\notepad.exe
2013-12-18 23:27 - 2013-12-18 23:38 - 02799296 _____ (Sysinternals -
www.sysinternals.com) C:\Documents and Settings\Milovan\Desktop\procexp.exe
2013-12-18 19:23 - 2013-12-07 21:18 - 00000000 ____D C:\Qoobox
2013-12-18 18:58 - 2009-08-01 03:52 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-18 18:57 - 2009-08-01 03:52 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-18 18:47 - 2013-12-07 21:18 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-18 18:47 - 2008-04-14 13:00 - 00000263 _____ C:\WINDOWS\system.ini
2013-12-18 18:10 - 2013-12-04 15:59 - 00000000 ____D C:\Documents and Settings\Milovan\Application Data\AVAST Software
2013-12-18 18:10 - 2012-11-25 10:41 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-18 18:10 - 2012-11-25 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-18 18:10 - 2009-08-01 03:49 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT
2013-12-18 17:04 - 2013-12-18 15:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SecTaskMan
2013-12-18 17:04 - 2009-07-31 15:51 - 00000327 __RSH C:\boot.ini
2013-12-18 17:04 - 2008-04-14 13:00 - 00000668 _____ C:\WINDOWS\win.ini
2013-12-18 16:21 - 2009-08-18 21:41 - 00000000 ____D C:\Documents and Settings\Milovan\Local Settings\Application Data\Adobe
2013-12-18 15:33 - 2013-12-18 15:33 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-18 15:33 - 2013-12-18 15:33 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-18 08:05 - 2013-03-29 16:14 - 00000000 ____D C:\WINDOWS\pss
2013-12-18 01:39 - 2011-12-24 21:51 - 00000000 ____D C:\Documents and Settings\Milovan\My Documents\Visual Studio 2010
2013-12-18 01:39 - 2010-12-01 17:36 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-18 01:36 - 2013-11-03 12:50 - 00002483 _____ C:\Documents and Settings\Milovan\Desktop\Microsoft Office PowerPoint 2003.lnk
2013-12-18 01:13 - 2009-08-18 21:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-12-16 21:06 - 2013-12-16 21:06 - 00000825 _____ C:\Documents and Settings\Milovan\Desktop\dolphins.txt
2013-12-16 17:18 - 2013-12-16 17:18 - 00309320 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\TrufosAlt.sys
2013-12-16 01:17 - 2013-12-16 01:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-12-12 21:26 - 2009-09-03 18:19 - 00000000 ____D C:\Documents and Settings\Milovan\My Documents\The KMPlayer
2013-12-12 11:21 - 2009-07-31 15:52 - 00098304 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-12-12 11:21 - 2009-07-31 15:52 - 00040960 _____ C:\WINDOWS\system32\config\SAM.bak
2013-12-12 11:21 - 2009-07-31 15:51 - 75673600 _____ C:\WINDOWS\system32\config\software.bak
2013-12-12 11:21 - 2009-07-31 15:51 - 05505024 _____ C:\WINDOWS\system32\config\system.bak
2013-12-12 11:21 - 2009-07-31 15:51 - 04177920 _____ C:\WINDOWS\system32\config\default.bak
2013-12-12 11:20 - 2013-12-09 23:07 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-11 10:31 - 2013-12-11 10:31 - 00000428 _____ C:\Documents and Settings\Milovan\Desktop\Router Settings.txt
2013-12-10 22:47 - 2013-12-10 21:27 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-12-10 21:38 - 2009-08-01 03:55 - 00001599 _____ C:\Documents and Settings\Milovan\Start Menu\Programs\Remote Assistance.lnk
2013-12-10 21:34 - 2014-12-25 11:55 - 00001599 _____ C:\Documents and Settings\NoviAdmin\Start Menu\Programs\Remote Assistance.lnk
2013-12-10 21:34 - 2013-02-19 17:43 - 00001599 _____ C:\Documents and Settings\alibra\Start Menu\Programs\Remote Assistance.lnk
2013-12-10 21:34 - 2009-08-01 03:49 - 00001607 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2013-12-10 21:34 - 2009-08-01 03:49 - 00001599 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2013-12-10 21:34 - 2009-08-01 03:49 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2013-12-10 21:26 - 2013-12-10 21:26 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-10 19:58 - 2009-08-01 03:46 - 00000000 ____D C:\WINDOWS\Registration
2013-12-10 19:27 - 2013-12-09 23:30 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-10 19:26 - 2009-08-01 03:47 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-10 01:11 - 2009-08-01 03:47 - 00000000 ____D C:\WINDOWS\srchasst
2013-12-10 00:20 - 2009-07-31 15:46 - 00000000 ____D C:\WINDOWS\msagent
2013-12-09 23:07 - 2013-12-09 23:07 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-09 23:07 - 2013-12-09 23:07 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-09 23:07 - 2013-12-09 23:07 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-09 23:07 - 2013-12-09 23:07 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-09 21:29 - 2013-12-09 21:29 - 00001669 _____ C:\Documents and Settings\All Users\Desktop\Malware Defender.lnk
2013-12-09 21:29 - 2013-12-09 21:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malware Defender
2013-12-09 18:56 - 2009-08-21 17:15 - 00000000 ____D C:\Program Files\Google
2013-12-09 18:55 - 2012-09-12 12:27 - 00000000 ____D C:\Documents and Settings\Milovan\Application Data\Dropbox
2013-12-09 01:26 - 2009-07-31 15:53 - 00312254 _____ C:\WINDOWS\iis6.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00058449 _____ C:\WINDOWS\ocgen.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00058305 _____ C:\WINDOWS\FaxSetup.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00038820 _____ C:\WINDOWS\tsoc.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00036132 _____ C:\WINDOWS\msmqinst.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00033059 _____ C:\WINDOWS\comsetup.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00020606 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00011444 _____ C:\WINDOWS\netfxocm.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00005601 _____ C:\WINDOWS\MedCtrOC.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00004819 _____ C:\WINDOWS\imsins.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00004023 _____ C:\WINDOWS\ocmsn.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00003861 _____ C:\WINDOWS\msgsocm.log
2013-12-09 01:26 - 2009-07-31 15:53 - 00003118 _____ C:\WINDOWS\tabletoc.log
2013-12-07 21:28 - 2009-08-01 03:55 - 00000000 ____D C:\Documents and Settings\Milovan
2013-12-07 21:21 - 2013-12-07 21:21 - 00000000 _RSHD C:\cmdcons
2013-12-07 20:55 - 2009-08-04 07:37 - 00000000 ____D C:\WINDOWS\SHELLNEW
2013-12-07 20:37 - 2013-12-07 20:37 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-07 20:37 - 2013-12-07 20:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-07 20:37 - 2013-12-07 20:37 - 00000000 ____D C:\Documents and Settings\Milovan\Application Data\Malwarebytes
2013-12-07 20:37 - 2013-12-07 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-07 20:37 - 2013-12-07 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-07 20:36 - 2013-12-07 20:36 - 00000000 ____D C:\WINDOWS\PIF
2013-12-06 15:11 - 2012-03-19 01:20 - 02696896 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-308236825-1177238915-1003-0.dat
2013-12-06 15:11 - 2011-12-24 22:23 - 00198586 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-12-06 01:36 - 2013-12-06 01:36 - 00000016 _____ C:\Documents and Settings\Milovan\My Documents\IdeaSuperKartica.txt
2013-12-05 21:58 - 2010-10-31 19:10 - 00000000 ____D C:\Program Files\Cuvari Prirode
2013-12-04 22:13 - 2013-12-04 22:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini120413-01.dmp
2013-12-04 22:13 - 2010-12-22 23:54 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-04 15:30 - 2012-04-15 18:04 - 00000000 ____D C:\Documents and Settings\Milovan\Application Data\Skype
2013-12-02 17:14 - 2012-09-12 12:02 - 00000000 ____D C:\Documents and Settings\Milovan\My Documents\Preuzimanja
2013-12-01 00:16 - 2009-08-02 22:12 - 00004328 _____ C:\WINDOWS\COM+.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Kreiran je (u safe rezimu) i fajl:Addition.txt, ali ja ne znam kako da 'attacujem' fajl u poruci (ne vidim nikakvu opciju 'prikaci file').
Da li mozes da protumacis sadrzaj ovog log-a (napominjem da je program izvrsen u safe rezimu, jer u normalnom rezimu ne mogu da ga pokrenem -> ocigledno ga rootkit blokira, cak i kada mu promijenim ime) ?
Ako nije mnogo, pitao bih i sledece: vidim da svi (ili skoro svi) anti rootkit alati rade tako sto kreiraju log fajlove -> pitanje glasi: kako ja da interpretiram sadrzaj log fajlova?