MyCity » Ambulanta -> Arhiva Ambulante » Trojan.KillAV and Backdoor.SDbotXD

Trojan.KillAV and Backdoor.SDbotXD

Napisano na dan: 20.8.2011

Trojan.KillAV and Backdoor.SDbotXD
Sledeća strana Pagination

Idi na vrh

Poslao: 20 Avg 2011 18:27
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Kako rucno obrisati gore navedene viruse. Bilo koji Antivirusni software da installiram blokira se sa porukom Enhanced Protection Mode.

Poslao: 20 Avg 2011 18:40
Idi na vrh
offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Pozdrav Tom-Tom

Zamolio bih te da procitas uputsva za otvaranje teme u Ambulanti
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html
i zatim da mi postavis odgovarajuce logove.

NIx Car (AMF Tim)

Poslao: 20 Avg 2011 19:30
Idi na vrh
offline
  • Tomislav Varagic
  • Pridružio: 06 Maj 2008
  • Poruke: 124
  • Gde živiš: Pirot

Napisano: 20 Avg 2011 18:46

Nisam se pridrzavao upustva evo opsiran opis problema

1. Ne mogu pokrenuti nijedan Antivirusni software dobijam poruku nalik ove na slici mycity.rs/must-login.png koristim NOD32 Antivirus.

2. Do problema je doslo kada je moj prijatelj dobio link na FaceBook chat-u ka nekom klipu koji je trazio da instalira flash player (A Flash je vec bio instaliran) znaci instaliran je virus

3. Zastitni software ne mogu da pokrenem

4. Trazio sam po google-u i video da je u piranju Trojan.KillAV i za proces cicsenja treba instalirati neki spyware doctor za koji verujem da je i sam malware aplikacija.

5. Trenutno na poslu posedujem ADSL 1.5 Mbps a kod kuce SBB konekciju 6Mbps

6. Verujem da je samo reinstalacija sistema moduce resenje Spyware Doctor mi je prikazao oko 300 infekcija i trazi licencu (kreditnu karticu)....... da bi resio problem

Dopuna: 20 Avg 2011 18:47

Sto se tice OTL loga cekam vec dvadeset minuta skeniranje moj sistem je Windows 7x64

Dopuna: 20 Avg 2011 18:54

Killovao sam vec neke procese i upravo mi je pukao OTL sad cu probati da posle restarta pokrenem opet aplikaciju

Dopuna: 20 Avg 2011 19:03

Takodje sam obrisao ova dva file-a iz windows direktorijuma
1rezerv.exe
sysdriver32.exe

takodje i registry unose za startup na sledecoj putanji

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

Dopuna: 20 Avg 2011 19:07

Evo otl loga
mycity.rs/must-login.png


OTL logfile created on: 20-Aug-11 18:57:08 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Toma\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1.87 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 53.72% Memory free
3.74 Gb Paging File | 2.80 Gb Available in Paging File | 74.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40.00 Gb Total Space | 3.47 Gb Free Space | 8.68% Space Free | Partition Type: NTFS
Drive D: | 71.69 Gb Total Space | 59.48 Gb Free Space | 82.97% Space Free | Partition Type: NTFS

Computer Name: TOMA | User Name: Toma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-20 18:36:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Toma\Desktop\OTL.exe
PRC - [2011-08-20 12:37:10 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011-08-20 12:37:10 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011-08-20 12:37:10 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011-08-20 12:37:10 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011-08-20 12:36:16 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011-08-20 12:36:16 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011-08-20 12:36:16 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011-08-20 12:36:16 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011-08-20 09:50:08 | 000,382,464 | ---- | M] () -- C:\Windows\update.7.1\svchostdriver.exe
PRC - [2011-08-20 09:31:43 | 001,182,208 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
PRC - [2011-08-20 09:31:43 | 001,182,208 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
PRC - [2009-01-26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2004-02-17 09:00:40 | 000,028,672 | ---- | M] (A.E.T. Europe B.V.) -- C:\Windows\SysWOW64\SafeSignCertReg.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-08-20 09:50:08 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\Windows\update.7.1\svchostdriver.exe -- (ddservice)
SRV - [2011-04-06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011-02-18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-06-03 16:02:02 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011-06-03 16:01:22 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011-06-03 16:00:22 | 000,202,064 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011-05-11 09:55:10 | 000,282,440 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-10 09:08:22 | 000,279,344 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-08-25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010-07-16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010-06-29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010-06-23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-04-12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010-01-05 20:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009-12-31 12:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009-09-23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009-09-23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009-09-23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009-09-21 19:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009-06-10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-08-14 11:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008-05-06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007-11-09 06:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007-08-17 09:15:22 | 001,061,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 8E 24 C4 EB 4D CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.2

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-08-17 16:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011-08-08 13:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011-03-17 21:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toma\AppData\Roaming\Mozilla\Extensions
[2011-03-17 21:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toma\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-08-07 18:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\d4qf211s.default\extensions
[2011-05-14 20:40:38 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\d4qf211s.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011-05-21 19:11:06 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Toma\AppData\Roaming\Mozilla\Firefox\Profiles\d4qf211s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011-06-27 05:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\TOMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4QF211S.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\TOMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4QF211S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TOMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4QF211S.DEFAULT\EXTENSIONS\SEOSTATUS@RUBYWEB.XPI
[2011-08-17 16:37:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-05-02 13:14:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007-08-07 10:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2011-08-20 18:57:05 | 000,202,984 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 127.0.0.1 tl-ph.facebook.com
O1 - Hosts: 127.0.0.1 fo-fo.facebook.com
O1 - Hosts: 127.0.0.1 fr-fr.facebook.com
O1 - Hosts: 127.0.0.1 fy-nl.facebook.com
O1 - Hosts: 127.0.0.1 ga-ie.facebook.com
O1 - Hosts: 127.0.0.1 gl-es.facebook.com
O1 - Hosts: 127.0.0.1 ko-kr.facebook.com
O1 - Hosts: 50053 more lines...
O4:64bit: - HKLM..\Run: [egui] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [CertificateRegistration] C:\Windows\SysWow64\SafeSignCertReg.exe (A.E.T. Europe B.V.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Toma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Toma\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bankmeridian.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: creditagricole.rs ([secure] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-20 18:36:36 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Toma\Desktop\OTL.exe
[2011-08-20 17:54:09 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011-08-20 17:54:09 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011-08-20 17:54:08 | 000,334,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011-08-20 17:54:08 | 000,140,800 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011-08-20 17:54:02 | 000,282,440 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011-08-20 17:54:00 | 000,279,344 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2011-08-20 17:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011-08-20 17:53:58 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011-08-20 17:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011-08-20 17:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011-08-20 17:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011-08-20 17:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011-08-20 17:38:55 | 000,000,000 | -H-D | C] -- C:\Windows\update.3
[2011-08-20 15:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-08-20 15:35:27 | 000,000,000 | ---D | C] -- C:\Users\Toma\AppData\Local\Microsoft Games
[2011-08-20 12:48:04 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011-08-20 12:48:04 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011-08-20 12:48:04 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011-08-20 12:37:11 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011-08-20 12:36:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011-08-20 09:50:10 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
[2011-08-20 09:48:29 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011-08-20 09:47:01 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011-08-20 09:46:59 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
[2011-08-20 09:46:59 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
[2011-08-17 16:38:22 | 003,089,056 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Toma\Desktop\install_flash_player.exe
[2011-08-10 20:01:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011-08-10 13:32:20 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011-08-10 13:32:17 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011-08-10 13:32:17 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011-08-10 13:32:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011-08-10 13:32:17 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011-08-10 13:32:17 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011-08-10 13:32:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011-08-10 13:32:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011-08-10 13:32:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011-08-10 13:32:16 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011-08-10 13:32:00 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011-08-10 13:32:00 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011-08-10 13:32:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011-08-10 13:32:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011-08-10 13:32:00 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011-08-10 13:31:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011-08-10 13:31:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011-08-10 13:31:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011-08-10 13:31:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011-08-10 13:31:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011-08-10 13:31:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011-08-10 13:31:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011-08-10 13:31:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011-08-10 13:31:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011-08-10 13:31:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011-08-10 13:31:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011-08-10 13:31:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011-08-10 13:31:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011-08-10 13:31:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011-08-10 13:31:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011-08-10 13:31:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011-08-10 13:31:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011-08-10 13:31:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011-08-10 13:31:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011-08-10 13:31:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011-08-10 13:31:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011-08-10 13:31:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011-08-10 13:31:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011-08-10 13:31:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011-08-10 13:31:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011-08-10 13:31:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011-08-10 13:31:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011-08-10 13:31:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011-08-10 13:31:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011-08-10 13:31:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011-08-10 13:31:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011-08-10 13:31:22 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011-08-10 13:31:20 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011-08-10 13:31:19 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011-08-10 13:31:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011-08-10 13:31:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011-08-10 13:31:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011-08-10 13:31:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011-08-10 13:30:13 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011-08-10 13:30:10 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011-08-10 13:29:59 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011-08-07 18:35:16 | 000,000,000 | ---D | C] -- C:\Users\Toma\Desktop\RT_Refraction_v1.5.6
[2011-08-05 18:39:11 | 000,000,000 | ---D | C] -- C:\Users\Toma\Desktop\New folder
[2011-08-04 15:45:01 | 000,000,000 | ---D | C] -- C:\Users\Toma\Desktop\OglasiAL
[4 C:\Users\Toma\AppData\Local\*.tmp files -> C:\Users\Toma\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-08-20 19:00:30 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-20 19:00:30 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-20 18:57:05 | 000,202,984 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011-08-20 18:57:05 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hîsts
[2011-08-20 18:56:44 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011-08-20 18:56:43 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-20 18:56:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-20 18:56:17 | 1506,803,712 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-20 18:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-20 18:38:28 | 000,059,557 | ---- | M] () -- C:\Users\Toma\Desktop\eset-nod32-antivirus-enhanced-protection-mode-virus.png
[2011-08-20 18:36:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Toma\Desktop\OTL.exe
[2011-08-20 17:55:04 | 001,687,268 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011-08-20 17:54:00 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011-08-20 17:44:29 | 000,512,992 | ---- | M] () -- C:\Users\Toma\Desktop\PCTools_Safe_Install.exe
[2011-08-20 17:42:37 | 000,106,496 | ---- | M] () -- C:\Users\Toma\Desktop\nuke-M.exe
[2011-08-20 17:39:55 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011-08-20 17:39:55 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011-08-20 17:39:55 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011-08-20 17:39:55 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011-08-20 17:38:55 | 000,000,200 | ---- | M] () -- C:\Windows\info1
[2011-08-20 17:37:59 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\googleupdatesetup.exe
[2011-08-20 17:11:50 | 053,089,792 | ---- | M] () -- C:\Users\Toma\Desktop\eav_nt64_enu.msi
[2011-08-20 15:47:24 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-08-20 15:47:24 | 000,002,239 | ---- | M] () -- C:\Users\Toma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-08-20 12:36:57 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011-08-20 12:36:39 | 000,202,936 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110820-165314.backup
[2011-08-20 09:49:37 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011-08-20 09:31:43 | 001,182,208 | ---- | M] () -- C:\Windows\services32.exe
[2011-08-19 11:05:30 | 000,000,131 | ---- | M] () -- C:\Windows\ODBC.INI
[2011-08-18 17:39:57 | 000,051,078 | ---- | M] () -- C:\Users\Toma\AppData\Roaming\room_v3.dat
[2011-08-17 16:38:25 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Toma\Desktop\install_flash_player.exe
[2011-08-17 16:37:35 | 000,002,048 | ---- | M] () -- C:\Users\Toma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-08-15 18:16:35 | 000,232,591 | ---- | M] () -- C:\Users\Toma\Desktop\CCNow Dietary Supplement Best Practices.A.pdf
[2011-08-11 20:34:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011-08-10 20:04:08 | 000,742,588 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-08-10 20:04:08 | 000,625,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-08-10 20:04:08 | 000,107,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-08-04 23:49:01 | 004,907,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-08-04 20:05:10 | 000,000,132 | ---- | M] () -- C:\Users\Toma\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011-08-04 16:00:10 | 026,078,117 | ---- | M] () -- C:\Users\Toma\Desktop\RT-Mercado-Joomla.zip
[2011-07-29 11:23:36 | 000,900,915 | R--- | M] () -- C:\Users\Toma\Desktop\SpiderFX_Results_Jul 28, 2011 2_23_05 PM.pdf
[2011-07-28 18:15:37 | 000,024,589 | ---- | M] () -- C:\Users\Toma\Desktop\Altsberglotion.png
[2011-07-28 18:15:37 | 000,001,456 | ---- | M] () -- C:\Users\Toma\AppData\Local\Adobe Save for Web 12.0 Prefs
[4 C:\Users\Toma\AppData\Local\*.tmp files -> C:\Users\Toma\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-08-20 18:38:26 | 000,059,557 | ---- | C] () -- C:\Users\Toma\Desktop\eset-nod32-antivirus-enhanced-protection-mode-virus.png
[2011-08-20 17:54:11 | 001,687,268 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011-08-20 17:54:00 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011-08-20 17:44:09 | 000,512,992 | ---- | C] () -- C:\Users\Toma\Desktop\PCTools_Safe_Install.exe
[2011-08-20 17:42:23 | 000,106,496 | ---- | C] () -- C:\Users\Toma\Desktop\nuke-M.exe
[2011-08-20 17:39:55 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011-08-20 17:26:14 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\googleupdatesetup.exe
[2011-08-20 17:05:52 | 053,089,792 | ---- | C] () -- C:\Users\Toma\Desktop\eav_nt64_enu.msi
[2011-08-20 15:44:43 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-08-20 15:44:43 | 000,002,239 | ---- | C] () -- C:\Users\Toma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-08-20 12:48:03 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011-08-20 12:48:03 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011-08-20 12:36:58 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011-08-20 12:36:57 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011-08-20 12:36:57 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011-08-20 09:50:10 | 000,000,200 | ---- | C] () -- C:\Windows\info1
[2011-08-20 09:49:31 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011-08-20 09:35:26 | 001,182,208 | ---- | C] () -- C:\Windows\services32.exe
[2011-08-15 18:16:25 | 000,232,591 | ---- | C] () -- C:\Users\Toma\Desktop\CCNow Dietary Supplement Best Practices.A.pdf
[2011-08-04 19:04:11 | 000,000,132 | ---- | C] () -- C:\Users\Toma\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011-08-04 15:55:21 | 026,078,117 | ---- | C] () -- C:\Users\Toma\Desktop\RT-Mercado-Joomla.zip
[2011-07-29 11:23:37 | 000,900,915 | R--- | C] () -- C:\Users\Toma\Desktop\SpiderFX_Results_Jul 28, 2011 2_23_05 PM.pdf
[2011-07-28 18:15:37 | 000,024,589 | ---- | C] () -- C:\Users\Toma\Desktop\Altsberglotion.png
[2011-07-13 22:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Toma\AppData\Local\{6E8B5A38-7453-4228-BAF7-1E0DBD9FC615}
[2011-07-02 10:59:10 | 000,000,000 | ---- | C] () -- C:\Users\Toma\AppData\Local\{9977C3F6-A044-4A53-95CE-AB33BCE679F4}
[2011-07-02 10:57:15 | 000,000,000 | ---- | C] () -- C:\Users\Toma\AppData\Local\{2C3F392F-8DEC-4513-9C63-9E5E59F10954}
[2011-07-01 20:29:19 | 000,051,078 | ---- | C] () -- C:\Users\Toma\AppData\Roaming\room_v3.dat
[2011-06-06 16:36:13 | 000,000,000 | ---- | C] () -- C:\Users\Toma\AppData\Local\{88AC5CE5-C80D-4F8C-806A-0D96174543E7}
[2011-05-20 19:16:42 | 000,046,742 | ---- | C] () -- C:\Users\Toma\AppData\Roaming\room.dat
[2011-05-08 19:55:12 | 000,001,456 | ---- | C] () -- C:\Users\Toma\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011-04-26 21:04:30 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011-04-26 21:03:04 | 000,007,680 | ---- | C] () -- C:\Users\Toma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-09 19:13:07 | 000,000,024 | ---- | C] () -- C:\Users\Toma\AppData\Roaming\IBConnections.ini
[2011-03-18 21:54:42 | 000,134,122 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2011-03-17 21:45:21 | 000,000,131 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-03-17 17:26:20 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011-03-17 16:54:51 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011-03-17 16:47:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-01-04 17:52:46 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\epdf0407.dll
[2011-01-04 17:41:52 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\epdf0406.dll
[2010-09-27 22:10:26 | 000,300,032 | R--- | C] () -- C:\Windows\SysWow64\multpkcs11.dll
[2010-08-25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010-08-25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010-08-25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010-08-25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010-08-25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Dopuna: 20 Avg 2011 19:30

Da dodam da je ne moguce pokrenuti racunar u safe mode. Prilikom pokretanja u safe mode-u automatski se restarturje.

Poslao: 21 Avg 2011 21:01
Idi na vrh
offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:

 
:OTL
PRC - [2011-08-20 12:37:10 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011-08-20 12:37:10 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011-08-20 12:37:10 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011-08-20 12:37:10 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011-08-20 12:36:16 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011-08-20 12:36:16 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011-08-20 12:36:16 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011-08-20 12:36:16 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011-08-20 09:50:08 | 000,382,464 | ---- | M] () -- C:\Windows\update.7.1\svchostdriver.exe
PRC - [2011-08-20 09:31:43 | 001,182,208 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
PRC - [2011-08-20 09:31:43 | 001,182,208 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
SRV - [2011-08-20 09:50:08 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\Windows\update.7.1\svchostdriver.exe -- (ddservice)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
[2011-08-20 12:36:57 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011-08-20 12:36:39 | 000,202,936 | -H-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110820-165314.backup
[2011-08-20 09:49:37 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011-08-20 09:31:43 | 001,182,208 | ---- | M] () -- C:\Windows\services32.exe
[2011-08-20 12:48:04 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011-08-20 12:48:04 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011-08-20 12:48:04 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011-08-20 12:37:11 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011-08-20 12:36:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011-08-20 09:50:10 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
[2011-08-20 09:48:29 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011-08-20 09:47:01 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011-08-20 09:46:59 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
[2011-08-20 09:46:59 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
[2011-08-20 17:39:55 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011-08-20 17:39:55 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011-08-20 17:39:55 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011-08-20 17:39:55 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011-08-20 12:48:03 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011-08-20 12:48:03 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011-08-20 12:36:58 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011-08-20 12:36:57 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011-08-20 12:36:57 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011-08-20 09:50:10 | 000,000,200 | ---- | C] () -- C:\Windows\info1
[2011-08-20 09:49:31 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011-08-20 09:35:26 | 001,182,208 | ---- | C] () -- C:\Windows\services32.exe


:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]




Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.

NIx Car (AMF Tim)

MyCity » Ambulanta -> Arhiva Ambulante » Trojan.KillAV and Backdoor.SDbotXD

Ko je trenutno na forumu
 

Ukupno su 1084 korisnika na forumu :: 36 registrovanih, 5 sakrivenih i 1043 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Apok, Ben Roj, bigfoot, Bobrock1, Boris90, Denaya, dijica, Dimitrije Paunovic, Dorcolac, draganca, esx66, Frunze, goxin, ljuba, Lucije Kvint, Marko Marković, Mercury, Metanoja, milenko crazy north, milutin134, mnn2, mrav pesadinac, nemkea71, Nobunaga, pein, RJ, sasa87, stalja, stegonosa, Trpe Grozni, Tvrtko I, vathra, virked, Vlajman1957, voja64, zlaya011