Virus trojanac

Virus trojanac

offline
  • Dušan
  • Pridružio: 18 Jun 2012
  • Poruke: 986

Ovo obavestenje sam dobio od avg

Evo i otl izvestaja



OTL logfile created on: 11/21/2012 6:46:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dejan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 43.91 Mb Available Physical Memory | 8.58% Memory free
1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.40% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 12.79 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 17.21 Gb Free Space | 35.24% Space Free | Partition Type: NTFS
Drive E: | 7.96 Gb Total Space | 7.91 Gb Free Space | 99.34% Space Free | Partition Type: NTFS

Computer Name: DEJAN-6E65AF0A7 | User Name: Dejan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/21 18:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dejan\My Documents\Downloads\OTL.exe
PRC - [2012/11/21 15:13:46 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/21 15:13:46 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/20 07:17:36 | 000,016,864 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox1\plugin-container.exe
PRC - [2012/11/20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox1\firefox.exe
PRC - [2012/11/08 06:30:32 | 000,568,832 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/23 18:18:39 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/06/13 16:34:31 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/06/11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/06/11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2005/07/12 08:55:26 | 000,081,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/04/30 02:22:26 | 000,266,240 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2005/04/30 02:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/04/30 02:18:24 | 000,131,136 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/04/30 02:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004/11/30 19:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/21 15:13:47 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/21 15:13:47 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/21 15:13:46 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/11/21 15:13:46 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
MOD - [2012/11/20 07:17:34 | 002,400,224 | ---- | M] () -- D:\Program Files\Mozilla Firefox1\mozjs.dll
MOD - [2012/11/08 06:30:32 | 000,568,832 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
MOD - [2012/10/23 18:18:39 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
MOD - [2012/10/09 05:45:31 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/06/26 13:11:10 | 000,345,688 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/06/26 13:11:08 | 000,282,200 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/06/26 13:11:02 | 008,197,208 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/06/26 13:11:00 | 002,302,040 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/06/26 13:10:58 | 000,202,328 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012/06/26 13:10:58 | 000,027,736 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2005/04/30 02:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
MOD - [2005/04/30 01:52:32 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
MOD - [2004/11/30 19:08:58 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2004/11/30 19:08:58 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/11/21 15:13:46 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/20 07:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/08 06:30:32 | 000,568,832 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/23 18:18:39 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Dejan\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/09 06:04:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/04/30 02:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2005/04/30 02:18:24 | 000,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/04/30 02:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 19:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/21 15:13:47 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/01 19:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/06/13 16:45:08 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2012/06/13 16:45:08 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2012/06/13 16:45:08 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/13 22:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/02/26 16:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/02/26 16:21:18 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
DRV - [2005/07/15 10:40:36 | 003,640,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/05/17 10:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/04/05 20:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 20:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 12:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=download&.....1760221614
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtA0BtB0AtN0D0Tzu0CtBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1760221614

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109217&tt=421.....fff792732b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 A5 16 D3 67 A5 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=4212_4&babsrc=SP_ss&mntrId=54343b2a00000000000000fff792732b
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={22ACF759-4C0F-4C8B-9A05-92A832C56654}&mid=01054e9465fe47d08a2ed15cb4fcf995-6fecc239b3924e86a6915d96814a29f8a89fa720&lang=en&ds=AVG&pr=fr&d=2012-11-21 15:13:51&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtA0BtB0AtN0D0Tzu0CtBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1760221614
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.2.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={22ACF759-4C0F-4C8B-9A05-92A832C56654}&mid=01054e9465fe47d08a2ed15cb4fcf995-6fecc239b3924e86a6915d96814a29f8a89fa720&lang=en&ds=AVG&pr=fr&d=2012-11-21 15:13:51&v=13.2.0.4&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.4 [2012/11/21 15:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: D:\Program Files\Mozilla Firefox1\components [2012/11/21 14:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox1\plugins

[2012/11/21 14:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dejan\Application Data\Mozilla\Extensions
[2012/11/21 15:13:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.4

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\2.3.15.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Dejan\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PC Suite Tray] D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D656DBF-DACB-4333-A96A-3A10DD40BEEE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dejan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dejan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/09 00:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 16:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\need for speed most wanted
[2012/11/21 15:28:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dejan\Recent
[2012/11/21 15:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\AVG2013
[2012/11/21 15:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\TuneUp Software
[2012/11/21 15:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/11/21 15:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\AVG Secure Search
[2012/11/21 15:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/11/21 15:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\AVG Secure Search
[2012/11/21 15:13:50 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/11/21 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/11/21 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/11/21 15:11:55 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/11/21 15:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/11/21 15:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/11/21 15:00:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/11/21 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\MFAData
[2012/11/21 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/11/21 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\Avg2013
[2012/11/21 14:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\Auslogics
[2012/11/21 14:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\Mozilla
[2012/11/21 14:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/21 14:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/21 14:48:05 | 019,380,192 | ---- | C] (Mozilla) -- C:\Documents and Settings\Dejan\Desktop\Firefox Setup 17.0.exe
[2012/11/21 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2012/11/21 13:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/20 13:17:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dejan\Phone Browser
[2012/11/20 13:17:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/11/20 13:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\Nokia
[2012/11/20 13:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\PC Suite
[2012/11/20 13:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/11/20 13:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite
[2012/11/20 13:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012/11/20 13:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012/11/20 13:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/11/20 13:11:13 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012/11/20 13:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/11/20 13:11:00 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012/11/20 13:10:59 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2012/11/20 13:10:57 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012/11/20 13:10:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/11/20 13:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/11/18 15:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/11/18 15:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/11/18 15:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/11/18 15:05:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/11/17 18:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\New Folder
[2012/11/17 18:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\Sasa Kovacevic 2010
[2012/11/17 13:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\MediaGet2
[2012/11/12 19:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\Moj pas
[2012/11/11 16:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\Ostalo
[2012/11/11 11:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/11/11 11:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\Sun
[2012/11/11 11:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/11/11 11:57:38 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/11 11:57:38 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/11 11:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\Sun
[2012/11/08 22:08:45 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2012/11/08 22:08:45 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012/11/08 21:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\New Folder (6)
[2012/10/23 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\uTorrentControl_v2
[2012/10/23 18:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v2
[2012/10/23 18:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2012/10/23 18:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\DefaultTab
[2012/10/23 18:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\IconEdit2
[2012/10/23 16:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\jZip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/21 18:45:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/21 18:44:25 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/21 18:44:19 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\YourFile Update.job
[2012/11/21 18:44:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/21 18:42:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\settings.dat
[2012/11/21 18:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/21 18:25:37 | 000,802,194 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\virus.bmp
[2012/11/21 18:03:06 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/21 15:14:01 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/11/21 15:13:47 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/11/21 14:53:52 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/21 14:53:52 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/11/21 14:48:05 | 019,380,192 | ---- | M] (Mozilla) -- C:\Documents and Settings\Dejan\Desktop\Firefox Setup 17.0.exe
[2012/11/21 13:13:44 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/20 13:59:00 | 000,131,489 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\speedo_clock.nth
[2012/11/20 13:55:00 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\Spider Solitaire.lnk
[2012/11/20 13:20:52 | 000,025,570 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\BMW.svg.png
[2012/11/20 13:18:54 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/20 13:18:54 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/20 13:11:53 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2012/11/17 18:03:03 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2012/11/17 15:27:20 | 000,108,698 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\Bavaria-16.jpg
[2012/11/17 15:08:19 | 000,279,580 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\BMW-318-Coupe1.jpg
[2012/11/16 15:43:43 | 000,330,058 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\P1030136.JPG
[2012/11/15 11:21:08 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/12 09:00:11 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/11 11:57:12 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/11 11:57:12 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/09 22:42:48 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\Shortcut to pedeset_nijansi_-_siva_odlomak.lnk
[2012/11/08 22:35:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/08 22:09:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/11/08 22:08:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/11/07 09:44:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/10/23 18:46:17 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/23 16:35:51 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/21 18:42:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\settings.dat
[2012/11/21 18:41:51 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dejan\Desktop\RootRepeal.exe
[2012/11/21 18:25:37 | 000,802,194 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\virus.bmp
[2012/11/21 15:14:01 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/11/21 14:53:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/21 14:53:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/21 14:53:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/11/21 13:13:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/20 13:58:50 | 000,131,489 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\speedo_clock.nth
[2012/11/20 13:54:39 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Dejan\Start Menu\Programs\Freecell.lnk
[2012/11/20 13:20:50 | 000,025,570 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\BMW.svg.png
[2012/11/20 13:11:52 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2012/11/17 15:13:12 | 000,108,698 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\Bavaria-16.jpg
[2012/11/17 14:55:45 | 000,279,580 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\BMW-318-Coupe1.jpg
[2012/11/09 22:42:48 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\Shortcut to pedeset_nijansi_-_siva_odlomak.lnk
[2012/11/08 22:09:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/11/08 22:08:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/10/23 18:46:17 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/23 16:35:51 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2012/10/23 16:35:51 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Dejan\Start Menu\Programs\jZip.lnk
[2012/10/21 12:44:19 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\funmoods-speeddial_sf.crx
[2012/10/21 12:44:19 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\funmoods.crx
[2012/10/17 20:17:38 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/10 08:05:20 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/10/10 08:05:20 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/10/09 05:49:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/09 01:05:48 | 000,017,571 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/10/09 01:05:44 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012/10/09 01:05:36 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012/10/09 01:00:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/09 00:53:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/08 17:49:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/08 17:47:47 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 16:36:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/13 16:36:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/06/13 16:35:29 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2012/06/13 16:34:32 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

<End>


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Ovo obavestenje mi se pojavilo u toku skeniranja
Citat:...................................................................LAST 30 DAYS..SINCE INSTALLATION
Files scanned........................................398000...............398000
Infected files found and healed.......2...........................2

Internet je adsl osnovni paket
Windows xp

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,

Tvoj sistem nije 64-bitni, potrebno je da dostavis i GMER izvestaje iz uputstva Smile

offline
  • Dušan
  • Pridružio: 18 Jun 2012
  • Poruke: 986

Nisam mogao zato sto nije htelo da radi u gmeru
Pocne i odma poplavi ekran
I javljaju se neke greske

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Trebao si mi to napomenuti Smile

U uputstvu ima alternativa --> Root Repeal

offline
  • Dušan
  • Pridružio: 18 Jun 2012
  • Poruke: 986

Napisano: 21 Nov 2012 21:45

Probao sam i sa tim ali tada samo zakuca Smile

Dopuna: 21 Nov 2012 21:51

Jedino sam DDS izvestaje uspeo da uradim
Da li te da okacim
Ako nesto znaci Smile

Dopuna: 21 Nov 2012 21:52

Koje jos izvestaje mogu da odradim Smile

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi SysProt AntiRootkit sa sledeće stranice:

SysProt downlaod

Na strani koja se otvori treba kliknuti "here" link.



Raspakuj arhivu u neki folder (uputstvo), a zatim:
dvoklikom pokreni program i pređi na Log karticu;

štikliraj svih osam stavki i klikni Create log;

nakon određenog vremena će se pojaviti upit u kome treba obeležiti
Scan root drive only i kliknuti Start;

po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK;

izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program.


Slikoviti prikaz postupka

Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.



Ukoliko ni on ne radi, isprati sledece upuststvo...



Preuzmi [url=https://www.mycity.rs/must-login.png Unhooker[/url] na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks

klikni OK i sačekaj završetak skeniranja.


Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.

offline
  • Dušan
  • Pridružio: 18 Jun 2012
  • Poruke: 986

Napisano: 24 Nov 2012 14:26

https://www.mycity.rs/must-login.png

Dopuna: 24 Nov 2012 14:29

https://www.mycity.rs/must-login.png

Dopuna: 25 Nov 2012 14:34

...............

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Izvini sto si malo duze cekao. Na racunaru nemas aktivne infekcije. Ono sto AVG prijavljuje jeste virus koji se nalazi u okviru System Restore-a, i koji ne predstavlja aktivnu opasnost. Da bi ga se resio, potrebno je da resetujes System Restore prateci ovaj link

http://www.mycity.rs/MyCity-Laboratorija/Kako-iskl.....sta-7.html



Arrow Ponovo pokreni OTL i klikni na CleanUp. SacŤekaj da se deinstalacija zavrsi.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1257 korisnika na forumu :: 42 registrovanih, 7 sakrivenih i 1208 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., Areal84, Asparagus, bigfoot, Bobrock1, Centauro, crnogorac, dika69, Dorcolac, GandorCC, Georgius, HrcAk47, ikan, ILGromovnik, Karla, Kubovac, Lieutenant, lord sir giga, Luka Blažević, marsovac 2, MIg, milenko crazy north, Milos82, minmatar34957, mkukoleca, nedeljkovici, novator, pein, Pikac-47, Rakenica, raptorsi, RJ, royst33, ruma, shone34, Singidunumac, stegonosa, theNedjeljko, Vlad000, wolf1, zziko