MyCity » Ambulanta -> Arhiva Ambulante » Win32/Spy.KeyLogger.NHI trojan

Win32/Spy.KeyLogger.NHI trojan

Napisano na dan: 1.4.2012

Win32/Spy.KeyLogger.NHI trojan

Sledeća strana

Pagination

Odgovori

Maci Skener Poslao: 01 Apr 2012 13:36 Idi na vrh
offline Maci Skener Novi MyCity građanin Pridružio: 01 Apr 2012 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobar dan.Otvorio sam novu temu na isto ime kao i vaš član prije mene jer su takva pravila ovoga foruma. Pokupio sam ovaj tip virusa s USB-a i stvorio mi je problem prilikom log in-a na facebook i ostale stranice na kojima je zahtijevalo korisničko ime i šifru. Koristim Win 7 (64 bitni). C:\OptionalComponents\lsass.exe (Isass.exe mi se uvijek pokrenuo prilikom paljenja laptopa),u Task manager-u sam ga maloprije stopirao(pritisnuo END) i sad mi se događa da kad otvorim jedan od internet pretraživača(više kod mozzile a manje puta kod chroma) slika jednostavno zamrzne(tipkovnica i miš uopće ne reagiraju). Koristim ESET NOD32 Antivirus i prilikom zadnjeg skeniranja izbacio je ovo: 1.4.2012. 11:46:59 Startup scanner file Operating memory » C:\OptionalComponents\lsass.exe Win32/Spy.KeyLogger.NHI trojan error while deleting 1.4.2012. 11:46:58 Startup scanner file Operating memory » C:\OptionalComponents\lsass.exe Win32/Spy.KeyLogger.NHI trojan error while deleting JACOB-PC\JACOB 1.4.2012. 0:43:14 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 1.4.2012. 0:43:12 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:31:17 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:31:15 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:31:14 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:29:29 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:29:19 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:29:01 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:29:00 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:59 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:57 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:55 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:54 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:34 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:33 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:31 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:30 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:29 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:28 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:27 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:26 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:25 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:24 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:22 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 22:28:01 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:08:07 Real-time file system protection file C:\OptionalComponents\lsass.exe Win32/Spy.KeyLogger.NHI trojan unable to clean JACOB-PC\JACOB Event occurred on a file modified by the application: F:\The Warriors (Directors Cut) (1979) DVDRip (SiRiUs sHaRe).exe. 31.3.2012. 21:07:59 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:07:57 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:07:56 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:07:55 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:07:54 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:07:52 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:07:51 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:07:49 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a new file created by the application: C:\OptionalComponents\lsass.exe. 31.3.2012. 21:07:43 Real-time file system protection file C:\configuration\configuration.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a file modified by the application: C:\OptionalComponents\lsass.exe. 4.3.2012. 3:52:14 Real-time file system protection file D:\Downloads\Nepotvrđeno 76348.crdownload a variant of Win32/SoftonicDownloader.C potentially unwanted application cleaned by deleting - quarantined JACOB-PC\JACOB Event occurred on a file modified by the application: C:\Users\JACOB\AppData\Local\Google\Chrome\Application\chrome.exe. 4.3.2012. 3:52:13 Real-time file system protection file D:\Downloads\2057.tmp a variant of Win32/SoftonicDownloader.C potentially unwanted application cleaned by deleting JACOB-PC\JACOB Event occurred on a file modified by the application: C:\Users\JACOB\AppData\Local\Google\Chrome\Application\chrome.exe. 4.3.2012. 3:52:10 HTTP filter file http://universal-downloader.en.softonic.com/75000/75826/ud_200/SoftonicDownloader_for_windows-installer-cleanup-utility.exe?AWSAccessKeyId=0HXVA1YMG3HX1XDSGT02&Expires=1330842113&Signature=dnKhAkfHv7KBbLKbcQYG6hpR59M=&file=/SoftonicDownloader_for_windows-installer-cleanup-utility.exe a variant of Win32/SoftonicDownloader.C potentially unwanted application connection terminated - quarantined JACOB-PC\JACOB Threat was detected upon access to web by the application: C:\Users\JACOB\AppData\Local\Google\Chrome\Application\chrome.exe. 5.2.2012. 22:23:07 Real-time file system protection file G:\The Shining[1980]DvDrip[Eng]-Stealthmaster--.exe Win32/Spy.KeyLogger.NHI trojan deleted - quarantined JACOB-PC\JACOB Event occurred on a file modified by the application: C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suc14_FileShredder.exe. Nadam se i bio bih vam zahvalan da mi pomognete.Hvala.....

Profil

ivance95 Poslao: 01 Apr 2012 13:44 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isprati detaljno uputstvo koje se nalazi na ovom linku, i postavi potrebne izveštaje. Ivance95 (AMF Tim)

Profil

Maci Skener Poslao: 01 Apr 2012 16:52 Idi na vrh
offline Maci Skener Novi MyCity građanin Pridružio: 01 Apr 2012 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 01 Apr 2012 14:19 Problem nisam pokušavao riješiti sam je nisam dovoljno stručan za problem ovakvog tipa. Računalo je do ovoga trenutka bilo u odličnom stanju.Koristim cc cleaner,tune up 2012,Advanced system care za svakodnevno uređivanje i uklanjanje log fajlova,povijesti,memoriranih informacija,kolačića... Nikad ali bas nikad od kad sam instalirao windows nije bilo ozbiljnih problema. Internet:Local Area Connection Brzina interneta:Download speed-94.94 Mbps Upload speed-75.59 Mbps Ispričavam se ovo u vezi log-a (ako to nije to sta sam vam poslao) Advanced SystemCare Diagnose Report v1.0 Date: 2012.04.01 14:17:45 ---------------------------------- 01 - Operating System ---------------------------------- 0101 - Operating System : Windows 7 Professional 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.110622-1506) 0102 - Language : Croatian (Regional Setting: Croatian) 0103 - BIOS : Default System BIOS 0104 - Processor : Intel(R) Pentium(R) CPU P6000 @ 1.87GHz (2 CPUs), ~1.9GHz 0105 - Memory : 3072MB RAM 0106 - Available OS Memory : 2934MB RAM 0107 - Page File : 1794MB used, 4071MB available 0108 - Windows Dir : C:\Windows 0109 - DirectX Version : DirectX 11 0110 - DX Setup Parameters : Not found 0111 - User DPI Setting : Using System DPI 0112 - System DPI Setting : 96 DPI (100 percent) 0113 - DWM DPI Scaling : Disabled 0114 - DxDiag Version : 6.01.7601.17514 ---------------------------------- 02 - Processor ---------------------------------- 0201 - Caption : Intel(R) Pentium(R) CPU P6000 @ 1.87GHz x2 ~1866MHz 0202 - Current Clock Speed : 1866MHz 0203 - L3 Cache : 3,00 MB 0204 - L1 Cache : 32,00 KB 0205 - L2 Cache : 256,00 KB ---------------------------------- 03 - Video Adapter ---------------------------------- 0301 - Card Name : ATI Mobility Radeon HD 5470 0302 - Manufacturer : ATI Technologies Inc. 0303 - Chip Type : ATI display adapter (0x68E0) 0304 - DAC Type : Internal DAC(400MHz) 0305 - Device Key : Enum\PCI\VEN_1002&DEV_68E0&SUBSYS_143A103C&REV_00 0306 - Display Memory : 2226 MB 0307 - AdapterRAM : 1,00 GB 0308 - Current Mode : 1366 x 768 (32 bit) (60Hz) 0309 - Monitor Name : Generic PnP Monitor 0310 - Driver Name : atiu9p64.dll,atiuxp64.dll,atiuxp64.dll,atiu9pag,atiuxpag,atiuxpag,atiumdva,atiumd6a.cap,atitmm64.dll 0311 - Driver Version : 8.14.0001.6117 0312 - Driver Language : English 0313 - DDI Version : 11 0314 - Driver Model : WDDM 1.1 0315 - Driver Beta : False 0316 - Driver Debug : False 0317 - Driver Date : 8/3/2010 22:22:00 0318 - Driver Size : 30208 0319 - VDD : n/a 0320 - Mini VDD : n/a 0321 - Mini VDD Date : n/a 0322 - Mini VDD Size : 0 0323 - Device Identifier : {D7B71EE2-2BA0-11CF-6964-3B34A1C2C535} 0324 - Vendor ID : 0x1002 0325 - Device ID : 0x68E0 0326 - SubSys ID : 0x143A103C 0327 - Revision ID : 0x0000 0328 - Driver Strong Name : oem22.inf:ATI.Mfg.NTamd64.6.1:ati2mtag_Manhattan_PXAI:8.741.1.4000:pci\ven_1002&dev_68e0&subsys_143a103c 0329 - Rank Of Driver : 00E60001 0330 - Video Accel : ModeMPEG2_A ModeMPEG2_C 0331 - Deinterlace Caps : {6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY {6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps= {3C5323C1-6FB7-44F5-9081-056BF2EE449D}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,2) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive {552C0DAD-CCBC-420B-83C8-74943CF9F1A6}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,2) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive {6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps= {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps= {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps= {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps= {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps= {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps= 0332 - D3D9 Overlay : Not Supported 0333 - DXVA-HD : Not Supported 0334 - DDraw Status : Enabled 0335 - D3D Status : Enabled 0336 - AGP Status : Enabled 0337 - Notes : No problems found. 0338 - OpenGL : 6.1.7600.16385 (win7_rtm.090713-1255) ---------------------------------- 04 - Memory ---------------------------------- 0401 - Total Memory : 2,87 GB 0402 - Free Memory : 1,51 GB 0403 - Total Pagefile : 5,73 GB 0404 - Free Pagefile : 3,97 GB 0405 - Bank Label : BANK 0 0406 - Speed : 1067 MHz 0407 - Total Width : 64 Bits 0408 - Capacity : 2,00 GB 0405 - Bank Label : BANK 2 0406 - Speed : 1067 MHz 0407 - Total Width : 64 Bits 0408 - Capacity : 1,00 GB ---------------------------------- 05 - Network ---------------------------------- 0501 - Description : Realtek PCIe FE Family Controller 0502 - Driver Date : 6-10-2011 0503 - Driver Version : 7.46.610.2011 ---------------------------------- 06 - Motherboard ---------------------------------- 0601 - Model : 143A 0602 - Manufacturer : Hewlett-Packard ---------------------------------- 07 - Sound Device ---------------------------------- 0701 - Description : Speakers (Realtek High Definition Audio) 0702 - Default Sound Playback : True 0703 - Default Voice Playback : True 0704 - Hardware ID : HDAUDIO\FUNC_01&VEN_10EC&DEV_0270&SUBSYS_103C143A&REV_1001 0705 - Manufacturer ID : 1 0706 - Product ID : 100 0707 - Type : WDM 0708 - Driver Name : RTKVHD64.sys 0709 - Driver Version : 6.00.0001.6066 0710 - Driver attributes : Final Retail 0711 - Date and Size : 3/13/2010 22:47:08 0713 - Driver Provider : Realtek Semiconductor Corp. 0714 - Min/Max Sample Rate : 4642294, 4642294 0715 - Static/Strm HW Mix Bufs : 4642294, 4642294 0716 - Static/Strm HW 3D Bufs : 4642294, 4642294 0717 - HW Memory : 4642302 0718 - Voice Management : False 0719 - EAX(tm) 2.0 Listen/Src : False, False 0720 - I3DL2(tm) Listen/Src : False, False 0721 - Notes : No problems found. ---------------------------------- 08 - Hard Disk ---------------------------------- 0801 - Model : Hitachi HTS725032A9A364 ATA Device 0802 - Media Type : Fixed hard disk media 0803 - Size : 298,09 GB 0804 - Interface Type : Serial ATA 0805 - Driver Date : 6-21-2006 0806 - Driver Version : 6.1.7600.16385 0807 - Caption : C:\ 0808 - Capacity : 76,51 GB 0809 - Free Space : 33,40 GB 0810 - Drive Type : 3-Fixed 0811 - File System : NTFS 0807 - Caption : D:\ 0808 - Capacity : 220,70 GB 0809 - Free Space : 136,06 GB 0810 - Drive Type : 3-Fixed 0811 - File System : NTFS ---------------------------------- 09 - Process ---------------------------------- 0901 - 000 Idle 0 0 0 0901 - 004 System 0 0 0 0901 - 17c smss.exe 0 0 0 normal 0901 - 1fc csrss.exe 0 0 0 normal 0901 - 254 wininit.exe 0 0 0 high 0901 - 270 csrss.exe 1 174 81 normal 0901 - 288 services.exe 0 0 0 normal 0901 - 2b0 lsass.exe 0 0 0 normal 0901 - 2b8 winlogon.exe 1 6 0 high 0901 - 2c0 lsm.exe 0 0 0 normal 0901 - 340 svchost.exe 0 0 0 normal 0901 - 378 ASCService.exe 0 0 0 high C:\Program Files (x86)\IObit\Advanced SystemCare 5 0901 - 3b4 svchost.exe 0 0 0 normal 0901 - 100 atiesrxx.exe 0 0 0 normal 0901 - 1ac svchost.exe 0 0 0 normal 0901 - 210 svchost.exe 0 0 0 normal 0901 - 200 svchost.exe 0 0 0 normal 0901 - 44c svchost.exe 0 0 0 normal 0901 - 4b0 atieclxx.exe 1 9 6 normal 0901 - 4e0 svchost.exe 0 0 0 normal 0901 - 554 wlanext.exe 0 0 0 normal 0901 - 55c conhost.exe 0 0 0 normal 0901 - 60c spoolsv.exe 0 0 0 normal 0901 - 670 svchost.exe 0 0 0 normal 0901 - 70c taskhost.exe 1 26 22 normal 0901 - 740 dwm.exe 1 17 2 high 0901 - 760 AERTSr64.exe 0 0 0 normal 0901 - 778 btwdins.exe 0 0 0 normal 0901 - 7ac ekrn.exe 0 0 0 normal C:\Program Files\ESET\ESET NOD32 Antivirus\x86 0901 - 7c4 Eap3Host.exe 0 0 0 normal 0901 - 438 explorer.exe 1 530 270 normal 0901 - 544 svchost.exe 0 0 0 normal 0901 - 630 TuneUpUtilitiesService64.exe 0 0 0 normal 0901 - 61c WLIDSVC.EXE 0 0 0 normal 0901 - 8d8 WLIDSVCM.EXE 0 0 0 normal 0901 - 948 TuneUpUtilitiesApp64.exe 1 339 137 normal 0901 - 97c RtkNGUI64.exe 1 20 26 normal 0901 - 99c SynTPEnh.exe 1 68 38 above normal 0901 - a3c igfxtray.exe 1 12 6 normal 0901 - a64 egui.exe 1 250 68 normal 0901 - a6c ASCTray.exe 1 68 35 normal C:\Program Files (x86)\IObit\Advanced SystemCare 5 0901 - adc BTTray.exe 1 20 22 normal 0901 - b30 RunDll32.exe 1 15 6 normal C:\Windows\SysWOW64 0901 - 664 svchost.exe 0 0 0 normal 0901 - 974 SynTPHelper.exe 1 9 3 above normal 0901 - dd0 MOM.exe 1 10 9 normal 0901 - e28 CCC.exe 1 36 40 normal 0901 - fdc chrome.exe 1 155 60 normal C:\Users\JACOB\AppData\Local\Google\Chrome\Application 0901 - c24 svchost.exe 0 0 0 normal 0901 - 9b8 RtVOsdService.exe 0 0 0 normal 0901 - 86c RtVOsd.exe 1 21 15 normal 0901 - be0 svchost.exe 0 0 0 normal 0901 - ad4 rundll32.exe 1 15 5 normal C:\Windows\SysWOW64 0901 - 47c chrome.exe 1 41 123 normal C:\Users\JACOB\AppData\Local\Google\Chrome\Application 0901 - cec chrome.exe 1 60 1 normal C:\Users\JACOB\AppData\Local\Google\Chrome\Application 0901 - 938 chrome.exe 1 75 1 normal C:\Users\JACOB\AppData\Local\Google\Chrome\Application 0901 - ea8 chrome.exe 1 12 4 normal C:\Users\JACOB\AppData\Local\Google\Chrome\Application 0901 - ad0 OTL.exe 1 68 129 normal D:\Downloads 0901 - b58 chrome.exe 1 98 1 normal C:\Users\JACOB\AppData\Local\Google\Chrome\Application 0901 - 484 Asc.exe 1 1630 290 normal C:\Program Files (x86)\IObit\Advanced SystemCare 5 0901 - b68 WmiPrvSE.exe 0 0 0 normal 0901 - fb4 ToolBox.exe 1 470 121 normal C:\Program Files (x86)\IObit\Advanced SystemCare 5 0901 - acc Sus10_SysExplorer.exe 1 102 48 normal C:\Program Files (x86)\IObit\Advanced SystemCare 5 0901 - 768 audiodg.exe 0 0 0 ---------------------------------- 10 - Service ---------------------------------- 1001 - Advanced SystemCare Service 5 - [C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe] 1001 - Andrea RT Filters Service - [C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe] 1001 - AMD External Events Utility - [C:\Windows\system32\atiesrxx.exe] 1001 - Application Information - [C:\Windows\system32\svchost.exe -k netsvcs] 1001 - Windows Audio Endpoint Builder - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted] 1001 - Windows Audio - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted] 1001 - Base Filtering Engine - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork] 1001 - Background Intelligent Transfer Service - [C:\Windows\System32\svchost.exe -k netsvcs] 1001 - Computer Browser - [C:\Windows\System32\svchost.exe -k netsvcs] 1001 - Bluetooth Service - [C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe] 1001 - Cryptographic Services - [C:\Windows\system32\svchost.exe -k NetworkService] 1001 - DHCP Client - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted] 1001 - DNS Client - [C:\Windows\system32\svchost.exe -k NetworkService] 1001 - Wired AutoConfig - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted] 1001 - Extensible Authentication Protocol - [C:\Windows\System32\svchost.exe -k netsvcs] 1001 - ESET Service - ["C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"] 1001 - Windows Event Log - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted] 1001 - COM+ Event System - [C:\Windows\system32\svchost.exe -k LocalService] 1001 - Windows Font Cache Service - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation] 1001 - IKE and AuthIP IPsec Keying Modules - [C:\Windows\system32\svchost.exe -k netsvcs] 1001 - CNG Key Isolation - [C:\Windows\system32\lsass.exe] 1001 - Server - [C:\Windows\system32\svchost.exe -k netsvcs] 1001 - Workstation - [C:\Windows\System32\svchost.exe -k NetworkService] 1001 - TCP/IP NetBIOS Helper - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted] 1001 - Windows Firewall - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork] 1001 - Network Connections - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted] 1001 - Network List Service - [C:\Windows\System32\svchost.exe -k LocalService] 1001 - Network Location Awareness - [C:\Windows\System32\svchost.exe -k NetworkService] 1001 - Network Store Interface Service - [C:\Windows\system32\svchost.exe -k LocalService] 1001 - Program Compatibility Assistant Service - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted] 1001 - Plug and Play - [C:\Windows\system32\svchost.exe -k DcomLaunch] 1001 - IPsec Policy Agent - [C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted] 1001 - Power - [C:\Windows\system32\svchost.exe -k DcomLaunch] 1001 - User Profile Service - [C:\Windows\system32\svchost.exe -k netsvcs] 1001 - Remote Access Connection Manager - [C:\Windows\System32\svchost.exe -k netsvcs] 1001 - RtVOsdService Installer - ["C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe"] 1001 - Security Accounts Manager - [C:\Windows\system32\lsass.exe] 1001 - System Event Notification Service - [C:\Windows\system32\svchost.exe -k netsvcs] 1001 - Shell Hardware Detection - [C:\Windows\System32\svchost.exe -k netsvcs] 1001 - Print Spooler - [C:\Windows\System32\spoolsv.exe] 1001 - SSDP Discovery - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation] 1001 - Secure Socket Tunneling Protocol Service - [C:\Windows\system32\svchost.exe -k LocalService] 1001 - Windows Image Acquisition (WIA) - [C:\Windows\system32\svchost.exe -k imgsvc] 1001 - Superfetch - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted] 1001 - Telephony - [C:\Windows\System32\svchost.exe -k NetworkService] 1001 - Themes - [C:\Windows\System32\svchost.exe -k netsvcs] 1001 - TuneUp Utilities Service - ["C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"] 1001 - Desktop Window Manager Session Manager - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted] 1001 - Windows Defender - [C:\Windows\System32\svchost.exe -k secsvcs] 1001 - Windows Management Instrumentation - [C:\Windows\system32\svchost.exe -k netsvcs] 1001 - WLAN AutoConfig - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted] 1001 - Windows Live ID Sign-in Assistant - ["C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"] 1001 - Security Center - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted] 1001 - Windows Update - [C:\Windows\system32\svchost.exe -k netsvcs] 1001 - Windows Driver Foundation - User-mode Driver Framework - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted] ---------------------------------- 11 - Windows Express ---------------------------------- 1101 - System Score : 5 1102 - Memory Score : 5.5 1103 - CPU Score : 5.4 1104 - Graphics Score : 5 1105 - Gaming Score : 6.2 1106 - Disk Score : 5.9 ---------------------------------- 12 - Event Log ---------------------------------- 1201 - Time : 1.4.2012. 18:54:16 1202 - Source : Service Control Manager 1203 - Description : The Usluga Google ažuriranje (gupdate) service failed to start due to the following error: The system cannot find the path specified. 1201 - Time : 1.4.2012. 18:51:55 1202 - Source : Service Control Manager 1203 - Description : The Eset Trial Reset service failed to start due to the following error: The system cannot find the path specified. 1201 - Time : 1.4.2012. 18:51:52 1202 - Source : EventLog 1203 - Description : The previous system shutdown at 12:49:46 on ‎1.‎4.‎2012. was unexpected. 1201 - Time : 1.4.2012. 18:36:42 1202 - Source : Service Control Manager 1203 - Description : The Usluga Google ažuriranje (gupdate) service failed to start due to the following error: The system cannot find the path specified. 1201 - Time : 1.4.2012. 18:34:24 1202 - Source : Service Control Manager 1203 - Description : The Eset Trial Reset service failed to start due to the following error: The system cannot find the path specified. 1201 - Time : 1.4.2012. 17:41:57 1202 - Source : Service Control Manager 1203 - Description : The Usluga Google ažuriranje (gupdate) service failed to start due to the following error: The system cannot find the path specified. 1201 - Time : 1.4.2012. 17:39:39 1202 - Source : Service Control Manager 1203 - Description : The Eset Trial Reset service failed to start due to the following error: The system cannot find the path specified. ---------------------------------- End of file - 22203 Bytes Dopuna: 01 Apr 2012 14:20 mycity.rs/must-login.png Dopuna: 01 Apr 2012 16:52 Da li će biti mogućnosti ovo trajno odstraniti?

Profil

Sass Drake Poslao: 01 Apr 2012 17:08 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	1Ovo se svidja korisniku: A.L. Registruj se da bi pohvalio/la poruku! U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg: Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima; Ne tražiti istovremeno pomoć na drugom mjestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo; U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio; Ukoliko ne odgovorim u roku od 48h, osvježi temu novim post-om; Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj. Za više informacija o pravilima Ambulante MyCity foruma: LINK Korak 1 Ponovo pokreni program OTL dvoklikom na ikonu. U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst: `:files C:\configuration C:\OptionalComponents :commands [purity] [emptytemp] [reboot]` Klikni taster Run Fix; Izvještaj koji dobiješ iskopiraj ovde u poruci. Korak 2 Preuzmi MCShield sa sljedeće adrese: http://amf.mycity.rs/mcshield/MCShield-Setup.exe Instaliraj MCShield i sačekaj da se završi uvodno skeniranje. Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani. Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd. Idi na Start -> Run* i u tekst polje kopiraj sljedeći tekst: %ProgramData%\MCShield\AllScans.txt i klikni na OK. *Ukoliko opcija Run ne bude dostupna, pritisni taster i R Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku Korak 3 Ponovi pokreni OTL i klikni na Run scan. Prikači uz poruku svjež OTL izvještaj.

Profil

Maci Skener Poslao: 01 Apr 2012 17:51 Idi na vrh
offline Maci Skener Novi MyCity građanin Pridružio: 01 Apr 2012 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1: All processes killed ========== FILES ========== C:\configuration folder moved successfully. C:\OptionalComponents\4A41434F42 folder moved successfully. C:\OptionalComponents folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Ian User: JACOB ->Temp folder emptied: 1616 bytes ->Temporary Internet Files folder emptied: 82724 bytes ->Java cache emptied: 1358876 bytes ->FireFox cache emptied: 51047734 bytes ->Google Chrome cache emptied: 280699431 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 500 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68489 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 318,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04012012_171836 Files\Folders moved on Reboot... C:\Users\JACOB\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Korak dva: Kad je zavrsilo pocetno skeniranje,ubacio sam usb i izbacio mi je ovaj tekst (Usb je ADATA C906/8GB) >>> MCShield v 2.0.3.11 <<< 1.4.2012. 17:31:25 > Drive F: - scan started (MACI ~7768 MB, FAT32 flash drive )... ---> Note: traces of file replicators have been found! ---> Executing generic S&D routine... >>> F:\PES 2011.exe - Malware > Deleted. (12.04.01. 17.31 PES 2011.exe.629467; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> F:\The Warriors (Directors Cut) (1979) DVDRip (SiRiUs sHaRe).exe - Malware > Deleted. (12.04.01. 17.31 The Warriors (Directors Cut) (1979) DVDRip (SiRiUs sHaRe).exe.262581; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> F:\Predavanja.exe - Malware > Deleted. (12.04.01. 17.31 Predavanja.exe.487844; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> F:\VJEŽBE.exe - Malware > Deleted. (12.04.01. 17.31 VJEŽBE.exe.284588; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> F:\labosi.exe - Malware > Deleted. (12.04.01. 17.31 labosi.exe.507942; MD5: 1628b5236d9d41b760e5e477eb50700b) > Resetting attributes: F:\PES 2011 < Successful. > Resetting attributes: F:\The Warriors (Directors Cut) (1979) DVDRip (SiRiUs sHaRe) < Successful. > Resetting attributes: F:\labosi < Successful. > Resetting attributes: F:\Predavanja < Successful. > Resetting attributes: F:\VJEŽBE < Successful. => Malicious files : 5/5 deleted. => Hidden folders : 5/5 unhidden. ____________________________________________ ::::: Scan duration: 39s ::::::::::::::::::: ____________________________________________ Nakon unosa poruke u RUN izbacio je ovo >>> MCShield AllScans.txt <<< >>> MCShield v 2.0.3.11 <<< 1.4.2012. 17:27:45 > Drive C: - scan started (no label ~77 GB, NTFS HDD )... => The drive is clean. 1.4.2012. 17:27:46 > Drive D: - scan started (no label ~221 GB, NTFS HDD )... => The drive is clean. >>> MCShield v 2.0.3.11 <<< 1.4.2012. 17:31:25 > Drive F: - scan started (MACI ~7768 MB, FAT32 flash drive )... ---> Note: traces of file replicators have been found! ---> Executing generic S&D routine... >>> F:\PES 2011.exe - Malware > Deleted. (12.04.01. 17.31 PES 2011.exe.629467; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> F:\The Warriors (Directors Cut) (1979) DVDRip (SiRiUs sHaRe).exe - Malware > Deleted. (12.04.01. 17.31 The Warriors (Directors Cut) (1979) DVDRip (SiRiUs sHaRe).exe.262581; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> F:\Predavanja.exe - Malware > Deleted. (12.04.01. 17.31 Predavanja.exe.487844; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> F:\VJEŽBE.exe - Malware > Deleted. (12.04.01. 17.31 VJEŽBE.exe.284588; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> F:\labosi.exe - Malware > Deleted. (12.04.01. 17.31 labosi.exe.507942; MD5: 1628b5236d9d41b760e5e477eb50700b) > Resetting attributes: F:\PES 2011 < Successful. > Resetting attributes: F:\The Warriors (Directors Cut) (1979) DVDRip (SiRiUs sHaRe) < Successful. > Resetting attributes: F:\labosi < Successful. > Resetting attributes: F:\Predavanja < Successful. > Resetting attributes: F:\VJEŽBE < Successful. => Malicious files : 5/5 deleted. => Hidden folders : 5/5 unhidden. ____________________________________________ ::::: Scan duration: 39s ::::::::::::::::::: ____________________________________________ I zadnji korak,odnosno broj tri: OTL logfile created on: 1.4.2012. 17:36:57 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 0000041a \| Country: Hrvatska \| Language: HRV \| Date Format: d.M.yyyy. 2,87 Gb Total Physical Memory \| 1,64 Gb Available Physical Memory \| 57,13% Memory free 5,73 Gb Paging File \| 4,17 Gb Available in Paging File \| 72,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 76,51 Gb Total Space \| 33,53 Gb Free Space \| 43,83% Space Free \| Partition Type: NTFS Drive D: \| 220,70 Gb Total Space \| 136,06 Gb Free Space \| 61,65% Space Free \| Partition Type: NTFS Computer Name: JACOB-PC \| User Name: JACOB \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.01 01:09:34 \| 000,593,920 \| ---- \| M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2012.03.12 22:25:06 \| 000,583,680 \| ---- \| M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe PRC - [2011.12.08 14:10:35 \| 000,619,352 \| ---- \| M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe PRC - [2011.12.08 14:10:35 \| 000,494,424 \| ---- \| M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2011.11.12 11:42:52 \| 000,359,256 \| ---- \| M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\DelayLoad.exe PRC - [2010.11.04 18:15:50 \| 000,810,144 \| ---- \| M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe ========== Modules (No Company Name) ========== MOD - [2012.03.21 14:21:12 \| 000,429,040 \| ---- \| M] () -- C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll MOD - [2012.03.21 14:21:11 \| 003,772,912 \| ---- \| M] () -- C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll MOD - [2012.03.21 14:19:37 \| 000,122,880 \| ---- \| M] () -- C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\avutil-51.dll MOD - [2012.03.21 14:19:35 \| 000,220,672 \| ---- \| M] () -- C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\avformat-53.dll MOD - [2012.03.21 14:19:34 \| 001,747,456 \| ---- \| M] () -- C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\avcodec-53.dll MOD - [2012.03.21 09:44:18 \| 008,593,056 \| ---- \| M] () -- C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll MOD - [2011.04.21 17:54:40 \| 000,347,024 \| ---- \| M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl MOD - [2011.04.21 17:54:40 \| 000,179,088 \| ---- \| M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl MOD - [2011.04.21 17:54:40 \| 000,046,480 \| ---- \| M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.04 18:18:12 \| 000,042,360 \| ---- \| M] (ESET) [On_Demand \| Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2010.11.04 18:15:50 \| 000,810,144 \| ---- \| M] (ESET) [Auto \| Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010.08.03 22:57:02 \| 000,203,264 \| ---- \| M] (AMD) [Auto \| Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.07.29 20:39:24 \| 000,951,584 \| ---- \| M] (Broadcom Corporation.) [Auto \| Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010.06.17 16:54:20 \| 000,315,392 \| ---- \| M] (Realtek Semiconductor Corp.) [Auto \| Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV:64bit: - [2009.11.18 11:14:26 \| 000,098,208 \| ---- \| M] (Andrea Electronics Corporation) [Auto \| Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009.07.14 03:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 \| 000,193,536 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.02.15 14:30:18 \| 000,158,856 \| R--- \| M] (Skype Technologies) [Disabled \| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.09 15:13:24 \| 002,143,552 \| ---- \| M] (TuneUp Software) [Auto \| Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.08 14:10:35 \| 000,494,424 \| ---- \| M] (IObit) [Auto \| Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2011.11.29 11:50:03 \| 002,916,736 \| ---- \| M] (TeamViewer GmbH) [Disabled \| Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2010.03.18 14:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.10 06:34:52 \| 000,539,240 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 01:13:38 \| 000,503,352 \| ---- \| M] () [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 15:33:35 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.03 07:13:46 \| 000,170,104 \| ---- \| M] (ESET) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010.09.02 01:52:50 \| 003,065,408 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.08.04 01:17:58 \| 006,856,704 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.03 22:23:28 \| 010,342,240 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.08.03 22:23:28 \| 010,342,240 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.08.03 22:22:52 \| 000,264,192 \| ---- \| M] (Advanced Micro Devices, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.08.03 04:08:42 \| 000,158,976 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.07.29 13:31:26 \| 000,141,264 \| ---- \| M] (ESET) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010.07.29 13:31:26 \| 000,126,320 \| ---- \| M] (ESET) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2010.07.20 14:26:42 \| 000,102,952 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.07.20 14:26:38 \| 000,135,720 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.07.20 14:26:34 \| 000,021,544 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.07.15 09:47:42 \| 000,116,240 \| ---- \| M] (ATI Technologies, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.07.14 07:25:38 \| 000,344,616 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.05.27 23:32:56 \| 000,320,560 \| ---- \| M] (Synaptics Incorporated) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.04.12 10:55:00 \| 000,091,568 \| ---- \| M] (PowerISO Computing, Inc.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2010.03.02 15:37:40 \| 000,039,464 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.07.14 03:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 \| 000,023,104 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.02.09 14:16:38 \| 000,011,856 \| ---- \| M] (TuneUp Software) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.09.23 10:39:56 \| 000,225,280 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = startsear.ch/?aff=2&cf=12765e67-e6ce-11e0-8a3a-70f3952c7ad5 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{AD1CB3F2-3C11-4CB9-89C1-E52BDA92D153}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{DD1B7858-F96E-4625-A6A1-5A2012D1B471}: "URL" = startsear.ch/?aff=1&src=sp&cf=12765.....ad5&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.hr/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 36 23 4E BE D3 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = startsear.ch/?aff=2&src=sp&cf=12765.....ad5&q={searchTerms} IE - HKCU\..\SearchScopes\{AD1CB3F2-3C11-4CB9-89C1-E52BDA92D153}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DD1B7858-F96E-4625-A6A1-5A2012D1B471}: "URL" = startsear.ch/?aff=1&src=sp&cf=12765.....ad5&q={searchTerms} IE - HKCU\..\SearchScopes\{DE7C02B2-A36E-40E9-A77C-2F4C09479A77}: "URL" = startsear.ch/?aff=1&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JACOB\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JACOB\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.31 22:46:04 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.12.23 19:47:42 \| 000,000,000 \| ---D \| M] [2012.03.31 22:46:10 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\JACOB\AppData\Roaming\Mozilla\Extensions [2012.03.31 22:46:04 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.03.13 06:38:06 \| 000,097,208 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 08:42:12 \| 000,001,538 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.03.13 07:33:26 \| 000,002,252 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 08:42:12 \| 000,000,769 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2012.03.13 08:42:12 \| 000,000,786 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eudict.xml [2012.03.13 07:33:26 \| 000,002,040 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [2012.03.13 08:42:12 \| 000,001,193 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-hr.xml ========== Chrome ========== CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = startsear.ch/?aff=1&src=sp&cf=12765.....ad5&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JACOB\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\JACOB\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: sportske.jutarnji.hr/ = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlefpaplappheabfbbkaedkkiknfhao\2011.12.14.31284_0\ CHR - Extension: jutarnji.hr/ = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbgfbdddhicgkcgjjgomfdjopkfejah\2011.11.29.19803_0\ CHR - Extension: Slinky Elegantan = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.4_0\ CHR - Extension: 24sata.hr/ = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\efapnjmdcpiaamhandnomjecjjlkjlkg\2011.12.14.31263_0\ CHR - Extension: novilist.hr/ = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\epghgebbhpfdnppoomkcjlbbekaegjom\2011.12.14.31277_0\ CHR - Extension: dnevnik.hr/ = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgnhmbbjfhddimachplkoeikbkpghdi\2011.12.14.31269_0\ CHR - Extension: slobodnadalmacija.hr/ = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\iammeahfighnfilcmlmphgdejdkepcbn\2011.12.14.31291_0\ CHR - Extension: index.hr/ = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikdjjfgmeiekflicncbniocdddoeanpj\2011.12.14.31267_0\ CHR - Extension: tportal.hr/ = C:\Users\JACOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\niophloiekgcnkikajadbccbaikmfbma\2011.12.14.31303_0\ O1 HOSTS File: ([2009.06.10 23:00:26 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\64\AutocompletePro64.dll (SimplyGen) O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity) O4 - Startup: C:\Users\JACOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77A1D742-16FE-4F64-BAC5-2873CE900643}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F927C3CD-BEDF-406E-ADD9-9BB9BC997975}: DhcpNameServer = 10.5.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\googleearth.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\googleearth.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4184cf6b-2da2-11e1-9b20-78e400b09a24}\Shell - "" = AutoRun O33 - MountPoints2\{4184cf6b-2da2-11e1-9b20-78e400b09a24}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE /AUTORUN O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit: - HKLM\..comfile [open] -- "%1" % O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.01 17:27:23 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield [2012.04.01 17:26:56 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MCShield [2012.04.01 17:26:56 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\MCShield [2012.03.31 22:46:10 \| 000,000,000 \| ---D \| C] -- C:\Users\JACOB\AppData\Roaming\Mozilla [2012.03.31 22:46:03 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Mozilla Firefox [2012.03.30 17:22:56 \| 000,000,000 \| ---D \| C] -- D:\Documents\Pašk Kačinari Ako me likvidiraju, naručitelji neće dobro proći - Dnevno.hr_files [2012.03.04 03:58:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2012.03.04 03:15:33 \| 000,000,000 \| ---D \| C] -- C:\Users\JACOB\AppData\Local\VS Revo Group ========== Files - Modified Within 30 Days ========== [2012.04.01 17:32:36 \| 000,726,444 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.01 17:32:36 \| 000,616,242 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.01 17:32:36 \| 000,106,622 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.01 17:27:43 \| 000,001,092 \| ---- \| M] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk [2012.04.01 17:27:08 \| 000,014,448 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.01 17:27:08 \| 000,014,448 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.01 17:19:43 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012.04.01 17:19:37 \| 2307,280,896 \| -HS- \| M] () -- C:\hiberfil.sys [2012.03.31 22:46:06 \| 000,001,134 \| ---- \| M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.03.31 21:07:40 \| 000,000,583 \| ---- \| M] () -- C:\Users\JACOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk [2012.03.30 17:22:56 \| 000,202,379 \| ---- \| M] () -- D:\Documents\Pašk Kačinari Ako me likvidiraju, naručitelji neće dobro proći - Dnevno.hr.htm [2012.03.25 12:56:04 \| 000,000,958 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1322857161-1813494267-1219462367-1000UA.job [2012.03.25 12:56:03 \| 000,000,906 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1322857161-1813494267-1219462367-1000Core.job [2012.03.23 17:20:59 \| 000,002,401 \| ---- \| M] () -- C:\Users\JACOB\Desktop\Google Chrome.lnk [2012.03.04 03:58:08 \| 000,000,782 \| ---- \| M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2012.04.01 17:27:43 \| 000,001,092 \| ---- \| C] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk [2012.03.31 22:46:06 \| 000,001,134 \| ---- \| C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.03.31 22:46:05 \| 000,001,065 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.03.31 21:07:40 \| 000,000,583 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk [2012.03.30 17:22:55 \| 000,202,379 \| ---- \| C] () -- D:\Documents\Pašk Kačinari Ako me likvidiraju, naručitelji neće dobro proći - Dnevno.hr.htm [2012.03.04 03:58:08 \| 000,000,782 \| ---- \| C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.18 16:33:16 \| 000,002,189 \| ---- \| C] () -- C:\Windows\SysWow64\atipblup.dat [2011.10.25 22:18:33 \| 000,233,472 \| ---- \| C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.10.05 11:07:04 \| 000,000,376 \| ---- \| C] () -- C:\Windows\ODBC.INI [2011.07.19 12:20:37 \| 000,000,017 \| ---- \| C] () -- C:\Users\JACOB\AppData\Local\resmon.resmoncfg [2011.05.29 23:20:41 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\cf7d08b3 [2011.05.29 23:20:41 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\cf30a427 [2011.05.29 23:20:39 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\e74f121b [2011.05.29 23:20:39 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\e7015f0b [2011.05.29 23:20:35 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\53985ddb [2011.05.29 23:20:35 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\534f14fb [2011.05.29 23:20:35 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\52e179d3 [2011.05.29 23:20:35 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\5295c883 [2011.05.29 23:20:21 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\ef7abdef [2011.05.29 23:20:21 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\ef2df3db [2011.05.29 23:18:55 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\b56f82bf [2011.05.29 23:18:55 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\b524471b [2011.05.29 23:18:52 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\5dd4a113 [2011.05.29 23:18:52 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\5d8ac131 [2011.05.29 23:18:34 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\b1ed6bd3 [2011.05.29 23:18:34 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\b1acc3c1 [2011.05.29 23:18:34 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\b141cd1b [2011.05.29 23:18:34 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\b0e8ac39 [2011.05.29 23:18:17 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\80647543 [2011.05.29 23:18:17 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\8015ae3f [2011.05.29 23:18:11 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\96caa797 [2011.05.29 23:18:11 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\966db563 [2011.05.29 23:18:11 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\96006c57 [2011.05.29 23:18:11 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\95bfdcb7 [2011.05.29 23:18:11 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\955d8cdf [2011.05.29 23:18:11 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\9445911f [2011.05.29 23:18:11 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\92bac0ff [2011.05.29 23:18:11 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\92720a53 [2011.05.29 23:18:10 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\8128d45b [2011.05.29 23:18:10 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\80ed314f [2011.05.29 23:18:10 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\80a6b1df [2011.05.29 23:18:10 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\806389fb [2011.05.29 23:18:10 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\7d55e513 [2011.05.29 23:18:10 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\7d0d1c3f [2011.05.26 13:59:54 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\67427253 [2011.05.26 13:59:54 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\66e9a29c [2011.05.26 13:59:39 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\dec4330e [2011.05.26 13:59:39 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\de6ea93b [2011.05.26 13:59:21 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\ede6e8e0 [2011.05.26 13:59:21 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\eda51b8c [2011.05.26 13:59:21 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\ed3f0af8 [2011.05.26 13:59:21 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\eceef6ee [2011.05.26 13:59:15 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\8b3c2d03 [2011.05.26 13:59:15 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\8af18913 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\d1d09353 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\d18d0c67 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\d13580f4 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\d0f90950 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\d0b235b8 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\cfb06897 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\ce2c870f [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\cdd74d9f [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\c96089f0 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\c91ff98c [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\c8d5ffc4 [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\c88c885b [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\c7b0443c [2011.05.26 13:59:04 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\c7633adf [2011.05.26 13:58:03 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\2a1760cf [2011.05.26 13:58:03 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\29d7714f [2011.05.26 13:58:03 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\295ba6fc [2011.05.26 13:58:03 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\290659bd [2011.05.26 13:57:46 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\a463842b [2011.05.26 13:57:46 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\a417560b [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\626059e3 [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\620d5eeb [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\618ea13f [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\614b4ed7 [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\6105995b [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\5ff1c928 [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\55e23e5b [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\559a273c [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\50df6c7f [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\50a0fda7 [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\5051424b [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\500e0797 [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\4f26b793 [2011.05.26 13:57:38 \| 000,004,634 \| ---- \| C] () -- C:\Users\JACOB\AppData\Roaming\32a790ef [2011.03.26 00:35:48 \| 000,004,608 \| ---- \| C] () -- C:\Users\JACOB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.27 20:28:28 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm.bin [2010.11.06 22:49:53 \| 000,000,000 \| ---- \| C] () -- C:\Windows\nsreg.dat [2010.08.25 20:34:30 \| 000,870,560 \| ---- \| C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.08.25 20:34:30 \| 000,127,868 \| ---- \| C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.08.25 19:52:00 \| 000,208,896 \| ---- \| C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.08.25 19:52:00 \| 000,143,360 \| ---- \| C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.08.03 22:23:30 \| 000,104,636 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.06.09 19:35:06 \| 000,002,189 \| ---- \| C] () -- C:\Windows\SysWow64\atipblag.dat < End of report >

Profil

Sass Drake Poslao: 01 Apr 2012 18:14 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo pokreni program OTL dvoklikom na ikonu. U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst: :files C:\Users\JACOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk :OTL O33 - MountPoints2\{4184cf6b-2da2-11e1-9b20-78e400b09a24}\Shell - "" = AutoRun O33 - MountPoints2\{4184cf6b-2da2-11e1-9b20-78e400b09a24}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE /AUTORUN O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE Klikni taster Run Fix; Izvještaj koji dobiješ iskopiraj ovde u poruci. Da li i dalje imaš problema sa unosom korisničkih imena i lozinki?

Profil

Maci Skener Poslao: 01 Apr 2012 20:26 Idi na vrh
offline Maci Skener Novi MyCity građanin Pridružio: 01 Apr 2012 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 01 Apr 2012 20:13 Nemam problema sa unosom imena i lozinke,to je nestalo onoga trenutka kad sam stopirao(pritisnuo END) u task manager-u na Isass.exe koji je se palio prilikom startanja racunala. Evo text ========== FILES ========== C:\Users\JACOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk moved successfully. ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4184cf6b-2da2-11e1-9b20-78e400b09a24}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4184cf6b-2da2-11e1-9b20-78e400b09a24}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4184cf6b-2da2-11e1-9b20-78e400b09a24}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4184cf6b-2da2-11e1-9b20-78e400b09a24}\ not found. File F:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\SETUP.EXE /AUTORUN not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\SETUP.EXE not found. OTL by OldTimer - Version 3.2.39.2 log created on 04012012_200953 Dopuna: 01 Apr 2012 20:26 Tipfeler.Nije nestalo u potpunosti ali prilikom nekakvih 10-ak ulaza na internet pretraživače samo se jednom dogodilo.Sad se vise ne dogadja.

Profil

Sass Drake Poslao: 01 Apr 2012 20:55 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Onda bi to bilo to. Potrebno je još da obaviš ove korake. -> Ponovo pokreni OTL i klikni na dugme CleanUp. -> U ASC izvještaju koji si postavio u prvoj poruci se vidi da korsitiš piratski AV program. Moja ti je preporuka da ili kupiš licencu za isti ili da ga deinstaliraš. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd. Nemoj koristiti piratske verzije AV programa!!! Napomena: ako odlučiš da ukloniš ESET-ov AV, obavezno to uradi kroz Start -> Control Panel -> Programs and Features i onda isprati ovo upustvo. -> Preporučujem ti da ostaviš MCShield jer će te čuvati od infekcija koje se prenose putem prenosivih diskova. Home Page MCShield-a: http://amf.mycity.rs/mcshield/ Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html Facebook stranica MCShield-a: http://www.facebook.com/MCShield -> Obavezno posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj. Pozdrav... :-)

Profil

Maci Skener Poslao: 01 Apr 2012 21:30 Idi na vrh
offline Maci Skener Novi MyCity građanin Pridružio: 01 Apr 2012 Poruke: 11	2Ovo se svidja korisnicima: TwinHeadedEagle, ThePhilosopher Registruj se da bi pohvalio/la poruku! Ne znam šta da ti kažem. Hvala Sass Drake,hvala ivance 95. Hvala šta ste utrošili vaše dragocjeno vrijeme na moj problem sa laptopom. Puno ste mi pomogli a i pokazali kakav sam neznalica šta se tiče wnds. Puno uspjeha i zdravlja.Pozdrav!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Spy.KeyLogger.NHI trojan

Ko je trenutno na forumu

Ukupno su 1156 korisnika na forumu :: 47 registrovanih, 8 sakrivenih i 1101 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: antonije64, Areal84, bozo13, celik, cikadeda, crnitrn, dragoljub11987, Duh sa sekirom, dushan, flash12, FOX, hooraay, Ivica1102, janbo, Karla, kjkszpj, krkalon, ksyyaj, laganini123, laurusri, Leonov, Lieutenant, mackenzie, mercedesamg, Metanoja, milenko crazy north, Mixelotti, ninareflex, Oscar, Parker, pavlo, pein, procesor, radoznao, ruger357, Sirius, stalja, stegonosa, styg, Trpe Grozni, uruk, Valter071, Vlad000, Webb, wolf431, yrraf, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by