MyCity » Ambulanta -> Arhiva Ambulante » Keylogger i ostale stetocine

Keylogger i ostale stetocine

Napisano na dan: 1.5.2013

Strana:
1
2

Keylogger i ostale stetocine

Sledeća strana

Pagination

Odgovori

Strana:
1
2

GTA Poslao: 01 Maj 2013 22:50 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Sa racunarom nemam trenutno nikakvih problema ali sam resio da se javim za svaki slucaj. Probao sam da instaliram neki keylogger (vise ne znam ni kako se zove) . Prilikom instalacije podesio sam ga da se sam prilikom podizanja sistema startuje ali takodje sam i podesio da ja mogu da pristupim njegovom interfejsu preko neke kombinacije tastera. Posto je instalacija prosla bez problema kada sam ponovo ukljucio racunar nisam mogao da pristupim njegovom interfejsu nikako (cak i pritiskanjem dugmica koje sam ranije podesio). Tog progama nije bilo ni u startup ni u procesima pa sam resio da pokrenem antivirus (Kingsoft antivirus 2012) koji je nasao nesto tj ovo: [Trojan] Win32.Malware.Generic.a.Cloud identification Summary:This is a Trojan virus. It might steal your private data and popup annoying advertisement. Path:C:\Windows.old\Users\Aleksandar\AppData\Local\Temp\7ZipSfx.000\Temporary.exe File Size:155.00KB(158720 Byte) File MD5:973d4ea9b32b9d71441e7a0c661122aa [Compress virus] Win32.Troj.Generic.Cloud identification Summary:Virus hidden in compressed file, it would induce users to execute to make infection. Path:C:\Windows.old\Users\Aleksandar\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\K.J_120831.exe Temporary.exe [Backdoor] Win32.Hack.Clack.a.Cloud identification Summary:This is a Backdoor program. Hacker can control your computer easily and your private data would be insecure. Path:C:\ProgramData\InstallMate\OptimizerPro\Custom.dll File Size:58.50KB(59904 Byte) File MD5:3b36e946e702810837754940382c8479 I posle je napisao da je popravio te fajlove DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Aleksandar at 22:47:14 on 2013-05-01 Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.44.2057.18.3070.1609 [GMT 2:00] . AV: Kingsoft Antivirus System Defense Enabled/Updated {B6A51389-A795-5AC9-13BA-F569D73F3FE8} AV: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kingsoft Antivirus System Defense Enabled/Updated {0DC4F26D-81AF-5547-290A-CE1BACB87555} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\dwm.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe c:\program files\kingsoft\kingsoft antivirus\kxescore.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe C:\Users\Aleksandar\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\sppsvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe C:\Users\Aleksandar\AppData\Local\Pokki\Engine\pokki.exe C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Windows\System32\RuntimeBroker.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\splwow64.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskhost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Q-Dir\Q-Dir.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mystart.incredibar.com/mb201?a=6PQQJoTQjn&i=26 BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Browse2save: {637A2016-768E-8577-2088-4FCB09FF9221} - c:\programdata\browse2save\51169940477a3.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE" uRun: [ABBYY Screenshot Reader Bonus] "c:\program files\abbyy pdf transformer 3.0\Bonus.ScreenshotReader.exe" -autorun uRun: [Pokki] "c:\users\aleksandar\appdata\local\pokki\engine\pokki.exe" mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [ACPW05EN] "c:\program files\acd systems\acdsee pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN mRun: [kxesc] "c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\aleksandar\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\aleksandar\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll TCP: NameServer = 89.216.1.40 89.216.1.50 TCP: Interfaces\{15A5B4B2-3359-4CCD-BA2A-B35A7CD8E3FC} : DHCPNameServer = 89.216.1.40 89.216.1.50 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= c:\progra~1\nvidia~1\3dvisi~1\nvStInit.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\reader 11.0\esl\AiodLite.dll",CreateReaderUserSettings . ============= SERVICES / DRIVERS =============== . R0 ansuwbmp;ansuwbmp;c:\windows\system32\drivers\ansuwbmp.sys [2012-7-26 43520] R0 kavbootc;kavbootc;c:\windows\system32\drivers\kavbootc.sys [2012-11-10 27240] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-11-9 242240] R1 KDHacker;KDHacker;c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [2012-11-10 125784] R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files\abbyy pdf transformer 3.0\NetworkLicenseServer.exe [2009-5-14 759048] R2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys [2012-11-10 164728] R2 kxescore;Kingsoft Core Service;c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [2012-11-10 123992] R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-4-15 3289208] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-2-9 383264] R3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [2012-11-10 82264] R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\drivers\Rt630x86.sys [2012-7-26 495104] R4 KUsbGuard;KUsbGuard;c:\program files\kingsoft\kingsoft antivirus\kusbquery.sys [2012-11-10 14200] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 HaozipVirtualCDBus;HaoZip Virtual Bus Driver;c:\windows\system32\drivers\HaoZipVirtualCDBus.sys [2012-7-24 115288] . =============== File Associations =============== . FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice] FileExt: .vbs: VBSFile="c:\windows\system32\WScript.exe" "%1" %* [UserChoice] FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs6\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-05-01 19:37:38 299008 ----a-w- c:\windows\system32\engokmad.dll 2013-04-30 17:15:03 -------- d-----w- c:\program files\Q-Dir 2013-04-18 20:00:55 -------- d-----r- c:\program files\Skype 2013-04-18 18:58:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-14 19:36:33 -------- d-----w- c:\program files\WhoCrashed 2013-04-07 12:16:16 -------- d-----w- c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2013-04-02 16:35:47 -------- d-----w- c:\users\aleksandar\appdata\local\vghd . ==================== Find3M ==================== . 2013-04-02 22:08:01 78176 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-02 22:08:01 692576 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-19 22:20:35 3393536 ----a-w- c:\windows\system32\win32k.sys 2013-03-09 17:19:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-09 17:19:55 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-07 04:47:06 5575400 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-02 08:23:01 847360 ----a-w- c:\windows\system32\reseteng.dll 2013-03-02 08:23:00 375808 ----a-w- c:\windows\system32\ReAgent.dll 2013-03-02 08:22:18 361984 ----a-w- c:\windows\system32\MFMediaEngine.dll 2013-02-21 10:30:16 1766912 ----a-w- c:\windows\system32\wininet.dll 2013-02-21 10:30:12 661504 ----a-w- c:\windows\system32\uxtheme.dll 2013-02-21 10:29:39 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-02-15 06:35:40 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 01:30:04 44032 ----a-w- c:\windows\system32\UXInit.dll 2013-02-12 00:18:04 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-10 03:20:39 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-10 03:20:39 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll 2013-02-10 03:20:39 7964680 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-10 03:20:39 6267240 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-10 03:20:39 2726176 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-10 03:20:39 2528840 ----a-w- c:\windows\system32\nvapi.dll 2013-02-10 03:20:39 20534560 ----a-w- c:\windows\system32\nvoglv32.dll 2013-02-10 03:20:39 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-10 03:20:39 17560352 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-10 03:20:39 15038296 ----a-w- c:\windows\system32\nvd3dum.dll 2013-02-10 03:20:39 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll 2013-02-10 03:20:39 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll 2013-02-10 00:35:07 4115232 ----a-w- c:\windows\system32\nvcpl.dll 2013-02-10 00:35:07 3010336 ----a-w- c:\windows\system32\nvsvc.dll 2013-02-10 00:35:03 634144 ----a-w- c:\windows\system32\nvvsvc.exe 2013-02-10 00:35:02 62752 ----a-w- c:\windows\system32\nvshext.dll 2013-02-10 00:35:02 223008 ----a-w- c:\windows\system32\nvmctray.dll 2013-02-09 17:43:52 555808 ----a-w- c:\windows\system32\nvStreaming.exe 2013-02-07 01:49:00 58088 ----a-w- c:\windows\system32\drivers\pdc.sys 2013-02-07 01:34:00 8856576 ----a-w- c:\windows\system32\twinui.dll 2013-02-07 01:33:03 2033664 ----a-w- c:\windows\system32\authui.dll 2013-02-07 01:33:01 754176 ----a-w- c:\windows\system32\actxprxy.dll 2013-02-05 22:33:01 492544 ----a-w- c:\windows\system32\drivers\srv2.sys 2013-02-05 22:30:11 304128 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2013-02-05 22:29:51 195584 ----a-w- c:\windows\system32\drivers\srvnet.sys 2013-02-05 22:29:51 167424 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2013-02-02 09:53:24 1614568 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-02-02 09:19:59 817384 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-02-02 09:19:59 1817320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-02 09:00:12 332520 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-02-02 09:00:11 361704 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS 2013-02-02 09:00:08 302312 ----a-w- c:\windows\system32\drivers\storport.sys 2013-02-02 09:00:04 53992 ----a-w- c:\windows\system32\drivers\crashdmp.sys 2013-02-02 08:39:59 325632 ----a-w- c:\windows\system32\schannel.dll 2013-02-02 08:39:33 367104 ----a-w- c:\windows\system32\netprofmsvc.dll 2013-02-02 08:39:32 283136 ----a-w- c:\windows\system32\ncsi.dll 2013-02-02 08:39:28 5090816 ----a-w- c:\windows\system32\mstscax.dll 2013-02-02 08:39:15 157696 ----a-w- c:\windows\system32\mbsmsapi.dll 2013-02-02 08:39:04 179712 ----a-w- c:\windows\system32\hotspotauth.dll 2013-02-02 08:38:54 567808 ----a-w- c:\windows\system32\duser.dll 2013-02-02 07:32:14 242688 ----a-w- c:\windows\system32\drivers\ks.sys 2013-02-02 07:32:02 60416 ----a-w- c:\windows\system32\drivers\hidclass.sys 2013-02-02 07:31:49 30208 ----a-w- c:\windows\system32\drivers\BthAvrcpTg.sys 2013-02-02 05:41:57 1437184 ----a-w- c:\windows\system32\GdiPlus.dll . ============= FINISH: 22:47:53.73 =============== https://www.mycity.rs/must-login.png

Profil

magna86 Poslao: 01 Maj 2013 23:59 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Pozdrav, Korak#1 Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop. zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; dvoklikom pokreni zoek.exe; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sledeći tekst: `iedefaults;http://www.google.com {637A2016-768E-8577-2088-4FCB09FF9221};c c:\programdata\browse2save;fs` Klikni na dugme i pričekaj da se skeniranje završi. zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadrzaj tog loga u poruku. napomena: Ukoliko se desi da zoek po izvrsenju scripte i restarta racunara ne otvori notepad sa zoek logom, dovoljan je dvoklik na zoek.exe i alat ce automacki generisati, otvoriti notepad i izbaciti log ***************************** Korak#2 Ponovo pokreni zoek.exe kao sto si malopre ali kopiraj ovaj script: `OptimizerPro;z Temporary.exe;z c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1;vs c:\users\aleksandar\appdata\local\vghd;vs c:\program files\Q-Dir;vs c:\windows\system32\drivers\ansuwbmp.sys;i c:\windows\system32\engokmad.dll;i startupall; filesrcm; firefoxlook; chromelook; skipfix-iedefaults;` Klikni na dugme RunScript i postavi mi i taj zoek.log

Profil

GTA Poslao: 02 Maj 2013 18:56 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nesto sam zeznuo kada sam prvi put pokrenuo zoek.exe pa mije ostao zoek-results.log. Ako treba ja cu ponovo da ga pokrenem. Zoek.exe Version 4.0.0.2 Updated 23-04-2013 Tool run by Aleksandar on Thu 05/02/2013 at 18:45:16.33. Microsoft Windows 8 Pro with Media Center 6.2.9200 x86 Running in: Normal Mode Internet Access Detected ==== Folders Found ====================== 2013-03-10 19:24:06 2013-03-10 19:24:08 -------- d-----w- C:\ProgramData\BetterSoft\OptimizerPro 2013-03-10 19:24:06 2013-03-10 19:24:06 -------- d-----w- C:\ProgramData\InstallMate\OptimizerPro 2013-03-10 19:24:06 2013-03-10 19:24:08 -------- d-----w- C:\Users\All Users\BetterSoft\OptimizerPro 2013-03-10 19:24:06 2013-03-10 19:24:06 -------- d-----w- C:\Users\All Users\InstallMate\OptimizerPro 2013-03-10 19:24:06 2013-03-10 19:24:08 -------- d-----w- C:\Windows.old\Users\All Users\BetterSoft\OptimizerPro 2013-03-10 19:24:06 2013-03-10 19:24:06 -------- d-----w- C:\Windows.old\Users\All Users\InstallMate\OptimizerPro ==== Files Found ====================== ==== Folders Found In c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 ====================== 2013-04-07 12:16:16 d-----w- c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store 2013-04-07 12:16:18 d-----w- c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects 2013-04-07 12:16:19 d-----w- c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#ApplicationUpdater ==== Files Found In c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 ====================== 2013-04-07 12:16:18 35 ----a-w- 760FCA2DC2B18E30543493B04290322A c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects\s_br.sol 2013-04-07 12:16:19 230 ----a-w- A5E497535EC18F51290DB2B8D344D5E7 c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#ApplicationUpdater\state.xml 2013-04-07 14:21:25 18432 ----a-w- A31BAACF07782C8937BCC355CFE94274 c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\appDB.db 2013-04-07 14:21:25 225 ----a-w- 1410A5B0EBE29D6ADAF2C2AF7F17518C c:\users\aleksandar\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\chc-pref.xml ==== Folders Found In c:\users\aleksandar\appdata\local\vghd ====================== 2013-04-02 16:35:47 d-----w- c:\users\aleksandar\appdata\local\vghd\data 2013-04-02 16:35:49 d-----w- c:\users\aleksandar\appdata\local\vghd\data\skins 2013-04-02 16:35:49 d-----w- c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl 2013-04-02 16:35:49 d-----w- c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic 2013-04-02 16:35:49 d-----w- c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards 2013-04-02 16:35:49 d-----w- c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\news 2013-04-02 16:35:49 d-----w- c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\tutorial 2013-04-02 16:35:49 d-----w- c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige 2013-04-02 16:35:49 d-----w- c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\cards 2013-04-02 16:35:52 d-----w- c:\users\aleksandar\appdata\local\vghd\data\musics ==== Files Found In c:\users\aleksandar\appdata\local\vghd ====================== 2010-03-05 11:52:50 7866 ----a-w- 8D8294064FC1434167347B33ABE20B74 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\multicard.jpg 2010-03-05 11:52:50 7866 ----a-w- 8D8294064FC1434167347B33ABE20B74 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\multicard.jpg 2011-06-23 09:06:14 15558 ----a-w- 5B43FDAF32E5C557ED4039A2DA29F405 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\frequency.png 2011-06-23 09:06:14 15558 ----a-w- 5B43FDAF32E5C557ED4039A2DA29F405 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\frequency.png 2011-06-23 09:11:56 11908 ----a-w- 1B145F177ED498C15528927211B08FDB c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\sound.png 2011-06-23 09:11:56 11908 ----a-w- 1B145F177ED498C15528927211B08FDB c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\sound.png 2011-06-23 09:14:00 22009 ----a-w- 2920124B0A749F2C972274C1748A0E15 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\erotic_level.png 2011-06-23 09:14:00 22009 ----a-w- 2920124B0A749F2C972274C1748A0E15 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\erotic_level.png 2011-06-24 13:17:10 15143 ----a-w- 602CA97D2A7F0716CD9FB4AC597DD1FA c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\screensaver_outer_space.png 2011-06-24 13:17:10 15143 ----a-w- 602CA97D2A7F0716CD9FB4AC597DD1FA c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\screensaver_outer_space.png 2011-06-24 13:17:30 11658 ----a-w- B6BDAECF185D0000850B0CB5BDA34961 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\screensaver_classic.png 2011-06-24 13:17:30 11658 ----a-w- B6BDAECF185D0000850B0CB5BDA34961 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\screensaver_classic.png 2011-06-24 13:20:42 19660 ----a-w- 8A85D04F1175229BE656994030B91908 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\screensaver_background_pics.png 2011-06-24 13:20:42 19660 ----a-w- 8A85D04F1175229BE656994030B91908 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\screensaver_background_pics.png 2011-06-24 13:21:08 11570 ----a-w- AFAC894B8B3D9AA82AAB00DAD6062B9C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\screensaver_redlight_club.png 2011-06-24 13:21:08 11570 ----a-w- AFAC894B8B3D9AA82AAB00DAD6062B9C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\screensaver_redlight_club.png 2011-06-24 13:21:44 17503 ----a-w- DE07588DED9C447E33CEE2CC76F18D08 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\screensaver_strip_bar.png 2011-06-24 13:21:44 17503 ----a-w- DE07588DED9C447E33CEE2CC76F18D08 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\screensaver_strip_bar.png 2011-06-24 13:22:22 14990 ----a-w- 3E2AABCCC2503B9148F27D1A9875AB8D c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\activation.png 2011-06-24 13:22:22 14990 ----a-w- 3E2AABCCC2503B9148F27D1A9875AB8D c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\activation.png 2011-07-11 13:52:38 1535 ----a-w- 6E7FD5F1FED7DFC4C45C4490E171B510 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\position_left.png 2011-07-11 13:52:38 1535 ----a-w- 6E7FD5F1FED7DFC4C45C4490E171B510 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\position_left.png 2011-07-11 13:53:26 1486 ----a-w- 812DD183ECF4102FD652F1CAD5AFF9E4 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\position_right.png 2011-07-11 13:53:26 1486 ----a-w- 812DD183ECF4102FD652F1CAD5AFF9E4 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\position_right.png 2011-07-11 13:54:06 19139 ----a-w- A26BCC4F13D4E5F417FF3BDBC33FDE4C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\background.png 2011-07-11 13:54:06 19139 ----a-w- A26BCC4F13D4E5F417FF3BDBC33FDE4C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\background.png 2011-07-11 13:57:10 9585 ----a-w- 57FEACAADB14D410CD2792386E686442 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\appearance.png 2011-07-11 13:57:10 9585 ----a-w- 57FEACAADB14D410CD2792386E686442 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\appearance.png 2011-07-25 12:19:58 8060 ----a-w- 834F6BB9FD95F826986F4ABEFB706A63 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\position_2screens_off.png 2011-07-25 12:19:58 8060 ----a-w- 834F6BB9FD95F826986F4ABEFB706A63 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\position_2screens_off.png 2011-07-25 12:49:40 8083 ----a-w- AB58842A58543D7C844E58BD80761671 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\position_2screens_on.png 2011-07-25 12:49:40 8083 ----a-w- AB58842A58543D7C844E58BD80761671 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\position_2screens_on.png 2011-07-26 16:22:18 8144 ----a-w- 525FCD4D5496F8E1257A74A1FCDB0F26 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\avatar.png 2011-07-26 16:22:18 8144 ----a-w- 525FCD4D5496F8E1257A74A1FCDB0F26 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\avatar.png 2011-08-16 12:12:50 5 ----a-w- 5E867CB535797CF84B25640AAE39853C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\version.txt 2011-08-16 12:12:50 5 ----a-w- 5E867CB535797CF84B25640AAE39853C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\version.txt 2011-09-07 14:58:44 12557 ----a-w- 0217B969685E2898AB0B49262A6FBF40 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\logo.png 2011-09-07 14:58:44 12557 ----a-w- 0217B969685E2898AB0B49262A6FBF40 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\logo.png 2011-09-12 13:11:52 214978 ----a-w- C139E3BD0F278DF6C4A298377273DCE4 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\img_left.jpg 2011-09-30 14:02:56 46971 ----a-w- A06D5232476E655A566199381C556573 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\silhouette.png 2011-10-10 14:55:46 51171 ----a-w- 7DBA0F8641AC8E6C90185AF8A38ED9AE c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\silhouette_male.png 2011-12-08 14:35:28 208585 ----a-w- E171D43D921DA4FB46BC900AF60F262D c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\tutorial\tuto-ecran1.jpg 2011-12-08 14:39:50 293783 ----a-w- A31C4CAD77A37E5BE63DBFE275DA272C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\tutorial\tuto-ecran3.jpg 2011-12-08 14:44:26 356430 ----a-w- 1F80C9536468ACA6E652AD42CB9CB51F c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\tutorial\tuto-ecran5.jpg 2012-01-02 13:54:42 3858 ----a-w- 114670293723F87D881CEDF539EE1669 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\cards\bottomLeft.png 2012-01-02 13:55:30 4052 ----a-w- 4064C257B2F125EEE9CBE6A0BC0FC79C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\cards\topRight.png 2012-01-13 08:21:34 46992 ----a-w- 5633C09E9A45DB00FE92F1A52914B18A c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards\hidden5.png 2012-01-13 08:21:48 46733 ----a-w- 6D6F14528DB8BC4D7F96307EB7BD72FD c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards\hidden4.png 2012-01-13 08:21:56 46375 ----a-w- 8A3E5BCE49B7DD7C1CB1A612B312326F c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards\hidden3.png 2012-01-13 08:22:06 45831 ----a-w- BECA6C9399C58CBF080C82D6F42F9233 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards\hidden2.png 2012-01-13 08:22:18 45136 ----a-w- 23CAF7D2AE070C1B4A4963557D050161 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards\hidden1.png 2012-01-19 16:34:06 23551 ----a-w- 1079319108D74134FF0E46AF22C4C512 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\desktop.jpg 2012-01-19 16:34:06 23551 ----a-w- 1079319108D74134FF0E46AF22C4C512 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\desktop.jpg 2012-01-20 11:50:00 116879 ----a-w- A36DC2862C556788075280691F67B60E c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\img_left.jpg 2012-01-26 09:22:04 47233 ----a-w- 90E5D6FBEF8E4E4EEE01D29EC5D692BA c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\silhouette.png 2012-01-26 09:22:18 51426 ----a-w- D734711C225D562996E950AF8879CB35 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\silhouette_male.png 2012-01-26 12:14:18 4187 ----a-w- 0F6A81FE27BC007ED66C0EBFEB99B291 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards\topRight.png 2012-01-26 12:14:26 4029 ----a-w- F712CB1921F32E21AE46CF6AD3A440DA c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards\bottomLeft.png 2012-01-27 13:36:24 47800 ----a-w- C1BDD8320756CC038FA55A8EE5FC603F c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\cards\hidden.png 2012-02-10 11:20:54 145479 ----a-w- C22F25A3ED229AB9658F64D77E726DC7 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\register_sticker.png 2012-02-10 12:45:08 10211 ----a-w- D362391AED63689925AD92661E828132 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\peertopeer_img_left.png 2012-02-10 12:46:14 54474 ----a-w- 9609CB42CB64D9A991A4CF055DCB114F c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\peertopeer_img_right.png 2012-02-20 14:06:16 339196 ----a-w- B2D874921F5C838278D6F6EA6AFDB7A2 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\tutorial\tuto-ecran2.jpg 2012-02-20 14:06:28 344515 ----a-w- 7DE735194203E6891D3E53C3544F9086 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\tutorial\tuto-ecran4.jpg 2012-03-20 13:59:20 5602 ----a-w- 8547092DFF57E748C607A028FA358186 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\size_big.png 2012-03-20 13:59:32 3306 ----a-w- 568160396D85F186FF5BF0E58C904D3D c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\size_small.png 2012-09-24 08:27:42 58879 ----a-w- DF32DB745B160942C0BE68C5874B1F71 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\news\news_left_01.png 2012-09-28 12:15:42 60381 ----a-w- AA94C5CA9B83CFE27D00F58B6F08CEC2 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\news\news_left_02.png 2012-10-03 09:41:20 17707 ----a-w- 8EC88876E1DFA3C336B2DACF13AE9CE3 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\skinThumbnail.png 2012-10-11 09:53:56 514 ----a-w- BF69981512BF2202464C2DFB743788FF c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\palette.txt 2012-10-11 09:53:56 972 ----a-w- A08C61DC786CF5370D57F2D2135AAA34 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\beige\palette.txt 2012-10-12 13:29:44 7697 ----a-w- D39CED060F8EADD39D2C514A4AF52131 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\name.png 2012-11-08 09:02:56 16169 ----a-w- 9614B3405DD9486B186BD6D1602AF201 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\news\news_silver.png 2012-11-08 09:04:32 26970 ----a-w- 7A796D23704EDD9BFBEF9975164DF540 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\news\news_vip.png 2012-11-08 09:05:32 16622 ----a-w- CD9F4018D6EC1007AD2A92EA51E12C2C c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\news\news_platinum.png 2012-11-08 09:06:14 26575 ----a-w- F1BE6ED1FAADE891156216F853BBD162 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\news\news_gold.png 2012-11-08 09:07:06 26805 ----a-w- 53E6D17900D90BDD9526E92DB5B32D75 c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\news\news_bronze.png 2013-04-02 16:35:52 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E c:\users\aleksandar\appdata\local\vghd\data\musics\musiclist.mpl 2013-04-02 16:46:52 19266 ----a-w- B03247AEC4D89FF5E4049204052D3AFC c:\users\aleksandar\appdata\local\vghd\data\skins\VirtuaGirl\basic\skinThumbnail.png ==== Files Found In c:\program files\Q-Dir ====================== 2013-04-30 17:14:51 738816 ----a-w- 27ED75D1F79754F5A11A32EDCF56C03F c:\program files\Q-Dir\Q-Dir.exe 2013-04-30 17:15:03 1743 ----a-w- 419F862115AC5B47A019668A11BD68F3 c:\program files\Q-Dir\Uninstall Q-Dir.lnk 2013-04-30 17:15:03 624 ----a-w- ADB0D306F89EDE33C6CB819FA46604F2 c:\program files\Q-Dir\Q-Dir_Uninstall.ini ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ALEKSA~1\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-05-02 07:30:03 949968947C9780AADFC2D163F8BBCD24 441256 ----a-w- C:\Windows\System32\FNTCACHE.DAT 2013-05-01 19:37:38 655FA2F098D32662EF901E7823715653 299008 ----a-w- C:\Windows\System32\engokmad.dll 2013-04-18 19:59:39 7EC4566DE452313441841EB543B583DA 5575400 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-18 19:59:39 598592A1D705509603092701D591C635 3393536 ----a-w- C:\Windows\System32\win32k.sys 2013-04-18 19:59:36 BB494AA9267EBD12DEC13025C2CE9359 375808 ----a-w- C:\Windows\System32\ReAgent.dll 2013-04-18 19:59:36 AC73B3669DF91270F175526B6BA98FB6 847360 ----a-w- C:\Windows\System32\reseteng.dll 2013-04-18 19:59:35 D017BF8D92938EEB9B3A1D1C53FDA152 14323200 ----a-w- C:\Windows\System32\mshtml.dll 2013-04-18 19:59:24 0B6118058942961D504AAEA04FECB116 13761024 ----a-w- C:\Windows\System32\ieframe.dll 2013-04-18 19:59:22 9B59687619B27CDA24638CDC3AF079FB 2877440 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-18 19:59:21 CFE0CEE587F9CEA4C29DEEC6D85FC91C 1766912 ----a-w- C:\Windows\System32\wininet.dll 2013-04-18 19:59:21 B5DEC0D4CBBC333CA99FE10B06D4747E 2046464 ----a-w- C:\Windows\System32\iertutil.dll 2013-04-18 19:59:20 BAF6366E886EA8320AE194CC8992A4FB 661504 ----a-w- C:\Windows\System32\uxtheme.dll 2013-04-18 19:59:20 6EF6B6EACCA13DD6131624E0DD5C14A3 690688 ----a-w- C:\Windows\System32\jscript.dll 2013-04-18 19:59:20 69CB1A65B835EE6ADF9E16ED6D443072 1129984 ----a-w- C:\Windows\System32\urlmon.dll 2013-04-18 19:59:19 F532B056147F251D480F7E5FF0758947 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-04-18 19:59:19 BFDD0C5F3E435596F197F003609989C4 61440 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-18 19:59:19 B5D742C535D37A7DA0649E03B32CAD80 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2013-04-18 19:59:19 A7CFDA703AF9AD409DAA521487E0CB53 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-18 19:59:19 87B775A458A73BB7381E5B67B5652496 39424 ----a-w- C:\Windows\System32\jsproxy.dll 2013-04-18 18:58:00 D0F47BFDDE810912F65E079B5956D6C7 94112 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-04-30 17:15:03 -------- d-----w- C:\Program Files\Q-Dir 2013-04-18 20:00:55 -------- d-----w- C:\Program Files\Common Files\Skype 2013-04-18 20:00:55 -------- d-----r- C:\Program Files\Skype 2013-04-14 19:36:33 -------- d-----w- C:\Program Files\WhoCrashed ======= C: ===== ====== C:\Users\Aleksandar\AppData\Roaming ====== 2013-04-14 19:40:46 97714B08BEBA05452295AAD918075426 6545 ----a-w- C:\users\Aleksandar\AppData\Local\Temp8.html 2013-04-14 19:40:39 8114A987A22F5DF604DAE6A8548A54B4 2021 ----a-w- C:\users\Aleksandar\AppData\Local\Temp1.html 2013-04-14 19:39:38 DAD0204A454B8A5A8F7A3E34CD608443 6545 ----a-w- C:\users\Aleksandar\AppData\Local\Temp10.html 2013-04-07 12:16:16 -------- d-----w- C:\users\Aleksandar\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 ====== C:\Users\Aleksandar ====== 2013-04-30 17:15:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir 2013-04-18 20:00:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2013-04-12 16:55:28 9CE3C251976536C43A5F6F5D78AE39A8 9216 ----a-w- C:\ProgramData\ppe_fleetdb.vdb ====== C: exe-files == 2013-05-02 16:40:11 2F1444DF9FE8DA567D1C4B7EA1F5E261 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-510567507-3264354723-3025388037-1001\$IZMCZAP.exe 2013-05-02 16:39:36 E85665A5522072176E7F14977491AF35 1273277 ----a-w- C:\$Recycle.Bin\S-1-5-21-510567507-3264354723-3025388037-1001\$RZMCZAP.exe 2013-04-30 17:15:03 27ED75D1F79754F5A11A32EDCF56C03F 738816 ----a-w- C:\Program Files\Q-Dir\Q-Dir.exe 2013-04-29 21:32:06 27ED75D1F79754F5A11A32EDCF56C03F 738816 ----a-w- C:\Users\Aleksandar\Downloads\Q-Dir_Installer\Q-Dir_Installer.exe 2013-04-26 08:26:21 FCCC3B6980D5F0387CE9718FE82F7B67 106104 ----a-w- C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\MSIExecWatcher.exe === C: other files == 2013-04-30 17:12:06 2EF0A41F79A1352BE7FDC4B4194BE920 468229 ----a-w- C:\Users\Aleksandar\Downloads\Q-Dir_Installer.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-510567507-3264354723-3025388037-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "ABBYY Screenshot Reader Bonus"="C:\Program Files\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe -autorun" "Pokki"=""%LOCALAPPDATA%\Pokki\Engine\pokki.exe" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "ACPW05EN"="C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe /pid ACPW05EN" "kxesc"="c:\program files\kingsoft\kingsoft antivirus\kxetray.exe -autorun" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AdobeCS6ServiceManager"="C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "ABBYY Screenshot Reader Bonus"="C:\Program Files\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe -autorun" "Pokki"=""%LOCALAPPDATA%\Pokki\Engine\pokki.exe" " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/12/2013 08:38 PM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [11/09/2012 11:42 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [11/09/2012 11:42 PM] C:\Windows\tasks\schedule\Undertermined Task.exe [] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\IB Updater\source.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[04/15/2013 03:29 PM] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Aleksandar\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx[11/10/2012 10:38 PM] Google Search - Aleksandar - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf BroowaSe2SSave - Aleksandar - Default\Extensions\fpcekjmgdbadcbfoeehllenljpiieopg mydeco 3D planner - Aleksandar - Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi Autodesk Homestyler - Aleksandar - Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb Auto HD For YouTube - Aleksandar - Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak Skype for Chromium - Aleksandar - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Browse2save - Aleksandar - Default\Extensions\opjohfoomccljbagcadbnjlnnamnlfco ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {8561D308-87A3-4503-92E2-3272231E16FD} Ask Search Url="http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^RS&apn_uid=cca943dc-f1dc-472e-af1d-580f392d7764&apn_sauid=EE28AB31-4685-43E3-8DF5-F918E77441BA" {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} MyStart Search Url="http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQQJoTQjn&i=26" https://www.mycity.rs/must-login.png

Profil

magna86 Poslao: 02 Maj 2013 19:46 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U redu je. Ponovo pokreni Zoek.exe kao sto si malopre ali kopiraj ovaj script: C:\ProgramData\BetterSoft\OptimizerPro;f C:\ProgramData\InstallMate\OptimizerPro;f C:\Users\All Users\BetterSoft\OptimizerPro;f C:\Users\All Users\InstallMate\OptimizerPro;f emptyrecycle.bin; dlnembnfbcpjnepmfjmngjenhhajpdfd;chr C:\Program Files\IB Updater;fs fpcekjmgdbadcbfoeehllenljpiieopg;chr opjohfoomccljbagcadbnjlnnamnlfco;chr [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8561D308-87A3-4503-92E2-3272231E16FD}];r [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}];r emptyalltemp; autoclean; Klikni na dugme RunScript. Log koji dobijes kopiraj u poruku.

Profil

GTA Poslao: 02 Maj 2013 20:24 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zoek.exe Version 4.0.0.2 Updated 23-04-2013 Tool run by Aleksandar on Thu 05/02/2013 at 20:17:14.09. Microsoft Windows 8 Pro with Media Center 6.2.9200 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-510567507-3264354723-3025388037-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8561D308-87A3-4503-92E2-3272231E16FD} deleted successfully HKEY_USERS\S-1-5-21-510567507-3264354723-3025388037-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8561D308-87A3-4503-92E2-3272231E16FD}] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}] ==== Deleting Files \ Folders ====================== "C:\Program Files\IB Updater" not found "C:\Windows\tasks\schedule3036567561.job" not found "C:\user.js" deleted "C:\Windows\system32\roboot.exe" deleted "C:\Users\Aleksandar\AppData\Roaming\Q-Dir\start.qdr" deleted "C:\ProgramData\BetterSoft\OptimizerPro" deleted "C:\ProgramData\InstallMate\OptimizerPro" deleted "C:\Users\All Users\BetterSoft\OptimizerPro" deleted "C:\Users\All Users\InstallMate\OptimizerPro" deleted "C:\Users\Aleksandar\AppData\Roaming\Q-Dir" deleted "C:\ProgramData\BroowaSe2SSave" deleted "C:\ProgramData\Search-NewTab" deleted "C:\Program Files\Common Files\DVDVideoSoft\TB" deleted "C:\Users\Aleksandar\AppData\Roaming\NCdownloader" deleted "C:\Users\Aleksandar\AppData\Roaming\Systweak" deleted "C:\ProgramData\BetterSoft" deleted "C:\ProgramData\RightClick" deleted "C:\ProgramData\SoftSafe" deleted "C:\ProgramData\InstallMate" deleted "C:\ProgramData\Search-NewTab" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save" deleted "C:\Users\Aleksandar\AppData\Local\APN" deleted "C:\Users\Aleksandar\AppData\Local\PackageAware" deleted "C:\Users\Aleksandar\AppData\LocalLow\Search-NewTab" deleted "C:\Users\Aleksandar\AppData\LocalLow\Search-NewTab" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\IB Updater\source.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[04/15/2013 03:29 PM] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Aleksandar\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx[11/10/2012 10:38 PM] Google Search - Aleksandar - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf BroowaSe2SSave - Aleksandar - Default\Extensions\fpcekjmgdbadcbfoeehllenljpiieopg mydeco 3D planner - Aleksandar - Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi Autodesk Homestyler - Aleksandar - Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb Auto HD For YouTube - Aleksandar - Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak Skype for Chromium - Aleksandar - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Browse2save - Aleksandar - Default\Extensions\opjohfoomccljbagcadbnjlnnamnlfco ==== Chrome Fix ====================== C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpcekjmgdbadcbfoeehllenljpiieopg deleted successfully C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjohfoomccljbagcadbnjlnnamnlfco deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully ==== Empty IE Cache ====================== C:\Users\Aleksandar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully

Profil

magna86 Poslao: 02 Maj 2013 20:49 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, ovo dobro izgleda. U prvom koraku radimo dodatno ciscenje mogucih ostataka a potom u drugom koraku vrsimo dodatnu proveru: Korak#1 Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop Dvoklikom pokreni program. Klikni na dugme [Delete] i pricekaj da program zavrsi. Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu. Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt ****************************** Korak#2 Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop Note: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom. Tvoj Windows je 32bitna verzija. Dvoklikom pokreni FRST; Kada se alat startuje, klikni Yes na disclaimer. Klikni na dugme Scan; Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan. Iskopiraj sadrzaj tog loga u poruku. Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

Profil

GTA Poslao: 02 Maj 2013 22:48 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo ovog izvestaja Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2013 Ran by Aleksandar (administrator) on 02-05-2013 22:43:49 Running from C:\Users\Aleksandar\Desktop Windows 8 Pro with Media Center (X86) OS Language: English(UK) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Kingsoft Corporation) c:\program files\kingsoft\kingsoft antivirus\kxescore.exe (ABBYY) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (Google Inc.) C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) C:\Windows\sppsvc.exe (Pokki) C:\Users\Aleksandar\AppData\Local\Pokki\Engine\pokki.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe (Pokki) C:\Users\Aleksandar\AppData\Local\Pokki\Engine\pokki.exe (Kingsoft Corporation) C:\Program Files\kingsoft\kingsoft antivirus\kxetray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Nenad Hrg (SoftwareOK.com)) C:\Program Files\Q-Dir\Q-Dir.exe (Farbar) C:\Users\Aleksandar\Desktop\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation) HKLM\...\Run: [ACPW05EN] "C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN [822384 2011-09-20] (ACD Systems) HKLM\...\Run: [kxesc] "c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun [1595056 2012-11-10] (Kingsoft Corporation) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd) HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation) HKCU\...\Run: [ABBYY Screenshot Reader Bonus] "C:\Program Files\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe" -autorun [939272 2010-01-25] (ABBYY) HKCU\...\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\pokki.exe" [x] ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Extension: (Google Search) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (mydeco 3D planner) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi\2.3_0 CHR Extension: (Autodesk Homestyler) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0 CHR Extension: (Auto HD For YouTube) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\3.8.4_0 CHR Extension: (Skype Click to Call) - C:\Users\Aleksandar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0 ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 kxescore; c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [123992 2012-11-10] (Kingsoft Corporation) R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-04-15] (Skype Technologies S.A.) R2 SLSvc; C:\Windows\sppsvc.exe [10240 2012-08-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13344 2013-01-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R0 ansuwbmp; C:\Windows\System32\DRIVERS\ansuwbmp.sys [43520 2012-07-26] () <===== ATTENTION R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [242240 2012-11-09] (DT Soft Ltd) S3 HaozipVirtualCDBus; C:\Windows\System32\drivers\HaoZipVirtualCDBus.sys [115288 2012-07-24] (Shanghai RuiChuang) R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [27240 2012-11-10] (Kingsoft Corporation) R1 KDHacker; c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [125784 2012-11-10] (Kingsoft Corporation) R2 kisknl; C:\Windows\system32\drivers\kisknl.sys [164728 2012-11-10] (Kingsoft Corporation) R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [82264 2012-11-10] (Kingsoft Corporation) R4 KUsbGuard; C:\Program Files\kingsoft\kingsoft antivirus\kusbquery.sys [14200 2012-11-10] (Kingsoft Corporation) S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-02 22:43 - 2013-05-02 22:43 - 00000000 ____D C:\FRST 2013-05-02 22:42 - 2013-05-02 22:42 - 01150987 ____A (Farbar) C:\Users\Aleksandar\Desktop\FRST.exe 2013-05-02 22:40 - 2013-05-02 22:40 - 00441256 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-02 22:39 - 2013-05-02 22:39 - 00001715 ____A C:\AdwCleaner[S1].txt 2013-05-02 22:38 - 2013-05-02 22:38 - 00628743 ____A C:\Users\Aleksandar\Desktop\adwcleaner.exe 2013-05-02 20:20 - 2013-05-02 21:04 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\Q-Dir 2013-05-02 20:18 - 2013-05-02 20:19 - 00000079 ____A C:\folders.log 2013-05-02 20:18 - 2013-05-02 20:19 - 00000000 ____D C:\zoek 2013-05-02 18:41 - 2013-05-02 20:19 - 00005462 ____A C:\zoek-results.log 2013-05-02 18:39 - 2013-05-02 18:39 - 01273277 ____A C:\Users\Aleksandar\Desktop\zoek.exe 2013-05-01 23:04 - 2013-05-01 23:04 - 00003718 ____A C:\Users\Aleksandar\Desktop\cc_20130501_230433.reg 2013-05-01 22:44 - 2013-05-01 22:44 - 00688992 ____R (Swearware) C:\Users\Aleksandar\Desktop\dds.scr 2013-05-01 21:37 - 2013-05-01 21:37 - 00299008 ____A C:\Windows\System32\engokmad.dll 2013-04-30 19:15 - 2013-04-30 19:15 - 00000000 ____D C:\Program Files\Q-Dir 2013-04-30 19:12 - 2013-04-30 19:12 - 00468229 ____A C:\Users\Aleksandar\Downloads\Q-Dir_Installer.zip 2013-04-23 10:34 - 2013-04-30 23:38 - 00000000 ____D C:\Users\Aleksandar\Desktop\ljiljana plasic poslala 2013-04-18 22:00 - 2013-04-26 09:37 - 00000000 ___RD C:\Program Files\Skype 2013-04-18 22:00 - 2013-04-18 22:00 - 01337960 ____A (Skype Technologies S.A.) C:\Users\Aleksandar\Downloads\SkypeSetup.exe 2013-04-18 22:00 - 2013-04-18 22:00 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-04-18 21:59 - 2013-03-20 00:20 - 03393536 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-18 21:59 - 2013-03-07 06:47 - 05575400 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-18 21:59 - 2013-03-02 10:23 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll 2013-04-18 21:59 - 2013-03-02 10:23 - 00375808 ____A (Microsoft Corporation) C:\Windows\System32\ReAgent.dll 2013-04-18 21:59 - 2013-02-21 12:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-18 21:59 - 2013-02-21 12:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-18 21:59 - 2013-02-21 12:30 - 00661504 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll 2013-04-18 21:59 - 2013-02-21 12:30 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-04-18 21:59 - 2013-02-21 12:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-18 21:59 - 2013-02-21 12:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-18 21:59 - 2013-02-21 12:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-18 21:59 - 2013-02-21 12:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-18 21:59 - 2013-02-21 12:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-18 21:59 - 2013-02-21 12:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-18 21:59 - 2013-02-21 12:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-04-18 21:59 - 2013-02-21 12:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-04-18 21:59 - 2013-02-21 12:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-18 20:58 - 2013-04-18 20:58 - 00000000 ____D C:\Program Files\Common Files\Java 2013-04-18 20:58 - 2013-04-04 05:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-04-18 20:58 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-04-18 20:58 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-04-18 20:57 - 2013-04-18 20:58 - 00003903 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log 2013-04-15 19:41 - 2013-04-15 19:41 - 00000000 ___HD C:\Users\Aleksandar\Desktop\[Originals] 2013-04-14 21:40 - 2013-04-14 21:40 - 00006545 ____A C:\Users\Aleksandar\AppData\Local\Temp8.html 2013-04-14 21:40 - 2013-04-14 21:40 - 00002021 ____A C:\Users\Aleksandar\AppData\Local\Temp1.html 2013-04-14 21:39 - 2013-04-14 21:39 - 00006545 ____A C:\Users\Aleksandar\AppData\Local\Temp10.html 2013-04-14 21:36 - 2013-04-30 19:13 - 00000000 ____D C:\Program Files\WhoCrashed 2013-04-14 21:35 - 2013-04-17 21:34 - 00000000 ____D C:\Windows\Minidump 2013-04-10 00:31 - 2013-05-01 12:54 - 00000000 ____D C:\Users\Aleksandar\Desktop\trenutni rad 2013-04-07 14:16 - 2013-04-07 14:16 - 00000000 ____D C:\Users\Public\Documents\Adobe 2013-04-07 14:16 - 2013-04-07 14:16 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2013-04-05 18:38 - 2013-04-05 18:38 - 01308302 ____A C:\Users\Aleksandar\Downloads\Poslovna etika i rukovodjenje.zip ==================== One Month Modified Files and Folders ======== 2013-05-02 22:43 - 2013-05-02 22:43 - 00000000 ____D C:\FRST 2013-05-02 22:42 - 2013-05-02 22:42 - 01150987 ____A (Farbar) C:\Users\Aleksandar\Desktop\FRST.exe 2013-05-02 22:40 - 2013-05-02 22:40 - 00441256 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-02 22:40 - 2013-02-10 00:25 - 00000000 ____D C:\Users\Aleksandar\AppData\Local\Pokki 2013-05-02 22:40 - 2013-02-09 20:48 - 00000454 ___AH C:\Windows\Tasks\schedule!3036567561.job 2013-05-02 22:40 - 2012-11-09 23:42 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-02 22:40 - 2012-07-26 08:04 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-02 22:40 - 2012-07-26 06:17 - 00262144 __ASH C:\Windows\System32\config\BBI 2013-05-02 22:39 - 2013-05-02 22:39 - 00001715 ____A C:\AdwCleaner[S1].txt 2013-05-02 22:39 - 2012-11-09 23:42 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-02 22:38 - 2013-05-02 22:38 - 00628743 ____A C:\Users\Aleksandar\Desktop\adwcleaner.exe 2013-05-02 22:38 - 2013-01-01 13:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-02 21:04 - 2013-05-02 20:20 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\Q-Dir 2013-05-02 21:00 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\System32\sru 2013-05-02 20:26 - 2012-11-09 23:03 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-02 20:19 - 2013-05-02 20:18 - 00000079 ____A C:\folders.log 2013-05-02 20:19 - 2013-05-02 20:18 - 00000000 ____D C:\zoek 2013-05-02 20:19 - 2013-05-02 18:41 - 00005462 ____A C:\zoek-results.log 2013-05-02 20:19 - 2012-11-10 22:38 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-05-02 20:19 - 2012-11-10 21:58 - 00000034 ____A C:\Windows\System32\khackmon.dll.log 2013-05-02 20:19 - 2012-11-10 13:54 - 00000000 __SHD C:\KRECYCLE 2013-05-02 18:39 - 2013-05-02 18:39 - 01273277 ____A C:\Users\Aleksandar\Desktop\zoek.exe 2013-05-02 09:50 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-01 23:04 - 2013-05-01 23:04 - 00003718 ____A C:\Users\Aleksandar\Desktop\cc_20130501_230433.reg 2013-05-01 23:03 - 2012-11-09 23:38 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\uTorrent 2013-05-01 22:44 - 2013-05-01 22:44 - 00688992 ____R (Swearware) C:\Users\Aleksandar\Desktop\dds.scr 2013-05-01 21:37 - 2013-05-01 21:37 - 00299008 ____A C:\Windows\System32\engokmad.dll 2013-05-01 12:54 - 2013-04-10 00:31 - 00000000 ____D C:\Users\Aleksandar\Desktop\trenutni rad 2013-04-30 23:38 - 2013-04-23 10:34 - 00000000 ____D C:\Users\Aleksandar\Desktop\ljiljana plasic poslala 2013-04-30 21:50 - 2012-11-09 23:09 - 00015542 ____A C:\Windows\Q-Dir.ini 2013-04-30 19:15 - 2013-04-30 19:15 - 00000000 ____D C:\Program Files\Q-Dir 2013-04-30 19:13 - 2013-04-14 21:36 - 00000000 ____D C:\Program Files\WhoCrashed 2013-04-30 19:12 - 2013-04-30 19:12 - 00468229 ____A C:\Users\Aleksandar\Downloads\Q-Dir_Installer.zip 2013-04-29 20:28 - 2012-11-09 23:52 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\Skype 2013-04-26 09:37 - 2013-04-18 22:00 - 00000000 ___RD C:\Program Files\Skype 2013-04-24 13:07 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\AUInstallAgent 2013-04-22 16:02 - 2013-03-31 22:51 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\Dropbox 2013-04-22 15:50 - 2012-11-09 23:51 - 00000000 ___RD C:\Users\Aleksandar\Dropbox 2013-04-18 22:21 - 2012-12-12 12:31 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-18 22:00 - 2013-04-18 22:00 - 01337960 ____A (Skype Technologies S.A.) C:\Users\Aleksandar\Downloads\SkypeSetup.exe 2013-04-18 22:00 - 2013-04-18 22:00 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-04-18 21:57 - 2012-11-09 22:06 - 00000000 ____D C:\Users\Aleksandar\AppData\Local\Packages 2013-04-18 20:58 - 2013-04-18 20:58 - 00000000 ____D C:\Program Files\Common Files\Java 2013-04-18 20:58 - 2013-04-18 20:57 - 00003903 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log 2013-04-18 20:58 - 2013-03-09 19:19 - 00000000 ____D C:\Program Files\Java 2013-04-17 21:34 - 2013-04-14 21:35 - 00000000 ____D C:\Windows\Minidump 2013-04-16 23:17 - 2012-11-09 23:55 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\vlc 2013-04-15 19:41 - 2013-04-15 19:41 - 00000000 ___HD C:\Users\Aleksandar\Desktop\[Originals] 2013-04-15 19:39 - 2012-11-09 23:27 - 00000000 ____D C:\Users\Aleksandar\AppData\Local\ACD Systems 2013-04-14 21:40 - 2013-04-14 21:40 - 00006545 ____A C:\Users\Aleksandar\AppData\Local\Temp8.html 2013-04-14 21:40 - 2013-04-14 21:40 - 00002021 ____A C:\Users\Aleksandar\AppData\Local\Temp1.html 2013-04-14 21:39 - 2013-04-14 21:39 - 00006545 ____A C:\Users\Aleksandar\AppData\Local\Temp10.html 2013-04-12 22:23 - 2012-11-09 22:59 - 00000000 ____D C:\users\Aleksandar 2013-04-12 18:57 - 2012-07-26 08:53 - 00000000 ____D C:\Windows\System32\NDF 2013-04-07 14:16 - 2013-04-07 14:16 - 00000000 ____D C:\Users\Public\Documents\Adobe 2013-04-07 14:16 - 2013-04-07 14:16 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2013-04-05 23:28 - 2013-03-30 20:27 - 00000000 ____D C:\Users\Aleksandar\Documents\Unnamed Site 4 2013-04-05 18:38 - 2013-04-05 18:38 - 01308302 ____A C:\Users\Aleksandar\Downloads\Poslovna etika i rukovodjenje.zip 2013-04-05 17:44 - 2012-11-09 22:59 - 00000000 ____D C:\Users\Aleksandar\AppData\Local\VirtualStore 2013-04-04 23:29 - 2012-11-09 23:19 - 00000000 ____D C:\Users\Aleksandar\AppData\Roaming\DAEMON Tools Lite 2013-04-04 05:35 - 2013-04-18 20:58 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-04-04 05:30 - 2013-04-18 20:58 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-04-04 05:29 - 2013-04-18 20:58 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-04-03 00:08 - 2012-11-10 00:14 - 00692576 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-04-03 00:08 - 2012-11-10 00:14 - 00078176 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2012-07-26 01:11] - [2012-07-26 05:50] - 2114936 ____A (Microsoft Corporation) 5B6ED1B57DBFF18D405A0260559B571E C:\Windows\System32\winlogon.exe [2012-11-10 00:02] - [2012-09-20 07:55] - 0411648 ____A (Microsoft Corporation) D75035A24FF8D5A489366C685030DB4C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-05-02 09:50 ==================== End Of Log ============================ https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

magna86 Poslao: 03 Maj 2013 17:53 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jos nesto da proverimo ... Pokreni zoek sa ovom skriptom. `C:\Windows\System32\DRIVERS\ansuwbmp.sys;virustotal; ansuwbmp.sys;z` Ukoliko ti se otvori browser sa virustotal sajtom, ne zatvaraj ga dok zoek ne zavrsi analizu. Klikni na dugme RunScript i okaci mi svez zoek.log

Profil

GTA Poslao: 03 Maj 2013 20:33 Idi na vrh
offline GTA Počasni građanin Pridružio: 14 Avg 2008 Poruke: 717	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zoek.exe Version 4.0.0.2 Updated 30-04-2013 Tool run by Aleksandar on Fri 05/03/2013 at 20:27:55.98. Microsoft Windows 8 Pro with Media Center 6.2.9200 x86 Running in: Normal Mode Internet Access Detected ==== VirusTotal Scan ====================== C:\Windows\System32\DRIVERS\ansuwbmp.sys https://www.virustotal.com/file/6CC6BCE8B186EBE20F...../analysis/ ==== Folders Found ====================== ==== Files Found ====================== --- C:\Windows\System32\Drivers\ansuwbmp.sys --- Company: File Description: File Version: 5, 1, 2600, 0 Product Name: Copyright: Original Filename: File type: ----a-w- File size: 43520 Created time: 2012-07-26 02:21:23 Modified time: 2012-07-26 03:18:47 MD5: 8B3B5E7A44DED3A239BBA4D0C59CBBBA SHA1: D5E4D6FE8B74B6DDA9496E8B8722C354DD884722

Profil

magna86 Poslao: 03 Maj 2013 21:51 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj ovaj file kod nas na analizu... C:\Windows\System32\DRIVERS\ansuwbmp.sys ...preko ove forme. http://www.mycity.rs/ambulanta-upload.php --- --- --- --- --- --- --- --- --- --- Potom ponovo pokreni Zoek uz ovaj script: `ansuwbmp;s C:\Windows\System32\DRIVERS\ansuwbmp.sys;f` Klikni na dugme RunScript i postavi kreiran zoek log. *************************** Ponovo pokreni FRST; Potom: Ukucaj ansuwbmp.sys u polje Search: i potom klikni na Search File(s) Kada FRST zavrsi, formirace izvestaj na istoj lokaciji gde je i FRST (Desktop) pod nazivom Search.txt Okaci uz poruku FRST.txt i Search.txt koristeci opciju Prikaci fajl

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Keylogger i ostale stetocine

Ko je trenutno na forumu

Ukupno su 968 korisnika na forumu :: 20 registrovanih, 2 sakrivenih i 946 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, bbogdan, Bubimir, comi_pfc, Dannyboy, djboj, esx66, hyla, kolle.the.kid, ladro, Lazarus, Marko Marković, Milos82, Mixelotti, mrav pesadinac, nuke92, operniki, RecA, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by