Pomozite sa meni cudnim "virusom"(ilivid cudo)!

1

Pomozite sa meni cudnim "virusom"(ilivid cudo)!

offline
  • Pridružio: 02 Avg 2012
  • Poruke: 31

OPIS PROBLEMA
Pokusala sam skinuti film, ali to nije bio direktan link za skidanje tog filma vec Ilivid download menager.Pisalo je "run aplication" ali sam ja kliknula "cancel" jer sam skontala da to nije to.Znaci nisam ga uopste instalirala. Medjutim taj "virus" (ja ga tako nazivam jer ne znam sta je) se uselio u moj kompjuter, to jest koliko sam primjetila samo u "internet". Pojavljuje se zeleno i roza polje sa opcijom "download now ilivid" i "play now ilivid" na pr. Sta god da ukucam u googlu ta gore pomenuta polja su uvijek tu negdje u tom prozoru, ispod, i sa strane, svuda. Zatim sam primjetila da mi na yu tubu ne dozvoljava da pustam klipove vec prozor gdje stoji klip blica na crno-bijelo.
Ne znam da li je to bitno ali cu napomenuti da mi nekad pokazuje da nema neta(ali ima ga, vec mi to pokazuje u firofoxu)kao no connection(to mi se prije nije desavalo). Povodom tog cuda sam pokusala da rijesim problem sa "Malwarebytes", i da,na racunaru imam instaliran antivirus AVG.Nista od toga nije rijesilo ovaj problem.Problem se poceo ispoljavati prije dva dana.
Imam 32 bitni windows. Ziveli
Unaprijed zahvalna i isprepadana jer mi je racunar od velike vaznosti trenutno. Crying or Very sad

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Marko at 2:53:57 on 2012-08-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3583.1812 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Marko\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\conhost.exe
C:\Users\Marko\AppData\Local\Temp\nsa2C64.tmp\MBR.DAT
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=111304&babsrc=HP_ss&mntrId=94f2219c00000000000074ea3ac92721
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: VideoFileDownload: {ba0454c5-fd30-428e-8db9-3ff87a612f64} - c:\program files\openapp\bho_project.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Facebook Update] "c:\users\marko\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [VIAAUD] c:\program files\via\viaudioi\vdeck\VIAAUD.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\marko\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\marko\appdata\local\facebook\messenger\2.1.4590.0\FacebookMessenger.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.100.252
TCP: Interfaces\{3B6CD3BB-CE6A-48D1-A05E-46EC257FBF9A} : DhcpNameServer = 192.168.100.252
TCP: Interfaces\{741C78A2-DD87-4A14-93A0-5A737CCF9870} : DhcpNameServer = 192.168.100.252
TCP: Interfaces\{BC486E33-C80B-4D64-88AB-486085D3F43E} : DhcpNameServer = 192.168.139.2
TCP: Interfaces\{C75B3E73-9A02-4C97-9AC2-F2666F6B08F4} : DhcpNameServer = 192.168.100.252
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marko\appdata\roaming\mozilla\firefox\profiles\1cqbaqsd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - google.hr
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111304&babsrc=KW_ss&mntrId=94f2219c00000000000074ea3ac92721&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\users\marko\appdata\local\facebook\messenger\2.1.4590.0\npFbDesktopPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 94f2219c00000000000074ea3ac92721
FF - user.js: extensions.BabylonToolbar_i.hardId - 94f2219c00000000000074ea3ac92721
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15535
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:15:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-24 27496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 218176]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-7-4 291840]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-31 655944]
R2 Realtek87B;Realtek87B;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2012-7-8 40960]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
R2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2011-11-13 11839488]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-8 22768]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-7-24 830048]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-7-7 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-7-4 10070016]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-7-4 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-31 22344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-3-10 1108480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-7 250056]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2012-7-22 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2012-7-22 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2012-7-22 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2012-7-22 25088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-7-19 12400]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-7 113120]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-7-15 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-7-15 10200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2010-1-7 375808]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-7 1343400]
.
=============== Created Last 30 ================
.
2012-08-02 00:51:23 -------- d-----w- c:\users\marko\appdata\local\{AAA00769-39D2-436A-8C5F-AD98D5843DB7}
2012-08-02 00:51:07 -------- d-----w- c:\users\marko\appdata\local\{71E92BA2-D6A7-42B2-90AD-B0138022FEC0}
2012-08-01 23:30:24 -------- d-----w- c:\users\marko\appdata\local\VS Revo Group
2012-08-01 16:15:03 98816 ----a-w- c:\windows\sed.exe
2012-08-01 16:15:03 518144 ----a-w- c:\windows\SWREG.exe
2012-08-01 16:15:03 256000 ----a-w- c:\windows\PEV.exe
2012-08-01 16:15:03 208896 ----a-w- c:\windows\MBR.exe
2012-08-01 12:50:36 -------- d-----w- c:\users\marko\appdata\local\{4024FCB3-60AD-434F-9D86-1BFE3B191795}
2012-08-01 12:50:20 -------- d-----w- c:\users\marko\appdata\local\{F08C7FE1-7A53-4E4C-A768-990895543E0E}
2012-08-01 10:48:20 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-08-01 10:48:20 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-08-01 10:43:00 -------- d-----w- c:\users\marko\appdata\local\{8F47712D-F133-4107-9C62-3390A15BE230}
2012-08-01 09:54:07 -------- d-----w- c:\users\marko\appdata\local\{3D298A77-8AA2-4805-9F8C-11DE8DF34A70}
2012-08-01 09:39:07 -------- d-----w- c:\users\marko\appdata\local\{4EA7A647-ECBD-4D15-B45F-786419E4EC1D}
2012-08-01 09:33:37 -------- d-----w- c:\users\marko\appdata\local\{3055DD03-FFD3-454A-BFEC-72E2698630EC}
2012-07-31 20:07:34 -------- d-----w- c:\users\marko\appdata\roaming\Malwarebytes
2012-07-31 20:07:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 20:07:13 -------- d-----w- c:\programdata\Malwarebytes
2012-07-31 20:07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-31 20:00:12 -------- d-----w- c:\users\marko\appdata\roaming\PCPro
2012-07-31 20:00:11 4273976 ----a-w- c:\windows\uninst.exe
2012-07-31 20:00:10 -------- d-----w- c:\programdata\PC1Data
2012-07-31 15:14:47 -------- d-----w- c:\program files\Audacity
2012-07-31 12:36:10 -------- d-----w- c:\users\marko\appdata\local\{BBF9C2F8-9637-4789-B454-C9B7E21630A2}
2012-07-31 12:35:58 -------- d-----w- c:\users\marko\appdata\local\{5735221D-0A4E-4F0E-AF07-A344A53F7B49}
2012-07-31 10:28:53 -------- d-----w- c:\program files\OpenApp
2012-07-31 10:28:42 -------- d-----w- c:\program files\smartdl
2012-07-31 00:35:32 -------- d-----w- c:\users\marko\appdata\local\{A82E00D0-1455-45E6-A6D2-202C3B67CE99}
2012-07-31 00:35:20 -------- d-----w- c:\users\marko\appdata\local\{56D9C3CC-ADE8-41B0-8D75-F11979E7420D}
2012-07-30 21:14:54 184619 ----a-w- C:\torrent.exe
2012-07-30 12:35:05 -------- d-----w- c:\users\marko\appdata\local\{9C893EAC-7FC4-41A2-A56D-0164FEFD474E}
2012-07-30 12:34:51 -------- d-----w- c:\users\marko\appdata\local\{C2DC6429-3805-4619-9CD5-D3DA6F2A1A01}
2012-07-29 21:40:48 -------- d-----w- c:\users\marko\appdata\local\{635CF45B-3BB9-4E7F-88CF-A645047D70ED}
2012-07-29 21:40:36 -------- d-----w- c:\users\marko\appdata\local\{79713FA2-8246-43AF-8319-4565A9700DEA}
2012-07-29 09:40:10 -------- d-----w- c:\users\marko\appdata\local\{269B4B80-BDBD-444C-9FAC-BB2C9A27B7BC}
2012-07-29 09:39:58 -------- d-----w- c:\users\marko\appdata\local\{874E484E-9273-498F-B1B3-87732752435D}
2012-07-28 21:39:44 -------- d-----w- c:\users\marko\appdata\local\{4A85F8C4-62A0-48B1-BFF8-53B9F6B00247}
2012-07-28 21:39:32 -------- d-----w- c:\users\marko\appdata\local\{01864CEB-D5D2-4133-9A62-162565E7B9C4}
2012-07-28 09:39:15 -------- d-----w- c:\users\marko\appdata\local\{2966B4D3-F253-4091-8B87-4044444CB408}
2012-07-28 09:39:04 -------- d-----w- c:\users\marko\appdata\local\{14D58DD6-86F6-48C0-9E54-3FBD6DD72F64}
2012-07-27 21:38:38 -------- d-----w- c:\users\marko\appdata\local\{27164B5C-E903-47A0-A242-C46474386D98}
2012-07-27 21:38:27 -------- d-----w- c:\users\marko\appdata\local\{0842C819-D3A0-4952-99E6-51B936A90233}
2012-07-27 21:38:16 -------- d-----w- c:\users\marko\appdata\local\{9D51E6CD-7A1E-41D6-8737-15B1218A1769}
2012-07-27 21:38:01 -------- d-----w- c:\users\marko\appdata\local\{C12D0091-CD18-46CD-9BD6-5EF0D04344D6}
2012-07-27 09:37:47 -------- d-----w- c:\users\marko\appdata\local\{E0097070-A45A-4219-9CE3-C1B6327D6B04}
2012-07-27 09:37:35 -------- d-----w- c:\users\marko\appdata\local\{2844BA11-B921-4239-B98E-23A97CF6AFB0}
2012-07-26 21:37:08 -------- d-----w- c:\users\marko\appdata\local\{80113DA6-E30B-4F79-A6D1-DDA850D748B6}
2012-07-26 21:36:56 -------- d-----w- c:\users\marko\appdata\local\{F76FF5C1-89B9-490E-BD13-5A724A8A137F}
2012-07-26 09:36:41 -------- d-----w- c:\users\marko\appdata\local\{B8056582-6014-44F5-B086-D13324E854DF}
2012-07-26 09:36:28 -------- d-----w- c:\users\marko\appdata\local\{870CFE79-ED91-4B69-83D8-310A6E5B794A}
2012-07-25 21:36:01 -------- d-----w- c:\users\marko\appdata\local\{D1AAA349-E292-42E2-A7B9-DDF0D80D4152}
2012-07-25 21:35:47 -------- d-----w- c:\users\marko\appdata\local\{0A29AD1F-73E7-421D-AD3B-585A25C901DF}
2012-07-25 09:35:19 -------- d-----w- c:\users\marko\appdata\local\{10912C22-D5D0-4FE9-B9B9-1E8828AE44D5}
2012-07-25 09:35:07 -------- d-----w- c:\users\marko\appdata\local\{F44528D4-FDD2-406D-B7D6-CED61FCBFCA9}
2012-07-24 21:34:41 -------- d-----w- c:\users\marko\appdata\local\{A2C0CEE5-D8BF-481A-8CE1-5FEBD47D497E}
2012-07-24 21:34:29 -------- d-----w- c:\users\marko\appdata\local\{E8A36BD4-9FC5-4A75-81B0-39B771422D39}
2012-07-24 15:15:53 -------- d-----w- c:\users\marko\appdata\roaming\AVG2012
2012-07-24 15:15:17 -------- d-----w- c:\users\marko\appdata\local\AVG Secure Search
2012-07-24 15:15:03 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-24 15:14:55 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-24 15:14:53 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-24 15:14:53 -------- d-----w- c:\program files\AVG Secure Search
2012-07-24 15:13:44 -------- d--h--w- C:\$AVG
2012-07-24 15:13:44 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-24 15:13:44 -------- d-----w- c:\programdata\AVG2012
2012-07-24 15:13:19 -------- d-----w- c:\program files\AVG
2012-07-24 15:12:36 -------- d--h--w- c:\programdata\Common Files
2012-07-24 15:12:36 -------- d-----w- c:\programdata\MFAData
2012-07-24 15:01:31 -------- d-sh--r- c:\windows\configuration
2012-07-24 12:35:45 -------- d-----w- c:\users\marko\appdata\roaming\PhotoScape
2012-07-24 12:28:01 -------- d-----w- c:\program files\PhotoScape
2012-07-24 11:19:29 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7e54466e-d411-4e32-b846-1c8c3a870372}\mpengine.dll
2012-07-24 09:34:15 -------- d-----w- c:\users\marko\appdata\local\{02314E4D-4ED5-4390-A734-735BC6CD7431}
2012-07-24 09:34:04 -------- d-----w- c:\users\marko\appdata\local\{783751B5-EA04-4325-BB77-0CA309843507}
2012-07-24 00:09:44 -------- d-----w- c:\program files\MSXML 4.0
2012-07-23 21:33:37 -------- d-----w- c:\users\marko\appdata\local\{AE193817-3233-4B14-A450-EECA66E5220F}
2012-07-23 21:33:26 -------- d-----w- c:\users\marko\appdata\local\{FEB030F0-9CB3-43E1-B9A8-3348F5D353CE}
2012-07-23 09:33:09 -------- d-----w- c:\users\marko\appdata\local\{98587254-289A-46AE-8DE9-F31A4593C28B}
2012-07-23 09:32:54 -------- d-----w- c:\users\marko\appdata\local\{184BA57A-8218-47DC-9503-9527BAA7C320}
2012-07-22 15:13:48 25216 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2012-07-22 15:13:48 20864 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2012-07-22 15:13:48 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2012-07-22 15:13:47 25088 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2012-07-22 15:13:47 20736 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2012-07-22 15:13:47 20096 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2012-07-22 15:13:47 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2012-07-22 15:13:47 -------- d-----w- c:\program files\LG Electronics
2012-07-22 15:04:18 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-07-22 15:04:18 568832 ----a-w- c:\windows\system32\msvcp90.dll
2012-07-22 15:04:18 224768 ----a-w- c:\windows\system32\msvcm90.dll
2012-07-22 15:04:15 82432 ----a-w- c:\windows\system32\msxml4r.dll
2012-07-22 15:04:15 53248 ----a-w- c:\windows\system32\CommonDL.dll
2012-07-22 15:04:15 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-07-22 15:04:05 -------- d-----w- c:\programdata\LGMOBILEAX
2012-07-22 12:57:17 -------- d-----w- c:\users\marko\appdata\local\{7D3C9908-6551-4328-8A8C-E7D246F06CAB}
2012-07-22 12:57:05 -------- d-----w- c:\users\marko\appdata\local\{8923BFA3-CAB0-41CB-8C8E-382F54E5E6A9}
2012-07-22 11:29:17 -------- d-----w- c:\users\marko\appdata\local\SniperV2
2012-07-22 11:28:17 -------- d-----w- c:\users\marko\appdata\local\SKIDROW
2012-07-22 00:56:34 -------- d-----w- c:\users\marko\appdata\local\{3A7B27DE-03A2-456D-A4F8-79281F05255D}
2012-07-22 00:56:20 -------- d-----w- c:\users\marko\appdata\local\{86070BFF-7962-4098-97E1-01400A4C4336}
2012-07-22 00:56:19 -------- d-----w- c:\users\marko\appdata\local\{B8B10424-9233-4C43-86EF-32B165724785}
2012-07-21 20:22:53 -------- d-----w- c:\users\marko\appdata\local\Apple Computer
2012-07-21 20:22:39 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-21 20:22:39 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-21 20:22:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-21 20:22:13 -------- d-----w- c:\program files\iTunes
2012-07-21 20:22:13 -------- d-----w- c:\program files\iPod
2012-07-21 20:21:42 -------- d-----w- c:\users\marko\appdata\local\Apple
2012-07-21 20:21:01 -------- d-----w- c:\program files\Bonjour
2012-07-21 19:59:08 -------- d-----w- c:\program files\Activision
2012-07-21 19:56:53 -------- d-sh--w- c:\windows\ftpcache
2012-07-21 09:44:32 -------- d-----w- c:\users\marko\appdata\local\{72E7B1AD-C6A7-41DE-852D-B360EF3C1AF4}
2012-07-21 09:44:10 -------- d-----w- c:\users\marko\appdata\local\{4F567D19-81CC-45E7-BF05-F470F36875DF}
2012-07-20 21:07:23 -------- d-----w- c:\users\marko\appdata\local\{10084868-4B70-4321-BE09-39A6398753E6}
2012-07-20 21:07:11 -------- d-----w- c:\users\marko\appdata\local\{C2ED9D45-4823-4B9F-A80C-4BC79435C250}
2012-07-20 09:06:45 -------- d-----w- c:\users\marko\appdata\local\{3D38D242-4B63-4CFE-91BE-2272A276F010}
2012-07-20 09:06:33 -------- d-----w- c:\users\marko\appdata\local\{007751D9-9451-4E20-8771-F21F2BA8383F}
2012-07-20 08:44:58 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-07-20 08:39:56 -------- d-----w- c:\users\marko\appdata\local\ElevatedDiagnostics
2012-07-19 21:05:45 -------- d-----w- c:\users\marko\appdata\local\{EB87F86F-6980-415B-BADF-374B5B3C6C63}
2012-07-19 21:05:33 -------- d-----w- c:\users\marko\appdata\local\{5D75C479-8412-4800-9EBA-696B010A6F62}
2012-07-19 21:05:19 -------- d-----w- c:\users\marko\appdata\roaming\Windows Live Writer
2012-07-19 21:05:19 -------- d-----w- c:\users\marko\appdata\local\Windows Live Writer
2012-07-19 20:35:10 -------- d-----w- c:\users\marko\Tracing
2012-07-19 20:30:36 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-19 20:30:36 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-19 20:30:36 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-19 20:30:28 -------- d-----w- c:\program files\Sony Mobile
2012-07-19 20:27:46 6260088 ----a-w- c:\program files\common files\windows live\.cache\f47d8b201cd65ec02\Silverlight.4.0.exe
2012-07-19 20:26:32 -------- d-----w- c:\users\marko\appdata\local\Windows Live
2012-07-19 20:26:31 -------- d-----w- c:\program files\common files\Windows Live
2012-07-18 20:39:40 -------- d-----w- c:\users\marko\appdata\local\VMware
2012-07-18 20:37:30 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe
2012-07-18 20:37:26 433264 ----a-w- c:\windows\system32\vmnat.exe
2012-07-18 20:37:26 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-07-18 20:37:23 783472 ----a-w- c:\windows\system32\vnetlib.dll
2012-07-18 20:36:40 -------- d-----w- c:\program files\VMware
2012-07-18 20:36:20 -------- d-----w- c:\program files\common files\VMware
2012-07-17 22:36:15 -------- d--h--w- c:\program files\common files\EAInstaller
2012-07-17 21:15:15 119808 ----a-r- c:\users\marko\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
2012-07-17 21:15:15 -------- d-----w- c:\users\marko\appdata\local\Apps
2012-07-17 18:46:37 -------- d-----w- C:\WinSetupFromUSB
2012-07-15 22:59:30 -------- d-----w- C:\dsp_sps
2012-07-15 22:02:06 -------- d-----w- c:\users\marko\appdata\local\Facebook
2012-07-15 17:24:07 2872512 ----a-w- c:\windows\system32\pwNative.exe
2012-07-15 17:24:07 15576 ------w- c:\windows\system32\pwdrvio.sys
2012-07-15 17:24:02 10200 ------w- c:\windows\system32\pwdspio.sys
2012-07-15 17:23:53 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.5
2012-07-15 16:54:21 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2012-07-15 16:47:20 -------- d-----w- c:\windows\system32\Adobe
2012-07-15 15:23:41 -------- d-----w- c:\windows\WindowsMobile
2012-07-14 17:25:54 719872 ----a-w- c:\windows\system32\devil.dll
2012-07-14 17:25:54 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-07-14 17:25:54 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-07-14 17:25:54 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-07-14 17:25:51 -------- d-----w- c:\program files\AviSynth 2.5
2012-07-14 17:19:14 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-14 17:19:14 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-14 17:14:59 -------- d-----w- c:\users\marko\appdata\roaming\Babylon
2012-07-14 17:14:59 -------- d-----w- c:\programdata\Babylon
2012-07-14 17:14:34 -------- d-----w- c:\program files\eRightSoft
2012-07-12 00:10:50 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 20:01:17 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2012-07-11 20:01:17 31640 ----a-w- c:\windows\system32\msonpmon.dll
2012-07-11 19:59:36 -------- d-----w- c:\windows\PCHEALTH
2012-07-11 19:58:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-07-11 19:57:45 -------- d-----w- c:\users\marko\appdata\local\Microsoft Help
2012-07-10 22:31:34 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-10 11:59:56 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-07-10 10:00:00 -------- d-----w- c:\users\marko\appdata\local\Microsoft Games
2012-07-08 18:59:03 -------- d-----w- c:\users\marko\appdata\roaming\wargaming.net
2012-07-08 18:38:29 614400 ----a-w- c:\windows\system32\Rtlihvs.dll
2012-07-08 18:38:29 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2012-07-08 18:38:29 380928 ----a-w- c:\windows\RtlUI2.exe
2012-07-08 18:38:29 188416 ----a-w- c:\windows\system32\RTLExtUI.dll
2012-07-08 18:38:29 -------- d-----w- c:\program files\REALTEK
2012-07-08 18:38:16 -------- d-----w- c:\windows\system32\RtlGina
2012-07-08 09:07:05 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-08 09:06:47 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2012-07-08 09:06:24 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2012-07-08 09:06:14 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-07-08 08:54:39 -------- d-----w- c:\users\marko\appdata\local\Adobe
2012-07-07 19:55:57 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-07-07 19:55:57 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-07-07 19:55:56 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-07-07 19:48:01 -------- d-----w- C:\Games
2012-07-07 19:47:41 -------- d-----w- c:\program files\ESET
2012-07-07 19:41:46 -------- d-----w- c:\program files\TNod User & Password Finder
2012-07-07 19:27:39 -------- d-----w- c:\program files\common files\PX Storage Engine
2012-07-07 19:26:32 165376 ----a-w- c:\windows\system32\unrar.dll
2012-07-07 19:26:31 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-07-07 19:26:31 810496 ----a-w- c:\windows\system32\xvidcore.dll
2012-07-07 19:26:31 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-07 19:26:31 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-07-07 19:26:31 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2012-07-07 19:26:31 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-07-07 19:26:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-07-07 19:25:44 218176 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-07 19:25:41 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2012-07-07 19:25:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-07 19:25:34 -------- d-----w- c:\users\marko\appdata\roaming\DAEMON Tools Lite
2012-07-07 19:25:34 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-07-07 19:23:45 -------- d-----w- c:\windows\system32\appmgmt
2012-07-07 19:21:14 -------- d-----w- c:\program files\GRETECH
2012-07-07 19:21:04 -------- d-----w- c:\program files\Foxit Software
2012-07-07 17:17:42 -------- d-----r- c:\program files\Skype
2012-07-07 10:16:13 -------- d-----w- c:\windows\Panther
2012-07-07 10:16:08 -------- d-sh--w- C:\Boot
2012-07-07 02:29:28 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-07-07 02:26:12 -------- d-----w- c:\windows\system32\directx
2012-07-07 02:24:11 -------- d-----w- C:\SCANIA Truck Driving Simulator
2012-07-07 01:14:19 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-07-07 01:14:19 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-07-07 01:14:19 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-07-07 01:14:16 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-07-07 01:14:15 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-07-07 01:12:15 741376 ----a-w- c:\windows\system32\inetcomm.dll
2012-07-07 01:12:11 67072 ----a-w- c:\windows\system32\packager.dll
2012-07-07 01:12:04 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-07 01:12:04 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-07 01:11:59 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-07-07 01:11:58 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-07-07 01:11:53 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-07-07 01:11:51 850944 ----a-w- c:\windows\system32\sbe.dll
2012-07-07 01:11:51 642048 ----a-w- c:\windows\system32\CPFilters.dll
2012-07-07 01:11:51 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2012-07-07 01:11:02 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-07 01:11:02 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-07-07 01:09:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-07-07 01:09:57 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-07 01:09:53 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-07-07 01:09:48 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-07-07 01:09:48 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-07-07 01:09:48 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-07-07 01:09:47 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-07-07 01:00:33 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-07 00:56:01 -------- d-----w- c:\users\marko\appdata\local\Macromedia
2012-07-07 00:55:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-07 00:55:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-07 00:55:04 -------- d-----w- c:\program files\uTorrent
2012-07-07 00:55:03 -------- d-----w- c:\users\marko\appdata\roaming\uTorrent
2012-07-07 00:46:02 -------- d-----w- c:\program files\Lavalys
2012-07-07 00:42:33 -------- d-----w- c:\users\marko\appdata\local\AMD
2012-07-07 00:42:20 -------- d-----w- c:\users\marko\appdata\local\ATI
2012-07-07 00:42:07 0 ----a-w- c:\windows\ativpsrm.bin
2012-07-07 00:38:29 -------- d-----w- c:\program files\AMD AVT
2012-07-07 00:38:28 -------- d-----w- c:\program files\AMD APP
2012-07-07 00:38:24 -------- d-----w- c:\program files\common files\ATI Technologies
2012-07-07 00:37:47 -------- d-----w- c:\programdata\AMD
2012-07-07 00:37:43 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-07-07 00:37:01 -------- d-----w- c:\program files\ATI
2012-07-07 00:36:36 -------- d-----w- c:\program files\ATI Technologies
2012-07-07 00:36:03 -------- d-----w- C:\AMD
2012-07-07 00:31:50 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-07 00:31:50 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-07 00:29:44 -------- d-sh--w- c:\windows\Installer
2012-07-07 00:27:34 -------- d-----w- c:\users\marko\appdata\local\VirtualStore
2012-07-07 00:25:57 -------- d-----w- c:\windows\system32\Wat
2012-07-07 00:25:24 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-07 00:25:19 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-07 00:25:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-07 00:25:15 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-07 00:24:53 -------- d-sh--w- C:\Recovery
2012-07-05 16:45:34 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-07-04 06:58:12 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-04 06:35:46 19586048 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-04 06:27:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-04 06:27:08 918528 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-04 06:21:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-04 06:21:18 453632 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-04 06:20:42 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-04 06:19:24 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-04 06:19:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-04 06:19:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-04 06:18:18 6811648 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-04 05:36:22 58368 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll
2012-07-04 05:36:14 1960960 ----a-w- c:\windows\system32\atiumdmv.dll
2012-07-04 05:35:14 6245888 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-04 05:28:52 4749312 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-04 05:11:38 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-04 05:11:38 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-04 05:11:28 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-04 05:11:16 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-04 05:11:04 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-04 05:10:30 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-04 05:09:56 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-04 05:09:42 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-04 05:09:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-04 05:04:28 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-04 05:04:18 44544 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-04 04:59:40 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2012-07-04 00:32:18 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-04 00:32:02 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-04 00:31:52 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-04 00:30:58 13008384 ----a-w- c:\windows\system32\amdocl.dll
2012-07-04 00:30:08 50176 ----a-w- c:\windows\system32\OpenCL.dll
.
==================== Find3M ====================
.
2012-07-07 00:26:05 811520 ----a-w- c:\windows\system32\user32.dll
2012-07-07 00:26:05 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-07-07 00:26:05 13824 ----a-w- c:\windows\system32\slwga.dll
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 2:54:09.85 ===============




mycity.rs/must-login.png



Attach

mycity.rs/must-login.png




mycity.rs/must-login.png





mycity.rs/must-login.png





mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Pozrav, Danka Borojevic


U toku rešavanja slučaja, zamolio bih te da se pridržavaš sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mjestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 24h, osvježi temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.

Za više informacija o pravilima Ambulante MyCity foruma: LINK


Exclamation ComboFix nije dijagnosticki alat kao ovi iz uputstva. To je jako mocan alat, koji nepravilnim rukovanjem, moze unistiti operativni sistem ili pak obrisati sve padatke sa hard diska. Pokrece se iskljucivo uz predlog, nadleznost i detaljno uputstvo helpera koji je expert u toj oblasti i zna sta radi.

Za ubuduce, ne pokreci ComboFix na svoju ruku!!!


Arrow Potrebno je da mi dostavis ComboFix izvestaj koji se nalazi na sledecoj lokaciji: C:\ComboFix.txt

offline
  • Pridružio: 02 Avg 2012
  • Poruke: 31

Procitala sam pravila i planiram da ih se strogo pridrzavam. Da, potpuno sam zaboravila na ComboFix. Instalirala sam ga bez informisanosti o njemu i ukljucila da radi, ali sam se u medjuvremenu informisala o njemu i iskljucila njegov rad i denistalirala ga tako da nemam njegov izvjestaj. Prepala sam se tog programa. Shocked Ali ne vidim nikakve promjene na racunaru. Mislim da je sve u redu. Bebee Dol

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Proveri jos jednom da li imas folder Qoobox ili ComboFix.txt na C particiji...pre nego sto nastavimo dalje Smile

offline
  • Pridružio: 02 Avg 2012
  • Poruke: 31

Imam folder Qoobox, ali combofix tekst nisam pronasla. Very Happy

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Sada je potrebno da zapakujes folder Qoobox u neku arhivu, npr. RAR ili ZIP i da uploadujes na sledeci link

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 02 Avg 2012
  • Poruke: 31

Mislim da sam to odradila kako treba, pa cemo vidjeti. smešak

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:
:files
c:\windows\configuration
c:\program files\openapp\bho_project.dll

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba0454c5-fd30-428e-8db9-3ff87a612f64}]

:commands
[purity]
[emptytemp]
[reboot]

Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.

====================================

Kakvo je sada stanje racunara, ima li nekih problema?

offline
  • Pridružio: 02 Avg 2012
  • Poruke: 31

Napisano: 03 Avg 2012 19:33

OOO hvala. Evo sad cu sve to probati. Wink

Dopuna: 03 Avg 2012 20:21

All processes killed
========== FILES ==========
c:\windows\configuration folder moved successfully.
c:\program files\openapp\bho_project.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba0454c5-fd30-428e-8db9-3ff87a612f64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba0454c5-fd30-428e-8db9-3ff87a612f64}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marko
->Temp folder emptied: 189802367 bytes
->Temporary Internet Files folder emptied: 279568132 bytes
->Java cache emptied: 77623 bytes
->FireFox cache emptied: 653665186 bytes
->Flash cache emptied: 19728 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66645285 bytes
RecycleBin emptied: 8472829 bytes

Total Files Cleaned = 1,143.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 08032012_193558

Files moved on Reboot...
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2348.log moved successfully.

Registry entries deleted on Reboot...




Nema vise ilivid download prozorcica. Zagrljaj
Hmmm, a sad ne znam...sve je valjda ok. Yu tube radi, i nema nekih problema koliko vidim. Ali vidim neke nove prozorcice reklamne,na pr. ma mom profilu timeline koji su se ubacili, ali to je samo koliko primjetim na facebooku, znaci ni na jednoj drugoj stranici, sto postoji mogucnost da je to neka njihova reklamna stvarcica koja nema veze sa mojim racunarom.Evo za svaki slucaj poslacu ti sliku kako to kod mene izgleda i oznaciti sta se pojavilo.








Hvala ti mnogo u svakom slucaju. Da mogu sad bi dobio jedan hug, Zagrljaj i jedno hladno... Ziveli

Dopuna: 03 Avg 2012 20:27

All processes killed
========== FILES ==========
c:\windows\configuration folder moved successfully.
c:\program files\openapp\bho_project.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba0454c5-fd30-428e-8db9-3ff87a612f64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba0454c5-fd30-428e-8db9-3ff87a612f64}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marko
->Temp folder emptied: 189802367 bytes
->Temporary Internet Files folder emptied: 279568132 bytes
->Java cache emptied: 77623 bytes
->FireFox cache emptied: 653665186 bytes
->Flash cache emptied: 19728 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66645285 bytes
RecycleBin emptied: 8472829 bytes

Total Files Cleaned = 1,143.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 08032012_193558

Files moved on Reboot...
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2348.log moved successfully.

Registry entries deleted on Reboot...




Nema vise ilivid download prozorcica. Poljubac
Hmmm, a sad ne znam...sve je valjda ok. Yu tube radi, i nema nekih problema koliko vidim. Ali vidim neke nove prozorcice reklamne,na pr. ma mom profilu timeline koji su se ubacili, ali to je samo koliko primjetim na facebooku, znaci ni na jednoj drugoj stranici, sto postoji mogucnost da je to neka njihova reklamna stvarcica koja nema veze sa mojim racunarom.Evo za svaki slucaj poslacu ti sliku kako to kod mene izgleda i oznaciti sta se pojavilo.








Hvala ti mnogo u svakom slucaju. Da mogu sad bi dobio jedan hug, Zagrljaj i jedno hladno... Ziveli.Ma sta jedno!

Dopuna: 03 Avg 2012 20:41

Jaooo ne...evo opet...ilivid prozorcici svuda.Sad

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Korak 1

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt


Korak 2

Instaliraj ovaj Add-on za Firefox, posto njega koristis

https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

Ko je trenutno na forumu
 

Ukupno su 436 korisnika na forumu :: 13 registrovanih, 1 sakriven i 422 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aramis s, galijot, indja2, Kubovac, MarKhan, miodrag3, Misirac, Mixelotti, Nesho2, raketaš, ruma, Trpe Grozni, 1107