Problem sa w32/patched.ub

1

Problem sa w32/patched.ub

offline
  • Pridružio: 29 Avg 2011
  • Poruke: 129

Pokupio sam danas izgleda trojanca pod ovim imenom i nikako ne mogu da ga se resim. Uz njega sam nekako u isto vreme zakacio i Live Security Platinum, ali njega sam se jedva uspeo resiti iz safe moda uz pomoc Spybot-a, kasnije sam jos dodatno ocistio racunar sa Malwarebyte, i resio se te bede, ali gore pomenutog trojanca nikako. Inace koristim Aviru besplatnu verziju, redovno update-ovanu. Operativni sistem je Windows 7 Home Premium.



Ovo mi iskace non stop.

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Jovan at 19:58:45 on 2012-07-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1915 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\crypserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\JRE\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\ATRIS_~1\WORKSH~1.EXE
C:\Program Files\ATRis_Technik\jre\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.phpnuke.org/?lang=en&q={searchTerms}
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.phpnuke.org/?lang=en
mSearch Page = hxxp://search.phpnuke.org/?lang=en&q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - c:\program files\amd\steadyvideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amldev~1.lnk - c:\program files\amd avt\bin\kdbsync.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\jovan\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4209C9B8-044D-4DA0-A134-1CA130E6157E} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jovan\appdata\roaming\mozilla\firefox\profiles\iqeo92ss.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oyui7bo1b&&i=26&search=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jovan\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\jovan\appdata\roaming\mozilla\firefox\profiles\iqeo92ss.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\plugins\npLightshot.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oyui7bo1b&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5864d3ea00000000000000226871a4a3
FF - user.js: extensions.incredibar_i.hardId - 5864d3ea00000000000000226871a4a3
FF - user.js: extensions.incredibar_i.instlDay - 15033
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:49:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6Oyui7bo1b
FF - user.js: extensions.incredibar_i.upn2n - 92260980057043969
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 12
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-2-23 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-23 242240]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-2-15 163328]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-6-11 291840]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-23 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-2-23 110032]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-23 83392]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 WorkshopDBService;WorkshopDBService;c:\progra~1\atris_~1\worksh~1.exe -zglaxservice workshopdbservice --> c:\progra~1\atris_~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [2012-3-17 762112]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-3-8 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-2-15 9182208]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-2-15 264704]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 COSIDS_TB;COSIDS_TB;c:\progra~1\cosids\bin\TbMux32.exe [2012-3-18 165376]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-13 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-07-25 17:07:45 -------- d-----w- c:\users\jovan\appdata\roaming\SpeedyPC Software
2012-07-25 17:07:45 -------- d-----w- c:\users\jovan\appdata\roaming\DriverCure
2012-07-25 17:07:35 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-25 16:40:58 -------- d-----w- c:\users\jovan\appdata\roaming\Malwarebytes
2012-07-25 16:40:48 -------- d-----w- c:\programdata\Malwarebytes
2012-07-25 16:40:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 16:40:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-25 15:36:33 -------- d-----w- c:\programdata\67B889BF004F3C3E17EE3E6E4F147CE7
2012-07-24 20:51:36 -------- d-----w- c:\users\jovan\appdata\local\PunkBuster
2012-07-24 20:37:13 -------- d-----w- c:\program files\Tripwire Interactive
2012-07-24 08:21:50 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{61869394-f4dc-4b91-8036-46cdfd7faefd}\mpengine.dll
2012-07-22 10:49:43 -------- d-----w- c:\program files\AMD APP
2012-07-15 16:32:05 360448 ----a-w- c:\users\jovan\appdata\local\omrgnmo.exe
2012-07-11 01:03:15 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 22:36:10 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 22:36:10 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 22:36:10 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 22:36:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 22:36:10 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 22:36:08 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 22:36:08 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 22:36:05 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-03 16:37:56 -------- d-----w- c:\users\jovan\appdata\local\201280
2012-06-30 10:18:09 -------- d-----w- c:\users\jovan\appdata\local\dxhr
2012-06-30 10:17:32 -------- d-----w- c:\users\jovan\appdata\local\28050
2012-06-30 09:56:47 -------- d-----w- c:\program files\SQUARE ENIX
.
==================== Find3M ====================
.
2012-07-12 10:30:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 10:30:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 11:50:42 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50:24 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 11:50:14 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 11:49:22 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-08 12:13:50 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-02 04:52:09 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:19:47 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 19:59:22.33 ===============



mycity.rs/must-login.png

GMER


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Evo jos i OTL i Extras failova:

OTL logfile created on: 7/25/2012 8:28:41 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Jovan\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 46.49% Memory free
6.00 Gb Paging File | 4.28 Gb Available in Paging File | 71.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.44 Gb Total Space | 40.21 Gb Free Space | 17.38% Space Free | Partition Type: NTFS
Drive D: | 234.31 Gb Total Space | 28.97 Gb Free Space | 12.36% Space Free | Partition Type: NTFS

Computer Name: JOVAN-PC | User Name: Jovan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/25 20:17:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jovan\Desktop\OTL.exe
PRC - [2012/07/25 20:06:07 | 000,302,592 | ---- | M] () -- C:\Users\Jovan\Desktop\0kpcqqye.exe
PRC - [2012/07/18 12:29:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/12 12:30:03 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/06/11 13:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/05/08 14:13:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 14:13:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 14:13:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 14:13:49 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/03/29 14:38:11 | 000,114,688 | ---- | M] (Acresso) -- C:\Program Files\ATRis_Technik\WorkshopDBServer.exe
PRC - [2012/03/29 14:34:26 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\ATRis_Technik\jre\bin\java.exe
PRC - [2012/02/15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/18 22:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:36 | 000,259,072 | ---- | M] () -- C:\Windows\System32\services.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/12/15 02:30:58 | 000,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\cosids\JRE\bin\java.exe
PRC - [1999/03/23 21:07:08 | 000,004,096 | ---- | M] () -- C:\Program Files\cosids\Apache Group\Apache\ApchT2kW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/25 20:06:07 | 000,302,592 | ---- | M] () -- C:\Users\Jovan\Desktop\0kpcqqye.exe
MOD - [2012/07/18 12:29:54 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/12 12:30:03 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/13 22:26:51 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/06/13 22:26:10 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/13 22:26:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/10 12:07:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 12:06:43 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 12:06:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/07/18 12:29:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 12:30:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/11 13:10:58 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/05/08 14:13:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 14:13:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/29 14:38:11 | 000,114,688 | ---- | M] (Acresso) [Auto | Running] -- C:\Program Files\ATRis_Technik\WorkshopDBServer.exe -- (WorkshopDBService)
SRV - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 22:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2001/11/20 16:37:06 | 000,165,376 | ---- | M] (TransAction Software, D 81737 Munich) [Auto | Stopped] -- C:\Program Files\cosids\bin\tbmux32.exe -- (COSIDS_TB)
SRV - [1999/03/23 21:07:08 | 000,004,096 | ---- | M] () [Auto | Running] -- C:\Program Files\cosids\Apache Group\Apache\ApchT2kW.exe -- (TIS 2000 Apache Web Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Jovan\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Jovan\AppData\Local\Temp\agloypow.sys -- (agloypow)
DRV - [2012/05/08 14:13:50 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 14:13:50 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/03/05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012/02/23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/02/15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/02/15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/02/15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/09/16 00:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/02/23 18:21:45 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/19 01:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2010/02/18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/01 16:43:06 | 000,762,112 | ---- | M] (none) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\adatadrv.sys -- (adatadrv)
DRV - [2008/07/11 08:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2008/07/11 08:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = search.phpnuke.org/?lang=en&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.phpnuke.org/?lang=en
IE - HKLM\..\SearchScopes,DefaultScope = {F964EFB1-D75B-4107-A4F8-2E9963B78409}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F964EFB1-D75B-4107-A4F8-2E9963B78409}: "URL" = search.phpnuke.org/?lang=en&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 01 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = search.phpnuke.org/?lang=en&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 72 88 B8 74 D3 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{22A7BDFB-D2DB-4F01-957D-5711C7FD3BA6}: "URL" = google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F964EFB1-D75B-4107-A4F8-2E9963B78409}: "URL" = search.phpnuke.org/?lang=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Phpnuke"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oyui7bo1b&&i=26&search="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jovan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jovan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/06 06:32:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/02/27 19:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 12:29:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 02:16:23 | 000,000,000 | ---D | M]

[2011/02/23 18:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jovan\AppData\Roaming\Mozilla\Extensions
[2012/07/25 18:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions
[2012/07/24 22:37:16 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2012/04/25 01:32:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/07/07 02:49:58 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com
[2011/02/27 18:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/25 17:08:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/02/24 17:31:02 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{bfd1d646-de27-1753-8a32-90cf3a19d1b0}
[2011/02/27 19:03:00 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/11 11:27:10 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\JOVAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IQEO92SS.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012/03/01 20:17:20 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\JOVAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IQEO92SS.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/02/26 19:50:15 | 000,021,356 | ---- | M] () (No name found) -- C:\USERS\JOVAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IQEO92SS.DEFAULT\EXTENSIONS\USS-BUTTON@UPLOADSCREENSHOT.COM.XPI
[2012/07/18 12:29:55 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/27 18:53:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/08 19:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 19:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Jovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/08 12:46:27 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jovan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4209C9B8-044D-4DA0-A134-1CA130E6157E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\video/mp4 - No CLSID value found
O18 - Protocol\Filter\video/x-flv - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/03/20 00:52:38 | 000,000,000 | ---D | M] - D:\Auto-dijagnostika -- [ NTFS ]
O33 - MountPoints2\{c7b85ab4-3f67-11e0-bf5b-00226871a4a3}\Shell - "" = AutoRun
O33 - MountPoints2\{c7b85ab4-3f67-11e0-bf5b-00226871a4a3}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 20:17:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jovan\Desktop\OTL.exe
[2012/07/25 19:58:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jovan\Desktop\dds.scr
[2012/07/25 19:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Roaming\SpeedyPC Software
[2012/07/25 19:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Roaming\DriverCure
[2012/07/25 19:07:41 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/25 19:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/25 18:40:58 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Roaming\Malwarebytes
[2012/07/25 18:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/25 18:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/25 18:40:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/25 18:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/25 17:39:25 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/07/25 17:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\67B889BF004F3C3E17EE3E6E4F147CE7
[2012/07/24 22:51:36 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Local\PunkBuster
[2012/07/24 22:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tripwire Interactive
[2012/07/24 22:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tripwire Interactive
[2012/07/24 22:32:17 | 008,578,536 | ---- | C] (Glarysoft Ltd ) -- C:\Users\Jovan\Desktop\gusetup.exe
[2012/07/22 12:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/22 12:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/07/22 12:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/17 19:05:04 | 000,000,000 | ---D | C] -- C:\Users\Jovan\Desktop\Kola
[2012/07/11 03:04:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 03:04:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 03:04:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 03:04:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 03:04:28 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 03:04:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 03:04:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 03:03:15 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 00:36:10 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/08 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/08 23:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/07/03 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Local\201280
[2012/06/30 12:18:09 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Local\dxhr
[2012/06/30 12:17:32 | 000,000,000 | ---D | C] -- C:\Users\Jovan\AppData\Local\28050
[2012/06/30 12:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
[2012/06/30 11:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\SQUARE ENIX
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/25 20:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 20:17:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jovan\Desktop\OTL.exe
[2012/07/25 20:16:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2174197270-3680494577-2633844771-1001UA.job
[2012/07/25 20:14:13 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 20:14:13 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 20:08:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2174197270-3680494577-2633844771-1001UA.job
[2012/07/25 20:06:07 | 000,302,592 | ---- | M] () -- C:\Users\Jovan\Desktop\0kpcqqye.exe
[2012/07/25 19:58:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jovan\Desktop\dds.scr
[2012/07/25 19:57:31 | 000,046,884 | ---- | M] () -- C:\Users\Jovan\Desktop\fff.jpg
[2012/07/25 19:35:08 | 003,616,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/25 19:35:08 | 001,118,488 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/25 19:29:12 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/07/25 19:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 19:29:01 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 18:40:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 18:13:22 | 000,000,286 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/25 02:22:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2174197270-3680494577-2633844771-1001Core.job
[2012/07/24 23:08:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2174197270-3680494577-2633844771-1001Core.job
[2012/07/24 22:49:17 | 000,002,565 | ---- | M] () -- C:\Users\Public\Desktop\Red Orchestra 2 Heroes of Stalingrad.lnk
[2012/07/24 22:34:04 | 000,001,052 | ---- | M] () -- C:\Users\Jovan\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/07/24 22:34:04 | 000,001,028 | ---- | M] () -- C:\Users\Jovan\Desktop\Glary Utilities.lnk
[2012/07/24 22:33:30 | 008,578,536 | ---- | M] (Glarysoft Ltd ) -- C:\Users\Jovan\Desktop\gusetup.exe
[2012/07/15 18:32:05 | 000,360,448 | ---- | M] () -- C:\Users\Jovan\AppData\Local\omrgnmo.exe
[2012/07/12 22:18:22 | 000,002,401 | ---- | M] () -- C:\Users\Jovan\Desktop\Google Chrome.lnk
[2012/07/12 12:30:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/12 12:30:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/11 10:42:19 | 003,763,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/08 12:46:27 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/06 12:12:02 | 000,000,928 | ---- | M] () -- C:\Windows\ESIDATA.ini
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/25 20:06:06 | 000,302,592 | ---- | C] () -- C:\Users\Jovan\Desktop\0kpcqqye.exe
[2012/07/25 19:57:31 | 000,046,884 | ---- | C] () -- C:\Users\Jovan\Desktop\fff.jpg
[2012/07/25 18:49:42 | 000,019,968 | ---- | C] () -- C:\Windows\Installer\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\U\800000cb.@
[2012/07/25 18:40:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 18:28:46 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\U\80000000.@
[2012/07/25 18:13:05 | 000,000,286 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/25 17:35:26 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\U\00000001.@
[2012/07/24 22:49:17 | 000,002,565 | ---- | C] () -- C:\Users\Public\Desktop\Red Orchestra 2 Heroes of Stalingrad.lnk
[2012/07/15 18:32:05 | 000,360,448 | ---- | C] () -- C:\Users\Jovan\AppData\Local\omrgnmo.exe
[2012/06/26 16:57:33 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2174197270-3680494577-2633844771-1001UA.job
[2012/06/26 16:57:32 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2174197270-3680494577-2633844771-1001Core.job
[2012/06/11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/29 17:33:59 | 000,000,000 | ---- | C] () -- C:\Users\Jovan\AppData\Local\max.ini
[2012/03/29 14:14:20 | 000,000,364 | ---- | C] () -- C:\Windows\Atris_St.INI
[2012/03/29 14:14:19 | 000,000,295 | ---- | C] () -- C:\Windows\Atris_STG.INI
[2012/03/20 21:39:42 | 000,001,845 | ---- | C] () -- C:\Windows\RBSystem.ini
[2012/03/20 21:20:19 | 000,487,424 | ---- | C] () -- C:\Windows\esi_kl02.dat
[2012/03/20 21:20:12 | 000,655,360 | ---- | C] () -- C:\Windows\System32\dslang32.dll
[2012/03/20 21:20:12 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ldf251.dll
[2012/03/20 21:15:38 | 000,000,928 | ---- | C] () -- C:\Windows\ESIDATA.ini
[2012/03/18 02:03:36 | 000,000,000 | ---- | C] () -- C:\Windows\frontend.INI
[2012/03/18 01:40:48 | 000,001,208 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/18 01:36:09 | 000,000,355 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/03/17 19:18:01 | 000,305,908 | ---- | C] () -- C:\Windows\ETOSU.EXE
[2012/03/17 19:17:32 | 000,000,137 | ---- | C] () -- C:\Windows\ETOSP.INI
[2012/03/17 19:01:00 | 000,436,736 | ---- | C] () -- C:\Windows\System32\Autoserv.exe
[2012/03/17 16:45:29 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012/03/17 16:38:23 | 000,000,141 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012/03/17 16:38:06 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012/03/17 16:38:06 | 000,023,360 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012/03/17 16:38:06 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012/03/17 16:38:06 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012/02/29 12:19:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\@
[2012/02/29 12:19:24 | 000,002,048 | -HS- | C] () -- C:\Users\Jovan\AppData\Local\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\@
[2012/02/15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/02/15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/01/10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/24 17:31:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\9aed5c991de03fc52a4a6e40442f7568_c
[2011/02/24 03:02:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

< End of report >


mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav, Wink
Logovi ukazuju na to da si inficiran ZeroAccess rootkitom. Odradi sledece:

*************************************
Korak #1

Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:


:files
ipconfig /flushdns /c
C:\Windows\Installer\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}
C:\Users\Jovan\AppData\Local\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}

:Commands
[CREATERESTOREPOINT]
[emptytemp]
[Reboot]




Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.


****************************************
Korak#2


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



Napomena:
Ukoliko posle rada Combofix-a dobijes sledecu poruku:
Illegal operation attempted on a registry key that has been marked for deletion.

Ne panici, samo jos jednom restartuj racunar i greska ce nestati.

offline
  • Pridružio: 29 Avg 2011
  • Poruke: 129

Run Fix izvestaj

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jovan\Desktop\cmd.bat deleted successfully.
C:\Users\Jovan\Desktop\cmd.txt deleted successfully.
C:\Windows\Installer\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\U folder moved successfully.
C:\Windows\Installer\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\L folder moved successfully.
C:\Windows\Installer\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8} folder moved successfully.
C:\Users\Jovan\AppData\Local\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\U folder moved successfully.
C:\Users\Jovan\AppData\Local\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8}\L folder moved successfully.
C:\Users\Jovan\AppData\Local\{9a9de0f2-30f3-51d1-cde3-cb7da3bf94e8} folder moved successfully.
========== COMMANDS ==========
System Restore Service not available.

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jovan
->Temp folder emptied: 3505439 bytes
->Temporary Internet Files folder emptied: 33020198 bytes
->Java cache emptied: 840601 bytes
->FireFox cache emptied: 86136356 bytes
->Flash cache emptied: 4353 bytes

User: kees.SOEST

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96428 bytes
RecycleBin emptied: 18272880 bytes

Total Files Cleaned = 137.00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07252012_205016

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_JOVAN-PC$\2152 not found!

PendingFileRenameOperations files...
File C:\Windows\temp\hsperfdata_JOVAN-PC$\2152 not found!

Registry entries deleted on Reboot...







Combo Fix izvestaj

ComboFix 12-07-26.03 - Jovan 07/25/2012 20:58:16.1.3 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1839 [GMT 2:00]
Running from: c:\users\Jovan\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9aed5c991de03fc52a4a6e40442f7568_c
c:\users\Jovan\AppData\Local\omrgnmo.exe
c:\users\Jovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome.manifest
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\background.html
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\browser.xul
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossrider.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossriderapi.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\dialog.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.xul
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\search_dialog.xul
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\update.html
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\defaults\preferences\prefs.js
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\install.rdf
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\locale\en-US\translations.dtd
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button1.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button2.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button3.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button4.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button5.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\crossrider_statusbar.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon24.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon48.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\panelarrow-up.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.css
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.html
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup_binding.xml
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\skin.css
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\update.css
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\windows\system32\DEBUG.log
c:\windows\system32\ReadMe.txt
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 19:03 . 2012-07-25 19:05 -------- d-----w- c:\users\Jovan\AppData\Local\temp
2012-07-25 19:03 . 2012-07-25 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 18:50 . 2012-07-25 18:50 -------- d-----w- C:\_OTL
2012-07-25 17:07 . 2012-07-25 17:07 -------- d-----w- c:\users\Jovan\AppData\Roaming\SpeedyPC Software
2012-07-25 17:07 . 2012-07-25 17:07 -------- d-----w- c:\users\Jovan\AppData\Roaming\DriverCure
2012-07-25 17:07 . 2012-07-25 17:11 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-25 16:40 . 2012-07-25 16:40 -------- d-----w- c:\users\Jovan\AppData\Roaming\Malwarebytes
2012-07-25 16:40 . 2012-07-25 16:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-25 16:40 . 2012-07-25 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-25 16:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 15:36 . 2012-07-25 16:48 -------- d-----w- c:\programdata\67B889BF004F3C3E17EE3E6E4F147CE7
2012-07-24 20:51 . 2012-07-24 20:51 -------- d-----w- c:\users\Jovan\AppData\Local\PunkBuster
2012-07-24 20:37 . 2012-07-24 20:37 -------- d-----w- c:\program files\Tripwire Interactive
2012-07-24 08:21 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61869394-F4DC-4B91-8036-46CDFD7FAEFD}\mpengine.dll
2012-07-22 10:49 . 2012-07-22 10:49 -------- d-----w- c:\programdata\ATI
2012-07-22 10:49 . 2012-07-22 10:49 -------- d-----w- c:\program files\AMD APP
2012-07-11 01:03 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 22:36 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 22:36 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 22:36 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 22:36 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 22:36 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 22:36 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 22:36 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 22:36 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-08 21:49 . 2012-07-08 21:49 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-03 16:37 . 2012-07-03 16:37 -------- d-----w- c:\users\Jovan\AppData\Local\201280
2012-06-30 10:18 . 2012-07-04 08:56 -------- d-----w- c:\users\Jovan\AppData\Local\dxhr
2012-06-30 10:17 . 2012-06-30 10:17 -------- d-----w- c:\users\Jovan\AppData\Local\28050
2012-06-30 09:56 . 2012-07-24 20:29 -------- d-----w- c:\program files\SQUARE ENIX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 10:30 . 2012-04-18 22:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 10:30 . 2011-02-23 16:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-11 11:50 . 2012-06-11 11:50 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-02 22:19 . 2012-06-22 11:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 11:02 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 11:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 11:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 11:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 11:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 11:02 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 11:02 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 11:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2012-02-29 10:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-08 12:13 . 2011-02-23 16:16 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 12:13 . 2011-02-23 16:16 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-02 04:52 . 2012-06-13 09:51 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:19 . 2012-06-13 09:51 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-18 10:29 . 2011-02-23 16:27 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Browser companion helper"=c:\program files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SedServer"="c:\program files\ATRis_Technik\Sed.exe" server
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [x]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 WorkshopDBService;WorkshopDBService;c:\progra~1\ATRIS_~1\WORKSH~1.EXE [x]
S3 adatadrv;Autodata Protection Service;c:\windows\system32\DRIVERS\adatadrv.sys [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 10:30]
.
2012-07-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-23 20:16]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174197270-3680494577-2633844771-1001Core.job
- c:\users\Jovan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-23 16:59]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2174197270-3680494577-2633844771-1001UA.job
- c:\users\Jovan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-23 16:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.phpnuke.org/?lang=en
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Jovan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Jovan\AppData\Roaming\Mozilla\Firefox\Profiles\iqeo92ss.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oyui7bo1b&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oyui7bo1b&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5864d3ea00000000000000226871a4a3
FF - user.js: extensions.incredibar_i.hardId - 5864d3ea00000000000000226871a4a3
FF - user.js: extensions.incredibar_i.instlDay - 15033
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2722:49
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6Oyui7bo1b
FF - user.js: extensions.incredibar_i.upn2n - 92260980057043969
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 12
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\crypserv.exe
c:\progra~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
c:\progra~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\COSIDS\JRE\bin\java.exe
c:\program files\ATRis_Technik\jre\bin\java.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-25 21:08:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 19:08
.
Pre-Run: 42,974,556,160 bytes free
Post-Run: 42,857,394,176 bytes free
.
- - End Of File - - 1185CACBE3DE73E6AAB747D68A64AAE8

Inace Avira me vise ne obavestava da imam virus, izgleda da si me spasao

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

@proka89
Hajde odradi sad jos ovo. Ako ti ne odgovorim kasno veceras, ocekuj moj odgovori sutra. Wink


Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.

offline
  • Pridružio: 29 Avg 2011
  • Poruke: 129

Da li smeta sto vec imam aviru?

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

proka89 ::Da li smeta sto vec imam aviru?
Ni malo. aswMBR () je alat i nije antivirus vec dodatni antirootkit scanner.

offline
  • Pridružio: 29 Avg 2011
  • Poruke: 129

Evo loga, i hvla puno na pomoci Ziveli

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 21:18:05
-----------------------------
21:18:05.727 OS Version: Windows 6.1.7600
21:18:05.727 Number of processors: 3 586 0x202
21:18:05.727 ComputerName: JOVAN-PC UserName: Jovan
21:18:16.928 Initialize success
21:25:28.180 AVAST engine defs: 12072500
21:25:48.649 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
21:25:48.665 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
21:25:48.680 Disk 0 MBR read successfully
21:25:48.680 Disk 0 MBR scan
21:25:48.696 Disk 0 Windows 7 default MBR code
21:25:48.696 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 236997 MB offset 63
21:25:48.712 Disk 0 Partition - 00 0F Extended LBA 239931 MB offset 485371845
21:25:48.743 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 239931 MB offset 485371908
21:25:48.743 Disk 0 scanning sectors +976752000
21:25:48.805 Disk 0 scanning C:\Windows\system32\drivers
21:26:02.986 Service scanning
21:26:11.831 Service FXDrv32 E:\FXDrv32.sys **LOCKED** 21
21:26:33.577 Modules scanning
21:26:37.540 Disk 0 trace - called modules:
21:26:37.586 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
21:26:37.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fb5ac8]
21:26:37.602 3 CLASSPNP.SYS[8b18a59e] -> nt!IofCallDriver -> [0x85dc5700]
21:26:37.618 5 ACPI.sys[8abae3b2] -> nt!IofCallDriver -> \Device\00000062[0x85dc5030]
21:26:38.663 AVAST engine scan C:\Windows
21:26:42.750 AVAST engine scan C:\Windows\system32
21:31:05.828 AVAST engine scan C:\Windows\system32\drivers
21:31:19.478 AVAST engine scan C:\Users\Jovan
21:34:16.975 AVAST engine scan C:\ProgramData
21:35:18.787 Scan finished successfully
21:35:38.583 Disk 0 MBR has been saved successfully to "C:\Users\Jovan\Desktop\MBR.dat"
21:35:38.583 The log file has been saved successfully to "C:\Users\Jovan\Desktop\aswMBR.txt"

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

proka89 ::Inace Avira me vise ne obavestava da imam virus, izgleda da si me spasao

Posto je problem resen, i logovi ne pokazuju tragove aktivnog malware-a, vreme je da uklonimo koriscene alate:


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

***************************


Arrow Ponovo pokreni OTL i klikni na CleanUp!.
OTL ce se uninstallirati i ukloniti koriscene alate.

offline
  • Pridružio: 29 Avg 2011
  • Poruke: 129

Problem sa deinstaliranjem ComboFix-a






Pokrenem to sto si napisao sa run, ali windows izgleda ne moze da ga pronadje

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Obrisi rucno taj Combofix koji imas (desni klik pa delete )
Preuzmi svez Combofix ali ga ne pokreci.

Ponovi postupak.


Ukolko i dalje imas problem sa uninstallerom,preuzmi Combofix Uninstaller sa ovog linka i pokreni ga.
http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

Ko je trenutno na forumu
 

Ukupno su 1425 korisnika na forumu :: 39 registrovanih, 10 sakrivenih i 1376 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, antonije64, Brana01, CikaKURE, cuculo, darkangel, Dorcolac, draganca, Dukelander, dzoni19, Georgius, gmlale, janbo, Kibice, kolle.the.kid, ladro, lord sir giga, Lošmi, Luka Blažević, Magistar78, Mcdado, mercedesamg, Metanoja, milimoj, Milometer, Misirac, Mixelotti, mocnijogurt, Nemanja.M, raptorsi, Stanlio, Toper, Vlad000, Vlada1389, vladulns, yrraf, zbazin, zlaya011