MyCity » Ambulanta -> Arhiva Ambulante » Virus Hi

Virus Hi

Napisano na dan: 24.7.2011

Strana:
1
2

Virus Hi

Sledeća strana

Pagination

Odgovori

Strana:
1
2

tanjabujos Poslao: 24 Jul 2011 23:58 Idi na vrh
offline tanjabujos Novi MyCity građanin Pridružio: 24 Jul 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pre par dana sam primila prvu poruku na engl, sad je ista pocela da se salje i sa mog naloga...promenila sam sifru na fb, u nadi da ce prestati... Adsl konekcija OTL logfile created on: 24.7.2011 23:50:40 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Tanja\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000181A \| Country: Bosnia and Herzegovina \| Language: SRS \| Date Format: d.M.yyyy 1,93 Gb Total Physical Memory \| 0,94 Gb Available Physical Memory \| 48,68% Memory free 3,86 Gb Paging File \| 2,64 Gb Available in Paging File \| 68,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 48,74 Gb Total Space \| 22,69 Gb Free Space \| 46,56% Space Free \| Partition Type: NTFS Drive D: \| 184,05 Gb Total Space \| 127,74 Gb Free Space \| 69,41% Space Free \| Partition Type: NTFS Computer Name: TANJA-PC \| User Name: Tanja \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.24 23:49:41 \| 000,579,584 \| ---- \| M] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe PRC - [2011.07.01 19:41:42 \| 000,269,480 \| ---- \| M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.29 18:48:45 \| 000,136,360 \| ---- \| M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.07 19:28:44 \| 000,281,768 \| ---- \| M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.15 14:49:20 \| 000,255,536 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.07.01 18:37:06 \| 000,037,888 \| ---- \| M] () -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2008.10.08 17:56:24 \| 001,519,616 \| ---- \| M] () -- C:\Program Files (x86)\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe PRC - [2008.09.03 19:27:55 \| 000,073,728 \| ---- \| M] () -- C:\Program Files (x86)\KWorld Multimedia\Trident USB Device Utilities\TRRCtl.exe ========== Modules (SafeList) ========== MOD - [2011.07.24 23:49:41 \| 000,579,584 \| ---- \| M] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe MOD - [2011.04.08 16:56:28 \| 000,018,176 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll MOD - [2010.08.21 07:21:32 \| 001,680,896 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 \| 000,193,536 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.07.01 19:41:42 \| 000,269,480 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 18:48:45 \| 000,136,360 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.16 15:49:08 \| 000,101,048 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2010.01.15 14:49:20 \| 000,227,232 \| ---- \| M] (McAfee, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.06.10 23:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.01 19:41:48 \| 000,123,784 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.01 19:41:48 \| 000,088,288 \| ---- \| M] (Avira GmbH) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 08:22:41 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.08.25 20:36:04 \| 010,611,552 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 03:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 \| 000,077,888 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:32 \| 000,032,768 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.20 04:09:57 \| 001,394,688 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 23:01:06 \| 001,146,880 \| ---- \| M] (LSI Corp) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:38:56 \| 000,000,308 \| ---- \| M] () [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:33 \| 000,389,120 \| ---- \| M] (Marvell) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.10.24 07:55:20 \| 000,312,832 \| ---- \| M] (Trident Multimedia Technologies Co.,Ltd) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TridVid6010.sys -- (TridVid) DRV:64bit: - [2008.05.02 11:59:08 \| 000,008,704 \| ---- \| M] (Windows (R) Codename Longhorn DDK provider) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2008.05.02 11:58:50 \| 000,008,704 \| ---- \| M] (Windows (R) Codename Longhorn DDK provider) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2008.05.02 11:58:48 \| 000,023,552 \| ---- \| M] (Nokia) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2008.05.02 11:58:48 \| 000,018,432 \| ---- \| M] (Nokia) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]{868E0183-FF62-4CE5-BBDB-3B1F9B176885} IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_2.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\FaceSmooch Toolbar\tbhelper.dll () IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tanja\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tanja\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.05.24 20:55:04 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.04 20:39:44 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.04 20:40:02 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Tanja\AppData\Roaming\mozilla\Extensions [2011.05.30 00:28:04 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\zb38pjwb.default\extensions [2011.05.30 00:28:05 \| 000,000,000 \| ---D \| M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\zb38pjwb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.30 00:28:07 \| 000,000,000 \| ---D \| M] (Conduit Engine) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\zb38pjwb.default\extensions\engine@conduit.com [2011.06.21 20:45:02 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.06.21 20:45:03 \| 000,000,000 \| ---D \| M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.24 20:55:04 \| 000,000,000 \| ---D \| M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2011.04.14 18:26:02 \| 000,142,296 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 \| 000,002,252 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2009.06.10 23:00:26 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll () O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_2.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found O3 - HKLM\..\Toolbar: (FaceSmooch Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (FaceSmooch Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\FaceSmooch Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files (x86)\BS_Player\prxtbBS_2.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe () O4 - HKCU..\Run: [Center Agent] C:\Program Files (x86)\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe () O4 - Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files (x86)\KWorld Multimedia\Trident USB Device Utilities\TRRCtl.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici] (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [Link mogu videti samo ulogovani korisnici] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" % O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.24 23:49:42 \| 000,579,584 \| ---- \| C] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe [2011.07.24 00:38:36 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\TEMP [2011.07.24 00:38:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Tanja\AppData\Roaming\Oberon Media [2011.07.24 00:38:19 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Oberon Media [2011.07.24 00:38:18 \| 000,000,000 \| ---D \| C] -- C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Games [2011.07.24 00:38:18 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Games [2011.07.24 00:38:15 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Oberon Media [2011.07.24 00:38:12 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Yahoo! Games [2011.07.24 00:38:12 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Oberon Media [2011.07.12 20:28:40 \| 000,422,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.07.12 20:28:38 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.12 20:28:38 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,608 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,608 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,608 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.12 20:28:34 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.07.12 20:28:34 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.07.12 20:28:33 \| 000,006,144 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.07.12 20:28:33 \| 000,006,144 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.07.12 20:28:33 \| 000,005,120 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.07.12 20:28:33 \| 000,005,120 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.07.12 20:28:33 \| 000,004,608 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,584 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.07.12 20:28:33 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.07.12 20:28:32 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.07.12 20:28:32 \| 000,004,096 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.07.12 20:28:32 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.07.12 20:28:32 \| 000,003,072 \| -H-- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.07.12 20:28:00 \| 001,162,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.07.12 20:27:59 \| 000,362,496 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.07.12 20:27:59 \| 000,338,944 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.07.12 20:27:58 \| 000,243,200 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.07.12 20:27:58 \| 000,214,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.07.12 20:27:57 \| 000,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.07.12 20:27:57 \| 000,016,384 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.07.12 20:27:56 \| 000,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.07.12 20:27:56 \| 000,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.07.12 20:27:56 \| 000,007,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.07.12 20:27:56 \| 000,005,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.07.12 20:27:32 \| 000,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.07.01 19:34:11 \| 002,326,016 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.07.01 19:34:11 \| 002,228,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.07.01 19:34:11 \| 001,401,856 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.07.01 19:34:10 \| 001,553,920 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.07.01 19:34:09 \| 000,779,264 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.07.01 19:34:09 \| 000,666,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.07.01 19:34:09 \| 000,491,520 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.07.01 19:34:09 \| 000,337,408 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.07.01 19:34:09 \| 000,249,856 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.07.01 19:34:08 \| 000,288,256 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.07.01 19:34:08 \| 000,197,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll [2011.07.01 19:34:08 \| 000,113,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.07.01 19:34:08 \| 000,075,264 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.07.01 19:34:07 \| 000,059,392 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.07.01 19:33:38 \| 000,252,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.07.01 19:33:38 \| 000,044,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [1 C:\Windows\SysWow64\.tmp files -> C:\Windows\SysWow64\.tmp -> ] [1 C:\Users\Tanja\AppData\Local\.tmp files -> C:\Users\Tanja\AppData\Local\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.24 23:49:41 \| 000,579,584 \| ---- \| M] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe [2011.07.24 23:45:41 \| 000,015,872 \| ---- \| M] () -- C:\Users\Tanja\Desktop\pr6432.exe [2011.07.24 23:14:00 \| 000,000,950 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2618996552-440460692-187564397-1000UA.job [2011.07.24 23:05:07 \| 000,000,898 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.24 21:29:37 \| 000,014,016 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.24 21:29:37 \| 000,014,016 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.24 21:16:35 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2011.07.24 20:52:56 \| 000,096,031 \| ---- \| M] () -- C:\Users\Tanja\Desktop\248537_1946123419071_1422108199_31848832_3749945_n.jpg [2011.07.24 20:28:01 \| 001,175,166 \| ---- \| M] () -- C:\Users\Tanja\Desktop\IMG_3116.JPG [2011.07.24 20:15:26 \| 000,000,894 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.24 20:15:09 \| 1554,665,472 \| -HS- \| M] () -- C:\hiberfil.sys [2011.07.24 16:04:25 \| 000,713,888 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.24 16:04:25 \| 000,615,360 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.24 16:04:25 \| 000,103,702 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.24 00:38:18 \| 000,002,142 \| ---- \| M] () -- C:\Users\Tanja\Desktop\Mummy’s Treasure.lnk [2011.07.24 00:38:18 \| 000,001,150 \| ---- \| M] () -- C:\Users\Tanja\Desktop\Yahoo! Games - Games And Online Games.lnk [2011.07.22 21:12:36 \| 000,000,898 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2618996552-440460692-187564397-1000Core.job [2011.07.13 13:45:30 \| 000,363,704 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.01 19:41:48 \| 000,123,784 \| ---- \| M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.07.01 19:41:48 \| 000,088,288 \| ---- \| M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\SysWow64\.tmp files -> C:\Windows\SysWow64\.tmp -> ] [1 C:\Users\Tanja\AppData\Local\.tmp files -> C:\Users\Tanja\AppData\Local\.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.24 23:45:46 \| 000,015,872 \| ---- \| C] () -- C:\Users\Tanja\Desktop\pr6432.exe [2011.07.24 20:53:00 \| 000,096,031 \| ---- \| C] () -- C:\Users\Tanja\Desktop\248537_1946123419071_1422108199_31848832_3749945_n.jpg [2011.07.24 20:27:59 \| 001,175,166 \| ---- \| C] () -- C:\Users\Tanja\Desktop\IMG_3116.JPG [2011.07.24 00:38:18 \| 000,002,142 \| ---- \| C] () -- C:\Users\Tanja\Desktop\Mummy’s Treasure.lnk [2011.07.24 00:38:18 \| 000,001,150 \| ---- \| C] () -- C:\Users\Tanja\Desktop\Yahoo! Games - Games And Online Games.lnk [2011.06.21 21:16:49 \| 000,000,000 \| ---- \| C] () -- C:\Users\Tanja\AppData\Local\{C5CF4D7E-7663-4F0F-9A2D-6B81E2FF86B6} [2011.01.30 21:13:30 \| 000,476,672 \| ---- \| C] () -- C:\Windows\Unist.exe [2011.01.30 21:13:27 \| 000,000,839 \| ---- \| C] () -- C:\Windows\TVDrv.ini [2010.08.25 20:34:30 \| 000,982,240 \| ---- \| C] () -- C:\Windows\SysWow64\igkrng500.bin [2010.08.25 20:34:30 \| 000,439,308 \| ---- \| C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010.08.25 20:34:30 \| 000,092,356 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010.08.25 19:52:00 \| 000,208,896 \| ---- \| C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.08.25 19:52:00 \| 000,143,360 \| ---- \| C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.07.01 17:02:30 \| 000,178,176 \| ---- \| C] () -- C:\Windows\SysWow64\unrar.dll [2010.07.01 17:02:30 \| 000,000,038 \| ---- \| C] () -- C:\Windows\avisplitter.ini [2010.07.01 17:02:29 \| 000,881,664 \| ---- \| C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.07.01 17:02:29 \| 000,205,824 \| ---- \| C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.07.01 17:02:27 \| 000,085,504 \| ---- \| C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.07.01 16:55:04 \| 000,000,376 \| ---- \| C] () -- C:\Windows\ODBC.INI [2009.07.14 07:38:36 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 \| 000,000,741 \| ---- \| C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 \| 000,215,943 \| ---- \| C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 \| 000,064,000 \| ---- \| C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 \| 000,139,824 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:03:59 \| 000,364,544 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 \| 000,673,088 \| ---- \| C] () -- C:\Windows\SysWow64\mlang.dat [2003.01.07 15:05:08 \| 000,002,695 \| ---- \| C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:020106A2 < End of report > [Link mogu videti samo ulogovani korisnici]

Profil

1l padr1n0 Poslao: 25 Jul 2011 00:20 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: bobo 75 Registruj se da bi pohvalio/la poruku! Pozdrav tanjabujos! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

tanjabujos Poslao: 25 Jul 2011 00:43 Idi na vrh
offline tanjabujos Novi MyCity građanin Pridružio: 24 Jul 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici]

Profil

1l padr1n0 Poslao: 25 Jul 2011 02:01 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: bobo 75 Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: DDS:: mStart Page = hxxp://www.bigseekpro.com/facesmooch3a/{868E0183-FF62-4CE5-BBDB-3B1F9B176885} RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Preporucujem ti da obavezno promenis sifru na Facebook nalogu; Preporucujem ti da deinstaliras sledece aplikacije ukoliko ih ne koristis: BS_Player Toolbar, DVDVideoSoftTB Toolbar, FaceSmooch Toolbar, Google Toolbar for Internet Explorer, McAfee Security Scan Plus, McAfee SiteAdvisor. goran9888 (AMF Tim)

Profil

tanjabujos Poslao: 25 Jul 2011 06:33 Idi na vrh
offline tanjabujos Novi MyCity građanin Pridružio: 24 Jul 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-07-24.03 - Tanja 25.07.2011 6:25.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1977.787 [GMT 2:00] Running from: c:\users\Tanja\Desktop\ComboFix.exe Command switches used :: c:\users\Tanja\Desktop\CFScript.txt AV: AntiVir Desktop Enabled/Updated {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop Enabled/Updated {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 ))))))))))))))))))))))))))))))) . . 2011-07-25 04:29 . 2011-07-25 04:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-23 22:38 . 2011-07-23 22:38 -------- d-----w- c:\users\Tanja\AppData\Roaming\Oberon Media 2011-07-23 22:38 . 2011-07-23 22:38 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media 2011-07-23 22:38 . 2011-07-23 22:38 -------- d-----w- c:\programdata\Oberon Media 2011-07-23 22:38 . 2011-07-23 22:38 -------- d-----w- c:\program files (x86)\Yahoo! Games 2011-07-23 22:38 . 2011-07-23 22:38 -------- d-----w- c:\program files (x86)\Oberon Media 2011-07-22 16:07 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A77C28A-EF0F-4C18-BCE8-CEB5685095A6}\mpengine.dll 2011-07-12 18:27 . 2011-06-02 06:45 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-12 18:27 . 2011-06-02 06:35 338944 ----a-w- c:\windows\system32\conhost.exe 2011-07-12 18:27 . 2011-06-02 06:45 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-12 18:27 . 2011-06-02 06:44 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-07-12 18:27 . 2011-06-02 06:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-12 18:27 . 2011-06-02 05:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-12 18:27 . 2011-06-02 06:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-12 18:27 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-12 18:27 . 2011-06-02 05:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-12 18:27 . 2011-06-02 03:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-12 18:27 . 2011-06-02 03:50 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-01 17:33 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-07-01 17:33 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-07-01 17:33 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-07-01 17:33 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-07-01 17:33 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-12 20:07 . 2010-11-12 18:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-07-12 20:06 . 2011-05-02 12:55 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-07-12 20:06 . 2011-05-02 12:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-07-12 20:06 . 2010-11-12 18:50 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-07-01 17:41 . 2010-07-01 16:23 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-01 17:41 . 2010-07-01 15:00 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-21 19:16 . 2011-06-21 19:16 0 ---ha-w- c:\users\Tanja\AppData\Local\BIT2DE.tmp 2011-06-02 05:56 . 2011-07-12 18:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-28 03:25 . 2011-06-21 18:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-28 03:00 . 2011-06-21 18:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-05-24 17:14 . 2010-07-01 16:01 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-23 16:45 . 2011-05-23 16:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-05-23 16:44 . 2010-11-12 18:51 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-05-23 16:34 . 2010-11-12 18:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-05-04 02:52 . 2010-07-02 00:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-04 02:51 . 2011-06-21 18:50 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-04 02:51 . 2011-06-21 18:50 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-04 02:51 . 2011-06-21 18:50 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-03 05:21 . 2011-06-21 18:49 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-03 04:50 . 2011-06-21 18:49 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-05-02 12:55 . 2011-05-02 12:55 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-04-29 03:13 . 2011-06-21 18:49 461312 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-29 03:12 . 2011-06-21 18:49 399872 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 03:12 . 2011-06-21 18:49 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-27 02:57 . 2011-06-21 18:51 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys . . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2010-07-01 15:57 . 2011-07-24 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-07-01 15:57 . 2011-07-25 04:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-07-01 15:57 . 2011-07-25 04:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-07-01 15:57 . 2011-07-24 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-07-01 15:07 . 2011-07-25 04:12 236168 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\prxtbBS_2.dll" [2011-01-17 175912] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll [BU] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\BS_Player\prxtbBS_2.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\prxtbBS_2.dll" [2011-01-17 175912] "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [BU] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] . [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Center Agent"="c:\program files (x86)\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe" [2008-10-08 1519616] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-01 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Remote Control.lnk - c:\program files (x86)\KWorld Multimedia\Trident USB Device Utilities\TRRCtl.exe [2011-1-30 73728] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 135664] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x] R3 TridVid;PVR-TV UB390-A;c:\windows\system32\DRIVERS\TridVid6010.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-02-16 101048] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 16:22] . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 16:22] . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618996552-440460692-187564397-1000Core.job - c:\users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 14:27] . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2618996552-440460692-187564397-1000UA.job - c:\users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 14:27] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = [Link mogu videti samo ulogovani korisnici] mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\zb38pjwb.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file) WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file) . . . Completion time: 2011-07-25 06:32:18 ComboFix-quarantined-files.txt 2011-07-25 04:32 ComboFix2.txt 2011-07-24 22:41 . Pre-Run: 23.966.822.400 bytes free Post-Run: 24.400.117.760 bytes free . - - End Of File - - 4CF9AFD962D861597AE4C50076A2ADA2

Profil

1l padr1n0 Poslao: 25 Jul 2011 13:26 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: bobo 75 Registruj se da bi pohvalio/la poruku! Kakvo je stanje sistema? Jel imas problema? Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: [Link mogu videti samo ulogovani korisnici] Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu. goran9888 (AMF Tim)

Profil

tanjabujos Poslao: 25 Jul 2011 15:40 Idi na vrh
offline tanjabujos Novi MyCity građanin Pridružio: 24 Jul 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koliko sam primetila nema, racunar normalno radi, a fb vise ne salje hi poruke:D Malwarebytes' Anti-Malware 1.51.1.1800 [Link mogu videti samo ulogovani korisnici] Database version: 7274 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 25.7.2011 15:14:45 mbam-log-2011-07-25 (15-14-45).txt Scan type: Quick scan Objects scanned: 172031 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Uredjaji: Usb USBNoRisk 2.7 (28 December 2010) by bobby Started at 25.7.2011 15:35:33 Searching for connected USB Mass storage... ---------------------------------------- G: {942359a9-883c-11df-bde4-001d72cd19b4} ======================================== Searching for other storage... ---------------------------------------- C: {84025ba8-8568-11df-800e-806e6f6e6963} D: {84025ba9-8568-11df-800e-806e6f6e6963} ======================================== Scanning removable storage... ---------------------------------------- No blocked files found on G: No Autorun.inf files found on G: Sanitized mountpoint for 942359a9-883c-11df-bde4-001d72cd19b4 No Desktop.ini files found on G: No mimics found on drive G: No .lnk/.pif/.com/.scr files found on drive G: ---------------------------------------- Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 84025ba8-8568-11df-800e-806e6f6e6963 No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 84025ba9-8568-11df-800e-806e6f6e6963 No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== plejer USBNoRisk 2.7 (28 December 2010) by bobby Started at 25.7.2011 15:36:16 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {84025ba8-8568-11df-800e-806e6f6e6963} D: {84025ba9-8568-11df-800e-806e6f6e6963} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 84025ba8-8568-11df-800e-806e6f6e6963 No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 84025ba9-8568-11df-800e-806e6f6e6963 No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== telefon USBNoRisk 2.7 (28 December 2010) by bobby Started at 25.7.2011 15:38:01 Searching for connected USB Mass storage... ---------------------------------------- H: {c5f99343-afb1-11df-97cf-001d72cd19b4} G: {c5f99347-afb1-11df-97cf-001d72cd19b4} ======================================== Searching for other storage... ---------------------------------------- C: {84025ba8-8568-11df-800e-806e6f6e6963} D: {84025ba9-8568-11df-800e-806e6f6e6963} ======================================== Scanning removable storage... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Could not open G:\autorun.inf.blocked to read the content File lock detected: USBNoRisk cannot find what locked the file ---------------------------------------- No Autorun.inf files found on G: No mountpoint found for c5f99347-afb1-11df-97cf-001d72cd19b4 ---------------------------------------- Desktop.ini found at G:\selomoje\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332 No mimics found on drive G: No .lnk/.pif/.com/.scr files found on drive G: ---------------------------------------- Blocked file found: H:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Could not open H:\autorun.inf.blocked to read the content File lock detected: USBNoRisk cannot find what locked the file ---------------------------------------- No Autorun.inf files found on H: Sanitized mountpoint for c5f99343-afb1-11df-97cf-001d72cd19b4 ---------------------------------------- Desktop.ini found at H:\selomoje\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332 No mimics found on drive H: No .lnk/.pif/.com/.scr files found on drive H: ---------------------------------------- Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 84025ba8-8568-11df-800e-806e6f6e6963 No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 84025ba9-8568-11df-800e-806e6f6e6963 No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ========================================

Profil

1l padr1n0 Poslao: 25 Jul 2011 17:23 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: bobo 75 Registruj se da bi pohvalio/la poruku! Da li si prvo ubacila USB memorijske uredjaje pa onda pokrenula USB No Risk, ili si pokrenula USB No Risk pa prikljucivala USB mem. uredjaje? Povadi sve USB memorijske uredjaje, pa odradi sledece ... Za zastitu USB memorijskih uredjaja ti predlazem da koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan. Home Page MCShield-a: [Link mogu videti samo ulogovani korisnici] Vise o MCShield-u mozes saznati u ovoj temi: [Link mogu videti samo ulogovani korisnici] Nakon instaliranja MCShield-a, ubodi jedan po jedan USB memorijski uredjaj; sacekaj da ih MCShield skenira. Kada zavrsi skeniranje zadnjeg uredjaja okaci mi izvestaj pod nazivom: AllScans.txt. Start -> Run -> %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter Posalji mi sadrzaj izvestaja koji ce ti se otvoriti u Notepad-u. goran9888 (AMF Tim)

Profil

tanjabujos Poslao: 25 Jul 2011 17:56 Idi na vrh
offline tanjabujos Novi MyCity građanin Pridružio: 24 Jul 2011 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Instalirala, ubacila, pokrenula, pa copirala.... Cisto je sve sem telefona: 25.7.2011 17:50:31 > Scanning drive H: (PHONE ~44 MB, FAT32 flash drive )... >>> H:\selomoje\Desktop.ini - Malware > Deleted. (11.07.25. 17.50 Desktop.ini.681210; MD5: f05d6580608901fa2aea2a1e711a8ff4) > H:\selomoje > H:\selomoje\sranje.exe (MD5: ) >>> H:\selomoje - Malware.Folder > Deleted. () >>> H:\s3ek.exe - Suspicious > Renamed. (MD5: X) => Malicious files : 1/1 deleted. => Malicious folders : 1/1 deleted. => Suspicious files : 1/1 renamed. Jesam li konacno ociscena od virusa, profil, komp, ostalo? Postoji li mogucnost da je neki virus ostao, ili da se ponovo pojavi?

Profil

1l padr1n0 Poslao: 25 Jul 2011 19:21 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	1Ovo se svidja korisniku: bobo 75 Registruj se da bi pohvalio/la poruku! Zuris negde? Jos samo da proverim nesto i to bi trebalo biti to. - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj (samo mobilni telefon). - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{c5f99343-afb1-11df-97cf-001d72cd19b4} folder_list:%DRIVE% no_sh:` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. Okaci mi svez OTL izvestaj da pogledam (kao sto si ostavila u prvoj poruci). goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus Hi

Ko je trenutno na forumu

Ukupno su 1068 korisnika na forumu :: 89 registrovanih, 9 sakrivenih i 970 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100jan, advokat84, Ahilius, Aleksej, Aska, Avalon015, belov, Betty25, blatruc82, Boban0312, bojanstros9, boromir, Botovac, Bubi, cemix, Clouseau, cvrle312, Daba75, Deki Duga Devetka, djonsule, DovlaODR, Drugsparrow, dzada, Electron, Fliper, Goran_, indja, Jablan, jarovitt, jimi_agf, Jonbonjovi, Kaponi, Khalid ibn al-Walid, Kobrim, Koridor, kovacicbozo, Kubovac, laurusri, lcc, leopard83, ljuba.b, MaCS, Magistar78, Marko1238, Marky, mačković, metallac777, MGBRBG, milutin134, Mićko, mrzimregistraciju, Mzee, Natuzzi, nekdo, nelezele, opt1, Orijen, Orlova, Otto Grunf, Paki, pirke96, PlayerOne, PO1974, raketaš, raptorsi, RD84, repac, Resad76, Rok A Bit, samojednoimeznam, sedan, shlauf, Srpska zauvjek, Stanlio, TheDictator, tihi-posmatrac, Topaz9, troki1971, ujke, Underwood, vaci, vddutina, VekiJ, vlado_pg, x78186, zeka013, Zoran1959, Žoržo, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by