MyCity » Ambulanta -> Arhiva Ambulante » Virus trojanac

Virus trojanac

Napisano na dan: 21.11.2012

Virus trojanac
Sledeća strana Pagination

Idi na vrh

Poslao: 21 Nov 2012 19:05
Idi na vrh
offline
  • Dušan
  • Pridružio: 18 Jun 2012
  • Poruke: 986

Ovo obavestenje sam dobio od avg

Evo i otl izvestaja



OTL logfile created on: 11/21/2012 6:46:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dejan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 43.91 Mb Available Physical Memory | 8.58% Memory free
1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.40% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 12.79 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 17.21 Gb Free Space | 35.24% Space Free | Partition Type: NTFS
Drive E: | 7.96 Gb Total Space | 7.91 Gb Free Space | 99.34% Space Free | Partition Type: NTFS

Computer Name: DEJAN-6E65AF0A7 | User Name: Dejan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/21 18:46:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dejan\My Documents\Downloads\OTL.exe
PRC - [2012/11/21 15:13:46 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/21 15:13:46 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/20 07:17:36 | 000,016,864 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox1\plugin-container.exe
PRC - [2012/11/20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox1\firefox.exe
PRC - [2012/11/08 06:30:32 | 000,568,832 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/23 18:18:39 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/06/13 16:34:31 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/06/11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/06/11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2005/07/12 08:55:26 | 000,081,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/04/30 02:22:26 | 000,266,240 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2005/04/30 02:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/04/30 02:18:24 | 000,131,136 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/04/30 02:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004/11/30 19:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/21 15:13:47 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/21 15:13:47 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/21 15:13:46 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/11/21 15:13:46 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
MOD - [2012/11/20 07:17:34 | 002,400,224 | ---- | M] () -- D:\Program Files\Mozilla Firefox1\mozjs.dll
MOD - [2012/11/08 06:30:32 | 000,568,832 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
MOD - [2012/10/23 18:18:39 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
MOD - [2012/10/09 05:45:31 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/06/26 13:11:10 | 000,345,688 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/06/26 13:11:08 | 000,282,200 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/06/26 13:11:02 | 008,197,208 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/06/26 13:11:00 | 002,302,040 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/06/26 13:10:58 | 000,202,328 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012/06/26 13:10:58 | 000,027,736 | ---- | M] () -- D:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2005/04/30 02:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
MOD - [2005/04/30 01:52:32 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
MOD - [2004/11/30 19:08:58 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2004/11/30 19:08:58 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/11/21 15:13:46 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/20 07:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/08 06:30:32 | 000,568,832 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/23 18:18:39 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Dejan\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/09 06:04:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/04/30 02:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2005/04/30 02:18:24 | 000,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/04/30 02:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 19:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/21 15:13:47 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/01 19:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/06/13 16:45:08 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2012/06/13 16:45:08 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2012/06/13 16:45:08 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/13 22:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/02/26 16:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/02/26 16:21:18 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
DRV - [2005/07/15 10:40:36 | 003,640,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/05/17 10:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/04/05 20:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 20:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 12:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=download&.....1760221614
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtA0BtB0AtN0D0Tzu0CtBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1760221614

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109217&tt=421.....fff792732b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 A5 16 D3 67 A5 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=4212_4&babsrc=SP_ss&mntrId=54343b2a00000000000000fff792732b
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={22ACF759-4C0F-4C8B-9A05-92A832C56654}&mid=01054e9465fe47d08a2ed15cb4fcf995-6fecc239b3924e86a6915d96814a29f8a89fa720&lang=en&ds=AVG&pr=fr&d=2012-11-21 15:13:51&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtCyD0FtBtCzztCtDyCyCtA0BtB0AtN0D0Tzu0CtBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1760221614
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.2.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={22ACF759-4C0F-4C8B-9A05-92A832C56654}&mid=01054e9465fe47d08a2ed15cb4fcf995-6fecc239b3924e86a6915d96814a29f8a89fa720&lang=en&ds=AVG&pr=fr&d=2012-11-21 15:13:51&v=13.2.0.4&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.4 [2012/11/21 15:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: D:\Program Files\Mozilla Firefox1\components [2012/11/21 14:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox1\plugins

[2012/11/21 14:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dejan\Application Data\Mozilla\Extensions
[2012/11/21 15:13:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.4

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhifchfddcfhikmkjcfcobicabgieepm\2.3.15.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Dejan\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PC Suite Tray] D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D656DBF-DACB-4333-A96A-3A10DD40BEEE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dejan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dejan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/09 00:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 16:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\need for speed most wanted
[2012/11/21 15:28:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dejan\Recent
[2012/11/21 15:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\AVG2013
[2012/11/21 15:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\TuneUp Software
[2012/11/21 15:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/11/21 15:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\AVG Secure Search
[2012/11/21 15:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/11/21 15:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\AVG Secure Search
[2012/11/21 15:13:50 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/11/21 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/11/21 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/11/21 15:11:55 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/11/21 15:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/11/21 15:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/11/21 15:00:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/11/21 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\MFAData
[2012/11/21 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/11/21 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\Avg2013
[2012/11/21 14:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\Auslogics
[2012/11/21 14:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\Mozilla
[2012/11/21 14:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/21 14:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/21 14:48:05 | 019,380,192 | ---- | C] (Mozilla) -- C:\Documents and Settings\Dejan\Desktop\Firefox Setup 17.0.exe
[2012/11/21 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2012/11/21 13:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/20 13:17:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dejan\Phone Browser
[2012/11/20 13:17:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/11/20 13:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\Nokia
[2012/11/20 13:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\PC Suite
[2012/11/20 13:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/11/20 13:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite
[2012/11/20 13:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012/11/20 13:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012/11/20 13:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/11/20 13:11:13 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012/11/20 13:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/11/20 13:11:00 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012/11/20 13:10:59 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2012/11/20 13:10:57 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012/11/20 13:10:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/11/20 13:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/11/18 15:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/11/18 15:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/11/18 15:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/11/18 15:05:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/11/17 18:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\New Folder
[2012/11/17 18:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\Sasa Kovacevic 2010
[2012/11/17 13:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\MediaGet2
[2012/11/12 19:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\Moj pas
[2012/11/11 16:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\Ostalo
[2012/11/11 11:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/11/11 11:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\Sun
[2012/11/11 11:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/11/11 11:57:38 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/11 11:57:38 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/11 11:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\Sun
[2012/11/08 22:08:45 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2012/11/08 22:08:45 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012/11/08 21:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Desktop\New Folder (6)
[2012/10/23 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\uTorrentControl_v2
[2012/10/23 18:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v2
[2012/10/23 18:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2012/10/23 18:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\DefaultTab
[2012/10/23 18:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\IconEdit2
[2012/10/23 16:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\jZip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/21 18:45:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/21 18:44:25 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/21 18:44:19 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\YourFile Update.job
[2012/11/21 18:44:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/21 18:42:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\settings.dat
[2012/11/21 18:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/21 18:25:37 | 000,802,194 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\virus.bmp
[2012/11/21 18:03:06 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/21 15:14:01 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/11/21 15:13:47 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/11/21 14:53:52 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/21 14:53:52 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/11/21 14:48:05 | 019,380,192 | ---- | M] (Mozilla) -- C:\Documents and Settings\Dejan\Desktop\Firefox Setup 17.0.exe
[2012/11/21 13:13:44 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/20 13:59:00 | 000,131,489 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\speedo_clock.nth
[2012/11/20 13:55:00 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\Spider Solitaire.lnk
[2012/11/20 13:20:52 | 000,025,570 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\BMW.svg.png
[2012/11/20 13:18:54 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/20 13:18:54 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/20 13:11:53 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2012/11/17 18:03:03 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2012/11/17 15:27:20 | 000,108,698 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\Bavaria-16.jpg
[2012/11/17 15:08:19 | 000,279,580 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\BMW-318-Coupe1.jpg
[2012/11/16 15:43:43 | 000,330,058 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\P1030136.JPG
[2012/11/15 11:21:08 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/12 09:00:11 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/11 11:57:12 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/11/11 11:57:12 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/11/09 22:42:48 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\Shortcut to pedeset_nijansi_-_siva_odlomak.lnk
[2012/11/08 22:35:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/08 22:09:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/11/08 22:08:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/11/07 09:44:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/10/23 18:46:17 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/23 16:35:51 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/21 18:42:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\settings.dat
[2012/11/21 18:41:51 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dejan\Desktop\RootRepeal.exe
[2012/11/21 18:25:37 | 000,802,194 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\virus.bmp
[2012/11/21 15:14:01 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/11/21 14:53:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/21 14:53:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/21 14:53:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/11/21 13:13:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/11/20 13:58:50 | 000,131,489 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\speedo_clock.nth
[2012/11/20 13:54:39 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Dejan\Start Menu\Programs\Freecell.lnk
[2012/11/20 13:20:50 | 000,025,570 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\BMW.svg.png
[2012/11/20 13:11:52 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2012/11/17 15:13:12 | 000,108,698 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\Bavaria-16.jpg
[2012/11/17 14:55:45 | 000,279,580 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\BMW-318-Coupe1.jpg
[2012/11/09 22:42:48 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\Shortcut to pedeset_nijansi_-_siva_odlomak.lnk
[2012/11/08 22:09:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/11/08 22:08:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/10/23 18:46:17 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/23 16:35:51 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2012/10/23 16:35:51 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Dejan\Start Menu\Programs\jZip.lnk
[2012/10/21 12:44:19 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\funmoods-speeddial_sf.crx
[2012/10/21 12:44:19 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\funmoods.crx
[2012/10/17 20:17:38 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/10 08:05:20 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/10/10 08:05:20 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/10/09 05:49:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/09 01:05:48 | 000,017,571 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/10/09 01:05:44 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012/10/09 01:05:36 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012/10/09 01:00:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/09 00:53:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/08 17:49:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/08 17:47:47 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 16:36:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/13 16:36:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/06/13 16:35:29 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2012/06/13 16:34:32 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

<End>


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Ovo obavestenje mi se pojavilo u toku skeniranja
Citat:...................................................................LAST 30 DAYS..SINCE INSTALLATION
Files scanned........................................398000...............398000
Infected files found and healed.......2...........................2
Internet je adsl osnovni paket
Windows xp

Poslao: 21 Nov 2012 21:38
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pozdrav,

Tvoj sistem nije 64-bitni, potrebno je da dostavis i GMER izvestaje iz uputstva Smile

Poslao: 21 Nov 2012 21:41
Idi na vrh
offline
  • Dušan
  • Pridružio: 18 Jun 2012
  • Poruke: 986

Nisam mogao zato sto nije htelo da radi u gmeru
Pocne i odma poplavi ekran
I javljaju se neke greske

Poslao: 21 Nov 2012 21:44
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Trebao si mi to napomenuti Smile

U uputstvu ima alternativa --> Root Repeal

Poslao: 21 Nov 2012 21:52
Idi na vrh
offline
  • Dušan
  • Pridružio: 18 Jun 2012
  • Poruke: 986

Napisano: 21 Nov 2012 21:45

Probao sam i sa tim ali tada samo zakuca Smile

Dopuna: 21 Nov 2012 21:51

Jedino sam DDS izvestaje uspeo da uradim
Da li te da okacim
Ako nesto znaci Smile

Dopuna: 21 Nov 2012 21:52

Koje jos izvestaje mogu da odradim Smile

Poslao: 22 Nov 2012 14:21
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Preuzmi SysProt AntiRootkit sa sledeće stranice:

SysProt downlaod

Na strani koja se otvori treba kliknuti "here" link.



Raspakuj arhivu u neki folder (uputstvo), a zatim:
dvoklikom pokreni program i pređi na Log karticu;

štikliraj svih osam stavki i klikni Create log;

nakon određenog vremena će se pojaviti upit u kome treba obeležiti
Scan root drive only i kliknuti Start;

po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK;

izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program.

Slikoviti prikaz postupka

Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.



Ukoliko ni on ne radi, isprati sledece upuststvo...



Preuzmi [url=https://www.mycity.rs/must-login.png Unhooker[/url] na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.

Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.

Poslao: 25 Nov 2012 14:34
Idi na vrh
offline
  • Dušan
  • Pridružio: 18 Jun 2012
  • Poruke: 986

Napisano: 24 Nov 2012 14:26

https://www.mycity.rs/must-login.png

Dopuna: 24 Nov 2012 14:29

https://www.mycity.rs/must-login.png

Dopuna: 25 Nov 2012 14:34

...............

Poslao: 25 Nov 2012 15:41
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Arrow Izvini sto si malo duze cekao. Na racunaru nemas aktivne infekcije. Ono sto AVG prijavljuje jeste virus koji se nalazi u okviru System Restore-a, i koji ne predstavlja aktivnu opasnost. Da bi ga se resio, potrebno je da resetujes System Restore prateci ovaj link

http://www.mycity.rs/MyCity-Laboratorija/Kako-iskl.....sta-7.html



Arrow Ponovo pokreni OTL i klikni na CleanUp. SacŤekaj da se deinstalacija zavrsi.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html



Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

MyCity » Ambulanta -> Arhiva Ambulante » Virus trojanac

Ko je trenutno na forumu
 

Ukupno su 1255 korisnika na forumu :: 43 registrovanih, 7 sakrivenih i 1205 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Petar, AC-DC, ajo baba, aleksandarbl, Atomski čoban, Bobrock1, dekan.m, Dimitrise93, Djokislav, Djokkinen, doktor123, DonRumataEstorski, Dorcolac, FileFinder, flash12, frenki1986, Insan, kjkszpj, krkalon, Kubovac, kunktator, Lieutenant, ljubacv, Mercury, Mi lao shu, Milometer, nemkea71, novator, opt1, panzerwaffe, pein, pristinski korpus, procesor, savaskytec, slonic_tonic, Srle993, suton, Trpe Grozni, Tvrtko I, virked, VJ, voja64