MyCity » Ambulanta -> Arhiva Ambulante » Win32/Spy.KeyLogger.NHI trojan

Win32/Spy.KeyLogger.NHI trojan

Napisano na dan: 23.5.2012

Win32/Spy.KeyLogger.NHI trojan

Sledeća strana

Pagination

Odgovori

Purple Rose Poslao: 23 Maj 2012 12:15 Idi na vrh
offline Purple Rose Novi MyCity građanin Pridružio: 23 Maj 2012 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Lijepi pozdrav svima! Jučer mi je preko USB-a ušao key logger. Budući da je ovdje već netko tražio pomoć za isti problem, slijedila sam iste upute i mislim da je sada sve ok, ali puno bi mi značila potvda nekoga stručnijeg. Upisala sam ovaj kod u OTL: :files C:\configuration C:\OptionalComponents :commands [purity] [emptytemp] [reboot] Izbacio mi je sljedeći izvještaj: All processes killed ========== FILES ========== C:\configuration folder moved successfully. C:\OptionalComponents\4C6964696A61 folder moved successfully. C:\OptionalComponents folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Lidija ->Temp folder emptied: 1483686825 bytes ->Temporary Internet Files folder emptied: 1563775874 bytes ->Java cache emptied: 98411 bytes ->Flash cache emptied: 64353 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 679973727 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3.555,00 mb OTL by OldTimer - Version 3.2.43.1 log created on 05232012_102141 Files\Folders moved on Reboot... C:\Users\Lidija\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WEK2RYJT\ads[1].htm moved successfully. File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WEK2RYJT\likebox[1].htm not found! C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UN22C7MV\xd_arbiter[1].htm moved successfully. File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U3XOVJNH\likebox[1].htm not found! C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q1I55ZUF\2[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KFFYIZZK\xd_arbiter[1].htm moved successfully. File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I6VR27JI\Win32-Spy-KeyLogger-NHI-trojan-2[1].htm not found! File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GQ2716P6\index[2].htm not found! File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GQ2716P6\Kako-otvoriti-temu-u-Ambulanti[1].htm not found! File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BFV0J69K\watch[1].htm not found! C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot... MCShield mi je za All Scans napisao sljedeće: >>> MCShield AllScans.txt <<< >>> MCShield v 2.0.3.11 <<< 22.5.2012. 10:12:07 > Drive C: - scan started (no label ~100 GB, NTFS HDD )... => The drive is clean. 22.5.2012. 10:12:07 > Drive D: - scan started (no label ~366 GB, NTFS HDD )... => The drive is clean. >>> MCShield v 2.0.3.11 <<< 22.5.2012. 18:17:13 > Drive C: - scan started (no label ~100 GB, NTFS HDD )... => The drive is clean. 22.5.2012. 18:17:13 > Drive D: - scan started (no label ~366 GB, NTFS HDD )... => The drive is clean. >>> MCShield v 2.0.3.11 <<< 23.5.2012. 7:53:40 > Drive C: - scan started (no label ~100 GB, NTFS HDD )... => The drive is clean. 23.5.2012. 7:53:40 > Drive D: - scan started (no label ~366 GB, NTFS HDD )... => The drive is clean. >>> MCShield v 2.0.3.11 <<< 23.5.2012. 10:25:41 > Drive C: - scan started (no label ~100 GB, NTFS HDD )... => The drive is clean. 23.5.2012. 10:25:41 > Drive D: - scan started (no label ~366 GB, NTFS HDD )... => The drive is clean. >>> MCShield v 2.0.3.11 <<< 23.5.2012. 10:31:43 > Drive I: - scan started (no label ~1952 MB, FAT32 flash drive )... ---> Note: traces of file replicators have been found! ---> Executing generic S&D routine... >>> I:\Prezentacije.exe - Malware > Deleted. (12.05.23. 10.31 Prezentacije.exe.329296; MD5: 1628b5236d9d41b760e5e477eb50700b) >>> I:\Random.exe - Malware > Deleted. (12.05.23. 10.31 Random.exe.204155; MD5: 1628b5236d9d41b760e5e477eb50700b) > Resetting attributes: I:\Prezentacije < Successful. > Resetting attributes: I:\Random < Successful. => Malicious files : 2/2 deleted. => Hidden folders : 2/2 unhidden. ____________________________________________ ::::: Scan duration: 31s ::::::::::::::::::: ____________________________________________ Završni scan s OTL-om: OTL logfile created on: 23.5.2012. 11:50:09 - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Lidija\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000041a \| Country: Hrvatska \| Language: HRV \| Date Format: d.M.yyyy. 3,91 Gb Total Physical Memory \| 1,64 Gb Available Physical Memory \| 41,91% Memory free 7,82 Gb Paging File \| 5,37 Gb Available in Paging File \| 68,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 99,90 Gb Total Space \| 60,00 Gb Free Space \| 60,06% Space Free \| Partition Type: NTFS Drive D: \| 365,76 Gb Total Space \| 141,00 Gb Free Space \| 38,55% Space Free \| Partition Type: NTFS Computer Name: LIDIJA-PC \| User Name: Lidija \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.23 09:51:54 \| 000,595,968 \| ---- \| M] (OldTimer Tools) -- C:\Users\Lidija\Desktop\OTL.exe PRC - [2012.05.16 11:54:04 \| 001,680,528 \| ---- \| M] (YL Software) -- C:\Program Files)\WinUtilities\WinUtil.exe PRC - [2012.04.10 00:31:48 \| 000,166,912 \| ---- \| M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe PRC - [2012.03.12 22:25:06 \| 000,583,680 \| ---- \| M] (MyCity) -- C:\Program Files)\MCShield\MCShieldRTM.exe PRC - [2011.08.02 09:33:30 \| 004,910,912 \| ---- \| M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2011.04.22 08:13:00 \| 002,009,704 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.21 19:32:26 \| 000,378,472 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.01.12 16:41:42 \| 000,810,144 \| ---- \| M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010.11.17 09:53:16 \| 000,113,288 \| ---- \| M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.03 12:01:34 \| 000,983,104 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2010.11.03 12:01:20 \| 001,298,496 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2010.11.03 11:53:28 \| 000,897,088 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010.11.03 11:53:06 \| 000,979,008 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2010.10.05 21:04:12 \| 002,655,768 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 21:04:08 \| 000,325,656 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.10.01 11:49:08 \| 000,151,552 \| ---- \| M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe PRC - [2009.03.05 16:07:20 \| 002,260,480 \| RHS- \| M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 \| 001,153,368 \| ---- \| M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2011.05.26 13:42:00 \| 000,067,872 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.04.22 08:13:00 \| 000,004,096 \| ---- \| M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.01.25 01:57:18 \| 000,296,448 \| ---- \| M] (IDT, Inc.) [Auto \| Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011.01.12 16:44:02 \| 000,042,360 \| ---- \| M] (ESET) [On_Demand \| Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2011.01.12 16:41:42 \| 000,810,144 \| ---- \| M] (ESET) [Auto \| Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010.12.17 14:41:32 \| 001,515,792 \| ---- \| M] (Intel(R) Corporation) [Auto \| Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV:64bit: - [2010.12.17 14:28:46 \| 000,340,240 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010.12.17 14:26:50 \| 000,836,880 \| ---- \| M] (Intel(R) Corporation) [Auto \| Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2009.07.14 03:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 \| 000,193,536 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.03.03 02:42:58 \| 000,089,600 \| ---- \| M] (Andrea Electronics Corporation) [Auto \| Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012.04.10 00:31:48 \| 000,166,912 \| ---- \| M] (Dell Products, LP.) [Auto \| Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery) SRV - [2011.04.22 08:13:00 \| 002,009,704 \| ---- \| M] (NVIDIA Corporation) [Auto \| Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.21 19:32:26 \| 000,378,472 \| ---- \| M] (NVIDIA Corporation) [Auto \| Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.11 10:53:22 \| 000,119,688 \| ---- \| M] (SecureW2 B.V.) [Auto \| Running] -- C:\Program Files (x86)\SecureW2\sw2_service.exe -- (SW2SVC) SRV - [2010.12.17 14:46:48 \| 000,053,920 \| ---- \| M] (Atheros Commnucations) [Auto \| Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010.11.03 12:01:34 \| 000,983,104 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2010.11.03 12:01:20 \| 001,298,496 \| ---- \| M] (Intel Corporation) [On_Demand \| Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2010.11.03 11:53:28 \| 000,897,088 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.10.05 21:04:12 \| 002,655,768 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.10.05 21:04:08 \| 000,325,656 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.10.01 11:49:08 \| 000,151,552 \| ---- \| M] (Atheros) [Auto \| Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010.03.18 13:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.25 01:28:56 \| 000,526,392 \| ---- \| M] () [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.05.13 00:28:46 \| 000,363,856 \| ---- \| M] (Alps Electric Co., Ltd.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.05.10 08:06:08 \| 000,051,712 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.22 08:13:00 \| 000,025,960 \| ---- \| M] (NVIDIA Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.04.10 11:51:06 \| 012,223,936 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.03 21:29:20 \| 000,174,184 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.01.25 01:57:18 \| 000,520,192 \| ---- \| M] (IDT, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.12.21 15:04:06 \| 000,170,640 \| ---- \| M] (ESET) [File_System \| Auto \| Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010.12.21 15:04:06 \| 000,141,264 \| ---- \| M] (ESET) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010.12.21 13:47:38 \| 000,125,296 \| ---- \| M] (ESET) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2010.12.17 14:47:10 \| 000,275,616 \| ---- \| M] (Atheros) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.12.17 14:47:08 \| 000,201,376 \| ---- \| M] (Atheros) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.12.17 14:47:08 \| 000,154,272 \| ---- \| M] (Atheros) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.12.17 14:47:08 \| 000,055,456 \| ---- \| M] (Atheros) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.12.17 14:47:08 \| 000,036,000 \| ---- \| M] (Atheros) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.12.17 14:47:08 \| 000,028,832 \| ---- \| M] (Atheros) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.12.17 14:47:06 \| 000,298,144 \| ---- \| M] (Atheros) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.12.10 13:50:36 \| 000,181,248 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 \| 000,080,384 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.24 11:33:26 \| 002,673,664 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.20 15:33:35 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 \| 000,020,992 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.04 05:07:06 \| 000,058,128 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2010.10.26 11:08:08 \| 000,406,632 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.10.19 23:34:26 \| 000,056,344 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 \| 000,034,152 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.08.14 06:48:34 \| 000,024,064 \| ---- \| M] (Creative Technology Ltd.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv) DRV - [2009.07.14 03:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.hr/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA A9 F0 FD A1 62 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {82A2851E-26F2-4289-B3E8-1F1AC23C3B31} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{82A2851E-26F2-4289-B3E8-1F1AC23C3B31}: "URL" = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.08.24 23:26:57 \| 000,000,000 \| ---D \| M] O1 HOSTS File: ([2011.10.06 19:17:16 \| 000,437,925 \| R--- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15060 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [CtaMon] Rundll32 CtaMon.dll,RunMonitor File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files)\MCShield\MCShieldRTM.exe (MyCity) O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.139.104.2 83.139.105.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2261F64-02BA-4D49-B043-2497A2928B2C}: DhcpNameServer = 83.139.104.2 83.139.105.2 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f668b640-cea8-11e0-a4f3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f668b640-cea8-11e0-a4f3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{f668b641-cea8-11e0-a4f3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f668b641-cea8-11e0-a4f3-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit: - HKLM\..comfile [open] -- "%1" % O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 11:08:08 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities [2012.05.23 11:08:05 \| 001,706,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2012.05.23 11:08:05 \| 000,544,768 \| ---- \| C] (Stardock Corporation) -- C:\Windows\SysWow64\wbocx.ocx [2012.05.23 11:08:05 \| 000,258,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll [2012.05.23 11:08:05 \| 000,056,496 \| ---- \| C] (Stardock.Net, Inc) -- C:\Windows\SysWow64\wbhelp2.dll [2012.05.23 11:08:05 \| 000,033,968 \| ---- \| C] (Neil Banfield) -- C:\Windows\SysWow64\anim.dll [2012.05.23 11:08:05 \| 000,004,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\W95INF32.DLL [2012.05.23 11:08:05 \| 000,002,272 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\W95INF16.DLL [2012.05.23 10:26:14 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{6C0DA008-FAC9-4375-A369-5CA532201F36} [2012.05.23 10:25:57 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{E2F534F1-55BE-45AB-9FCA-504774CE4E69} [2012.05.23 10:21:41 \| 000,000,000 \| ---D \| C] -- C:\_OTL [2012.05.23 09:51:41 \| 000,595,968 \| ---- \| C] (OldTimer Tools) -- C:\Users\Lidija\Desktop\OTL.exe [2012.05.23 07:54:25 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{07B03D39-7689-4ACF-97AC-C5271FFB57FA} [2012.05.23 07:54:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{670FE860-4B6F-4E29-BF0C-808BFE8F20A7} [2012.05.22 18:18:43 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{B91C83F6-E62A-4A48-A58D-E8D2B9B1B7CC} [2012.05.22 18:18:17 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{8C3DAC71-BA73-4229-9322-FDF07CDF2988} [2012.05.22 18:17:37 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{2BCE9031-6C10-4878-AD13-D1B0740C18FB} [2012.05.22 10:11:39 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield [2012.05.22 10:11:38 \| 000,000,000 \| ---D \| C] -- C:\Program Files) [2012.05.22 10:11:38 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MCShield [2012.05.21 17:03:41 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{7442857A-DB9F-4F9B-99A9-E5D7CB872805} [2012.05.21 17:03:26 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{2C29E347-B7D8-4198-A0B1-4F554E182FBB} [2012.05.21 02:51:56 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{506649C7-B00E-4654-8E6A-64E51399F529} [2012.05.21 02:51:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{68F6420A-407F-4F09-BA94-14EAEB61E2D0} [2012.05.20 17:41:15 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{4722FE7E-F12E-415F-BFD5-E97FEFBDE94F} [2012.05.20 17:40:51 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{D1837552-97A4-4232-B2EA-C45DEAE6AE6E} [2012.05.19 10:56:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{C82C91C6-BC4A-4105-8EBA-1C509C426DF5} [2012.05.19 10:56:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{DF17B428-89C4-49CA-BB7F-4A562BCAB9CA} [2012.05.18 05:47:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{F5F97541-8468-4264-8F75-6688C008FEE8} [2012.05.18 05:47:39 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{A853E43D-A629-43A7-9FED-9E971C5A703E} [2012.05.16 14:41:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{AFB9EFF5-F961-4857-8A41-4942DD0F89C0} [2012.05.16 14:41:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{3D84008D-0B17-4584-B2B9-478030FA3DA5} [2012.05.15 18:15:43 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{FB7F2E00-D329-49F5-B5CC-173DDDF0CF1C} [2012.05.15 18:15:27 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{C4D1CFA9-6692-45D3-B3E9-59D0E96F0A9B} [2012.05.14 15:45:48 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{4891D285-40CD-4256-B661-F8851FCD6D24} [2012.05.14 15:45:32 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{1F2A70ED-4B0E-4CB4-ABE7-B653AD5A05C6} [2012.05.13 16:40:47 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{D0B17986-4962-4176-A84D-884B4AF2F1DF} [2012.05.12 14:49:35 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{A38CDF3F-0DE5-45C4-9FA2-496E40CAF1D3} [2012.05.12 14:49:20 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{00C43A48-4567-4FF7-9960-D54A721F77E9} [2012.05.11 14:07:21 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{3DB89D0A-D013-4FF8-8AB5-2BAB4CD4E947} [2012.05.11 14:06:59 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{7D330C7E-3168-4BE5-ACAB-438FF1069EE7} [2012.05.11 03:28:44 \| 000,000,000 \| -HSD \| C] -- C:\Config.Msi [2012.05.10 23:47:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{C5C38BFA-474E-4FF6-A0D0-45768B17B4AD} [2012.05.10 23:47:25 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{654A6D9F-DADC-4AC3-93CD-5F90C32C98AF} [2012.05.10 15:41:17 \| 001,544,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 15:41:13 \| 005,559,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.10 15:41:10 \| 003,968,368 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.10 15:41:09 \| 003,913,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.10 15:35:05 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{7E398B12-C35D-422D-99DB-04D72689105F} [2012.05.10 15:34:50 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{7F71F9C3-DBC3-45EC-A4F8-0BF8F8736754} [2012.05.09 15:04:53 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{36CBB63E-A286-4C36-AC9E-569BD4EE1846} [2012.05.09 15:04:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{5EE93657-C204-4ABD-8483-E485EF5565FF} [2012.05.09 07:01:13 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{8F4B0CB3-D4F4-46B0-BBDB-4A4297A571DC} [2012.05.09 07:01:02 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{32E53161-1DB3-466A-BCEC-196CD8487DF5} [2012.05.08 16:34:43 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{F73C0AA3-270A-4379-BE20-F3B1A96524A7} [2012.05.08 16:34:23 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{2686271E-CCC7-4401-BB11-86C825F274F3} [2012.05.07 17:25:23 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{2FD7545C-90A3-45F9-8004-43464770DEE6} [2012.05.07 17:25:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{619BE333-C8FD-44CE-8D13-64F8ECEA5A3A} [2012.05.07 13:34:03 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{13CD8842-2A44-42A7-876F-9061F1C07DD0} [2012.05.07 13:33:48 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{99AFF933-E986-4E01-826B-FB2F9C156DD7} [2012.05.06 13:58:01 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{4EE5C3F8-4CD2-4B0C-8435-0E6E0CA6A9D5} [2012.05.06 13:57:48 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{9552391E-B935-48B6-9591-3EFA06DDFA1A} [2012.05.06 02:31:17 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{FBC107C6-1014-4812-B4EF-3E4B7072090C} [2012.05.06 02:31:02 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{9AFEA05C-183B-41B9-BDB2-42A7643D4EE1} [2012.05.05 14:26:59 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{E43227C3-F6A5-49EC-8504-BF38FE829CCE} [2012.05.05 14:26:44 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{9AD8CD40-0F5A-49F8-8E76-4D393D7891C0} [2012.05.04 15:10:46 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{7321F8AC-31CF-48DA-B6BF-0D7A42CF2197} [2012.05.04 15:10:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{74CE32DF-AD27-4327-9A2E-9E05B2F91934} [2012.05.04 07:41:26 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{46B6C522-D2EF-418D-B554-B0DF0A554F84} [2012.05.03 23:52:07 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{23094127-A099-42FA-AF64-F9C191DC4A42} [2012.05.03 23:51:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{07ACF6E2-B67B-41FB-A39F-5CCD8C24E741} [2012.05.03 19:28:04 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{F1CCAF3E-E3DD-49BC-842A-AE40830AF490} [2012.05.03 19:27:48 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{42EBCFCE-C9FE-4B9F-A979-60F90EF9C255} [2012.05.03 09:15:01 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{B382FAE8-82F6-4D4F-8331-452399F86B76} [2012.05.03 09:14:50 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{6F5E7F64-FC74-4907-99B4-962F510E7461} [2012.05.02 21:40:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{E2C3530B-790B-4389-BB8E-BB7CAB9EC157} [2012.05.02 21:40:25 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{D6B8DD19-CC2D-4E4C-B6EF-A4259303C5AF} [2012.05.02 11:34:41 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{D3DD4FEF-B9E0-40E8-96DE-2B1B030C6B92} [2012.05.02 11:34:25 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{8C1E5D6B-8F31-4A1B-9589-141ACFF57D54} [2012.05.01 14:50:50 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{059A376D-2E2C-460F-9276-F951BDE08F6B} [2012.05.01 14:50:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{0B9528D8-6056-4D6D-A33E-590CBA41FBD0} [2012.05.01 02:47:52 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{1FDF2C21-89FA-48D1-B314-96B3485FED3B} [2012.05.01 02:47:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{E2B1D7BB-C422-4DCB-81BB-A1230729C257} [2012.05.01 00:32:00 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Roaming\SecondLife [2012.05.01 00:31:58 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\SecondLife [2012.05.01 00:31:44 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer [2012.04.30 07:14:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{F00B89F1-C414-479F-878C-C276676980C7} [2012.04.30 07:14:08 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{BE59B308-BAB8-4F6E-8875-9311D3C0CF0A} [2012.04.28 07:45:52 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{2644F252-047B-4312-AAFA-9B3396A7CCC1} [2012.04.28 07:45:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{77215731-1080-4F6F-8345-C5C7DC989018} [2012.04.27 10:07:47 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Dell Digital Delivery [2012.04.27 10:05:25 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{E4976D10-03BB-4BEA-A382-6A752A300B57} [2012.04.27 01:05:34 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{B6F6B842-CCF3-49EC-9ABD-6052CCA57244} [2012.04.27 01:05:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{276796AE-3BF0-4C7D-8B0D-F66FF8E77E52} [2012.04.26 11:11:56 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{DF13D351-1620-4B4E-890B-73793929AF69} [2012.04.26 11:11:41 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{58CE5C3D-3E1D-4B2B-A49F-87774D16B527} [2012.04.26 00:37:07 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{AD6DFA50-B86B-4EAA-B0A8-481F1EC3552C} [2012.04.26 00:36:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{76392A83-BD2A-4DE3-AC55-9EAFF95195F3} [2012.04.25 16:23:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{B1E3F642-C647-4819-939F-68D3B49F73A5} [2012.04.25 16:23:18 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{78366860-F703-4C6B-9215-577B7541B30A} [2012.04.25 16:21:48 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{CA2E07FC-FBC1-498D-9654-D1DC6EFC78A1} [2012.04.25 16:21:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{748472D5-4855-45CF-A55E-1F01303A5624} [2012.04.25 13:26:17 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{7C377CEE-36F3-41DD-9005-136F66E87151} [2012.04.25 13:26:03 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{45C3910D-DCB4-4B21-858A-9EC8752C5B43} [2012.04.24 21:21:10 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{C5A1EE33-F8D6-4C45-A986-6441F34743F3} [2012.04.24 21:20:55 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{DDFE319C-60B2-4C1C-A839-3609A80CF403} [2012.04.24 11:24:16 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{38AD74F7-FE5D-492B-A087-BDAEA0217926} [2012.04.24 10:10:00 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{C8E880B1-F038-4AEA-A611-3E76448AB8F0} [2012.04.24 10:09:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{86C34AAF-2D42-4BC0-8546-E3E9E52B0693} [2012.04.23 12:58:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{DE2600E8-1853-4CE6-A04B-7F6F356250D3} [2012.04.23 12:58:24 \| 000,000,000 \| ---D \| C] -- C:\Users\Lidija\AppData\Local\{48017F8A-5A5B-4688-B61C-071856351D06} ========== Files - Modified Within 30 Days ========== [2012.05.23 11:08:25 \| 000,000,045 \| ---- \| M] () -- C:\Windows\SysWow64\_WKERNEL.SYL [2012.05.23 11:08:08 \| 000,000,800 \| ---- \| M] () -- C:\Users\Public\Desktop\WinUtilities.lnk [2012.05.23 10:32:11 \| 000,020,768 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 10:32:11 \| 000,020,768 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.23 10:25:40 \| 000,000,035 \| ---- \| M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012.05.23 10:24:41 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012.05.23 10:24:35 \| 3148,218,368 \| -HS- \| M] () -- C:\hiberfil.sys [2012.05.23 09:51:54 \| 000,595,968 \| ---- \| M] (OldTimer Tools) -- C:\Users\Lidija\Desktop\OTL.exe [2012.05.22 04:43:08 \| 000,726,444 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.22 04:43:08 \| 000,616,242 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.22 04:43:08 \| 000,106,622 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.11 14:05:57 \| 000,430,600 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.01 00:31:45 \| 000,000,780 \| ---- \| M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk ========== Files Created - No Company Name ========== [2012.05.23 11:08:11 \| 000,000,045 \| ---- \| C] () -- C:\Windows\SysWow64\_WKERNEL.SYL [2012.05.23 11:08:08 \| 000,000,800 \| ---- \| C] () -- C:\Users\Public\Desktop\WinUtilities.lnk [2012.05.23 11:08:04 \| 000,000,439 \| ---- \| C] () -- C:\Windows\SysWow64\shfolder.inf [2012.05.01 00:31:45 \| 000,000,780 \| ---- \| C] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk [2011.12.02 20:54:43 \| 000,000,069 \| ---- \| C] () -- C:\Windows\NeroDigital.ini [2011.09.15 20:01:13 \| 000,000,190 \| ---- \| C] () -- C:\Windows\ODBCINST.INI [2011.08.25 23:54:57 \| 000,000,533 \| ---- \| C] () -- C:\Windows\eReg.dat [2011.08.23 21:31:46 \| 000,008,192 \| ---- \| C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.08.23 00:02:00 \| 000,963,116 \| ---- \| C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.23 00:01:59 \| 000,218,304 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.23 00:01:59 \| 000,056,832 \| ---- \| C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.23 00:01:58 \| 013,356,032 \| ---- \| C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.08.23 00:01:58 \| 000,145,804 \| ---- \| C] () -- C:\Windows\SysWow64\igcompkrng600.bin < End of report > Nadam se da sam kopirala sve što treba. Bila bih uistinu zahvalna ako bi netko izdvojio svoje vrijeme i pomogao mi.

Profil

argus Poslao: 23 Maj 2012 12:56 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	2Ovo se svidja korisnicima: ThePhilosopher, NIx Car Registruj se da bi pohvalio/la poruku! Pozdrav i dobrodosla na forum. Da upamtis za ubuduce, nikada nemoj da kopiras fixeve sa bilo kog foruma. Ma koliko ti mislila da je tvoj problem isti kao i taj koji gledas, to nije isto. Svaki slucaj je prica za sebe i svaki fix se odnosi samo na taj slucaj. Ovog puta si imala srecu, ali vodi racuna sledeci put. Pokreni OTL U beli okvir prozora gde piše Custom Scans/Fixes iskopiraj sledeci tekst: `:OTL O33 - MountPoints2\{f668b640-cea8-11e0-a4f3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f668b640-cea8-11e0-a4f3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{f668b641-cea8-11e0-a4f3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f668b641-cea8-11e0-a4f3-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe :commands [purity] [emptytemp] [resethosts] [reboot]` Klikni taster Run Fix; Log koji dobiješ iskopiraj ovde u poruci.

Profil

Purple Rose Poslao: 23 Maj 2012 13:07 Idi na vrh
offline Purple Rose Novi MyCity građanin Pridružio: 23 Maj 2012 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Argus, hvala ti na brzom odgovoru i na upozorenju. All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f668b640-cea8-11e0-a4f3-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f668b640-cea8-11e0-a4f3-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f668b640-cea8-11e0-a4f3-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f668b640-cea8-11e0-a4f3-806e6f6e6963}\ not found. File G:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f668b641-cea8-11e0-a4f3-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f668b641-cea8-11e0-a4f3-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f668b641-cea8-11e0-a4f3-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f668b641-cea8-11e0-a4f3-806e6f6e6963}\ not found. File H:\Autorun.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Lidija ->Temp folder emptied: 434535 bytes ->Temporary Internet Files folder emptied: 39358732 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 582 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1452 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1034 bytes Total Files Cleaned = 38,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.43.1 log created on 05232012_125913 Files\Folders moved on Reboot... C:\Users\Lidija\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QKF4DOX2\FacebookServlet[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QKF4DOX2\likebox[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QKF4DOX2\Messenger[1].htm moved successfully. File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QKF4DOX2\sound_iframe[1].htm not found! C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QKF4DOX2\xmlProxy[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDFX43EX\adloader[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDFX43EX\AjaxHistoryFrame[1].htm moved successfully. File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDFX43EX\candycrush[1].htm not found! File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDFX43EX\default[1].htm not found! File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDFX43EX\EditMessageLight[1].htm not found! C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDFX43EX\LocalStorage[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDFX43EX\xd_arbiter[2].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H5ORWRCB\2[1].htm moved successfully. File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H5ORWRCB\apprequests[1].htm not found! C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H5ORWRCB\Win32-Spy-KeyLogger-NHI-trojan-3[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H5ORWRCB\xmlProxy[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GDD0VK27\12[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GDD0VK27\flirtic[1].htm moved successfully. File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GDD0VK27\InboxLight[1].htm not found! C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GDD0VK27\resourcespreload[1].htm moved successfully. File\Folder C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GDD0VK27\RteFrame_16.2.5070.0417[1].htm not found! C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GDD0VK27\xd_arbiter[1].htm moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Lidija\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot...

Profil

argus Poslao: 23 Maj 2012 13:17 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nemas vise infekciju. Preporuka je da promenis lozinke, za svaki slucaj. Takodje MCShield je ocistio flash memoriju od infekcije i to je sredjeno. Pokreni OTL i klkni CleanUp To bi bilo sve, pozdrav jos jednom.

Profil

Purple Rose Poslao: 23 Maj 2012 13:30 Idi na vrh
offline Purple Rose Novi MyCity građanin Pridružio: 23 Maj 2012 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! CleanUp obavljen, lozinke promijenjene. Hvala ti od srca, spasio si me! Ugodan dan i lijepi pozdrav!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Spy.KeyLogger.NHI trojan

Ko je trenutno na forumu

Ukupno su 880 korisnika na forumu :: 41 registrovanih, 5 sakrivenih i 834 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, 8u47, airsuba, amaterSRB, Apok, babaroga, bankulen, bojcistv, Brana01, dekan.m, delrey, Denaya, Dimitrise93, djboj, doklevise, DonRumataEstorski, Dovla, GORDI, Grah0, Kubovac, kunktator, laganini123, marsovac 2, mercedesamg, Mercury, Metanoja, milenko crazy north, Milos ZA, Mixelotti, mnn2, novator, ozzy, pein, Polemarchoi, ruma, slonic_tonic, Tores, tubular, vlajkox, wizzardone, wolf431

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by