Win32/Spy.Keylogger.NHI trojan

1

Win32/Spy.Keylogger.NHI trojan

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Postovani,
Novi sam clan na forumu. Mislim da imam problem sa virusom. Koristim ESET NOD32 Antivirus 5. Do prije nekoliko dana AV mi je istekao i vjerovatno sam tada pokupila nesto sa Interneta. Ponovo sam instalirala isti AV. Kada upalim racunar uvijek mi AV detektuje virus i ponudi opciju za delete, kliknem na delete i zatim trazi da resetujem racunar, to uradim i ponovo kada se podigne sistem opet mi isto izbacuje. Threat: Win32/Spy.Keylogger.NHI trojan
Ne primjecujem nista neobicno na racunaru, jedino da je mozda malo sporiji.
Zahvaljujem se unaprijed Smile

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by veka at 11:53:22 on 2012-03-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.387.1033.18.1913.924 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\veka\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\OptionalComponents\lsass.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.searchqu.com/406
mSearchAssistant = hxxp://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\search~1\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [CubeDesktop]
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /systray /nologon
uRun: [Facebook Update] "c:\users\veka\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TaskTray]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DATAMNGR] c:\progra~1\search~1\search~1\DATAMN~1.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\users\veka\appdata\roaming\micros~1\windows\startm~1\programs\startup\config~1.lnk - c:\configuration\configuration.exe
StartupFolder: c:\users\veka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\veka\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\veka\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth monitor\BtMon2.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{81E83107-C900-4115-865E-07FBF0C82044}\14355535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{81E83107-C900-4115-865E-07FBF0C82044}\341666665602353686F6F6C6D2730353 : DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{81E83107-C900-4115-865E-07FBF0C82044}\4596D656F45747D2333393 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{81E83107-C900-4115-865E-07FBF0C82044}\4596D656F45747D2837303 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{81E83107-C900-4115-865E-07FBF0C82044}\97F65727E6564777F627B6E616D656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{81E83107-C900-4115-865E-07FBF0C82044}\F56416B6F6 : DhcpNameServer = 212.39.98.161 212.39.98.162
TCP: Interfaces\{C601C014-9E45-4E6A-82AA-560113003A63} : NameServer = 212.39.98.161,212.39.98.162
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\IEBHO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\veka\appdata\roaming\mozilla\firefox\profiles\s3r46iyz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=113&systemid=406&sr=0&q=
FF - component: c:\users\veka\appdata\roaming\mozilla\firefox\profiles\s3r46iyz.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\veka\appdata\roaming\mozilla\firefox\profiles\s3r46iyz.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\veka\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\veka\appdata\local\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\veka\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\veka\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-8-4 103112]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2011-4-24 214880]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\msrs10_50.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [2011-4-24 1177952]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\microsoft sql server\mssql10_50.mssqlserver\mssql\binn\fdlauncher.exe [2010-4-3 28512]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cad0e262f555cf;Usluga Google ažuriranje (gupdate1cad0e262f555cf);c:\program files\google\update\GoogleUpdate.exe [2010-3-31 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-3-11 36608]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-31 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-16 15872]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-3-19 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-3-19 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-3-19 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-3-19 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-3-19 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-3-19 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-3-19 109864]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2007-6-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2007-6-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2007-6-19 107304]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-16 52224]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2011-1-18 54144]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-03-23 10:41:26 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e2d5eef3-41fc-4941-b4ee-367a8db039be}\mpengine.dll
2012-03-23 10:38:12 -------- d-----w- c:\users\veka\appdata\local\{175E88DB-A9E5-40C5-9375-1D58CE4D0E22}
2012-03-23 10:37:58 -------- d-----w- c:\users\veka\appdata\local\{7FDFD381-8F06-4E99-B590-91A64D6FEF96}
2012-03-22 23:26:01 -------- d-----r- c:\users\veka\Dropbox
2012-03-22 23:22:39 -------- d-----w- c:\users\veka\appdata\roaming\Dropbox
2012-03-22 14:33:45 -------- d-----w- c:\users\veka\appdata\local\{13B4F1FA-EC4F-409F-A39E-C61C617F2E71}
2012-03-22 14:32:57 -------- d-----w- c:\users\veka\appdata\local\{E95697D0-B1FF-4022-AEFA-8FDFB884A99A}
2012-03-22 09:13:45 -------- d-----w- c:\users\veka\appdata\local\{67DF82C6-FEA0-498D-8AA0-57D130D2D838}
2012-03-22 09:13:32 -------- d-----w- c:\users\veka\appdata\local\{BB168048-9C99-4AB2-B8F2-17EA8FB5C16A}
2012-03-21 18:31:56 -------- d-----w- c:\users\veka\appdata\local\{2E424099-C1D1-40BA-B97E-BB08BCC644C6}
2012-03-21 18:31:22 -------- d-----w- c:\users\veka\appdata\local\{C3C6E338-7BC5-4B2A-BE84-F62B061110B9}
2012-03-21 12:53:41 -------- d-----w- c:\users\veka\appdata\local\{9439FDF1-2103-447A-80F4-2949FB430EDC}
2012-03-21 12:52:57 -------- d-----w- c:\users\veka\appdata\local\{FD216B25-F12A-4AA6-B11B-6A50619CD5D0}
2012-03-21 10:14:01 -------- d-----w- c:\users\veka\appdata\local\{A6C8C8FE-FB56-4BA9-A755-29787DBA7814}
2012-03-21 10:13:49 -------- d-----w- c:\users\veka\appdata\local\{EF9FF28E-7533-413E-9805-2E3A76B0AC2E}
2012-03-20 12:00:20 -------- d-----w- c:\users\veka\appdata\local\{7C72CB08-B1E8-43B9-A639-48F792FC0A75}
2012-03-20 11:59:49 -------- d-----w- c:\users\veka\appdata\local\{F94A85C5-633E-49BB-B555-C0F0FB668C5E}
2012-03-20 01:33:17 -------- d-----w- c:\users\veka\appdata\local\{4E3214D1-56B5-4EED-A8C1-17512D7D20DA}
2012-03-20 01:33:05 -------- d-----w- c:\users\veka\appdata\local\{A8DBEB70-8B0A-4930-8CC6-D9301B63E18B}
2012-03-19 23:43:57 -------- d-----w- c:\users\veka\appdata\local\{6BB086DA-B23C-41DF-A413-6F638567CA13}
2012-03-19 23:42:01 -------- d-----w- c:\users\veka\appdata\local\{80048F12-5EE5-4310-A735-F138A74EBC46}
2012-03-19 23:38:55 -------- d-----w- c:\users\veka\appdata\local\{70FD5DDF-72C6-4DCC-9AB6-55055058AC1F}
2012-03-19 23:22:05 -------- d-----w- c:\users\veka\appdata\local\{3E151034-F805-4F85-9960-809F60D86603}
2012-03-19 23:21:50 -------- d-----w- c:\users\veka\appdata\local\{686E6AF9-62C3-46BF-AE54-D574026A6B4F}
2012-03-19 15:58:44 -------- d-----w- c:\users\veka\appdata\local\{94E49F41-1291-4F76-9C8F-9D8D62C00161}
2012-03-19 15:49:15 -------- d-----w- c:\users\veka\appdata\local\{12FFA8FA-F147-4F27-B7C3-21CE97F6D8CE}
2012-03-19 15:49:03 -------- d-----w- c:\users\veka\appdata\local\{68EA4F2E-BAF1-4A35-BEFC-554EB3C1B9C6}
2012-03-19 15:38:59 -------- d-----w- c:\program files\ESET
2012-03-19 15:29:24 -------- d-----w- c:\users\veka\appdata\local\{8A3EE168-0ED3-47DE-B4F8-6FA8CBCCF150}
2012-03-19 15:28:24 -------- d-----w- c:\users\veka\appdata\local\{BEB72632-6E76-4239-BF00-24A8DBEB3BE1}
2012-03-19 09:39:39 -------- d-----w- c:\users\veka\appdata\local\{CDA4F073-B36A-42EC-A48E-32234FD71FE4}
2012-03-19 09:39:12 -------- d-----w- c:\users\veka\appdata\local\{86ABB690-90A5-460F-B4B8-C325977C35D4}
2012-03-18 16:29:31 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 16:29:31 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-18 16:29:25 -------- d-----w- c:\users\veka\appdata\local\{9FBF56F0-48EB-4BDD-81D4-4A6F2E11C403}
2012-03-18 16:29:13 -------- d-----w- c:\users\veka\appdata\local\{4521F336-A843-4FB9-98B1-BEE2B5DC9E86}
2012-03-18 08:36:26 -------- d-----w- c:\users\veka\appdata\local\{4CD61DFC-527F-44AE-96F0-4A8A04DABE90}
2012-03-18 08:34:14 -------- d-----w- c:\users\veka\appdata\local\{AF155E11-1E59-48F2-B88D-AD3EB1FD46EA}
2012-03-17 20:49:30 -------- d-----w- c:\users\veka\appdata\local\{10479083-6074-4FFA-91C3-44FA755FD1E1}
2012-03-17 20:49:03 -------- d-----w- c:\users\veka\appdata\local\{D37E0E6E-80BC-49EF-A733-2D5B1907F3C0}
2012-03-17 11:02:45 -------- d-----w- c:\users\veka\appdata\local\{712235AF-5CE9-4171-BE52-36B4D53D433B}
2012-03-17 11:02:10 -------- d-----w- c:\users\veka\appdata\local\{3D1BE2F7-A0EF-4CF1-BAC3-9E9675512931}
2012-03-16 16:31:29 -------- d-----w- c:\users\veka\appdata\local\{C57F66AA-FC77-4B47-870D-C23339AC4E8E}
2012-03-16 16:30:20 -------- d-----w- c:\users\veka\appdata\local\{A3B7D1FE-620D-411A-9F7D-2E8F7C49FCAE}
2012-03-16 14:14:48 -------- d-----w- c:\users\veka\appdata\local\{6D3FAC42-3BD0-4D20-953D-EEB2520AFAF6}
2012-03-16 14:14:32 -------- d-----w- c:\users\veka\appdata\local\{CCD7FD09-52C8-4B55-9558-F4BB819D99A4}
2012-03-16 14:07:14 -------- d-----w- c:\users\veka\appdata\local\{53DCA9FB-60EE-4869-9855-A6FDB149A075}
2012-03-16 14:06:56 -------- d-----w- c:\users\veka\appdata\local\{B8A2139C-D189-4051-BBC7-8D7037329539}
2012-03-16 13:52:33 -------- d-----w- c:\users\veka\appdata\local\{EDE1C114-F8E7-453D-BBD6-63AF83F5EB8A}
2012-03-16 13:52:19 -------- d-----w- c:\users\veka\appdata\local\{26062637-3852-4A2A-926D-C1863321B20F}
2012-03-15 09:55:39 -------- d-----w- c:\users\veka\appdata\local\{9546CBEF-27B8-454B-9677-C55EAB6DA40B}
2012-03-15 09:55:02 -------- d-----w- c:\users\veka\appdata\local\{6E4BBF08-C8D3-4D1E-91CA-0EDBCEA3FE3C}
2012-03-15 09:50:28 -------- d-----w- c:\users\veka\appdata\local\{1091E5D2-D204-4D07-976C-77F0B9F3C83F}
2012-03-15 09:50:16 -------- d-----w- c:\users\veka\appdata\local\{EC786982-D14E-4347-96A8-101A9A2AEE55}
2012-03-14 22:15:49 -------- d-sh--r- C:\configuration
2012-03-14 22:15:37 -------- d-sh--r- C:\OptionalComponents
2012-03-14 18:25:35 -------- d-----w- c:\users\veka\appdata\local\{7F1CE905-627F-474D-A3A5-68B2E0EE9F98}
2012-03-14 18:25:23 -------- d-----w- c:\users\veka\appdata\local\{53E8FC18-AB36-48EF-BA17-2095CC9F91F8}
2012-03-14 18:02:44 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 18:02:41 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:16:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:16:51 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:10:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:10:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:10:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:10:38 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 11:10:38 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:10:37 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:10:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:06:14 -------- d-----w- c:\users\veka\appdata\local\{8D2AC56B-B14F-4CA3-9FF4-B676232D5514}
2012-03-14 11:05:22 -------- d-----w- c:\users\veka\appdata\local\{4E006484-4BC6-4E0B-88F4-AABA7CF5A136}
2012-03-13 21:35:42 -------- d-----w- c:\users\veka\appdata\local\{132EDABF-8528-4DD0-A5C1-8238291DF833}
2012-03-13 21:35:28 -------- d-----w- c:\users\veka\appdata\local\{51364E3F-56BC-4E9D-850B-E053EB763DA7}
2012-03-13 08:59:54 -------- d-----w- c:\users\veka\appdata\local\{EF4FB4E0-6515-4E3E-B646-CEE7A3B559A0}
2012-03-13 08:59:09 -------- d-----w- c:\users\veka\appdata\local\{8890FD09-9961-44F9-98BC-32B2EE6C71DE}
2012-03-12 10:23:15 -------- d-----w- c:\users\veka\appdata\local\{46C68A0F-BCBE-49F5-A20E-1ECEE476217E}
2012-03-12 10:22:30 -------- d-----w- c:\users\veka\appdata\local\{8B5305EB-3226-4852-8B1B-DED4A0DFA0A1}
2012-03-11 11:08:41 -------- d-----w- c:\users\veka\appdata\local\{613271F7-ED6E-4950-B7AB-9E088D2DA97C}
2012-03-11 11:07:46 -------- d-----w- c:\users\veka\appdata\local\{90AB6F1E-E189-488E-8ACC-5C8981060461}
2012-03-11 04:03:36 -------- d-----w- c:\users\veka\appdata\local\{B9980156-8D19-428A-B014-56513408404F}
2012-03-11 04:02:41 -------- d-----w- c:\users\veka\appdata\local\{5065220D-ACF1-46A5-8BA1-BCDD4347BF27}
2012-03-10 15:36:55 -------- d-----w- c:\users\veka\appdata\roaming\ObviousIdea
2012-03-10 15:35:42 -------- d-----w- c:\program files\ObviousIdea
2012-03-10 14:44:13 -------- d-----w- c:\users\veka\appdata\local\{12BEA587-40C5-4F28-918C-6772E55083F6}
2012-03-10 14:42:42 -------- d-----w- c:\users\veka\appdata\local\{945D33E8-BA06-4A36-B100-D12D9313E900}
2012-03-10 08:01:51 -------- d-----w- c:\users\veka\appdata\local\{1706946A-FA9C-4D32-97DB-884CA1E8013F}
2012-03-09 11:04:03 -------- d-----w- c:\users\veka\appdata\local\{2899EFD9-935C-444D-B2E4-092AF98490DE}
2012-03-09 11:03:39 -------- d-----w- c:\users\veka\appdata\local\{655549D9-D14F-4339-8EB5-563056F3EDE2}
2012-03-09 00:29:43 -------- d-----w- c:\users\veka\appdata\local\{E5E0A983-1661-444E-950D-97885CA35E9D}
2012-03-09 00:28:43 -------- d-----w- c:\users\veka\appdata\local\{A28FF409-6ACB-4CD2-A0A9-128498178495}
2012-03-08 07:03:06 -------- d-----w- c:\users\veka\appdata\local\{DD360046-7954-44B1-BF9F-F1DB67AF7416}
2012-03-08 07:01:20 -------- d-----w- c:\users\veka\appdata\local\{9339E93E-C2DB-4FE6-A5CC-0A4F68B9F2D1}
2012-03-07 22:43:22 -------- d-----w- c:\users\veka\appdata\local\{A28AB4C9-6114-49AE-99AD-F3C4F6FB67A6}
2012-03-07 22:43:08 -------- d-----w- c:\users\veka\appdata\local\{EC555030-8646-4945-AF75-23BE1FD96EA5}
2012-03-07 13:48:46 -------- d-----w- c:\users\veka\appdata\local\{CDDF2BCD-CEEC-4487-BAE7-5D50DA962EEA}
2012-03-07 11:56:43 -------- d-----w- c:\users\veka\appdata\local\{346FC1ED-BC2D-4DBB-9E8F-B9CEDDE34F7F}
2012-03-06 11:20:33 -------- d-----w- c:\users\veka\appdata\local\{13FA9BA6-0AB1-42EC-B577-0470FB303A12}
2012-03-05 12:11:24 -------- d-----w- c:\users\veka\appdata\local\{B92DE965-D227-48AB-820E-FBF8B7E642AE}
2012-03-05 12:10:25 -------- d-----w- c:\users\veka\appdata\local\{E6119EF9-8ACC-472D-95C6-30B37B4BADEA}
2012-03-04 17:56:53 -------- d-----w- c:\users\veka\appdata\local\{C92BE82A-3B5F-45D8-94C7-C68E1F486378}
2012-03-04 17:54:48 -------- d-----w- c:\users\veka\appdata\local\{23ACBA23-A9EC-4C42-BDE3-04D93E68165C}
2012-03-02 22:05:37 -------- d-----w- c:\users\veka\appdata\local\{4B2FAFC8-CF47-4B09-B231-6B95AF821821}
2012-03-02 22:04:33 -------- d-----w- c:\users\veka\appdata\local\{F27873C8-8CE7-4D48-AD67-5636A6D389A9}
2012-03-01 18:43:10 -------- d-----w- c:\users\veka\appdata\local\{071E94DA-7D37-46CB-9F33-240778718849}
2012-03-01 18:42:54 -------- d-----w- c:\users\veka\appdata\local\{CF7C1A3C-FD69-4ECB-BAAE-68ACF19D995F}
2012-03-01 14:45:48 -------- d-----w- c:\users\veka\appdata\local\{2FB6D175-03BA-4DB2-AE27-C7D8EAC5750D}
2012-03-01 14:45:36 -------- d-----w- c:\users\veka\appdata\local\{45F8B613-688A-4FD4-A536-5B876BA427EA}
2012-03-01 12:10:18 -------- d-----w- c:\users\veka\appdata\local\{A752C668-0884-4127-BB08-04C367C5FC3D}
2012-02-29 19:07:33 -------- d-----w- c:\users\veka\appdata\local\{B998FA2E-F42F-4859-9311-7C8E5DBC9EC3}
2012-02-29 19:07:18 -------- d-----w- c:\users\veka\appdata\local\{99B1A4B0-BBD7-4E23-9EB3-7ECB50B5EB56}
2012-02-29 06:38:49 -------- d-----w- c:\users\veka\appdata\local\{263F7C87-0D3F-40F7-9E25-6B454DFEAF25}
2012-02-28 17:54:42 -------- d-----w- c:\users\veka\appdata\local\{7C917ACB-8B51-419A-AE46-DFEB95039FF8}
2012-02-28 17:54:30 -------- d-----w- c:\users\veka\appdata\local\{0528E399-6F8C-4359-863C-DF8C5A97F92E}
2012-02-28 15:24:09 -------- d-----w- c:\users\veka\appdata\local\{8DF9712A-2031-4553-811E-8BE16652B49E}
2012-02-28 15:23:57 -------- d-----w- c:\users\veka\appdata\local\{272F742B-FBD4-40D0-9EAF-AE9A13DC1742}
2012-02-28 12:19:25 -------- d-----w- c:\users\veka\appdata\local\{731BE284-C826-4731-A283-D187B34E4F9C}
2012-02-28 12:02:12 -------- d-----w- c:\users\veka\appdata\local\{3A9462DD-9F57-413A-A3C9-21DDCB9582E7}
2012-02-27 14:22:36 -------- d-----w- c:\users\veka\appdata\local\{B31C680C-8ACB-42E8-B414-C63D56EAE0E4}
2012-02-27 14:21:34 -------- d-----w- c:\users\veka\appdata\local\{DFAD6918-943A-46BF-BA0C-24C403121E70}
2012-02-27 11:24:30 -------- d-----w- c:\users\veka\appdata\local\{1140FB25-F3E3-4886-A290-408A85D10A3C}
2012-02-26 19:21:15 -------- d-----w- c:\users\veka\appdata\local\{ACBF1E20-4AFD-4086-B4E9-35C105244D5B}
2012-02-26 19:20:45 -------- d-----w- c:\users\veka\appdata\local\{8E8EB877-DD1D-4503-94E0-8A7BEC18B6D3}
2012-02-26 17:30:43 -------- d-----w- c:\users\veka\appdata\local\{F3120CF6-7951-4A75-972C-0D2442556CF4}
2012-02-26 17:28:21 -------- d-----w- c:\users\veka\appdata\local\{4E0C244E-0E4F-4630-8EDE-A740F41D0EEA}
2012-02-26 11:32:36 -------- d-----w- c:\users\veka\appdata\local\{C21238AD-7BF7-4141-BD6D-25126DE7BF1E}
2012-02-26 11:31:32 -------- d-----w- c:\users\veka\appdata\local\{CA7585E1-ACA8-4EA5-8747-06267FC3923F}
2012-02-25 19:21:22 -------- d-----w- c:\users\veka\appdata\local\{A6B5381D-9D79-4521-A40B-82FABC01AEF2}
2012-02-25 19:20:54 -------- d-----w- c:\users\veka\appdata\local\{04979D4B-D9D2-4F39-96C8-532646AAEC82}
2012-02-24 12:51:50 -------- d-----w- c:\users\veka\appdata\local\{EB0CFE75-2C8C-4C1D-A32A-18C6279D2EB2}
2012-02-24 12:51:21 -------- d-----w- c:\users\veka\appdata\local\{87865A4C-FA92-47A9-9A83-172F8CB3B996}
2012-02-23 09:53:50 -------- d-----w- c:\users\veka\appdata\local\{83C40D7C-8F28-42B8-BE66-196C3DFE18CC}
2012-02-22 23:20:46 327432 ----a-w- c:\program files\common files\microsoft shared\vsa\9.0\vsaenv\vsaenv.exe
2012-02-22 18:05:01 -------- d-----w- c:\users\veka\appdata\local\{863C008C-2D68-4794-B51D-93659E929878}
2012-02-22 18:04:46 -------- d-----w- c:\users\veka\appdata\local\{6648DBB2-AC6B-4755-ADB5-BDF4FB6920AB}
2012-02-22 11:17:52 -------- d-----w- c:\users\veka\appdata\local\{C4A34E95-E9FF-47C4-87C7-23AC48C648FD}
2012-02-22 11:17:05 -------- d-----w- c:\users\veka\appdata\local\{DDD29F5D-F410-481D-B69D-E83DD85DA257}
.
==================== Find3M ====================
.
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 11:55:40,72 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav s moje strane i dobro nam dosla Smile



Preuzmite program OTL sa donjeg linka na Desktop:


OTL download
Kliknite dati link - u prozoru koji se otvori, kliknite Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.


Dvoklikom pokrenite OTL;

kliknite Run Scan;

po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.


Priložite izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Evo skenirala sam.
mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:


:OTL
PRC - [2010.11.20 15:08:20 | 000,340,339 | ---- | M] () -- C:\OptionalComponents\lsass.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=113&systemid=406&sr=0&q="
[2010.07.27 09:48:38 | 000,002,039 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchfbpage1.xml
CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=crb&appid=113&systemid=406&sr=0&q={searchTerms}
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - Startup: C:\Users\veka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk = C:\configuration\configuration.exe ()
O33 - MountPoints2\{2ad22a10-d9d2-11df-bcc5-701a04715d9b}\Shell - "" = AutoRun
O33 - MountPoints2\{2ad22a10-d9d2-11df-bcc5-701a04715d9b}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{67c2b3a9-40a9-11df-b6ba-002622f0879b}\Shell - "" = AutoRun
O33 - MountPoints2\{67c2b3a9-40a9-11df-b6ba-002622f0879b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{6c2b700c-2ee5-11e1-b69f-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{6c2b700c-2ee5-11e1-b69f-005056c00008}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6c2ca199-3b52-11e0-9c41-002622f0879b}\Shell - "" = AutoRun
O33 - MountPoints2\{6c2ca199-3b52-11e0-9c41-002622f0879b}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{a342dba7-85ea-11e0-9482-002622f0879b}\Shell - "" = AutoRun
O33 - MountPoints2\{a342dba7-85ea-11e0-9482-002622f0879b}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{af778c0e-b757-11e0-bdef-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{af778c0e-b757-11e0-bdef-005056c00008}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

:files
C:\configuration
C:\OptionalComponents

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]
[Reboot]


Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Uradila sam sve kako ste rekli. Morala sam da resetujem racunar i nije se vise pojavio virus ali sada ne mogu da otvorim IExplorer i Mozillu, radi samo Google Chrome.


All processes killed
========== OTL ==========
Process lsass.exe killed successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "http://www.searchqu.com/web?src=ffb&appid=113&systemid=406&sr=0&q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchfbpage1.xml moved successfully.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Users\veka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk moved successfully.
C:\configuration\configuration.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ad22a10-d9d2-11df-bcc5-701a04715d9b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ad22a10-d9d2-11df-bcc5-701a04715d9b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ad22a10-d9d2-11df-bcc5-701a04715d9b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ad22a10-d9d2-11df-bcc5-701a04715d9b}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67c2b3a9-40a9-11df-b6ba-002622f0879b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67c2b3a9-40a9-11df-b6ba-002622f0879b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67c2b3a9-40a9-11df-b6ba-002622f0879b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67c2b3a9-40a9-11df-b6ba-002622f0879b}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c2b700c-2ee5-11e1-b69f-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c2b700c-2ee5-11e1-b69f-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c2b700c-2ee5-11e1-b69f-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c2b700c-2ee5-11e1-b69f-005056c00008}\ not found.
File F:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c2ca199-3b52-11e0-9c41-002622f0879b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c2ca199-3b52-11e0-9c41-002622f0879b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c2ca199-3b52-11e0-9c41-002622f0879b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c2ca199-3b52-11e0-9c41-002622f0879b}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a342dba7-85ea-11e0-9482-002622f0879b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a342dba7-85ea-11e0-9482-002622f0879b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a342dba7-85ea-11e0-9482-002622f0879b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a342dba7-85ea-11e0-9482-002622f0879b}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af778c0e-b757-11e0-bdef-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af778c0e-b757-11e0-bdef-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af778c0e-b757-11e0-bdef-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af778c0e-b757-11e0-bdef-005056c00008}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
========== FILES ==========
C:\configuration folder moved successfully.
C:\OptionalComponents\76656B61 folder moved successfully.
C:\OptionalComponents folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: veka
->Temp folder emptied: 3618178 bytes
->Temporary Internet Files folder emptied: 644168882 bytes
->Java cache emptied: 2039883372 bytes
->FireFox cache emptied: 53326795 bytes
->Google Chrome cache emptied: 457404950 bytes
->Flash cache emptied: 2944868 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2049384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 46628 bytes

Total Files Cleaned = 3.055,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: veka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: veka
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03232012_150959

Files\Folders moved on Reboot...
File\Folder C:\Users\veka\AppData\Local\Temp\~DFD1953DFB30924733.TMP not found!
File\Folder C:\Users\veka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D4495572-5868-4858-83E8-57A4E4B45370}.tmp not found!
File\Folder C:\Users\veka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DEE1FCB9-D4B0-4526-B80E-B3E4BF2C47EA}.tmp not found!
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3368.log moved successfully.

Registry entries deleted on Reboot...

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Restartuj racunar pa pokreni OTL i postavi mi novi log.

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Uradila sam restart, a evo i log-a.
mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Napisano: 23 Mar 2012 17:34

Firefox i IExplorer, da li rade posle restarta?

Dopuna: 23 Mar 2012 17:38

Ako ne rade, opisi problem, sta se zapravo dogadja kad ih pokrenes?

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Rade sada svi browseri. Ne pojavljuje se vise nista.
Hvala vam na pomoci. Smile

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Cekaj, nismo zavrsili Smile

Da proverimo USB Flash ukoliko ga imas, moguce da je zaraza odatle dosla.



- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Ko je trenutno na forumu
 

Ukupno su 979 korisnika na forumu :: 68 registrovanih, 8 sakrivenih i 903 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., acatomic, Apok, Atomski čoban, babaroga, baza, Brksi, caesar, Cigi, Cirkon, crnitrn, Cufo, dankisha, darkangel, DARKMEN22, Djokkinen, DJORDJE-NO-1, Doca, doom83, Dorcolac, dragon986, goxin, Helket, IchigoKurosaki, ikan, Imperator41, Insan, Kaplar2, kovac9mm, kovinacc, Kruger, Krusarac, kvcali, Leonardo, mane123, Marko Marković, mačković, mikrimaus, Mila Mandic, Milan A. Nikolic, Mirage 2000N, misa1xx, Miskohd, NEDZAT.PR, nenad81, pirke2, Pohovani_00, Profica, proka89, Reddot, royst33, sabros, Singidunumac, Skywhaler, srecko81, stegonosa, tomigun, Toni, USSVoyager, V.P., virked, VJ, Vlada1389, vladom6, vlahale, Wisdomseeker, yrraf