PDA

View Full Version : OTL logovi


stranice : [1] 2 3 4 5

majstor fantac
03.03.2012., 11:23
Pozdrav, zadnjih par dana mi malo browser šteka, često se smrzne, koristim mozillu, komp je malo sporiji...ovdje su logovi pa ak neko moze ili zna neka pogleda

http://pastebin.com/skXuGsfM
http://pastebin.com/EMnAURHh

unaprijed se zahvaljujem

mikikii
03.03.2012., 11:27
uhh ajd prvo probaj odraditi neko čišćenje kompa, defragmentaciju, brisanje nepotrebnih programa...pa ćemo vidit

majstor fantac
03.03.2012., 11:34
uhh ajd prvo probaj odraditi neko čišćenje kompa, defragmentaciju, brisanje nepotrebnih programa...pa ćemo vidit

nedavno sam defragmentaciju radio, redovito komp cistim sa ccleanerom, prosao sam sa svim antivirusnim programima, a od programa neznam kaj bi pobrisao

mikikii
03.03.2012., 12:04
probao neki drugo browser?, mislim ako imaš sporiji net probaj operu, ili chrome....

dobrota
03.03.2012., 12:05
Pozdrav, zadnjih par dana mi malo browser šteka, često se smrzne, koristim mozillu, komp je malo sporiji...ovdje su logovi pa ak neko moze ili zna neka pogleda

http://pastebin.com/skXuGsfM
http://pastebin.com/EMnAURHh

unaprijed se zahvaljujem

izbriši sve toolbare preko add/remove

1.otvori OTL i ovo kopiraj u prazno polje
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 2F A2 FE 3C CE CC 01 [binary data]
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
[2012.02.22 16:58:49 | 000,000,000 | ---D | C] -- C:\Users\kahlina\AppData\Local\AskToolbar
[2012.02.17 16:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2012.02.14 20:08:34 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\kahlina\AppData\Roaming\Mozilla\Firefox\P rofiles\yymrku32.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012.01.13 22:32:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\kahlina\AppData\Roaming\Mozilla\Firefox\P rofiles\yymrku32.default\extensions\engine@conduit .com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]

klik na RUN FIX
-log koji dobiješ kopiraj

2.skii combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofix i sve što traži odgovori potvrdno
.ž-log kopiraj

majstor fantac
03.03.2012., 15:26
sve sam napravio, evo logova

combofix http://pastebin.com/Hm6iKVfd

otl http://pastebin.com/nGvGCEze

dobrota
03.03.2012., 16:09
sve sam napravio, evo logova

combofix http://pastebin.com/Hm6iKVfd

otl http://pastebin.com/nGvGCEze

otvori OTL i ovo kopiraj u prazno polje

:files
dir /s /a "c:\windows\system32\%APPDATA%" /c

klik na RUN FIX
log koji dobiješ kopiraj

kako sad radi računalo ?

majstor fantac
03.03.2012., 18:50
evo loga http://pastebin.com/VGK81Cpy

primjecujem da je racunalo i browser brzi

_GrGa_
03.03.2012., 21:05
Pozdrav,
ovo je moj problem:
http://forum.hr/showthread.php?p=38306920#post38306920

http://pastebin.com/vXZrhHsh
http://pastebin.com/0Ggf0FHL

dobrota
04.03.2012., 06:46
evo loga http://pastebin.com/VGK81Cpy

primjecujem da je racunalo i browser brzi

da li browser mrzne ?

možeš izbrisati combofix i OTL

start /run / combofix /uninstall

otvori OTL i klik na clean up

još ćeš odraditi quick scan s malwarebytesom
-pokreni program>update>quick scan
-log kopiraj

dobrota
04.03.2012., 07:13
Pozdrav,
ovo je moj problem:
http://forum.hr/showthread.php?p=38306920#post38306920

http://pastebin.com/vXZrhHsh
http://pastebin.com/0Ggf0FHL

izbriši paretologic , to ti ne triba

1.otvori OTL i ovo kopiraj u prazno polje
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 AC 75 D7 44 58 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/?&uid=8050&q={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
[2012.02.15 02:09:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\AVTISE
[2012.02.15 02:09:59 | 000,000,000 | -HSD | C] -- C:\Users\Grga\AppData\Roaming\AV Security Essentials
[2012.02.15 02:09:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\669078
[2012.03.03 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012.02.15 02:10:01 | 000,001,649 | ---- | M] () -- C:\Users\Grga\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2012.02.15 02:10:01 | 000,001,655 | ---- | C] () -- C:\Users\Grga\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\AV Security Essentials.lnk
[2012.02.15 02:10:01 | 000,001,649 | ---- | C] () -- C:\Users\Grga\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk

:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

-klik na RUN FIX
-log koji dobiješ kopiraj

2.skini tdsskiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)i spremi na desktop
-pokreni program klikom na scan
-ako program zatraži restart dozvoli
-log se naazi u c:/ i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

3.skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log koji dobješ kopiraj na pastebin

4.skini malarebytes (http://www.malwarebytes.org/) >instaliraj program>update>quick scan
-log kopiraj

majstor fantac
04.03.2012., 14:34
ne smrzava se browser, bar do sada nije, primjecujem da je brzi

evo loga od malwarebytes-a, nije nista nasao http://pastebin.com/4Tbre0pB

_GrGa_
04.03.2012., 14:49
Hvala na pomoci :)


http://pastebin.com/f4RHKMGp

sta sa onim logom u C:/

dobrota
04.03.2012., 14:50
ne smrzava se browser, bar do sada nije, primjecujem da je brzi

evo loga od malwarebytes-a, nije nista nasao http://pastebin.com/4Tbre0pB

ok, možeš izbrisati combofix i OTL

otvori OTL i klik na clen up

prati još 24 sata, i ako bude sve ok u tom roku, problema više nebi trebao imati

dobrota
04.03.2012., 14:54
Hvala na pomoci :)


http://pastebin.com/f4RHKMGp

sta sa onim logom u C:/

tdsskiler log isto tako kopiraj na pastebin,.....jesi li pokrenio OTL skriptu ?
ako jesi, treba mi i taj log

BlueBear<3
09.03.2012., 20:27
Unaprijed se ispričavam na vrlo glupom pitanju koje ću postavit, ali kako da ja ovdje kopiram tekst sa Pastebina kad je predugačak, ( ako ne želim kopirat link)?

adelon
10.03.2012., 02:31
kako da ja ovdje kopiram tekst sa Pastebina kad je predugačak, ( ako ne želim kopirat link)?A zašto ne bi želio "kopirati(?)" link? Svi stavljaju link.


Ako nije stvarno neki hir u pitanju, onda:

Ono gore u postovima su sve linkovi na Pastebin:
http://pastebin.com/4Tbre0pB
i
http://pastebin.com/f4RHKMGp
ili
http://pastebin.com/0Ggf0FHL
...


Na Pastebinu kopiraš URL adresu (nalazi se u prozorčiću sasvim na vrhu stranice) i "pejstaš" ("prikeljiš") ovdje u svoju poruku.

URL adresa određene web stranice:
klik (http://talent.linkedin.com/blog/wp-content/uploads/2009/08/3_copy-url-address.jpg)
klik (https://www.e-education.psu.edu/cloudGIS/files/cloudgis/images/2_copy_sample_url.png)

0din
27.03.2012., 20:54
pozrav.
dobrota ako može pomoć:mig:

ubi me rootkit.zeroaccess
preko googla mi stalno otvara abnow
prije pol godine sam nekako uspio isti problem uklonit sam bez pomoći al sad ne ide nikako, pa molim za pomoć

http://pastebin.com/maKXEsVy
http://pastebin.com/tFgNvw1g

dobrota
28.03.2012., 12:28
pozrav.
dobrota ako može pomoć:mig:

ubi me rootkit.zeroaccess
preko googla mi stalno otvara abnow
prije pol godine sam nekako uspio isti problem uklonit sam bez pomoći al sad ne ide nikako, pa molim za pomoć

http://pastebin.com/maKXEsVy
http://pastebin.com/tFgNvw1g

pokreni ova dva programa dok pregledam OTL

1.skini TDSSkiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) i spremi na desktop
-desni klik mišem na konicu i odaberi run as administrator
-otvori program >klik na change paratmeters> sve označi
-klik na start scan
-ako program zatraži restart dozvoli

u ovakom načinu rada tdsskiller će pokazati i false positive, zato nemoj ništa drugo označavati za brisanje osim onog što je tdsskiler označio
-log se nalazi u C:/ i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

2.skini aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) i spremi na desktop
-pokreni program "run as adimistrator" > klik na scan
-kad završi scan, klik na save log
-log kopiraj

ako se prvi ne pokrene, zanemari i nastavi s drugim

za slučaj da se ni jedan ne pokrene , imaš li usb stick ?

0din
28.03.2012., 15:02
dobrota evo log od aswmbr
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 15:46:13
-----------------------------
15:46:13.571 OS Version: Windows x64 6.1.7600
15:46:13.572 Number of processors: 1 586 0x4F02
15:46:13.573 ComputerName: GREGOR UserName: Bruno
15:46:14.068 Initialize success
15:46:24.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:46:24.594 Disk 0 Vendor: Maxtor_6V160E0 VA111900 Size: 152626MB BusType: 3
15:46:24.605 Disk 0 MBR read successfully
15:46:24.612 Disk 0 MBR scan
15:46:24.617 Disk 0 Windows 7 default MBR code
15:46:24.622 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78999 MB offset 63
15:46:24.629 Disk 0 Partition - 00 0F Extended LBA 73618 MB offset 161790615
15:46:24.651 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73618 MB offset 161790678
15:46:24.696 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
15:46:24.704 Disk 0 scanning C:\Windows\system32\drivers
15:46:30.031 Service scanning
15:46:55.242 Modules scanning
15:46:55.257 Disk 0 trace - called modules:
15:46:55.278 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:46:55.648 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027b0060]
15:46:55.662 3 CLASSPNP.SYS[fffff880018b443f] -> nt!IofCallDriver -> [0xfffffa80026a6520]
15:46:55.674 5 ACPI.sys[fffff88000f70781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80026af680]
15:46:55.708 Scan finished successfully
15:47:13.182 Disk 0 MBR has been saved successfully to "C:\Users\Bruno\Desktop\MBR.dat"
15:47:13.193 The log file has been saved successfully to "C:\Users\Bruno\Desktop\aswMBR.txt"


a od tdsskillera mi je dugačak text i do 11 puta duži od dozvoljenog na forumu pa neznam kako da ti ga stavim

dobrota
28.03.2012., 15:07
dobrota evo log od aswmbr
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-28 15:46:13
-----------------------------
15:46:13.571 OS Version: Windows x64 6.1.7600
15:46:13.572 Number of processors: 1 586 0x4F02
15:46:13.573 ComputerName: GREGOR UserName: Bruno
15:46:14.068 Initialize success
15:46:24.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:46:24.594 Disk 0 Vendor: Maxtor_6V160E0 VA111900 Size: 152626MB BusType: 3
15:46:24.605 Disk 0 MBR read successfully
15:46:24.612 Disk 0 MBR scan
15:46:24.617 Disk 0 Windows 7 default MBR code
15:46:24.622 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78999 MB offset 63
15:46:24.629 Disk 0 Partition - 00 0F Extended LBA 73618 MB offset 161790615
15:46:24.651 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73618 MB offset 161790678
15:46:24.696 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
15:46:24.704 Disk 0 scanning C:\Windows\system32\drivers
15:46:30.031 Service scanning
15:46:55.242 Modules scanning
15:46:55.257 Disk 0 trace - called modules:
15:46:55.278 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:46:55.648 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027b0060]
15:46:55.662 3 CLASSPNP.SYS[fffff880018b443f] -> nt!IofCallDriver -> [0xfffffa80026a6520]
15:46:55.674 5 ACPI.sys[fffff88000f70781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80026af680]
15:46:55.708 Scan finished successfully
15:47:13.182 Disk 0 MBR has been saved successfully to "C:\Users\Bruno\Desktop\MBR.dat"
15:47:13.193 The log file has been saved successfully to "C:\Users\Bruno\Desktop\aswMBR.txt"


a od tdsskillera mi je dugačak text i do 11 puta duži od dozvoljenog na forumu pa neznam kako da ti ga stavim

tdsskiller log kopiraj na pastebin


kad mi kopiraš tdsskiller log uradi ovako

1.otvori OTL i ovo kopiraj u prazno polje
:services
belmonitorservice

:OTL
SRV:64bit: - [2009/07/14 03:39:46 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\SysNative\mindrepair.dll -- (belmonitorservice)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 7A 7A A7 95 B3 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=17284
IE - HKCU\..\SearchScopes\{C24588AA-EB0C-48A1-B289-007A6BAB4096}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYHR&apn_uid=51629682-d1a3-4c9a-907a-80c3c0b95e1d&apn_sauid=6FA2B757-1323-49E7-BFC3-67961FC6CD59&
FF - prefs.js..browser.search.defaultenginename,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.1,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: h", "h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,http://search.babylon.com/home?AF=17284"
FF - prefs.js..keyword.URL,h: h", "http://search.babylon.com/?babsrc=KW_def&AF=17284&q="
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\b in\npFFApi.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_10 2.dll File not found
[2012/01/11 20:19:57 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Bruno\AppData\Roaming\mozilla\Firefox\Pro files\el669tnl.default\extensions\ffxtlbr@babylon. com
[2012/01/11 18:52:46 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=17284
NetSvcs:64bit: belmonitorservice - C:\Windows\SysNative\mindrepair.dll (Iomega)
[2012/03/26 13:04:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/03/26 12:59:16 | 000,000,000 | -HSD | C] -- C:\Users\Bruno\AppData\Local\670ec7e8
[2012/03/27 13:23:43 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/03/26 13:00:26 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/02/23 10:36:18 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Files
ipconfig /flushdns /c
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c

:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]



klik na RUN FIX
-log koji dobiješ kopiraj

2.skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix)i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log kopiraj



možda se OTL skripta ne bude izvršila, u tom slučaju samo nastavi s combofixom

0din
28.03.2012., 21:26
dobrota, izvini na kašnjenju sa postom, obaveze

evo log od tdsskillera
http://pastebin.com/tag6sufN

OTL skripta mi se nije izvršila, nego mi blokira komp. moram ga ručno resetirat a onda mi nemože podić windowse normalno nego 2,3 puta resetira.

na combofix me netraži ništa da odgovorim, al kad odradi nigdje nema log fila.

jel ima pomoći ili format c

dobrota
29.03.2012., 11:22
dobrota, izvini na kašnjenju sa postom, obaveze

evo log od tdsskillera
http://pastebin.com/tag6sufN

OTL skripta mi se nije izvršila, nego mi blokira komp. moram ga ručno resetirat a onda mi nemože podić windowse normalno nego 2,3 puta resetira.

na combofix me netraži ništa da odgovorim, al kad odradi nigdje nema log fila.

jel ima pomoći ili format c

Detected object count: 1
15:42:59.0468 1320 Actual detected object count: 1

15:43:33.0601 1320 C:\Windows\system32\mindrepair.dll - copied to quarantine

15:43:33.0601 1320 HKLM\SYSTEM\ControlSet001\services\belmonitorservi ce - will be deleted on reboot

15:43:33.0627 1320 HKLM\SYSTEM\ControlSet002\services\belmonitorservi ce - will be deleted on reboot

15:43:33.0733 1320 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured

15:43:33.0786 1320 C:\Windows\system32\mindrepair.dll - will be deleted on reboot

15:43:33.0786 1320 belmonitorservice ( UnsignedFile.Multi.Generic ) - User select action: Delete

15:43:38.0751 1920 Deinitialize success

ponovo pokreni tdsskiller , trebamo se uvjeriti da je ovo pobrisano

pokrenut ćemo combofix na dva načina, i to ćeš sve raditi preko safe mode

SubSystem.Windows: C:\Windows\system32\consrv.dll

1. način

-izbriši combofix (povuci ga mišm u smeće)
-skini novi i spremi ga na desktop

otvori notepad i ovo kopiraj u prazno polje

KIllAll::

Rootkit::
C:\Windows\SysNative\dds_log_ad13.cmd
C:\Windows\SysNative\mindrepair.dll

Folder::
C:\Users\Bruno\AppData\Local\670ec7e8

File::
C:\Windows\SysNative\dds_log_ad13.cmd
C:\Windows\SysNative\mindrepair.dll

Driver::
belmonitorservice

NetSvc::
belmonitorservice


zatvori notepad i spremi kao CFScript na desktop
isključi antivirus
skriptu s mišem uvuci u combofix.exe
log kopiraj na pastebin


2.način
-isto tako izbriši stari combofix, skini novi i spremi na desktop
-start /run/ u run polje kopiraj ovo i potvrdi

"%userprofile%\desktop\ComboFix.exe" /KillAll /nombr

combofix ć se sigurno pokrenuti na jedan od ova dva načina, i kad dobijemo log bit će gotovo


nisi mi rekao imaš li usb stik ?

0din
29.03.2012., 18:27
evo log od tdsskiller
http://pastebin.com/V5v3Ds2m

idem dalje odradit

imam usb, zaboravoi napisat..

0din
29.03.2012., 19:28
skinuo ponovo combofix.
nažalost ni na jedan način mi neće u safe modu:504:
prvi način krene i nakon par sekundi izbaci plavi prozor sa hrpom texta koji ne uspijem povatat, uglavnom početak texta je windows je detektirao problem i mora se restartat.
na drugi način mi odma isti prozor izbaci, combofix se ni ne pokrene i na ovaj nači mi se windowsi ne dignu nego ga baca na repair windows

dobrota ako imaš još kakvu ideju reci a ako ne ode on na format i novi win7, jedino mi ža hrpe stvari koji su mi bitni:mad:

dobrota
29.03.2012., 19:41
evo log od tdsskiller
http://pastebin.com/V5v3Ds2m

idem dalje odradit

imam usb, zaboravoi napisat..

ponovo pokreni tdsskiller i ovo označi za delete

19:20:57.0427 3452 C:\Windows\system32\mindrepair.dll - copied to quarantine
19:20:57.0427 3452 belmonitorservice ( UnsignedFile.Multi.Generic ) - User select action:

ako nemaš ništa bitno na usb-u, formatiraj ga....ubrzo ti napišem što žeš uraditi

dobrota
29.03.2012., 20:09
evo log od tdsskiller
http://pastebin.com/V5v3Ds2m

idem dalje odradit

imam usb, zaboravoi napisat..

Farbar Recovery Scan Tool x64 (http://download.bleepingcomputer.com/farbar/FRST64.exe)

1.skini Farbar Recovery Scan Tool i spremi ga na usb stik

-ukopčaj stik u računalo

restartiraj računalo, i stiskaj F8 tipku dok ne dobiješ Advanced Boot Options
-odaberi Repair your computer
-odaberi jezik tipkovnice i klik na next
-odaberi OS koji želiš popraviti i klik na next
-odaberi user acount i klik na next

kad se otvori System Recovery Options menu
-klik na Command Prompt
-u command promt prozoru upiši notepad i klik na enter
-kad se notepad otvori >klik na file>klik na open
-u novom prozoru klik na Computer da bi vidio koje je slovo dodjeljeno usb stiku
-kada vidiš koje je slovo dodjeljeno stiku u command prompt upiši
x:\frst64

umisto slova "x" pišeš slovo koje je dodjeljeno
kad se otvori program klik na scan
-kad program završi s skeniranjem kreirat će log FRST.txt na usb stik
-taj log kopiraj na pastbin


nadam se da ti nije nešto posebno komplicirano



-

0din
30.03.2012., 18:00
dobrota evo log od frst64
http://pastebin.com/FbKpjiFk

odradio sam kako si rekao sa tdsskillerom
evo log i od njega
http://pastebin.com/QwWVm79Q

javljalj šta dalje:D

mislim svaka ti čast na strpljenju i pomoći
jedno veliko hvala za sve do sad učinjeno:mig:

dobrota
30.03.2012., 18:38
dobrota evo log od frst64
http://pastebin.com/FbKpjiFk

odradio sam kako si rekao sa tdsskillerom
evo log i od njega
http://pastebin.com/QwWVm79Q

javljalj šta dalje:D

mislim svaka ti čast na strpljenju i pomoći
jedno veliko hvala za sve do sad učinjeno:mig:

skini fixlist.txt (http://speedy.sh/cThh2/fixlist.txt) i spremi na usb na kojem je FRST
-stik ukopčaj u zaraženo računalo
-odii opet u system recovery options kao i prvi put
-opet pokreni FRST
-kad se otvori prozor klik na FIX
-log koji dobieš nalazit će se na usbstiku
-log kopiraj

nakon toga pokreni OTL, i ovo kopiraj u prazno polje

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
mindrepair.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT

klik na RUN SCAN
-log koji dobiješ kopiraj


imaš priliku upoznati najnoviju generaciju rootkita, i mislim da mu je došao kraj...driver koji je štitio brisanje mindrepair.dll je pronađen i isti će biti uklonjen:D

0din
30.03.2012., 19:51
evo uradio san kako si rekao...
nadam se i ja da mu je došao kraj:D
novi frst log
http://pastebin.com/b9kN3wYc

i otl log
http://pastebin.com/Fx57Pjdm

dobrota
30.03.2012., 20:28
evo uradio san kako si rekao...
nadam se i ja da mu je došao kraj:D
novi frst log
http://pastebin.com/b9kN3wYc

i otl log
http://pastebin.com/Fx57Pjdm

da, doša mu je kraj :)

nema ga u OTL logu

otvori OTL i ovo kopiraj u prazno polje
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 7A 7A A7 95 B3 CC 01 [binary data]
FF - prefs.js..browser.startup.homepage: h", "h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h, h,h,h,h,h,h,h,h,h,h,h,http://search.babylon.com/home?AF=17284"
FF - prefs.js..keyword.URL,h: h", "http://search.babylon.com/?babsrc=KW_def&AF=17284&q="
[2009/07/14 03:39:46 | 000,030,208 | ---- | M] () MD5=1149C1BD71248A9D170E4568FB08DF30 -- C:\Windows\SysNative\consrv.dll
[2012/03/26 20:03:37 | 000,002,048 | ---- | M] () -- C:\Windows\assembly\tmp\U\00000001.@
[2012/03/26 13:00:25 | 000,002,560 | ---- | M] () -- C:\Windows\assembly\tmp\U\000000c0.@
[2012/03/26 13:00:22 | 000,000,704 | ---- | M] () -- C:\Windows\assembly\tmp\U\000000cb.@
[2012/03/26 20:03:37 | 000,001,536 | ---- | M] () -- C:\Windows\assembly\tmp\U\000000cf.@
[2012/03/26 13:00:26 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\tmp\U\80000000.@
[2012/03/26 20:03:39 | 000,093,696 | ---- | M] () -- C:\Windows\assembly\tmp\U\800000c0.@
[2012/03/26 13:00:23 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\tmp\U\800000cb.@
[2012/03/26 20:03:38 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\tmp\U\800000cf.@
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

:files
ipconfig /flushdns /c
C:\Windows\assembly\tmp\U
C:\Windows\SysNative\consrv.dll

:Commands
[reboot]


klik na RUN FIX
-log koji dobiješ kopiraj

2.izbriši combofix s desktopa, skini novi i pokreni ga
-ne zaboravi isključiti antivirus i firewall prije nego pokreneš combofix

0din
30.03.2012., 20:58
evo novog otl loga
http://pastebin.com/4k0b0ncJ

skinuo combofix, startao ga kao administrator.
odradio je svoje (barem mislim) ništa nije pitao da potvrdim i nigdje nema nikakvog log filea.

jedino mi sad dok pišem post izbacio command prompt prozor..:ne zna:

ima šta dalje:mig:

dobrota
30.03.2012., 21:19
evo novog otl loga
http://pastebin.com/4k0b0ncJ

skinuo combofix, startao ga kao administrator.
odradio je svoje (barem mislim) ništa nije pitao da potvrdim i nigdje nema nikakvog log filea.

jedino mi sad dok pišem post izbacio command prompt prozor..:ne zna:

ima šta dalje:mig:

kako sad radi računalo ?...

1.ponovo pokreni aswMBR
-klik na scan
-kad završi scan klik na save log
-log kopiraj

2.skini javara (http://singularlabs.com/software/javara/) i spremi na desktop
-pokreni program >klik na "remove older version"
-restart
-ponovo pokreni javara > klik na "seach for updates"
ili skini najnoviju verziju jave (http://java.com/en/download/index.jsp)

3.malwarebtes
-update >full scan
-log koji dobiješ kopiraj

OTL je pobrisao sve što je bilo označeno, prema tome rootkita više nema na računalu

odradit ćeš reinstal jave, jer je sigurno inficirana, isto tako i scan s malwarebytesom koji će pobrisati eventualne zaostatke

mislim da bi sad trebalo biti sve ok

0din
31.03.2012., 11:35
dobrota
sad normalno otvara tražilicu i nema više prebacivanja na abnow..:D

odradio san i ovo što si rekao.
log od aswMBR
http://pastebin.com/e7G5hj8d

i log od malwarebtes
http://pastebin.com/9xacFfk5

jel to sad to:)

hvala puno na pomoći i strpljenju :mig:

dobrota
31.03.2012., 12:58
dobrota
sad normalno otvara tražilicu i nema više prebacivanja na abnow..:D

odradio san i ovo što si rekao.
log od aswMBR
http://pastebin.com/e7G5hj8d

i log od malwarebtes
http://pastebin.com/9xacFfk5

jel to sad to:)

hvala puno na pomoći i strpljenju :mig:

sad je to to...možeš izbrisati OTL i ostale alate koje smo koristili..ali prije toga uradi još ovo
otvori OTL i ovo kopiraj u prazno polje
:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]

nakon restarta možeš izbrisati OTL

otvori OTL i klik na clean up

OTL će izbrisati sebe i većinu alata koje smo koristili
ako nešto i ostane samo ih s mišem odvuci u smeće

1524396781
01.04.2012., 11:54
log nestaje za manje od 9 minuta zato brzo pogledajte (http://pastebin.com/DSnv9cZ6)

0din
01.04.2012., 19:06
dobrota urađeno sve kako si i rekao..
comp napokon radi normalno.. :D
hvala na svemu i tu i na pp.. :mig:
ako opet budem imao problema ja ti se obratim za pomoć.. :)

suskavi
10.04.2012., 00:02
Pozdrav! Primjecujem ovdje dobre ljude koji pomazu.. pa evo (kad se stigne, stigne - zahvaljujem). Prilažem log OTL i Extras, pa kada bude netko mogao pogledati, zahvaljujem.. također kratku uputu, sa čime bi bilo uputno još skenirati, da odmah sve napravim, jedno za drugim.

http://pastebin.com/mFQB8jpU

http://pastebin.com/csG3a5U0

Radi se o bratovom starom laptopu..A on se ne kuži ama baš ništa. Ugl, zastajkuje mu nekada (iako je i sama mašina spora.. celeron M, 800mb ram). No svejedno, ako ima kakvih infekcija, da se ukloni. Također, win xp su original.. al sada vidjeh da nema nikakav AV. ?!!!! Uzas.

Hvala

dobrota
10.04.2012., 12:07
Pozdrav! Primjecujem ovdje dobre ljude koji pomazu.. pa evo (kad se stigne, stigne - zahvaljujem). Prilažem log OTL i Extras, pa kada bude netko mogao pogledati, zahvaljujem.. također kratku uputu, sa čime bi bilo uputno još skenirati, da odmah sve napravim, jedno za drugim.

http://pastebin.com/mFQB8jpU

http://pastebin.com/csG3a5U0

Radi se o bratovom starom laptopu..A on se ne kuži ama baš ništa. Ugl, zastajkuje mu nekada (iako je i sama mašina spora.. celeron M, 800mb ram). No svejedno, ako ima kakvih infekcija, da se ukloni. Također, win xp su original.. al sada vidjeh da nema nikakav AV. ?!!!! Uzas.

Hvala

otvori OTL i ovo kopiraj u prazno polje
:OTL
SRV - [2011.06.26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Sys32V2Contoller] C:\WINDOWS\mw2mmgr32\mw2mmgr32.exe File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2012.01.08 21:10:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.08 21:10:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.08 21:10:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.08 21:10:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.08 21:10:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot

klik na RUN FIX
-log koji dobiješ kopiraj

2.skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log kopiraj na pastebin

3.skini tdsskiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) i spremi na desktop
-pokreni programm i ako zatraži restart dozvoli
-log se obično nalazi u c:/ i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

suskavi
10.04.2012., 23:29
otvori OTL i ovo kopiraj u prazno polje
:OTL
SRV - [2011.06.26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Sys32V2Contoller] C:\WINDOWS\mw2mmgr32\mw2mmgr32.exe File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2012.01.08 21:10:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.08 21:10:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.08 21:10:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.08 21:10:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.08 21:10:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot

klik na RUN FIX
-log koji dobiješ kopiraj

2.skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log kopiraj na pastebin

3.skini tdsskiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) i spremi na desktop
-pokreni programm i ako zatraži restart dozvoli
-log se obično nalazi u c:/ i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Hvala na uputama..

Međutim,

1. kada pokrenem OTL i kopiram gore naznačeno i kliknem RUN FIX.. proces traje više od sat vremena i onda pri prvom kliku.. not responding i jedino rješenje restart. Probao sam 3-4 puta. Zadnji puta sam ostavio da radi.. bez da išta diram i stajao je tako 4 sata. na kraju opet not responding. Pri restartu, windowsi se normalno podižu.

2. kada pokrenem combofix i dođe do 'scanning for infected files...' - slična stavr.. ostavio sam ga, ne dirajući ništa.. traje evo 3 sata. Ništa se na događa.

3. TDSSKiller nisam jop probao, dok ne vidim što je s ovime.


Hvala na trudu.

dobrota
11.04.2012., 10:58
pokreni tdsskiller

isto ćeš pokrenuti i aswMBR (http://public.avast.com/~gmerek/aswMBR.htm)

-spremi program na desktop
-pokeni program klikom na scan
-kad završi scan klik na save log
-log kopiraj

suskavi
11.04.2012., 13:51
pozdrav!

evo log TSSKiller:
http://pastebin.com/7Mf569Xn

evo log aswMBR:
http://pastebin.com/8vkF0BmP

thx

dobrota
11.04.2012., 14:09
pozdrav!

evo log TSSKiller:
http://pastebin.com/7Mf569Xn

evo log aswMBR:
http://pastebin.com/8vkF0BmP

thx

oba loga su ok, rootkita nema

ponovo pokreni OTL, samo što ćeš ovaj put ovo kopirati u prazno polje
:OTL
SRV - [2011.06.26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Sys32V2Contoller] C:\WINDOWS\mw2mmgr32\mw2mmgr32.exe File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2012.01.08 21:10:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.08 21:10:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.08 21:10:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.08 21:10:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.08 21:10:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

:Commands
[Reboot]

rap_boy
11.04.2012., 22:35
Bok, u zadnje vrijeme imam problema sa povezivanjem kompa s mobitelom preko USB kabla, tj. komp prepozna i otvorim removable disk ali se smrzne prilikom pokušaja kopiranja pjesama ili sam od sebe. Pokušavao dosta toga i uvjek isto, do nedavno je sve radilo u redu, ali u zadnje vrijeme nikako da normalno napravim file transfer, a uostalom i komp mi se malo čudno ponaša u zadnje vrijeme pa ako je moguće ovo pogledati bio bih zahvalan:

OTL.txt
http://pastebin.com/fQpbHjmr

Extras.txt
http://pastebin.com/sWx76ig3

Hvala unaprijed

dobrota
12.04.2012., 12:10
Bok, u zadnje vrijeme imam problema sa povezivanjem kompa s mobitelom preko USB kabla, tj. komp prepozna i otvorim removable disk ali se smrzne prilikom pokušaja kopiranja pjesama ili sam od sebe. Pokušavao dosta toga i uvjek isto, do nedavno je sve radilo u redu, ali u zadnje vrijeme nikako da normalno napravim file transfer, a uostalom i komp mi se malo čudno ponaša u zadnje vrijeme pa ako je moguće ovo pogledati bio bih zahvalan:

OTL.txt
http://pastebin.com/fQpbHjmr

Extras.txt
http://pastebin.com/sWx76ig3

Hvala unaprijed

OTL log se čini ok

još ćemo provjeriti s combofixom

skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix)i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log kopiraj

rap_boy
12.04.2012., 21:55
Evo i combofix

http://pastebin.com/iAVL0zN4

dobrota
13.04.2012., 11:51
Evo i combofix

http://pastebin.com/iAVL0zN4

skini malwarebytes >>update>>full scan
-log kopiraj


kako sad radi računalo ?

taxodium
13.04.2012., 21:52
Pozdrav! nedavno sam rijesio ovdje problem sa jednim kompom, a vec imam drugog 'pacijenta', pa kad se nade vremena, zahvalan sam!

Ugl. zanimljiv slucaj. Win xp pro SP2. Komp se ponekad 'smrzava', ali glavni problem je s officeom 2007. Pocelo se dogadati da dokumente word, excell i dr. otvara po 5-6 min. OS i Office nisu orig., no do sada (vise godina) je sve radilo super.

Pokrenuo sam prema ranijim uputama OTL i Combofix (nešto je našao), evo prilažem log-ove, redom - OTL, Extras, ComboFix:

http://pastebin.com/p9MJUUVt
http://pastebin.com/SnqCpMtY
http://pastebin.com/k0dLMJWn

btw. ako moze jos jedno malo off pitanje: na masinu sam htio staviti avira free antivirus (download last eversion sa weba), medutim, ne dozvoljava mi instalirati, jer sada zadnja verzija zahtjeva SP3... a ovi win xp imaju SP2. Koje je rjesenje?
Hvala puno.

rap_boy
13.04.2012., 22:23
Malwarbytes:
http://pastebin.com/Dn2n4LKv

Da removam tih 10 "problema"? 4 su automatski selektirana, nisam zasad još ništa dirao..

Pa komp radi ok, moram probati sada file transfer sa mobom.

Zahvaljujem na pomoći, pozdrav.

dobrota
14.04.2012., 07:18
Malwarbytes:
http://pastebin.com/Dn2n4LKv

Da removam tih 10 "problema"? 4 su automatski selektirana, nisam zasad još ništa dirao..

Pa komp radi ok, moram probati sada file transfer sa mobom.

Zahvaljujem na pomoći, pozdrav.

možeš ih pobrisati

izbriši combofix i OTL

otvori OTL i klik na clean up

dobrota
14.04.2012., 07:49
Pozdrav! nedavno sam rijesio ovdje problem sa jednim kompom, a vec imam drugog 'pacijenta', pa kad se nade vremena, zahvalan sam!

Ugl. zanimljiv slucaj. Win xp pro SP2. Komp se ponekad 'smrzava', ali glavni problem je s officeom 2007. Pocelo se dogadati da dokumente word, excell i dr. otvara po 5-6 min. OS i Office nisu orig., no do sada (vise godina) je sve radilo super.

Pokrenuo sam prema ranijim uputama OTL i Combofix (nešto je našao), evo prilažem log-ove, redom - OTL, Extras, ComboFix:

http://pastebin.com/p9MJUUVt
http://pastebin.com/SnqCpMtY
http://pastebin.com/k0dLMJWn

btw. ako moze jos jedno malo off pitanje: na masinu sam htio staviti avira free antivirus (download last eversion sa weba), medutim, ne dozvoljava mi instalirati, jer sada zadnja verzija zahtjeva SP3... a ovi win xp imaju SP2. Koje je rjesenje?
Hvala puno.

otvori OTL i ovo kopiraj u prazno poje
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Usluga Google ažuriranje (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate1c9d353edcff046) Usluga Google ažuriranje (gupdate1c9d353edcff046)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55111
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.browser.search. defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=101292&mntrId=4cf47047000000000000001f3c96a685&q="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] Disable_By_C:\Program Files\PowerISO\PWRISOVM.EXE File not found
O4 - HKLM..\Run: [RemoveWGA] H:\RemoveWGA.exe -startup File not found
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKCU..\Run: [MSMSGS] Disable_By_"C:\Program Files\Messenger\msmsgs.exe" /background File not found
O8 - Extra context menu item: &Search - ?p=ZUfox000 File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011.12.31 19:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikolina\Application Data\4CF47
[C:\WINDOWS\$NtUninstallKB53497$] -> Error: Cannot create file handle -> Unknown point type

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1542:TCP" =-
"1542:UDP" =-
"53:UDP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\LP\6854\F3C.exe" =-
"C:\Program Files\47047\lvvm.exe" =-
"C:\Documents and Settings\Nikolina\Application Data\4CF47\96A68.exe" =-


:Files
ipconfig /flushdns /c
rmdir C:\WINDOWS\$NtUninstallKB53497$ /c
C:\Program Files\47047
C:\Program Files\LP
C:\Documents and Settings\Nikolina\Application Data\4CF47

:Commands
[Reboot]

klik na RUN FIX
-log koji dobiješ kopiraj

2.skini tdsskiler (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)i spremi na desktop
-otvori program i klik na change parameters i sve označi
-klik na start scan
-ako program zatraži restart dozvoli
-log se obično naazi u c: i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

3.skini aswMBR (http://public.avast.com/~gmerek/aswMBR.exe)i spremi na desktop
-pokreni program klikom na scan
-kad završi scan klik na save log
-log kopiraj

4.skini farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)i spremi na desktop
-sve označi i klik na scan
-log koji dobiješ kopiraj

taxodium
14.04.2012., 08:45
otvori OTL i ovo kopiraj u prazno poje
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Usluga Google ažuriranje (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate1c9d353edcff046) Usluga Google ažuriranje (gupdate1c9d353edcff046)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55111
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.browser.search. defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=101292&mntrId=4cf47047000000000000001f3c96a685&q="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] Disable_By_C:\Program Files\PowerISO\PWRISOVM.EXE File not found
O4 - HKLM..\Run: [RemoveWGA] H:\RemoveWGA.exe -startup File not found
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKCU..\Run: [MSMSGS] Disable_By_"C:\Program Files\Messenger\msmsgs.exe" /background File not found
O8 - Extra context menu item: &Search - ?p=ZUfox000 File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011.12.31 19:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikolina\Application Data\4CF47
[C:\WINDOWS\$NtUninstallKB53497$] -> Error: Cannot create file handle -> Unknown point type

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1542:TCP" =-
"1542:UDP" =-
"53:UDP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\LP\6854\F3C.exe" =-
"C:\Program Files\47047\lvvm.exe" =-
"C:\Documents and Settings\Nikolina\Application Data\4CF47\96A68.exe" =-


:Files
ipconfig /flushdns /c
rmdir C:\WINDOWS\$NtUninstallKB53497$ /c
C:\Program Files\47047
C:\Program Files\LP
C:\Documents and Settings\Nikolina\Application Data\4CF47

:Commands
[Reboot]

klik na RUN FIX
-log koji dobiješ kopiraj

2.skini tdsskiler (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)i spremi na desktop
-otvori program i klik na change parameters i sve označi
-klik na start scan
-ako program zatraži restart dozvoli
-log se obično naazi u c: i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

3.skini aswMBR (http://public.avast.com/~gmerek/aswMBR.exe)i spremi na desktop
-pokreni program klikom na scan
-kad završi scan klik na save log
-log kopiraj

4.skini farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)i spremi na desktop
-sve označi i klik na scan
-log koji dobiješ kopiraj

pozdrav!

prema traženju, dostavljam log-ove:
Otl
http://pastebin.com/u6JmvAKm

aswmbr
http://pastebin.com/i3YPVsGP

fss
http://pastebin.com/rNvr1Zc4

tdskiller
http://pastebin.com/w7QpFVq0

dobrota
14.04.2012., 10:05
pozdrav!

prema traženju, dostavljam log-ove:
Otl
http://pastebin.com/u6JmvAKm

aswmbr
http://pastebin.com/i3YPVsGP

fss
http://pastebin.com/rNvr1Zc4

tdskiller
http://pastebin.com/w7QpFVq0

otvori fabar service scaner

upiši ovo u search polje
mrxsmb.sys
klik na Search Files
log koji dobiješ kopiraj

taxodium
14.04.2012., 20:05
otvori fabar service scaner

upiši ovo u search polje
mrxsmb.sys
klik na Search Files
log koji dobiješ kopiraj

evo log searcha...

http://pastebin.com/PaHQQYAJ

dobrota
15.04.2012., 07:14
evo log searcha...

http://pastebin.com/PaHQQYAJ

izbriši tu kopiju combofix-a, (povuci je s mišem u smeće), skini novu kopiju i spremi na desktop

1.otvori notepad i ovo kopiraj u notepad
Fcopy::
C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys|C:\WIN DOWS\system32\drivers\mrxsmb.sys
C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys|C:\WIN DOWS\system32\dllcache\mrxsmb.sys

zatvori notepad i spremi kao CFScript na desktop
-isključi antivrus
-skriptu s mišem uvuci u combofix.exe
-log koji dobiješ kopiraj

2.izbriši kopiju aswMBR, skini novu i spremi na desktop
-pokreni program, kad završi scan klik na save log
-log kopiraj

3.skini malwarebytes >instaliraj program >update >quick scan
-log kopiraj


kako sad radi računalo ?

bitulit
19.04.2012., 07:26
Dobrota , molim te pogledaj ovaj OTL
http://pastebin.com/BXX2eRG1
http://pastebin.com/0cCapvNf

dobrota
19.04.2012., 11:23
Dobrota , molim te pogledaj ovaj OTL
http://pastebin.com/BXX2eRG1
http://pastebin.com/0cCapvNf

ovaj file ti je poznat ?

C:\DPsFnshr.exe

otvori OTL i ovo kopiraj u prazno polje

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q="
FF - user.js - File not found
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2790392
CHR - default_search_provider: suggest_url = http://search.conduit.com/
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\MF.exe" /opentotray File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[reboot]

klik na RUN FIX
-log koji dobiješ kopiraj

2.skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log koji dobiješ kopiraj

majstor fantac
25.04.2012., 14:41
pozz, laptop stari steka jako, nije bas neka konfiguracija i star je, ali naso sam dosta toga sa malwarebytes-om, nod32 nije nista nasao...
nisam sve pobrisao jer su vecinom registry u pitanju, par puta sam tako vec sjebo pa evo loga ovdje, bacit cu kasnije i otl logove

malwarebytes
http://pastebin.com/D2pZWfFd

otl logovi
http://pastebin.com/t3hqpJ26
http://pastebin.com/bGGmwUpg

dobrota
25.04.2012., 16:31
pozz, laptop stari steka jako, nije bas neka konfiguracija i star je, ali naso sam dosta toga sa malwarebytes-om, nod32 nije nista nasao...
nisam sve pobrisao jer su vecinom registry u pitanju, par puta sam tako vec sjebo pa evo loga ovdje, bacit cu kasnije i otl logove

malwarebytes
http://pastebin.com/D2pZWfFd

otl logovi
http://pastebin.com/t3hqpJ26
http://pastebin.com/bGGmwUpg

nema ni u OTL logovim ništa posebno....možda jedino

httxp://startsear.ch/?aff=2&src=sp&cf=20f1f0c0-2370-11e1-8a83-0015004....

isključi malwarebytes realtime zaštitu

otvori OTL i ovo kopiraj u prazno polje
:services

:otl

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{8C8D7C39-168C-4156-88BD-332E9997D5E1}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=20f1f0c0-2370-11e1-8a83-001500432e3b&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.hr/about:tabsabout:tabs [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {8C8D7C39-168C-4156-88BD-332E9997D5E1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{33A8D69E-6B43-496B-BD73-9065ACA65DE4}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{8C8D7C39-168C-4156-88BD-332E9997D5E1}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=20f1f0c0-2370-11e1-8a83-001500432e3b&q={searchTerms}
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=2&src=sp&cf=20f1f0c0-2370-11e1-8a83-001500432e3b&q="
FF - user.js - File not found
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Nensy Fensy\Application Data\Mozilla\Firefox\Profiles\z49iwjkv.default\sea rchplugins\startsear.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:files
dir /s /a "C:\Documents and Settings\Nensy Fensy\Recent" /c
C:\Program Files\StartSearch plugin
C:\Program Files\McAfee Security Scan

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]

klik na RUN FIX
-log koji dobiješ kopiraj

2.skini tdsskiller (http://support.kaspersky.com/viruses/solutions?qid=208280684) i spremi na desktop
-pokreni program>klik na change parameters
-sve označi
-klik na strat scan
-ako program zatraži restart dozvoli
-log se obično nalazi u c:/ i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

3.skini aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) i spremi na desktop
-pokrni program klikom na start scan
-kad završi scan klik na save log
-log kopiraj

4.pokreni malwareytes >update>quick scan
-što pronađe možeš slobodno brisati

još ćemo provjeriti ima li slučajno koji rootkit, ako ga ova dva alata ne pronađu, onda neće biti potrebno ni combofix pokretati...

majstor fantac
26.04.2012., 10:15
evo otl loga

http://pastebin.com/Jifjby9B

ovaj tdsskiller otkrio 9 virusa ili kaj su vec

Unsigned file

CFSvcs
DVD-RAM_Service
meiudf
netdevio
S24EventMonitor
StarOpen
TVALZ
VMUVC
vyftUVC

svugdje pise meduim risk, kaj napravit sad sa tim, a pobrisem ili bacim u karantnenu ??
muci me to kaj su servisi u pitanju, vecina u folderu system32/drivers, imao sam jednom rootkita i isao brisat tako i sjebo sve, kaj radit ?

majstor fantac
26.04.2012., 11:49
log od tdsskilllera, nista nisam dirao, ni brisao

http://pastebin.com/fTFj9H5V


log od aswMBR, nista dirano, samo skenirano

http://pastebin.com/Kq8nJfxG

da krenem sad sa malwarebytesom ili ?

dobrota
26.04.2012., 13:14
log od tdsskilllera, nista nisam dirao, ni brisao

http://pastebin.com/fTFj9H5V


log od aswMBR, nista dirano, samo skenirano

http://pastebin.com/Kq8nJfxG

da krenem sad sa malwarebytesom ili ?

Disk 0 malicious Win32:MBRoot code @ sector 61 !

nemoj sad s malwarebytesom...MBR je inficiran

skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
isključi antivirus
pokreni combofix i na sve što traži odgovori potvrdno
log kopiraj

obavezno dozvoli instalaciju recovery console, ao combofix ne očisti MBR infekciju, očistit će se preko recovery console

majstor fantac
26.04.2012., 14:33
evo loga od combofixa

http://pastebin.com/wQiwYNKF

dobrota
26.04.2012., 15:00
evo loga od combofixa

http://pastebin.com/wQiwYNKF

restartiraj računalo i odaberi Microsoft Windows Recovery Console

http://www.zaslike.com/files/7dkmzqg2lvviu31uaj5j.png (http://www.zaslike.com/)

kad dobiješ ovaj prozor, upiši 1 i potvrdi s enter

http://www.zaslike.com/files/bkpw7uvprzvedk1aigzz.png (http://www.zaslike.com/)

kad dobiješ obavijest za lozinku, upiši je ako je imaš postavljenu, a ako nemaš samo klik na enter

upiši fixmbr

http://www.zaslike.com/files/2hx0yc9mcstwuzunxug2.png (http://www.zaslike.com/)

za slučaj da se traži potvrda, upiši Y i klik na enter

kad završi, restartiraj računalo i pokreni novi aswMBR scan

majstor fantac
26.04.2012., 20:50
popravio sam mbr, evo loga, jel bi se jos trebalo pojavljivati kod pokretanja izbor recovery console, jer mislim da sam sve dobro napravio, mislim pisalo je da je stvoren novi mbr, nesto u tom stilu

log aswMBR

http://pastebin.com/BGvDa37K

dobrota
27.04.2012., 11:43
popravio sam mbr, evo loga, jel bi se jos trebalo pojavljivati kod pokretanja izbor recovery console, jer mislim da sam sve dobro napravio, mislim pisalo je da je stvoren novi mbr, nesto u tom stilu

log aswMBR

http://pastebin.com/BGvDa37K

ponovo pokeni aswMBR i kad završi scan klik na fixmbr

skini MBRcheck (http://ad13.geekstogo.com/MBRCheck.exe)i spremi na desktop
pokreni program i log koji dobiješ kopiraj

ovaj file se nalazi na desktopu, uploadaj ga na jottis malware scan (http://virusscan.jotti.org/en)i rezultat kopiraj

C:\Documents and Settings\Nensy Fensy\Desktop\MBR.dat

ponovljeni aswMBR scan javlja opet infekciju sector 61...

majstor fantac
27.04.2012., 12:57
ponovo pokeni aswMBR i kad završi scan klik na fixmbr



hm, nemoze se kliknut na fixmbr, samo na fix, da to onda probam?

dobrota
27.04.2012., 13:34
hm, nemoze se kliknut na fixmbr, samo na fix, da to onda probam?

da, klik na fix :)

majstor fantac
27.04.2012., 14:11
mbr check

http://pastebin.com/FVdfQXJh

jottis malware scan

http://pastebin.com/dGy3Ks0A

dobrota
27.04.2012., 14:16
mbr check

http://pastebin.com/FVdfQXJh

jottis malware scan

http://pastebin.com/dGy3Ks0A

20/20 kažu da je MBR ok...

MBRcheck nisi kopirao kompletan log, najvažnijeg dijela nema :)

jesi li kliknio na fix s aswMBR ?

možeš li jop jednom pokrenuti aswMBR ?

majstor fantac
27.04.2012., 14:20
20/20 kažu da je MBR ok...

MBRcheck nisi kopirao kompletan log, najvažnijeg dijela nema :)

jesi li kliknio na fix s aswMBR ?

možeš li jop jednom pokrenuti aswMBR ?

http://pastebin.com/dhJwFAmQ evo cijelog koda, nisam sve oznacio prije

kliknuo sam na fix s aswMBR, pisalo je na kraju reboot asp, tak neke, ne sjecam se tocno, ja sam restartao laptop

dobrota
27.04.2012., 14:24
http://pastebin.com/dhJwFAmQ evo cijelog koda, nisam sve oznacio prije

kliknuo sam na fix s aswMBR, pisalo je na kraju reboot asp, tak neke, ne sjecam se tocno, ja sam restartao laptop

93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

e ovo se tražilo :)...

kako sad računalo radi ?....poboljšanja , problemi ?

majstor fantac
27.04.2012., 14:27
e ovo se tražilo :)...

kako sad računalo radi ?....poboljšanja , problemi ?

ne radi bas neke brzo, evo sad mi se browser smrznuo na pola minute tak da :ne zna:

dobrota
27.04.2012., 14:37
ne radi bas neke brzo, evo sad mi se browser smrznuo na pola minute tak da :ne zna:

ok, odradi novi OTL scan, samo što ćeš ovo kopirati u prazno polje

msconfig
safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
C:\Windows\assembly\tmp\U\*.* /s
/md5start
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
tdx.sys
explorer.exe
winlogon.exe
wininit.exe
svchost.exe
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /s
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager\SubSystems|Windows /rs

klik na quick scan

majstor fantac
27.04.2012., 14:53
evo otl loga, jednog je izbacilo http://pastebin.com/RgsuAicR

dobrota
27.04.2012., 15:21
evo otl loga, jednog je izbacilo http://pastebin.com/RgsuAicR

otvori OTL i ovo kopiraj u prazno polje
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\NENSYF~1\LOCALS~1\Temp\catchme.sys -- (catchme)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.En terpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[2010.12.09 17:15:09 | 000,718,336 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Nensy Fensy\Local Settings\Temp\ntdll.dll

:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

klik na RUN FIX
-log koji dobiješ kopiraj

2.Kaspersky Virus Removal Tool 2011 (http://support.kaspersky.com/viruses/avptool2011?level=2)

spreni na desktop program i pokreni autoscan
-report kopiraj

majstor fantac
27.04.2012., 16:13
otl http://pastebin.com/vbf4VuuP

dobrota
27.04.2012., 16:17
otl http://pastebin.com/vbf4VuuP

to je sad ok, vjerojatno je i java zaražena, to će kaspersky otkriti...

nakon scana javi kako se računalo ponaša

majstor fantac
27.04.2012., 16:39
nista nije otkrio
http://pastebin.com/4ffPQvJL

dobrota
27.04.2012., 16:54
nista nije otkrio
http://pastebin.com/4ffPQvJL

otvori OTL i klik na clean up

ovo će pobrisati OTL, combofix, tdsskiller,...i ostale alate, ako nešto ostane, povuc s mišem u smeće...

jesi li uklonio ono što je malwarebytes pronašao ?....

tvoje raunalo je čisto što se virusa tiče :)

majstor fantac
27.04.2012., 18:24
otvori OTL i klik na clean up

ovo će pobrisati OTL, combofix, tdsskiller,...i ostale alate, ako nešto ostane, povuc s mišem u smeće...

jesi li uklonio ono što je malwarebytes pronašao ?....

tvoje raunalo je čisto što se virusa tiče :)

je li normalno da kod pokretanja racunala i dalje postoje tri opcije, recovery console, start with debugger(u tom stilu nesto) i win xp pro...
kak se to mice?
nisam nista uklanjao s malwarebytesom, sad cu proskenirat pa da vidimo...

dobrota
28.04.2012., 11:41
je li normalno da kod pokretanja racunala i dalje postoje tri opcije, recovery console, start with debugger(u tom stilu nesto) i win xp pro...
kak se to mice?
nisam nista uklanjao s malwarebytesom, sad cu proskenirat pa da vidimo...

moja je preporuka da to ne diraš, jer nikad neznaš kad ti može zatrebati....a ako baš želiš..pogledaj ovaj link

http://support.microsoft.com/kb/555032

LKockica
28.04.2012., 18:23
evo mojih logova

OTL
http://pastebin.com/TBiipjBi

OTL EXTRAS
http://pastebin.com/mY5Nm21s


unaprijed hvalaaaa!!!

dobrota
28.04.2012., 18:59
evo mojih logova

OTL
http://pastebin.com/TBiipjBi

OTL EXTRAS
http://pastebin.com/mY5Nm21s


unaprijed hvalaaaa!!!

odi u add/remove i izbriši ove programe

YouTube Downloader Toolbar v5.4
"BearShare 2 MediaBar" = MediaBar
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SearchCore for Browsers" = SearchCore for Browsers

nakon toga

otvori OTL i ovo kopiraj u prazno polje
:services

:OTL
PRC - [2012.04.12 10:39:18 | 000,980,832 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
SRV - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchqu.com/sidebar.html?src=ssb&appid=113&systemid=406&sr=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=GJy2Tkc7n9qx6suHoZRnDvZZ5sc?q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GOM&o=14590&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GU&apn_dtid=YYYYYYYYHR&apn_uid=D3DA494C-5236-4889-92DA-CF565F0F56CF&apn_sauid=375E793A-9199-4E54-B56D-B28E4D58A6E9
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=2&q="
[2011.10.09 00:34:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.23 03:21:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.23 02:58:20 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011.10.09 00:34:51 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\sea rchplugins\SearchResults.xml
[2011.10.09 00:34:51 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi .dll ()
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi .dll ()
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi .dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~2\IR_SERVER.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.d ll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O32 - AutoRun File - [2010.09.21 10:45:09 | 000,000,000 | RH-D | M] - K:\autorun -- [ NTFS ]
O33 - MountPoints2\{15c5c41f-d6c1-11df-bd0e-001558632b05}\Shell - "" = AutoRun
O33 - MountPoints2\{15c5c41f-d6c1-11df-bd0e-001558632b05}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15c5c41f-d6c1-11df-bd0e-001558632b05}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1cf13f5e-b68a-11df-bcb7-001558632b05}\Shell\AutoRun\command - "" = L:\
O33 - MountPoints2\{1cf13f5e-b68a-11df-bcb7-001558632b05}\Shell\Explore\Command - "" = WScript.exe .\8279.vbs
O33 - MountPoints2\{1cf13f5e-b68a-11df-bcb7-001558632b05}\Shell\Open\Command - "" = WScript.exe .\8279.vbs
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\ -- [2012.04.28 00:26:59 | 000,000,000 | ---D | M]
O33 - MountPoints2\C\Shell\Explore\Command - "" = WScript.exe .\15535.vbs
O33 - MountPoints2\C\Shell\Open\Command - "" = WScript.exe .\15535.vbs
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\D\Shell\Explore\Command - "" = WScript.exe .\15535.vbs
O33 - MountPoints2\D\Shell\Open\Command - "" = WScript.exe .\15535.vbs
[2012.04.13 21:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Application Data\Search Settings
[2012.04.13 21:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012.04.13 21:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.04.13 21:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011.10.09 10:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012.04.13 21:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Search Settings
[2011.10.14 02:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\searchquband
[2011.10.14 02:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\searchqutoolbar
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Files
C:\Windows\tasks\At*.job

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]


klik na RUN FIX
-log koji dobiješ kopiraj

LKockica
28.04.2012., 19:48
MediaBar i iLivid je obrisalo,al je zablokiralo komp na brisanju na SearchCore for Browsers

Hvala na tako brzom odgovoru :D

dobrota
28.04.2012., 19:50
MediaBar je obrisalo,al je zablokiralo komp na brisanju
Windows iLivid Toolbar i SearchCore for Browsers

Hvala na tako brzom odgovoru :D

pokeni OTL skriptu, OTL će ih isto obrisati

samo pazi da sve iskopiraš i da prije nego pokreneš OTL, ugasiš web preglednike

LKockica
29.04.2012., 00:14
Sve ucinila po naputku, OTL pokrenila,kopirala,pogasila web preglednike i onda mi je nakon nekog vremena pisalo na skirpti OTL (Not Responding)
morala sam restartat komp da se bilo sto pokrene.
Zanima me koliko dugo otprilike OTL treba,kad normalno odradjuje, da izbaci LOG? Jel to sat vremena ili npr. cijelu noc?

dobrota
29.04.2012., 06:01
Sve ucinila po naputku, OTL pokrenila,kopirala,pogasila web preglednike i onda mi je nakon nekog vremena pisalo na skirpti OTL (Not Responding)
morala sam restartat komp da se bilo sto pokrene.
Zanima me koliko dugo otprilike OTL treba,kad normalno odradjuje, da izbaci LOG? Jel to sat vremena ili npr. cijelu noc?

ne, to traje minut najviše...ok

skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus realtime zaštitu
-pokreni combofix i na sve što traži odgovori potvrdno
-dok traje scan ništa ne diraj (15-20min)
-kad combofix završi izbacit će log kojeg ćeš kopirati

LKockica
29.04.2012., 10:30
evo loga u TRI dijela. HVALA!


ComboFix 12-04-28.01 - Spika 29.04.2012 11:12:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1037 [GMT 2:00]
Running from: c:\documents and settings\Spika\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\wea ve\toFetch
c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\wea ve\toFetch\bookmarks.json
c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\wea ve\toFetch\clients.json
c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\wea ve\toFetch\forms.json
c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\wea ve\toFetch\history.json
c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\wea ve\toFetch\passwords.json
c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\wea ve\toFetch\prefs.json
c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\wea ve\toFetch\tabs.json
c:\documents and settings\Spika\Recent\Track09.cda
c:\documents and settings\Spika\WINDOWS
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\windows\system32\acelpdec.ax
c:\windows\system32\BdaPlgIn.ax
c:\windows\system32\g711codc.ax
c:\windows\system32\iac25_32.ax
c:\windows\system32\ipsink.ax
c:\windows\system32\ir41_32.ax
c:\windows\system32\ivfsrc.ax
c:\windows\system32\ksolay.ax
c:\windows\system32\ksproxy.ax
c:\windows\system32\kstvtune.ax
c:\windows\system32\kswdmcap.ax
c:\windows\system32\ksxbar.ax
c:\windows\system32\l3codecx.ax
c:\windows\system32\mpeg2data.ax
c:\windows\system32\mpg2splt.ax
c:\windows\system32\mpg4ds32.ax
c:\windows\system32\msadds32.ax
c:\windows\system32\MSDvbNP.ax
c:\windows\system32\msscds32.ax
c:\windows\system32\PsisRndr.ax
c:\windows\system32\vbicodec.ax
c:\windows\system32\vbisurf.ax
c:\windows\system32\vidcap.ax
c:\windows\system32\wiasf.ax
c:\windows\system32\wmv8ds32.ax
c:\windows\system32\wmvds32.ax
c:\windows\system32\wstpager.ax
c:\windows\system32\wstrenderer.ax
D:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-28 18:54 . 2012-04-28 18:54 -------- d-----w- C:\_OTL
2012-04-27 21:12 . 2012-04-27 21:12 -------- d-s---w- c:\documents and settings\Spika\UserData
2012-04-27 20:00 . 2012-04-27 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-27 20:00 . 2012-04-27 20:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-27 15:10 . 2012-04-27 15:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 15:10 . 2012-04-27 15:10 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 15:10 . 2012-04-27 15:10 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-27 13:07 . 2012-04-27 13:07 -------- d-----w- c:\program files\Common Files\Java
2012-04-27 13:07 . 2012-04-27 13:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-27 13:07 . 2012-04-27 13:07 -------- d-----w- c:\program files\Java
2012-04-17 00:59 . 2012-04-17 00:59 -------- d-----w- c:\documents and settings\Spika\Local Settings\Application Data\Downloaded Installations
2012-04-17 00:52 . 2012-04-17 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2012-04-17 00:52 . 2012-04-17 00:52 -------- d-----w- c:\program files\Sony
2012-04-17 00:51 . 2012-04-20 22:57 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-04-17 00:51 . 2012-04-17 00:51 -------- d-----w- c:\windows\system32\LogFiles
2012-03-31 08:54 . 2012-03-31 08:54 -------- d-----w- c:\documents and settings\Spika\Local Settings\Application Data\PCHealth
2012-03-30 21:15 . 2010-04-07 11:42 1078504 ----a-w- c:\windows\system32\FontInstaller2.dll
2012-03-30 21:15 . 2012-03-30 21:18 -------- d-----w- c:\documents and settings\Spika\Application Data\FontCreator
2012-03-30 21:15 . 2012-03-30 21:15 -------- d-----w- c:\program files\High-Logic FontCreator
2012-03-30 15:35 . 2012-03-30 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2012-03-30 15:32 . 2012-03-30 15:32 -------- d-----w- c:\program files\Common Files\Protexis
2012-03-30 15:32 . 2012-03-30 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2012-03-30 15:20 . 2012-03-30 15:20 -------- d-----w- c:\program files\Microsoft.NET
2012-03-30 14:55 . 2012-03-30 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel Painter 12
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-04-27 13:07 . 2010-10-07 00:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-27 13:03 . 2012-03-30 08:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-27 13:03 . 2011-06-06 08:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2011-04-11 10:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 00:15 . 2011-06-27 19:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-06-27 19:30 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-06-27 19:30 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-06-27 19:30 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-06-27 19:30 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-06-27 19:30 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-06-27 19:30 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2011-06-27 19:30 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2011-06-27 19:30 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2011-06-27 19:30 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-27 15:10 . 2011-05-09 12:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-03 23:57 . 2010-08-01 21:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Spika\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Spika\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Spika\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Spika\Application Data\Dropbox\bin\DropboxExt.14.dll

LKockica
29.04.2012., 10:31
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-01 740216]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208]
"Steam"="k:\igrice\Steam\Steam.exe" [2011-09-18 1242448]
"Sticky-Notes"="k:\tehnikalije\stickynotes.exe" [2011-11-21 611328]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-03 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Iminent"="c:\program files\Iminent\Iminent.exe" [2011-12-23 445416]
"IminentMessenger"="c:\program files\Iminent\Iminent.Messengers.exe" [2011-12-23 881144]
"ClocX"="d:\clocx\ClocX.exe" [2005-01-26 270336]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Spika\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Spika\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-8-31 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3 .dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\L:\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Spika^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Spika\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-25 17:11 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-04-27 21:29 77824 ----a-w- k:\igrice\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ArcSoft\\TotalMedia 3.5\\TotalMedia.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"d:\\Binaries\\Wolverine.exe"=
"k:\\Igrice\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Spika\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"k:\\Igrice\\Steam\\steamapps\\common\\dc universe online\\LaunchPad.exe"=
"k:\\Tehnikalije\\stickynotes.exe"=
"k:\\Igrice\\BF1942.exe"=
"c:\\Program Files\\Iminent\\Iminent.exe"=
"c:\\Program Files\\Iminent\\Iminent.Messengers.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [27.6.2011 21:30 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.6.2011 21:30 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [27.6.2011 21:30 20696]
R2 atjsgt;atjsgt;c:\windows\system32\drivers\atjsgt.s ys [30.4.2011 21:11 165504]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz13 5_x32.sys [3.1.2011 2:01 21992]
R2 linsgt;linsgt;c:\windows\system32\drivers\linsgt.s ys [30.4.2011 21:11 16000]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.4.2011 12:56 654408]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [23.9.2011 19:37 641832]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windo ws\Installer\MSI246.tmp [16.9.2011 18:18 177784]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2.2.2011 4:01 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2.2.2011 4:02 416112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [11.4.2011 12:56 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2012 2:47 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15.2.2012 14:30 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [30.3.2012 10:41 253088]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\ DrvAgent32.sys [1.8.2010 12:20 23456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1.8.2010 23:57 30192]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2012 2:47 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [13.10.2010 14:00 7680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.4.2012 17:10 129976]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHI D.sys [31.8.2010 19:35 31872]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [31.8.2010 19:35 93344]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [31.8.2010 19:35 32800]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.s ys [2.2.2011 4:02 16240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [13.10.2010 14:01 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [13.10.2010 14:01 104960]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-03-30 13:03]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-25 00:46]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-25 00:46]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Spika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Spika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1B5FEF03-2E7A-46BF-BD77-F318660E1CEC}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=2&q=
FF - prefs.js: network.proxy.type - 0

LKockica
29.04.2012., 10:32
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsd txmltbpi.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsd txmltbpi.dll
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ClocX - k:\clocx\ClocX.exe
HKLM-Run-IR_SERVER - c:\progra~1\Realtek\REALTE~2\IR_SERVER.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-EA Core - d:\eadm\Core.exe
AddRemove-GameSpy Arcade - k:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-MagicDisc 2.7.105 - d:\igrice\MAGICD~1\UNWISE.EXE
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 11:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S CPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI246.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1604221776-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:68,89,22,2d,1c,c2,3f,e3,e6,88,ec,24,bb,16,81, 9f,59,97,85,78,17,95,55,
46,3b,14,eb,21,11,17,b8,c0,ef,1b,40,d8,1c,07,a3,2e ,bd,e2,01,30,08,a8,ae,9b,\
"??"=hex:36,af,66,8c,29,5a,19,94,f0,a4,9a,37,d8,bb,2b, 3b
.
[HKEY_USERS\S-1-5-21-1177238915-1604221776-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:78,5b,8b,13,15,51,b6,ed,59,8d,ef,02,e4,80,81, 14,d1,99,a4,75,25,
1c,bc,c2,67,7b,07,12,7f,32,47,51,9c,95,fe,d6,76,a7 ,0f,54,3a,76,71,13,47,0a,\
"rkeysecu"=hex:0f,9b,20,42,3b,e2,24,ec,5c,61,40,0a,ea,40,50, 1a
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3656)
c:\program files\Iminent\Iminent.WinCore.dll
c:\windows\system32\msi.dll
c:\documents and settings\Spika\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
k:\tehnikalije\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\WISPTIS.EXE
.
************************************************** ************************
.
Completion time: 2012-04-29 11:26:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 09:26
.
Pre-Run: 8.861.839.360 bytes free
Post-Run: 10.504.183.808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 13AB690B865E7168D6B036125512C706

dobrota
29.04.2012., 14:22
sad opet probaj pokrenuti OTL

ovo kopiraj u prazno polje i klik na RUN FIX

:services

:OTL
PRC - [2012.04.12 10:39:18 | 000,980,832 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
SRV - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchqu.com/sidebar.html?src=ssb&appid=113&systemid=406&sr=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=GJy2Tkc7n9qx6suHoZRnDvZZ5sc?q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=GOM&o=14590&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GU&apn_dtid=YYYYYYYYHR&apn_uid=D3DA494C-5236-4889-92DA-CF565F0F56CF&apn_sauid=375E793A-9199-4E54-B56D-B28E4D58A6E9
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=2&q="
[2011.10.09 00:34:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.23 03:21:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.23 02:58:20 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011.10.09 00:34:51 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\sea rchplugins\SearchResults.xml
[2011.10.09 00:34:51 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi .dll ()
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi .dll ()
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi .dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~2\IR_SERVER.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.d ll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O32 - AutoRun File - [2010.09.21 10:45:09 | 000,000,000 | RH-D | M] - K:\autorun -- [ NTFS ]
O33 - MountPoints2\{15c5c41f-d6c1-11df-bd0e-001558632b05}\Shell - "" = AutoRun
O33 - MountPoints2\{15c5c41f-d6c1-11df-bd0e-001558632b05}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15c5c41f-d6c1-11df-bd0e-001558632b05}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1cf13f5e-b68a-11df-bcb7-001558632b05}\Shell\AutoRun\command - "" = L:\
O33 - MountPoints2\{1cf13f5e-b68a-11df-bcb7-001558632b05}\Shell\Explore\Command - "" = WScript.exe .\8279.vbs
O33 - MountPoints2\{1cf13f5e-b68a-11df-bcb7-001558632b05}\Shell\Open\Command - "" = WScript.exe .\8279.vbs
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\ -- [2012.04.28 00:26:59 | 000,000,000 | ---D | M]
O33 - MountPoints2\C\Shell\Explore\Command - "" = WScript.exe .\15535.vbs
O33 - MountPoints2\C\Shell\Open\Command - "" = WScript.exe .\15535.vbs
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\D\Shell\Explore\Command - "" = WScript.exe .\15535.vbs
O33 - MountPoints2\D\Shell\Open\Command - "" = WScript.exe .\15535.vbs
[2012.04.13 21:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Application Data\Search Settings
[2012.04.13 21:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012.04.13 21:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.04.13 21:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011.10.09 10:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012.04.13 21:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Search Settings
[2011.10.14 02:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\searchquband
[2011.10.14 02:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\searchqutoolbar
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Files
C:\Windows\tasks\At*.job

:Commands
[Reboot]

LKockica
29.04.2012., 15:55
Prvo, opet HVALA!

Napravila :D
OTL u sekund odradio i reboota komp, jel trebalo neki log izbacit?

Inace, danas cijeli dan mogu uci na one stranice koje mi nekidan nije dopustao.

dobrota
29.04.2012., 16:34
Prvo, opet HVALA!

Napravila :D
OTL u sekund odradio i reboota komp, jel trebalo neki log izbacit?

Inace, danas cijeli dan mogu uci na one stranice koje mi nekidan nije dopustao.

pogledaj u c:/_OTL/Moved Files/

tu ćeš pronaći jedan text file koji izgleda otp ovako 29042012_183501.txt

ako ga ne pronađeš, pokreni ponovo OTL Quick scan...ne trebaš ništa dodatno kopirati u prazno polje

dobrota
29.04.2012., 18:15
otvori OTL i ovo kopiraj u prazno polje

:OTL


:files
C:\WINDOWS\QTFont.qfn
C:\Documents and Settings\All Users\Application Data\lKd31001mKeLp31001
C:\Documents and Settings\Spika\Application Data\bsbandmltbpi

klik na RUN FIX

nakon toga,
otvori OTL i klik na clean up

ovo će obrisati combofix i OTL

nakon toga

pokreni malwarebytes>>update>>quick scan
log kopiraj


kako sad radi računalo ?

LKockica
29.04.2012., 18:18
pogledaj u c:/_OTL/Moved Files/

tu ćeš pronaći jedan text file koji izgleda otp ovako 29042012_183501.txt

ako ga ne pronađeš, pokreni ponovo OTL Quick scan...ne trebaš ništa dodatno kopirati u prazno polje

ovo sad postavljam log nakon ovog procesa






OTL logfile created on: 29.4.2012 18:16:01 - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Spika\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,06% Memory free
3,85 Gb Paging File | 2,97 Gb Available in Paging File | 77,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,68 Gb Total Space | 9,56 Gb Free Space | 19,24% Space Free | Partition Type: NTFS
Drive D: | 99,36 Gb Total Space | 39,95 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 197,40 Gb Free Space | 21,19% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Spika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.28 00:27:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spika\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.03.02 00:08:56 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Spika\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011.12.23 14:07:20 | 000,881,144 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe
PRC - [2011.12.23 14:07:20 | 000,445,416 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe
PRC - [2011.11.21 15:53:02 | 000,611,328 | ---- | M] () -- K:\Tehnikalije\stickynotes.exe
PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011.09.18 09:50:29 | 001,242,448 | ---- | M] (Valve Corporation) -- K:\Igrice\Steam\Steam.exe
PRC - [2011.09.16 18:18:37 | 000,177,784 | ---- | M] (Solid Documents, LLC) -- C:\WINDOWS\Installer\MSI246.tmp
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.10.13 12:41:00 | 002,954,608 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010.10.13 12:40:54 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- K:\Tehnikalije\CDBurnerXP\NMSAccessU.exe
PRC - [2009.11.03 13:38:12 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.09.25 19:11:20 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005.01.26 11:04:50 | 000,270,336 | ---- | M] (BonSoft) -- D:\ClocX\ClocX.exe

LKockica
29.04.2012., 18:19
========== Modules (No Company Name) ==========

MOD - [2012.04.29 08:20:08 | 001,771,520 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12042900\algo.dll
MOD - [2012.04.22 23:10:12 | 020,297,512 | ---- | M] () -- K:\Igrice\Steam\bin\libcef.dll
MOD - [2012.04.22 23:10:07 | 001,099,576 | ---- | M] () -- K:\Igrice\Steam\bin\avcodec-53.dll
MOD - [2012.04.22 23:10:07 | 000,907,048 | ---- | M] () -- K:\Igrice\Steam\bin\chromehtml.dll
MOD - [2012.04.22 23:10:07 | 000,190,776 | ---- | M] () -- K:\Igrice\Steam\bin\avformat-53.dll
MOD - [2012.04.22 23:10:07 | 000,123,192 | ---- | M] () -- K:\Igrice\Steam\bin\avutil-51.dll
MOD - [2011.12.23 14:07:28 | 000,910,840 | ---- | M] () -- C:\Program Files\Iminent\System.Data.SQLite.dll
MOD - [2011.12.23 14:07:26 | 000,204,280 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Workflow.dll
MOD - [2011.12.23 14:07:26 | 000,067,576 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Windows.dll
MOD - [2011.12.23 14:07:22 | 006,273,016 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Mediator.ActivePlayers.dll
MOD - [2011.12.23 14:07:22 | 001,524,728 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Services.dll
MOD - [2011.12.23 14:07:22 | 000,587,256 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Booster.UI.dll
MOD - [2011.11.21 15:53:02 | 000,611,328 | ---- | M] () -- K:\Tehnikalije\stickynotes.exe
MOD - [2011.06.29 09:47:08 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Services\f31f1579160d87470cba918f06276e0d\ System.Web.Services.ni.dll
MOD - [2011.06.29 09:46:52 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.We b.ni.dll
MOD - [2011.06.29 09:46:44 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Transactions\7c430c38d71d632c019ae37d5ef12c8e\ System.Transactions.ni.dll
MOD - [2011.06.29 09:46:33 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuratio#\fa21b6c9badcf916bb254b4b823c2463 \System.Configuration.Install.ni.dll
MOD - [2011.06.29 09:46:30 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\94aae9e592c0f104120572f9925fca12 \System.EnterpriseServices.ni.dll
MOD - [2011.06.29 09:45:22 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\48f8b951a598647dd309ca2031807a5d \System.Configuration.ni.dll
MOD - [2011.06.29 09:45:16 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMD iagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiag nostics.ni.dll
MOD - [2011.06.29 09:45:08 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\ System.ServiceModel.ni.dll
MOD - [2011.06.29 09:44:46 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Seri#\c889a45c82004537f1620dd3b211af66 \System.Runtime.Serialization.ni.dll
MOD - [2011.06.29 09:44:41 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.IdentityModel\a8039af85f459c19c041313f9fe0d7e8 \System.IdentityModel.ni.dll
MOD - [2011.06.29 06:45:13 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670 \WindowsFormsIntegration.ni.dll
MOD - [2011.06.29 06:45:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xm l.ni.dll
MOD - [2011.06.29 06:45:02 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f \System.Windows.Forms.ni.dll
MOD - [2011.06.29 06:44:49 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\a59b17e6040e3f6286a2227dfdb17096\Syste m.Drawing.ni.dll
MOD - [2011.06.29 06:44:33 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\05d99241bd45cbd96a6053841790a4a2\System.D ata.ni.dll
MOD - [2011.06.29 06:44:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.C ore.ni.dll
MOD - [2011.06.29 06:44:13 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\6cf82f370413a2cd1e6bc54060334753 \PresentationFramework.Luna.ni.dll
MOD - [2011.06.29 06:44:09 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\999df2b262da53356dda514512bb7bb8 \PresentationFramework.ni.dll
MOD - [2011.06.29 06:43:43 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\caafa254739e326b0cf55eed815b4333\Pre sentationCore.ni.dll
MOD - [2011.06.29 06:43:30 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Win dowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsB ase.ni.dll
MOD - [2011.06.29 06:43:15 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011.06.29 06:42:41 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni .dll
MOD - [2011.06.29 04:46:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2011.06.29 04:45:51 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010.12.21 22:17:46 | 000,027,456 | ---- | M] () -- C:\WINDOWS\system32\solidlocalmon.dll
MOD - [2010.10.13 12:41:00 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2010.08.04 11:20:04 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- K:\Tehnikalije\CDBurnerXP\NMSAccessU.exe
MOD - [2008.04.14 14:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008.04.14 14:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.04.19 09:39:08 | 000,436,992 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\FPXLIB.DLL
MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
MOD - [2007.04.19 09:29:42 | 000,273,216 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\magengin.dll
MOD - [2007.04.19 09:29:38 | 000,187,136 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\kgl.dll

LKockica
29.04.2012., 18:22
========== Win32 Services (SafeList) ==========

SRV - [2012.04.27 17:10:31 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.27 15:03:46 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.09.16 18:18:37 | 000,177,784 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\WINDOWS\Installer\MSI246.tmp -- (SCPDFReadSpool)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- K:\Tehnikalije\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.04.30 21:11:07 | 000,165,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atjsgt.sys -- (atjsgt)
DRV - [2011.04.30 21:11:06 | 000,016,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\linsgt.sys -- (linsgt)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.10.05 14:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010.10.05 14:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010.10.05 14:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010.08.01 12:20:41 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.07.07 04:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.05.17 14:04:06 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.26 04:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.26 04:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.10.05 14:20:26 | 000,031,872 | R--- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.12.08 17:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008.12.08 17:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.12.08 17:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.04.11 03:04:40 | 004,397,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.12.15 00:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.05.17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2001.08.17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

LKockica
29.04.2012., 18:23
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.23 15:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 11:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 14:22:38 | 000,000,000 | ---D | M]

[2012.04.28 20:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Extensions
[2012.04.29 16:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions
[2011.04.11 15:33:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.17 17:04:18 | 000,002,400 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\sea rchplugins\askcom.xml
[2012.04.28 20:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.02.21 21:40:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.21 21:33:49 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2012.03.23 15:20:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.04.27 15:07:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.04.27 17:10:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.27 15:07:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.04.27 17:10:25 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.03.02 00:37:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.27 17:10:25 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.03.02 00:37:41 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2012.03.02 00:37:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.03.02 00:37:41 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

LKockica
29.04.2012., 18:23
========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf. dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcsw f32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Iminent (Enabled) = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlag emhgjl\4.43.0_0\npIminent.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: Vizzed Retro Game Room Plugin (Enabled) = C:\Program Files\Vizzed Retro Game Room\NpVizzedRgr.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\7.0.1426_0\
CHR - Extension: Iminent = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlag emhgjl\4.43.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

LKockica
29.04.2012., 18:24
O1 HOSTS File: ([2012.04.29 11:21:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer. dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ClocX] D:\ClocX\ClocX.exe (BonSoft)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Steam] K:\Igrice\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Sticky-Notes] K:\Tehnikalije\stickynotes.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Spika\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Spika\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Spika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Spika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1B5FEF03-2E7A-46BF-BD77-F318660E1CEC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1B5FEF03-2E7A-46BF-BD77-F318660E1CEC}: NameServer = 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Spika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.30 19:09:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.09.21 10:45:09 | 000,000,000 | R--D | M] - K:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\L:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

LKockica
29.04.2012., 18:24
========== Files/Folders - Created Within 30 Days ==========

[2012.04.29 11:38:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.04.29 11:10:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.04.29 11:08:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.04.29 11:08:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.04.29 11:08:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.04.29 11:08:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.04.29 11:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.04.29 11:08:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.29 10:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\novo za stavit 2
[2012.04.29 10:54:33 | 004,478,552 | R--- | C] (Swearware) -- C:\Documents and Settings\Spika\Desktop\ComboFix.exe
[2012.04.28 20:54:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.28 12:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\Socijalna pedagogija
[2012.04.28 00:26:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Spika\Desktop\OTL.exe
[2012.04.27 23:12:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Spika\UserData
[2012.04.27 22:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012.04.27 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.04.27 22:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012.04.27 17:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.04.27 17:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.27 15:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.27 15:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.27 14:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\sliken
[2012.04.26 11:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\novo za stavit
[2012.04.23 11:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\novo cool
[2012.04.20 02:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\dioklecijan
[2012.04.17 03:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WALKMAN Guide
[2012.04.17 02:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Local Settings\Application Data\Downloaded Installations
[2012.04.17 02:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012.04.17 02:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.04.17 02:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012.04.17 02:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012.04.16 18:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Movie Player Pro ActiveX Control
[2012.04.13 10:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\Gorki splav
[2012.04.04 00:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Start Menu\Programs\ClocX
[2012.03.31 10:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Local Settings\Application Data\PCHealth
[2012.03.30 23:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\High-Logic FontCreator
[2012.03.30 23:15:17 | 001,078,504 | ---- | C] (High-Logic B.V.) -- C:\WINDOWS\System32\FontInstaller2.dll
[2012.03.30 23:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\My Documents\FontCreator
[2012.03.30 23:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\High-Logic FontCreator
[2012.03.30 23:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Application Data\FontCreator

LKockica
29.04.2012., 18:25
========== Files - Modified Within 30 Days ==========

[2012.04.29 18:02:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.29 17:29:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.04.29 16:51:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012.04.29 16:49:44 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.29 16:49:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.29 11:21:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.04.29 11:10:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.04.29 10:55:01 | 004,478,552 | R--- | M] (Swearware) -- C:\Documents and Settings\Spika\Desktop\ComboFix.exe
[2012.04.28 00:27:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spika\Desktop\OTL.exe
[2012.04.27 12:56:12 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012.04.27 12:39:52 | 000,351,608 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\DSC06831.JPG
[2012.04.26 22:45:18 | 000,020,663 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\heman13.jpg
[2012.04.26 22:34:52 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Spika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.24 23:39:19 | 000,872,346 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\Living.psd
[2012.04.24 23:34:14 | 000,360,549 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\Living.jpg
[2012.04.24 10:56:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.23 23:15:16 | 000,287,528 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\DA MAN.gif
[2012.04.23 00:05:30 | 000,265,125 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\IMG255.jpg
[2012.04.21 00:57:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpD r_01_00_00.Wdf
[2012.04.19 01:52:31 | 000,052,326 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\paper13.jpg
[2012.04.17 03:16:18 | 005,751,633 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\Game of Thrones - Main Theme (Official Soundtrack Version).mp3
[2012.04.17 03:00:32 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Microsoft\Internet Explorer\Quick Launch\NWZ-B160 WALKMAN Guide.lnk
[2012.04.17 02:52:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.04.17 02:51:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.04.17 02:51:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2012.04.14 18:57:09 | 000,075,274 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\teske boje.jpg
[2012.04.09 22:41:04 | 000,054,680 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\vegeta.jpg
[2012.04.09 20:19:35 | 000,038,306 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\120 km-h.jpg
[2012.04.06 13:34:46 | 000,786,281 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\dccomicscharacterimage.jpg
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.30 23:15:39 | 000,000,149 | ---- | M] () -- C:\WINDOWS\fcp5.cfg

LKockica
29.04.2012., 18:26
========== Files Created - No Company Name ==========

[2012.04.29 11:10:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.04.29 11:10:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.04.29 11:08:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.04.29 11:08:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.04.29 11:08:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.04.29 11:08:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.04.29 11:08:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.04.27 12:39:12 | 000,351,608 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\DSC06831.JPG
[2012.04.26 22:45:17 | 000,020,663 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\heman13.jpg
[2012.04.24 23:39:19 | 000,872,346 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\Living.psd
[2012.04.24 23:34:13 | 000,360,549 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\Living.jpg
[2012.04.23 23:15:15 | 000,287,528 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\DA MAN.gif
[2012.04.23 00:05:29 | 000,265,125 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\IMG255.jpg
[2012.04.21 00:57:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpD r_01_00_00.Wdf
[2012.04.19 01:52:29 | 000,052,326 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\paper13.jpg
[2012.04.17 03:15:53 | 005,751,633 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\Game of Thrones - Main Theme (Official Soundtrack Version).mp3
[2012.04.17 03:00:32 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\Spika\Application Data\Microsoft\Internet Explorer\Quick Launch\NWZ-B160 WALKMAN Guide.lnk
[2012.04.17 02:51:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2012.04.14 18:57:08 | 000,075,274 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\teske boje.jpg
[2012.04.09 22:41:04 | 000,054,680 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\vegeta.jpg
[2012.04.09 20:19:30 | 000,038,306 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\120 km-h.jpg
[2012.04.06 13:34:45 | 000,786,281 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\dccomicscharacterimage.jpg
[2012.03.31 00:46:24 | 000,309,358 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012.03.30 23:15:39 | 000,000,149 | ---- | C] () -- C:\WINDOWS\fcp5.cfg
[2012.03.29 20:20:28 | 000,003,883 | ---- | C] () -- C:\Documents and Settings\Spika\Local Settings\Application Data\recently-used.xbel
[2012.01.24 19:48:48 | 000,000,533 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011.12.29 12:34:43 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.12.29 12:34:43 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011.12.29 12:34:42 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.12.29 12:34:42 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.12.11 23:21:42 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.10.02 13:57:23 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2011.09.16 18:21:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2011.09.16 18:18:40 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2011.09.16 18:18:40 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2011.05.08 19:54:16 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Spika\Local Settings\Application Data\YS.SAV
[2011.04.30 21:11:07 | 000,165,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atjsgt.sys
[2011.04.30 21:11:06 | 000,016,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\linsgt.sys
[2011.04.27 23:29:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011.04.27 23:29:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011.01.19 14:29:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.01.19 14:28:43 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.01.19 14:28:43 | 000,205,156 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.01.19 14:28:43 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.12.15 04:01:58 | 000,498,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.12.08 15:51:12 | 000,000,174 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.10.24 19:03:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.10.04 22:17:37 | 000,020,886 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2010.09.27 02:50:25 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2010.09.13 10:40:27 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.09.12 19:39:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.09.02 15:45:26 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.09.02 15:45:26 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2560C7FE6D.sys
[2010.08.31 19:35:00 | 000,073,832 | R--- | C] () -- C:\WINDOWS\System32\SuperFrameSplitter.dll
[2010.08.31 19:35:00 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\RTKDABMWare.dll
[2010.08.31 11:01:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.08.02 00:01:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.08.01 23:54:47 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.08.01 13:27:10 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.08.01 13:27:08 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.08.01 13:27:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.08.01 13:26:48 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.08.01 13:25:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.08.01 13:14:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\igfxtvcx.dll
[2010.08.01 13:01:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.08.01 12:20:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.30 21:00:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.07.30 20:57:37 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.30 20:10:50 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Spika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.30 20:10:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.30 19:11:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.07.30 19:06:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

LKockica
29.04.2012., 18:27
========== LOP Check ==========

[2012.01.29 05:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011.06.27 21:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011.12.11 23:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011.05.08 13:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011.05.08 14:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2011.05.08 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012.01.17 23:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2011.12.17 01:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2012.02.21 21:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iminent
[2011.04.11 13:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lKd31001mKeLp31001
[2011.08.12 22:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011.09.16 18:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2010.10.13 14:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011.12.17 02:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\.minecraft
[2010.12.08 15:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Activision
[2012.01.10 12:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Ambient Design
[2011.06.16 00:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Autodesk
[2011.04.29 00:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Big Fish Games
[2011.06.23 03:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\bsbandmltbpi
[2011.12.11 23:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Canneverbe Limited
[2012.04.16 23:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Canon
[2011.07.19 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\DisneyInteractiveStudios
[2012.04.29 16:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Dropbox
[2011.12.01 06:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\DVDVideoSoft
[2011.06.23 03:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\DVDVideoSoftIEHelpers
[2012.03.25 15:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\eTeks
[2012.03.30 23:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\FontCreator
[2011.12.11 23:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\GetRightToGo
[2011.07.26 23:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Hothead Games
[2011.12.17 01:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\id Software
[2012.02.21 21:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Iminent
[2011.12.11 23:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\OpenCandy
[2012.04.27 23:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\SolidDocuments
[2011.12.29 14:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Sony Online Entertainment
[2012.03.25 14:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Thinstall
[2012.04.29 18:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\uTorrent
[2010.10.13 14:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\Vodafone
[2010.11.24 18:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spika\Application Data\WB Games

========== Purity Check ==========



< End of report >

dobrota
29.04.2012., 18:32
vjerojatno nisi ovo vidila
http://www.forum.hr/showpost.php?p=39203528&postcount=95

LKockica
29.04.2012., 18:48
Ucinila sve po naputku, Malwarebytes u quick scanu nije nasao nista,
cini da mi se da brze, nego danas popodne, otvara stranicu koju nekidan nije uopce 24 sata zelio otvorit.

Jedno divovskoooooo
HVALAAA:lux:
na živcima i trudu!

MalaAra1
30.04.2012., 13:51
skinem otl.exe i kad ga hocu otvoriti izbaci application error
"The exception unknown software exception (0x0eedfade) occured in the app at location 0x7c812afb."
"Exception EReadError in module OTL.exe at 00016A6B. Error reading DiskPartitonInfo1.Active: ."

dobrota
30.04.2012., 14:41
skinem otl.exe i kad ga hocu otvoriti izbaci application error
"The exception unknown software exception (0x0eedfade) occured in the app at location 0x7c812afb."
"Exception EReadError in module OTL.exe at 00016A6B. Error reading DiskPartitonInfo1.Active: ."

probaj jedan od ova dva preimenovana

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

a ako se ne pokrenu ni ova dva

skini DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr) i spremi na destkop

pokreni program , kad program završi s scanom izbacit će dva loga

-DDS.txt
-Attach.txt

ta dva loga uploadaj na pastebin

MalaAra1
30.04.2012., 15:26
http://pastebin.com/Pf7Q3pPJ
http://pastebin.com/64bjNC9E

dobrota
30.04.2012., 15:48
http://pastebin.com/Pf7Q3pPJ
http://pastebin.com/64bjNC9E

1,skini TDSSkiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) i spremi na desktop
-pokreni program >klik na change parameters i označi sve
http://www.zaslike.com/files/x68ipas4filhlpxaw8p.png (http://www.zaslike.com/)
-klik na start scan, ako program zatraži restart dozvoli
-log se obično nalazi u c:/ i izgleda otprilike ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

ništa nemoj na svoju ruku označavati za delete/cure, sve ostavi po defoultu (skip)
ako program pronađe rootkit, on će ga i označiti za cure/delete, u tom slučaju možeš potvditi restart

2.skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-ne diraj ništa dok traje scan
-kad scan zav5rši, izbacit e log kojeg ćeš kopirati na pastebin

MalaAra1
30.04.2012., 17:05
combofix nije izbacio log, samo se restartao kompjuter kad je zavrsio

dobrota
30.04.2012., 17:15
combofix nije izbacio log, samo se restartao kompjuter kad je zavrsio

pogledaj u c:/combofix.txt

jesi li dobio tdsskiller log ?

ako ne ponađeš combofix log, uradi ovako

1.skini roguekiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe)i spremi na desktop
-pokreni program, sačekaj dok ne završi, log koji odbiješ kopiraj

2.skini Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe) i spremi ga u c:/
pokreni program klikom na scan
FRST.txt kopiraj

MalaAra1
30.04.2012., 17:35
ttds
http://pastebin.com/DEn0mx6Y

roque
http://pastebin.com/7sbPZ2Pw

farbar
http://pastebin.com/auYJ485e

dobrota
30.04.2012., 18:07
ttds
http://pastebin.com/DEn0mx6Y

roque
http://pastebin.com/7sbPZ2Pw

farbar
http://pastebin.com/auYJ485e

nemam uvid u drivere/services

ponovo pokreni roguekiller i ovo označi za delete

[] HKLM\[...]\Windows : () -> ACCESS DENIED
[] HKLM\[...]\Windows : () -> ACCESS DENIED

a ako nisi sam isključio security center označi ovo i fix
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

skini aswMBR (http://public.avast.com/~gmerek/aswMBR.htm)i spremi na desktop
pokreni program klikom na scan
kad završi scan klik na save log
log kopiraj

izbriši combofix.exe s desktopa, skini novi i spremi na desktop

start /run/ u run polje kopiraj ovo i potvrdi
"%userprofile%\desktop\ComboFix.exe" /KillAll /nombr

rootkit je definitivno, ako ne dobijem combofix log, morat ćemo upotrijebiti drugu taktiku

imaš li dva računala i prazan cd ?

MalaAra1
30.04.2012., 19:57
ja sam iskljucila update

aswmbr
http://pastebin.com/ybQEPxnF

i dok je to skeniralo avira je dva puta javila za crypt.xpack.gen, ja sam kliknula remove

combofix
http://pastebin.com/urW6ELcf

imam dva kompjutera, imam usb stick, a ako bas treba cd mogu ga sutra kupiti, nemam ih doma vise

dobrota
01.05.2012., 06:50
ja sam iskljucila update

aswmbr
http://pastebin.com/ybQEPxnF

i dok je to skeniralo avira je dva puta javila za crypt.xpack.gen, ja sam kliknula remove

combofix
http://pastebin.com/urW6ELcf

imam dva kompjutera, imam usb stick, a ako bas treba cd mogu ga sutra kupiti, nemam ih doma vise

mislim da nam više neće trebati cd :)

otvori notepad i ovo kopiraj u notepad
KillAll::

File::
c:\documents and settings\Antonio\Desktop\aircrack\bin\wzcook.exe
C:\Windows\wiadebug.log
C:\Windows\wiaservc.log
C:\Windows\Sti_Trace.log

Driver::
WZCOOK

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1ex62WaDTY1&search=


RegNull::
[HKEY_USERS\S-1-5-21-1801674531-1547161642-2147098553-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{35C27F22-BCD2-3378-3DF2-683964D111C4}*]


DDS::
uInternet Settings,ProxyOverride = *.local



ClearJavaCache::

zatvori notepad i spremi kao CFScript na desktop

-isključi antivirs
-skriptu s mišem uvuci u combofix.exe
-log koji dobiješ kopiraj

http://www.zaslike.com/files/i8h4jdzae8ew5ofd19k.gif (http://www.zaslike.com/)

i dok je to skeniralo avira je dva puta javila za crypt.xpack.gen, ja sam kliknula remove

pogledaj u avira logove i kopiraj/prepiši što je avira obrisala

MalaAra1
01.05.2012., 12:17
avira
http://pastebin.com/CFNZWMD2
http://pastebin.com/kJp6vcfN

combofix
http://pastebin.com/0qyHd7qt

dobrota
01.05.2012., 12:26
avira
http://pastebin.com/CFNZWMD2
http://pastebin.com/kJp6vcfN

combofix
http://pastebin.com/0qyHd7qt

e sad je već puno bolje...

jesi li imala nekad na računalu :AhnLab HackShield ?
EagleXNt;EagleXNt;c:\windows\system32\drivers\Eagl eXNt.sys
dok pregledam combofix log uradi ovako

izbriši kopiju oTL-a, skini novu i spremi na desktop
u prazno polje ćeš kopirai ovo
netsvcs
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
/md5start
afd.sys
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
"%WinDir%\$NtUninstallKB*$." /30
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /s
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost /s

klik na quck scan

MalaAra1
01.05.2012., 12:41
koliko znam, nisam to imala

nije htjelo ni prije pokrenuti otl, a nece ni sad, isti error javlja

dobrota
01.05.2012., 12:49
koliko znam, nisam to imala

nije htjelo ni prije pokrenuti otl, a nece ni sad, isti error javlja

probaj iz safe mode

MalaAra1
01.05.2012., 13:07
nece ni iz safe mode

dobrota
01.05.2012., 14:18
nece ni iz safe mode

dobro, nije ni važno toliko

izbriši combofix.exe (povuci ga s mišem u smeće) , skini novi i spremi na desktop

-otvori notepad i ovo kopiraj u notepad
Driver::
EagleXNt
sptd

File::
c:\windows\system32\drivers\EagleXNt.sys
C:\WINDOWS\system32\Drivers\sptd.sys

DDS::
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1ex62WaDTY1&search=


zatvori notepad i spremi kao CFScript na desktop
-isključi antivirus
-skriptu s mišem uvuci u combofix.exe
-log kopiraj

2.Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)

-skini ovaj program i spremi na desktop
-označi sve i klik na scan
-log kopiraj FSS.txt

s farbarom ćemo provjeriti systemske driverre, već kad OTL radi grešku

kako sad računalo radi ?

MalaAra1
01.05.2012., 16:53
combofix
http://pastebin.com/xkJbVJGy

fss
http://pastebin.com/Ji5gzU11

dobro radi racunalo, to je sad sredeno ili?

dobrota
02.05.2012., 12:25
combofix
http://pastebin.com/xkJbVJGy

fss
http://pastebin.com/Ji5gzU11

dobro radi racunalo, to je sad sredeno ili?

da, sad je sve u redu

možeš izbrisati combofix i ostale alate koje smo koristili

combofix
start /run / u run polje kopiraj ovo i potvrdi
combofix /uninstall

ostale alate samo povuci s mišem u smeće

još ćeš uraditi ovo

how to reset Firefox to default settings (http://browserland.com/featured/restore-firefox-default-settings-without-uninstalling-it/)

resetirat ćeš firefox na zadane postavke, na ovom linku je slikovito pojašnjeno kako

Kaspersky Virus Removal Tool 2011 (http://support.kaspersky.com/viruses/avptool2011?level=2)

odradi još scan s kasperskim za slučaj da je inficirana java..mislim da će sve ostalo biti ok
-program spremi na desktop i označi sve >klik na scan
-report ćeš ovako kopirati (za slučaj da nešto pronađe)
http://www.zaslike.com/files/1byh36unwjq2fkzdeomi.gif (http://www.zaslike.com/)

http://www.zaslike.com/files/icn6dtmrqoe3t5ww0gjj.gif (http://www.zaslike.com/)

unseen
02.05.2012., 21:44
dobrota,

iman osjecaj da mi se komp dosta sporije dize, jednon se cak nije tia pokrenit nakon prvog toshibinog welcome screena ima dan, dva...

mogu li mi otl logovi ikako pomoc? hvala :)

MalaAra1
02.05.2012., 21:55
kaspersky nije nista nasao

hvala puno :)

dobrota
03.05.2012., 10:42
kaspersky nije nista nasao

hvala puno :)

kasperski se briše tako da ga ugasiš> klik na crveni "X"

bilo bi dobro da defragmentiraš diskove i da s ccleanerom počistiš računalo (pokreni registry i čistač)

dobrota
03.05.2012., 10:44
dobrota,

iman osjecaj da mi se komp dosta sporije dize, jednon se cak nije tia pokrenit nakon prvog toshibinog welcome screena ima dan, dva...

mogu li mi otl logovi ikako pomoc? hvala :)

odradi OTL scan pa ćemo pogledati
ovo ćeš kopirati u prazno polje

netsvcs
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
/md5start
afd.sys
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
"%WinDir%\$NtUninstallKB*$." /30
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /s
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost /s

unseen
03.05.2012., 20:00
odradi OTL scan pa ćemo pogledati
ovo ćeš kopirati u prazno polje

netsvcs
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
/md5start
afd.sys
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
"%WinDir%\$NtUninstallKB*$." /30
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /s
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost /s

Izbacija mi je samo OTL.txt: (nema onog drugog)

http://pastebin.com/fkzgMviM

dobrota
04.05.2012., 13:01
Izbacija mi je samo OTL.txt: (nema onog drugog)

http://pastebin.com/fkzgMviM

otvori OTL i ovo kopiraj u prazno polje
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O33 - MountPoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}\Shell\AutoRun\command - "" = browser.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]

-klik na run fix
-log kopiraj

2. skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofixi na sve što traži odgovori potvrdno
-log kopiraj

Gustavo
04.05.2012., 13:19
Meni je nešto računalo usporilo pa sam pokrenuo combofix, evo log:

http://pastebin.com/E29eXwCZ

Jel treba što dalje?

dobrota
04.05.2012., 14:35
Meni je nešto računalo usporilo pa sam pokrenuo combofix, evo log:

http://pastebin.com/E29eXwCZ

Jel treba što dalje?

1.skini tdsskiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) i spremi na desktop
pokreni program klikom na start scan
-ako program zatraži restart, dozvoli
-log se nalazi u c: i izgleda otp. ovako
C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

2.otvori OTL i ovo kopiraj u prazno polje
netsvcs
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
/md5start
afd.sys
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
"%WinDir%\$NtUninstallKB*$." /30
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /s
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost /s

klik na RUN SCAN
-logove kopiraj

Gustavo
04.05.2012., 17:30
http://pastebin.com/Qk6SLUxL

http://pastebin.com/zKbLDc6z

http://pastebin.com/yW5zjGG1

dobrota
04.05.2012., 19:27
http://pastebin.com/Qk6SLUxL

http://pastebin.com/zKbLDc6z

http://pastebin.com/yW5zjGG1

najprije izbriši atapi.sys koji se nalazi u c:/

C:\atapi.sys

otvori OTL i ovo kopiraj u prazno polje
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb139?a=6OyzExtebd&i=26
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.funmoods.com/?a=nv1&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}: "URL" = ${SRCH_SCP_URL}
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
[2012.04.22 17:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zlatko\Local Settings\Application Data\Babylon
[2012.04.22 17:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zlatko\Application Data\Babylon
[2012.04.22 17:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012.04.21 18:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks


:files
C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys /e
C:\WINDOWS\system32\drivers\atapi.sys|C:\atapi.sys /replace

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]

klik na RUN FIX

log koji dobiješ kopiraj

2.ponovo pokreni OTL i ovo kopiraj u prazno polje

/md5start
atapi.sys
/md5stop

klik na NONE
klik na strat scan

scan će biti vrlo brzo gotov, treba nam da se uvjerimo da je atapi uspješno zamjenjen

Gustavo
04.05.2012., 21:37
2.ponovo pokreni OTL i ovo kopiraj u prazno polje

/md5start
atapi.sys
/md5stop

klik na NONE
klik na strat scan

scan će biti vrlo brzo gotov, treba nam da se uvjerimo da je atapi uspješno zamjenjen

Klik na run scan, nemam opciju strat scan?

Gustavo
04.05.2012., 21:45
http://pastebin.com/tWpYm5i7

http://pastebin.com/0XRC1thh

Čemu služi taj atapi već drugi put me zeza?

unseen
05.05.2012., 08:50
otvori OTL i ovo kopiraj u prazno polje
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O33 - MountPoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}\Shell\AutoRun\command - "" = browser.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]

-klik na run fix
-log kopiraj

2. skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofixi na sve što traži odgovori potvrdno
-log kopiraj

1.
http://pastebin.com/WjFWWKa6

2.
http://pastebin.com/7RRePBu1

jel mi sta naslo u prvim i ovim drugim logovima? inace ne koristin nikakav antivirus ovo ono, jedino adblock plus na mozilli. ako ti je neki program sumnjiv reci jer ih ima par koji nisu bas poznati

hvala :)

dobrota
05.05.2012., 12:36
http://pastebin.com/tWpYm5i7

http://pastebin.com/0XRC1thh

Čemu služi taj atapi već drugi put me zeza?

C:\WINDOWS\system32\drivers\atapi.sys
uploadaj ovaj file na jottis malware scan (http://virusscan.jotti.org/en)
-rezultat kopiraj

pogledaj gore par postova u vezi Kaspersky Virus Removal Tool 2011
-report kopiraj

dobrota
05.05.2012., 12:39
1.
http://pastebin.com/WjFWWKa6

2.
http://pastebin.com/7RRePBu1

jel mi sta naslo u prvim i ovim drugim logovima? inace ne koristin nikakav antivirus ovo ono, jedino adblock plus na mozilli. ako ti je neki program sumnjiv reci jer ih ima par koji nisu bas poznati

hvala :)

skini malwarebytes (http://www.malwarebytes.org/), instaliraj program >klik na full scan
-log kopiraj

unseen
05.05.2012., 13:41
skini malwarebytes (http://www.malwarebytes.org/), instaliraj program >klik na full scan
-log kopiraj

evo:

http://pastebin.com/EaNMR7vG

naša je neki .bmp fajl od windowsa? nisan ga iša uklonit nego sam samo spremija log

jel mogu nakon svega ovoga uninstall malwerbytes otl i combofix?

dobrota
05.05.2012., 13:51
evo:

http://pastebin.com/EaNMR7vG

naša je neki .bmp fajl od windowsa? nisan ga iša uklonit nego sam samo spremija log

jel mogu nakon svega ovoga uninstall malwerbytes otl i combofix?

možeš ovo izbrisat što je pronađeno

kako sd radi računalo ?

možeš izbrisati OTL i combofix

otvori OTL i klik na clean up

unseen
05.05.2012., 15:18
možeš ovo izbrisat što je pronađeno

kako sd radi računalo ?

možeš izbrisati OTL i combofix

otvori OTL i klik na clean up

ok, uninstall sam malverbajts

onda sam run: combofix /uninstall

i na kraju otl - clean up.

jedino sta mi je osta na C:\Boot.bak kreiran jutros, mogu i njega izbrisat?

p.s. komp radi savrseno, hvala puno!

dobrota
05.05.2012., 15:27
ne diraj boot.bak

važno je da sve radi :)

Gustavo
05.05.2012., 20:30
C:\WINDOWS\system32\drivers\atapi.sys
uploadaj ovaj file na jottis malware scan (http://virusscan.jotti.org/en)
-rezultat kopiraj

pogledaj gore par postova u vezi Kaspersky Virus Removal Tool 2011
-report kopiraj

Piše da ne može pronaći atapi iako se nalazi u system 32-drivers ?

UltraHardcore
05.05.2012., 21:32
bok dobrota...standardno si malo čistim komp, avast i malwarebytes su obavili svoje i riješili kaj su našli (od malwarebytes imam log ja mislim pa ak bu ti trebao ti ga dam)...spybot search and destroy je isto obavio svoj posao, pa sam na kraju napravio scan na OTL-u i dobio sam samo OTL.txt...nije mi jasno zašto ponekad izbaci Extras.txt a ponekad ne...
ovo ti je log
http://pastebin.com/27Hcae9D
bio sam gledao cijeli log i nisam na ništa sumnjivo naišao samo ne znam kaj je ovo:
C:\Windows\SysNative\2C0A
i sve ostalo kaj spada pod folder SysNative jer kolko me pamćenje služi prije nego kaj sam prošli tjedan nanovo instalirao sedmicu nije mi bilo toga foldera, možda se varam jer kao što kažem ako me pamćenje služi :)

i još jedno pitanje zašto mi se na desktopu uporno stvaraju fajlovi s nastavkom .ini
mislim znam da ih smijem brisati al ne znam zašto se stalno stvaraju

dobrota
06.05.2012., 08:03
Piše da ne može pronaći atapi iako se nalazi u system 32-drivers ?

1.skini aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) i spremi na desktop
pokreni program klikom na scan
kad scan završi klik na save log
log kopiraj

2.skini MBRcheck (http://majorgeeks.com/MBRCheck_d7076.html) i spremi na desktop
pokreni program i log koji izbaci kopiraj


jesi li odradio scan s ksperskim ?

dobrota
06.05.2012., 08:24
bok dobrota...standardno si malo čistim komp, avast i malwarebytes su obavili svoje i riješili kaj su našli (od malwarebytes imam log ja mislim pa ak bu ti trebao ti ga dam)...spybot search and destroy je isto obavio svoj posao, pa sam na kraju napravio scan na OTL-u i dobio sam samo OTL.txt...nije mi jasno zašto ponekad izbaci Extras.txt a ponekad ne...
ovo ti je log
http://pastebin.com/27Hcae9D
bio sam gledao cijeli log i nisam na ništa sumnjivo naišao samo ne znam kaj je ovo:
C:\Windows\SysNative\2C0A
i sve ostalo kaj spada pod folder SysNative jer kolko me pamćenje služi prije nego kaj sam prošli tjedan nanovo instalirao sedmicu nije mi bilo toga foldera, možda se varam jer kao što kažem ako me pamćenje služi :)

i još jedno pitanje zašto mi se na desktopu uporno stvaraju fajlovi s nastavkom .ini
mislim znam da ih smijem brisati al ne znam zašto se stalno stvaraju

možeš li kopirati i MBAM log

koliko iz logova vidim, .ini filovi koji ti se uporno stavraju se nalaze u c:/
C:\Windows\Dext_12.ini

povezano je kamerom

otvori OTL i ovo kopiraj u prazno polje
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 52 65 01 40 25 CD 01 [binary data]
O32 - AutoRun File - [2000.09.20 22:55:56 | 000,827,392 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000.07.06 22:04:48 | 000,000,135 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008.12.30 12:40:44 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.02.28 19:57:34 | 007,214,352 | R--- | M] (Ubisoft) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.03.02 10:25:04 | 000,401,444 | R--- | M] (RAD Game Tools, Inc.) - G:\Autorun.dll -- [ UDF ]
O33 - MountPoints2\{09ac5933-9535-11e1-b3da-d0df9a451206}\Shell - "" = AutoRun
O33 - MountPoints2\{09ac5933-9535-11e1-b3da-d0df9a451206}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2009.02.28 19:57:34 | 007,214,352 | R--- | M] (Ubisoft)
O33 - MountPoints2\{79551ace-90cf-11e1-98d9-b916d6607571}\Shell - "" = AutoRun
O33 - MountPoints2\{79551ace-90cf-11e1-98d9-b916d6607571}\Shell\AutoRun\command - "" = G:\Password.exe
O33 - MountPoints2\{af41207d-90ca-11e1-a8f6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af41207d-90ca-11e1-a8f6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2000.09.20 22:55:56 | 000,827,392 | R--- | M] ()
O33 - MountPoints2\{af41207d-90ca-11e1-a8f6-806e6f6e6963}\Shell\readit\command - "" = notepad readme.doc
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:files
dir /s /a "C:\Windows\SysNative\2C0A" /c
attrib -h /s /d C:\*.* /c

:Commands
[Reboot]

klik na RUN FIX
log kopiraj

Gustavo
06.05.2012., 09:45
1.skini aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) i spremi na desktop
pokreni program klikom na scan
kad scan završi klik na save log
log kopiraj

2.skini MBRcheck (http://majorgeeks.com/MBRCheck_d7076.html) i spremi na desktop
pokreni program i log koji izbaci kopiraj


jesi li odradio scan s ksperskim ?

Jesam, kaperski nije ništa našao, izgleda da je taj atapi zaražen.

dobrota
06.05.2012., 09:57
Jesam, kaperski nije ništa našao, izgleda da je taj atapi zaražen.

odradi ova dva scana da provjerimo MBR

Gustavo
06.05.2012., 10:21
http://pastebin.com/BkQRn4ap

http://pastebin.com/5Aar3TVX

dobrota
06.05.2012., 10:52
http://pastebin.com/BkQRn4ap

http://pastebin.com/5Aar3TVX

fixmbr (http://www.forum.hr/showpost.php?p=39162161&postcount=64)

pogledaj ovaj post za fixmbr, uradi kako piše, jedino ne trebaš pokrećati aswMBR

nakon toga

skini atapi.sys (http://speedy.sh/y37bx/atapi.rar) i spremi na desktop

otvori notepad i ovo kopiraj u notepad

Fcopy::
C:\Documents and Settings\Zlatko\Desktop\atapi.sys|C:\WINDOWS\syste m32\drivers\atapi.sys

Driver::
sptd

File::
C:\WINDOWS\System32\Drivers\sptd.sys
C:\atapi.sys

FileLook::
C:\WINDOWS\system32\drivers\atapi.sys

zatvori notepad i spremi kao CFScript na desktop
-isključi antivirus
-skriptu s mišem uvuci u combofix.exe
-log kopiraj

Gustavo
06.05.2012., 11:54
http://pastebin.com/ax6PNwcp

dobrota
06.05.2012., 12:16
http://pastebin.com/ax6PNwcp

jesi li sinoć instalira nešto tipa Andrea Audio Driver ili SoundMAX Audio System ?

c:\windows\SynCor.exe
provjer ovaj file na jottis malwarescan (http://virusscan.jotti.org/en)

uradi i ovo

start /run/ u run polje kopiraj ovo i potvrdi

cmd /c copy /y C:\WINDOWS\system32\drivers\atapi.sys C:\

nakon toga odi u C:/ i uploaduj atapi.sys na jottis malwarescan

javi pa da idemo dalje

Gustavo
06.05.2012., 12:22
jesi li sinoć instalira nešto tipa Andrea Audio Driver ili SoundMAX Audio System ?

c:\windows\SynCor.exe
provjer ovaj file na jottis malwarescan (http://virusscan.jotti.org/en)

uradi i ovo

start /run/ u run polje kopiraj ovo i potvrdi

cmd /c copy /y C:\WINDOWS\system32\drivers\atapi.sys C:\

nakon toga odi u C:/ i uploaduj atapi.sys na jottis malwarescan

javi pa da idemo dalje

SoundMAX Audio System sam instalirao jer nemam zvuka u kompu, ne znam jel combofix kriv za to ili nešto drugo, ukratko stari sound max audio system mi nije bio u funkciji, a neće ni novi?

Gustavo
06.05.2012., 12:28
Gotovo ovo gore, nije zaraženo nijedno.

dobrota
06.05.2012., 12:34
Gotovo ovo gore, nije zaraženo nijedno.

atapi.sys je ok ?

zvuka i dalje nemaš ?

start /run / u run polje kopiraj ovo i potvrdi

SFC /scannow

vjerojatno će te tražiti da ubaciš windows cd, ubaci ga i dovrši scaniranje windows filova

u combofix logu se javlja opet ista greška u vezi atapi.sys
--- c:\windows\system32\drivers\atapi.sys ---
Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 96512

Created time: 2008-04-14 12:00

Modified time: 2008-04-13 22:10

MD5: !HASH: COULD NOT OPEN FILE !!!!!

SHA1: !HASH: COULD NOT OPEN FILE !!!!!

jottis malwarescan kaže da je file čist....u tom slučaju postoji vjerojatnst da je koruptiran i to bi se trebalo ispraviti sa naredbom sfc /scannow

Gustavo
06.05.2012., 12:43
Da, ali ja sam skenirao ovaj atapi u C:, ne u system 32, drivers ?

dobrota
06.05.2012., 13:03
Da, ali ja sam skenirao ovaj atapi u C:, ne u system 32, drivers ?

iz system32 smo ga kopirali na c: s ovom naredbom
cmd /c copy /y C:\WINDOWS\system32\drivers\atapi.sys C:\

Gustavo
06.05.2012., 14:05
atapi.sys je ok ?

zvuka i dalje nemaš ?

start /run / u run polje kopiraj ovo i potvrdi

SFC /scannow

vjerojatno će te tražiti da ubaciš windows cd, ubaci ga i dovrši scaniranje windows filova

u combofix logu se javlja opet ista greška u vezi atapi.sys
--- c:\windows\system32\drivers\atapi.sys ---
Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 96512

Created time: 2008-04-14 12:00

Modified time: 2008-04-13 22:10

MD5: !HASH: COULD NOT OPEN FILE !!!!!

SHA1: !HASH: COULD NOT OPEN FILE !!!!!

jottis malwarescan kaže da je file čist....u tom slučaju postoji vjerojatnst da je koruptiran i to bi se trebalo ispraviti sa naredbom sfc /scannow

Ovo nije sve prošlo, javljalo mi neke poruke da umetnem cd iako je unutra bio cd s kojeg je instaliran windows xp, da napravim windows repair?

Gustavo
06.05.2012., 14:18
Ili format C, nema zvuka i sporo se podiže sistem?

dobrota
06.05.2012., 14:29
Ovo nije sve prošlo, javljalo mi neke poruke da umetnem cd iako je unutra bio cd s kojeg je instaliran windows xp, da napravim windows repair?

po meni bilo bi bolje da odradiš clean install..još jedan dokaz da su windowsi corrupt...vremenski je nešto duže od repaira, al je zato puno bolja opcija...naravno, možeš odraditi i repair :)

Gustavo
06.05.2012., 14:36
po meni bilo bi bolje da odradiš clean install..još jedan dokaz da su windowsi corrupt...vremenski je nešto duže od repaira, al je zato puno bolja opcija...naravno, možeš odraditi i repair :)

Repair nije pomogao, ponovno nema zvuka.

dobrota
06.05.2012., 14:39
formatiraj c: i kreni iznova :)..nema druge

Gustavo
06.05.2012., 14:56
formatiraj c: i kreni iznova :)..nema druge

Formatirao sam početkom ove godine :504:

UltraHardcore
06.05.2012., 15:37
možeš li kopirati i MBAM log

koliko iz logova vidim, .ini filovi koji ti se uporno stavraju se nalaze u c:/
C:\Windows\Dext_12.ini

povezano je kamerom

otvori OTL i ovo kopiraj u prazno polje
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 52 65 01 40 25 CD 01 [binary data]
O32 - AutoRun File - [2000.09.20 22:55:56 | 000,827,392 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000.07.06 22:04:48 | 000,000,135 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008.12.30 12:40:44 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.02.28 19:57:34 | 007,214,352 | R--- | M] (Ubisoft) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.03.02 10:25:04 | 000,401,444 | R--- | M] (RAD Game Tools, Inc.) - G:\Autorun.dll -- [ UDF ]
O33 - MountPoints2\{09ac5933-9535-11e1-b3da-d0df9a451206}\Shell - "" = AutoRun
O33 - MountPoints2\{09ac5933-9535-11e1-b3da-d0df9a451206}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2009.02.28 19:57:34 | 007,214,352 | R--- | M] (Ubisoft)
O33 - MountPoints2\{79551ace-90cf-11e1-98d9-b916d6607571}\Shell - "" = AutoRun
O33 - MountPoints2\{79551ace-90cf-11e1-98d9-b916d6607571}\Shell\AutoRun\command - "" = G:\Password.exe
O33 - MountPoints2\{af41207d-90ca-11e1-a8f6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af41207d-90ca-11e1-a8f6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [2000.09.20 22:55:56 | 000,827,392 | R--- | M] ()
O33 - MountPoints2\{af41207d-90ca-11e1-a8f6-806e6f6e6963}\Shell\readit\command - "" = notepad readme.doc
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:files
dir /s /a "C:\Windows\SysNative\2C0A" /c
attrib -h /s /d C:\*.* /c

:Commands
[Reboot]

klik na RUN FIX
log kopiraj

ok svi .ini su mi se zbrisali sa desktopa...log koji sam dobio nakon run fix-a je veliki 40 MB u notepadu onda si možeš misliti kolki je to log...log je jednostavno predugačak da bi ga stavio na pastebin jer svaki puta kada ga stavim mi javlja error i ne izvrši se upload...probat ću na nekoj drugoj stranici pa kad uspijem ti zakačim
a ovo je log od malwarebytesa
http://pastebin.com/wsBSHdNC

dobrota
06.05.2012., 16:07
koliko vidim problem ti je u igricama, proskeniraj računalo s Kaspersky Virus Removal Tool 2011 (http://support.kaspersky.com/viruses/avptool2011?level=2)

označi sve i klik na scan

UltraHardcore
06.05.2012., 16:49
koristim avast pa ne bi baš htio da mi se krši sa kasperskym

Gustavo
06.05.2012., 18:00
Koji besplatni antivirus da stavim nakon format C, Avira mi totalno zakazala?

dobrota
06.05.2012., 19:02
recimo, avast (http://www.avast.com/en-eu/index)

dobrota
06.05.2012., 19:03
koristim avast pa ne bi baš htio da mi se krši sa kasperskym

KVRT je za jednokratnu upotrebu, tako da se neće kositi s tvojim antivirusom :)

Gustavo
06.05.2012., 19:22
recimo, avast (http://www.avast.com/en-eu/index)

Slab mi komp za avast, stavio sam free verziju bit defendera, jel to bolje od avire?

dobrota
06.05.2012., 19:45
Slab mi komp za avast, stavio sam free verziju bit defendera, jel to bolje od avire?

ako sam dobro zapamtio imaš 767MB RAM

avast! Free Antivirus

Minimum Hardware Requirements
Pentium 3 Processor
128 MB RAM
200 MB of free hard disk space

Bitdefender Antivirus Free Edition

800 MHz or higher processor
256 MB of RAM Memory (512 MB recommended)
170 MB available hard disk space (200 recommended)

plus, bitdefender je samo scaner (nema realtime )

prema ovome, avast je bolje rješenje za tebe...bilo bi dobro i da instaliraš neki firewall, u kombinaciji s antivirusom dobit ćeš još jaču zaštitu

možeš se odlučiti za npr:

Outpost Security Suite FREE 7.1 (http://free.agnitum.com/) ili
Comodo Internet Security (http://www.comodo.com/home/internet-security/free-internet-security.php)

probaj, pa vidi što ti najbolje odgovara :)

outpost i comodo su all in one riješenja, imaju antivirus i firewall..pa ako bi se odlučio za jedan od ova dva drugi antivirus ti ne treba

UltraHardcore
06.05.2012., 22:18
KVRT je za jednokratnu upotrebu, tako da se neće kositi s tvojim antivirusom :)

prošao sam KVRT-om i nije nikakav threat javio :( šteta a baš sam se ponadao nekom novom MD5 hash-u :)

LKockica
07.05.2012., 00:46
Nakon onog ciscenja s OTL sad mi se javlja nova greska, ne znam jel to povezano. Recimo kad idem otvorit folder s nekim serijama ili filmovima iskoci prozorcic Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience i kompjuter mi se zblokira.

Gledam po netu, radila par stvari i nista nije upalilo. Jednom se skype ugasio sam od sebe prilikom blokade,pa sam ga po savjetu s neta reinstalirala i stavila novi, al nista.:ne zna:

Gustavo
07.05.2012., 10:12
ako sam dobro zapamtio imaš 767MB RAM

avast! Free Antivirus

Minimum Hardware Requirements
Pentium 3 Processor
128 MB RAM
200 MB of free hard disk space

Bitdefender Antivirus Free Edition

800 MHz or higher processor
256 MB of RAM Memory (512 MB recommended)
170 MB available hard disk space (200 recommended)

plus, bitdefender je samo scaner (nema realtime )

prema ovome, avast je bolje rješenje za tebe...bilo bi dobro i da instaliraš neki firewall, u kombinaciji s antivirusom dobit ćeš još jaču zaštitu

možeš se odlučiti za npr:

Outpost Security Suite FREE 7.1 (http://free.agnitum.com/) ili
Comodo Internet Security (http://www.comodo.com/home/internet-security/free-internet-security.php)

probaj, pa vidi što ti najbolje odgovara :)

outpost i comodo su all in one riješenja, imaju antivirus i firewall..pa ako bi se odlučio za jedan od ova dva drugi antivirus ti ne treba

Jel mi ne treba Avast ako sam stavio Outpost, sad imam oboje?

dobrota
07.05.2012., 11:29
Jel mi ne treba Avast ako sam stavio Outpost, sad imam oboje?

ne treba ti avast , outpost ima svoj antivirus

dobrota
07.05.2012., 11:32
Nakon onog ciscenja s OTL sad mi se javlja nova greska, ne znam jel to povezano. Recimo kad idem otvorit folder s nekim serijama ili filmovima iskoci prozorcic Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience i kompjuter mi se zblokira.

Gledam po netu, radila par stvari i nista nije upalilo. Jednom se skype ugasio sam od sebe prilikom blokade,pa sam ga po savjetu s neta reinstalirala i stavila novi, al nista.:ne zna:

ponovo poreni OTL i ovo kopiraj u prazno polje
netsvcs
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
/md5start
afd.sys
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
"%WinDir%\$NtUninstallKB*$." /30
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /s
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost /s

LKockica
07.05.2012., 11:47
jel pokrenem run fix ili scan?

dobrota
07.05.2012., 11:54
jel pokrenem run fix ili scan?

run scan

LKockica
07.05.2012., 12:23
OTL:

OTL logfile created on: 7.5.2012 12:54:41 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Spika\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,78% Memory free
3,85 Gb Paging File | 2,59 Gb Available in Paging File | 67,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,68 Gb Total Space | 9,20 Gb Free Space | 18,53% Space Free | Partition Type: NTFS
Drive D: | 99,36 Gb Total Space | 39,95 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 196,84 Gb Free Space | 21,13% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Spika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.07 12:44:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spika\Desktop\OTL.exe
PRC - [2012.04.27 17:10:30 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.04.12 09:27:54 | 003,731,112 | ---- | M] (Gretech Corp.) -- D:\GomPlayer\GOM.EXE
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.03.02 00:08:56 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Spika\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011.12.23 14:07:20 | 000,881,144 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe
PRC - [2011.12.23 14:07:20 | 000,445,416 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe
PRC - [2011.11.21 15:53:02 | 000,611,328 | ---- | M] () -- K:\Tehnikalije\stickynotes.exe
PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011.09.18 09:50:29 | 001,242,448 | ---- | M] (Valve Corporation) -- K:\Igrice\Steam\Steam.exe
PRC - [2011.09.16 18:18:37 | 000,177,784 | ---- | M] (Solid Documents, LLC) -- C:\WINDOWS\Installer\MSI246.tmp
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.10.13 12:41:00 | 002,954,608 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2010.10.13 12:40:54 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2010.07.30 19:50:00 | 015,900,672 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- K:\Tehnikalije\CDBurnerXP\NMSAccessU.exe
PRC - [2009.11.03 13:38:12 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2005.09.25 19:11:20 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005.01.26 11:04:50 | 000,270,336 | ---- | M] (BonSoft) -- D:\ClocX\ClocX.exe

LKockica
07.05.2012., 12:24
========== Win32 Services (SafeList) ==========

SRV - [2012.05.05 12:29:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.27 17:10:31 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.09.16 18:18:37 | 000,177,784 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\WINDOWS\Installer\MSI246.tmp -- (SCPDFReadSpool)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- K:\Tehnikalije\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.04.30 21:11:07 | 000,165,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atjsgt.sys -- (atjsgt)
DRV - [2011.04.30 21:11:06 | 000,016,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\linsgt.sys -- (linsgt)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.10.05 14:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010.10.05 14:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010.10.05 14:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010.08.01 12:20:41 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.07.07 04:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.05.17 14:04:06 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.26 04:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.26 04:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.10.05 14:20:26 | 000,031,872 | R--- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.12.08 17:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008.12.08 17:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.12.08 17:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.04.11 03:04:40 | 004,397,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.12.15 00:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.05.17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2001.08.17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

LKockica
07.05.2012., 12:24
========== Modules (No Company Name) ==========

MOD - [2012.05.06 20:55:20 | 001,755,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12050601\algo.dll
MOD - [2012.05.05 12:29:30 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll
MOD - [2012.04.27 17:10:28 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.04.22 23:10:12 | 020,297,512 | ---- | M] () -- K:\Igrice\Steam\bin\libcef.dll
MOD - [2012.04.22 23:10:07 | 001,099,576 | ---- | M] () -- K:\Igrice\Steam\bin\avcodec-53.dll
MOD - [2012.04.22 23:10:07 | 000,907,048 | ---- | M] () -- K:\Igrice\Steam\bin\chromehtml.dll
MOD - [2012.04.22 23:10:07 | 000,190,776 | ---- | M] () -- K:\Igrice\Steam\bin\avformat-53.dll
MOD - [2012.04.22 23:10:07 | 000,123,192 | ---- | M] () -- K:\Igrice\Steam\bin\avutil-51.dll
MOD - [2012.04.02 10:46:18 | 000,946,176 | ---- | M] () -- D:\GomPlayer\GSFU.ax
MOD - [2011.12.23 14:07:28 | 000,910,840 | ---- | M] () -- C:\Program Files\Iminent\System.Data.SQLite.dll
MOD - [2011.12.23 14:07:26 | 000,204,280 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Workflow.dll
MOD - [2011.12.23 14:07:26 | 000,067,576 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Windows.dll
MOD - [2011.12.23 14:07:22 | 006,273,016 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Mediator.ActivePlayers.dll
MOD - [2011.12.23 14:07:22 | 001,524,728 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Services.dll
MOD - [2011.12.23 14:07:22 | 000,587,256 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Booster.UI.dll
MOD - [2011.11.23 20:00:00 | 003,900,928 | ---- | M] () -- D:\K-Lite Codec Pack\ffdshow\ffmpeg.dll
MOD - [2011.11.23 20:00:00 | 003,568,640 | ---- | M] () -- D:\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011.11.21 15:53:02 | 000,611,328 | ---- | M] () -- K:\Tehnikalije\stickynotes.exe
MOD - [2011.09.08 11:03:56 | 000,594,944 | ---- | M] () -- D:\GomPlayer\GVF.ax
MOD - [2011.08.03 06:31:02 | 003,373,568 | ---- | M] () -- D:\GomPlayer\libavcodec.dll
MOD - [2011.08.03 06:31:02 | 000,184,320 | ---- | M] () -- D:\GomPlayer\GRFU.ax
MOD - [2011.06.29 09:47:08 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Services\f31f1579160d87470cba918f06276e0d\ System.Web.Services.ni.dll
MOD - [2011.06.29 09:46:52 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.We b.ni.dll
MOD - [2011.06.29 09:46:44 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Transactions\7c430c38d71d632c019ae37d5ef12c8e\ System.Transactions.ni.dll
MOD - [2011.06.29 09:46:33 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuratio#\fa21b6c9badcf916bb254b4b823c2463 \System.Configuration.Install.ni.dll
MOD - [2011.06.29 09:46:30 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.EnterpriseSe#\94aae9e592c0f104120572f9925fca12 \System.EnterpriseServices.ni.dll
MOD - [2011.06.29 09:45:22 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\48f8b951a598647dd309ca2031807a5d \System.Configuration.ni.dll
MOD - [2011.06.29 09:45:16 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMD iagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiag nostics.ni.dll
MOD - [2011.06.29 09:45:08 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\ System.ServiceModel.ni.dll
MOD - [2011.06.29 09:44:46 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Seri#\c889a45c82004537f1620dd3b211af66 \System.Runtime.Serialization.ni.dll
MOD - [2011.06.29 09:44:41 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.IdentityModel\a8039af85f459c19c041313f9fe0d7e8 \System.IdentityModel.ni.dll
MOD - [2011.06.29 06:45:13 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670 \WindowsFormsIntegration.ni.dll
MOD - [2011.06.29 06:45:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xm l.ni.dll
MOD - [2011.06.29 06:45:02 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f \System.Windows.Forms.ni.dll
MOD - [2011.06.29 06:44:49 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\a59b17e6040e3f6286a2227dfdb17096\Syste m.Drawing.ni.dll
MOD - [2011.06.29 06:44:33 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\05d99241bd45cbd96a6053841790a4a2\System.D ata.ni.dll
MOD - [2011.06.29 06:44:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.C ore.ni.dll
MOD - [2011.06.29 06:44:13 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\6cf82f370413a2cd1e6bc54060334753 \PresentationFramework.Luna.ni.dll
MOD - [2011.06.29 06:44:09 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\999df2b262da53356dda514512bb7bb8 \PresentationFramework.ni.dll
MOD - [2011.06.29 06:43:43 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\caafa254739e326b0cf55eed815b4333\Pre sentationCore.ni.dll
MOD - [2011.06.29 06:43:30 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Win dowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsB ase.ni.dll
MOD - [2011.06.29 06:43:15 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2011.06.29 06:42:41 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni .dll
MOD - [2011.06.29 04:46:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2011.06.29 04:45:51 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011.05.17 02:49:30 | 000,421,520 | ---- | M] () -- D:\GomPlayer\GomTVStrm.dll
MOD - [2010.12.21 22:17:58 | 000,080,704 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SolidUI 6.dll
MOD - [2010.12.21 22:17:46 | 000,027,456 | ---- | M] () -- C:\WINDOWS\system32\solidlocalmon.dll
MOD - [2010.12.21 22:17:40 | 000,043,840 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SolidGr aphics6.dll
MOD - [2010.10.15 11:35:54 | 001,433,600 | ---- | M] () -- D:\GomPlayer\GAF.ax
MOD - [2010.10.13 12:41:00 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2010.08.04 11:20:04 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- K:\Tehnikalije\CDBurnerXP\NMSAccessU.exe
MOD - [2010.02.05 20:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008.04.14 14:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008.04.14 14:00:00 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2008.04.14 14:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008.04.14 14:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007.04.19 09:39:08 | 000,436,992 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\FPXLIB.DLL
MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
MOD - [2007.04.19 09:29:42 | 000,273,216 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\magengin.dll
MOD - [2007.04.19 09:29:38 | 000,187,136 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\kgl.dll
MOD - [2001.06.29 18:38:20 | 000,712,751 | ---- | M] () -- C:\Program Files\Adobe\Photoshop 7.0\Asn.er.dll

LKockica
07.05.2012., 12:25
========== Win32 Services (SafeList) ==========

SRV - [2012.05.05 12:29:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.27 17:10:31 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.09.16 18:18:37 | 000,177,784 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\WINDOWS\Installer\MSI246.tmp -- (SCPDFReadSpool)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- K:\Tehnikalije\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

LKockica
07.05.2012., 12:26
========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.04.30 21:11:07 | 000,165,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atjsgt.sys -- (atjsgt)
DRV - [2011.04.30 21:11:06 | 000,016,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\linsgt.sys -- (linsgt)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.10.05 14:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010.10.05 14:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010.10.05 14:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010.08.01 12:20:41 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.07.07 04:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.05.17 14:04:06 | 000,101,904 | R--- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.26 04:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.26 04:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.10.05 14:20:26 | 000,031,872 | R--- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.12.08 17:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008.12.08 17:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008.12.08 17:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.12.08 17:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.04.11 03:04:40 | 004,397,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.12.15 00:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.05.17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2001.08.17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

LKockica
07.05.2012., 12:27
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

LKockica
07.05.2012., 12:27
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.23 15:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 11:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 14:22:38 | 000,000,000 | ---D | M]

[2012.04.28 20:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Extensions
[2012.05.02 01:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions
[2011.04.11 15:33:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.17 17:04:18 | 000,002,400 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Mozilla\Firefox\Profiles\6ndngi55.default\sea rchplugins\askcom.xml
[2012.05.07 01:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.02.21 21:33:49 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2012.03.23 15:20:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.04.27 15:07:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.04.27 17:10:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.27 15:07:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.04.27 17:10:25 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.03.02 00:37:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.27 17:10:25 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.03.02 00:37:41 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2012.03.02 00:37:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.03.02 00:37:41 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

LKockica
07.05.2012., 12:28
========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf. dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcsw f32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Iminent (Enabled) = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlag emhgjl\4.43.0_0\npIminent.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 6.1c (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: Vizzed Retro Game Room Plugin (Enabled) = C:\Program Files\Vizzed Retro Game Room\NpVizzedRgr.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\7.0.1426_0\
CHR - Extension: Iminent = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlag emhgjl\4.43.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Spika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

LKockica
07.05.2012., 12:30
O1 HOSTS File: ([2012.04.29 11:21:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer. dll (Iminent)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ClocX] D:\ClocX\ClocX.exe (BonSoft)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Steam] K:\Igrice\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Sticky-Notes] K:\Tehnikalije\stickynotes.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Spika\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Spika\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Spika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Spika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm ()
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1B5FEF03-2E7A-46BF-BD77-F318660E1CEC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1B5FEF03-2E7A-46BF-BD77-F318660E1CEC}: NameServer = 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Spika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1

LKockica
07.05.2012., 12:30
O32 - AutoRun File - [2010.07.30 19:09:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.09.21 10:45:09 | 000,000,000 | R--D | M] - K:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\L:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012.05.07 12:44:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Spika\Desktop\OTL.exe
[2012.05.07 01:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.07 01:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012.05.07 01:36:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.04.29 11:38:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.04.29 11:10:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.04.29 11:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.04.28 12:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\Socijalna pedagogija
[2012.04.27 23:12:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Spika\UserData
[2012.04.27 22:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012.04.27 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.04.27 22:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012.04.27 17:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.04.27 17:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.27 15:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.27 15:07:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.04.27 15:07:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.04.27 15:07:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.04.27 15:07:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.04.27 15:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.26 11:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\novo za stavit
[2012.04.23 11:08:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\novo cool
[2012.04.20 02:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\dioklecijan
[2012.04.17 03:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WALKMAN Guide
[2012.04.17 02:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Local Settings\Application Data\Downloaded Installations
[2012.04.17 02:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2012.04.17 02:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.04.17 02:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012.04.17 02:51:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012.04.16 18:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Movie Player Pro ActiveX Control
[2012.04.13 10:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spika\Desktop\Gorki splav

LKockica
07.05.2012., 12:31
========== Files - Modified Within 30 Days ==========

[2012.05.07 13:02:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.07 12:44:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spika\Desktop\OTL.exe
[2012.05.07 12:29:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.07 09:36:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012.05.07 09:34:16 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.07 09:33:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.07 01:53:30 | 000,101,888 | ---- | M] () -- C:\Documents and Settings\Spika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.06 14:51:11 | 000,084,399 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\teddy.jpg
[2012.05.06 01:34:35 | 000,040,914 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\pteranodon-repaint-postsaurischian01.jpg
[2012.05.06 01:34:32 | 000,045,174 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\pteranodon-repaint-postsaurischian02.jpg
[2012.05.05 18:40:03 | 000,080,325 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\trondheim_desoeuvre2.jpg
[2012.05.05 18:38:24 | 000,118,218 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\lapinott8_1.jpg
[2012.05.05 13:08:22 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.05.05 12:29:30 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.05 12:29:30 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.05.04 19:31:13 | 001,095,470 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\12647.jpg
[2012.05.04 19:26:15 | 000,234,083 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\12973.jpg
[2012.05.03 20:19:42 | 000,045,446 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\hug.jpg
[2012.05.02 00:17:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.30 23:19:17 | 000,086,486 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\149345_465398718385_670821_ n.jpg
[2012.04.30 23:15:47 | 000,077,068 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\396493_3221106805325_119608 9079_33339707_601285306_n.jpg
[2012.04.30 23:15:46 | 000,144,137 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\397349_3221105605295_119608 9079_33339706_1676190124_n.jpg
[2012.04.30 23:15:39 | 000,073,071 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\425003_3221096445066_119608 9079_33339700_123704336_n.jpg
[2012.04.30 13:55:38 | 000,598,162 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\hi.jpg
[2012.04.30 13:46:33 | 000,145,916 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\062206trip1.jpg
[2012.04.30 13:40:48 | 000,045,344 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\316723_2252024653946_104814 9690_32620586_1095158784_n.jpg
[2012.04.29 19:34:03 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.04.29 11:21:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.04.29 11:10:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.04.27 15:07:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.04.27 15:07:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.04.27 15:07:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.04.27 15:07:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.04.27 15:07:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.04.27 12:56:12 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012.04.26 22:45:18 | 000,020,663 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\heman13.jpg
[2012.04.24 23:39:19 | 000,872,346 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\Living.psd
[2012.04.24 23:34:14 | 000,360,549 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\Living.jpg
[2012.04.23 23:15:16 | 000,287,528 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\DA MAN.gif
[2012.04.21 00:57:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpD r_01_00_00.Wdf
[2012.04.17 03:16:18 | 005,751,633 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\Game of Thrones - Main Theme (Official Soundtrack Version).mp3
[2012.04.17 03:00:32 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\Spika\Application Data\Microsoft\Internet Explorer\Quick Launch\NWZ-B160 WALKMAN Guide.lnk
[2012.04.17 02:52:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.04.17 02:51:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.04.17 02:51:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2012.04.14 18:57:09 | 000,075,274 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\teske boje.jpg
[2012.04.09 22:41:04 | 000,054,680 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\vegeta.jpg
[2012.04.09 20:19:35 | 000,038,306 | ---- | M] () -- C:\Documents and Settings\Spika\Desktop\120 km-h.jpg

LKockica
07.05.2012., 12:32
========== Files Created - No Company Name ==========

[2012.05.06 14:51:11 | 000,084,399 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\teddy.jpg
[2012.05.06 01:34:34 | 000,040,914 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\pteranodon-repaint-postsaurischian01.jpg
[2012.05.06 01:34:32 | 000,045,174 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\pteranodon-repaint-postsaurischian02.jpg
[2012.05.05 18:40:02 | 000,080,325 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\trondheim_desoeuvre2.jpg
[2012.05.05 18:38:24 | 000,118,218 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\lapinott8_1.jpg
[2012.05.05 13:08:22 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Spika\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012.05.04 19:31:13 | 001,095,470 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\12647.jpg
[2012.05.04 19:26:14 | 000,234,083 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\12973.jpg
[2012.05.03 20:19:39 | 000,045,446 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\hug.jpg
[2012.04.30 23:19:12 | 000,086,486 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\149345_465398718385_670821_ n.jpg
[2012.04.30 23:15:39 | 000,077,068 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\396493_3221106805325_119608 9079_33339707_601285306_n.jpg
[2012.04.30 23:15:37 | 000,144,137 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\397349_3221105605295_119608 9079_33339706_1676190124_n.jpg
[2012.04.30 23:15:34 | 000,073,071 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\425003_3221096445066_119608 9079_33339700_123704336_n.jpg
[2012.04.30 13:55:36 | 000,598,162 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\hi.jpg
[2012.04.30 13:46:32 | 000,145,916 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\062206trip1.jpg
[2012.04.30 13:40:47 | 000,045,344 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\316723_2252024653946_104814 9690_32620586_1095158784_n.jpg
[2012.04.29 19:35:45 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012.04.29 11:10:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.04.29 11:10:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.04.26 22:45:17 | 000,020,663 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\heman13.jpg
[2012.04.24 23:39:19 | 000,872,346 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\Living.psd
[2012.04.24 23:34:13 | 000,360,549 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\Living.jpg
[2012.04.23 23:15:15 | 000,287,528 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\DA MAN.gif
[2012.04.21 00:57:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpD r_01_00_00.Wdf
[2012.04.17 03:15:53 | 005,751,633 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\Game of Thrones - Main Theme (Official Soundtrack Version).mp3
[2012.04.17 03:00:32 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\Spika\Application Data\Microsoft\Internet Explorer\Quick Launch\NWZ-B160 WALKMAN Guide.lnk
[2012.04.17 02:51:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2012.04.14 18:57:08 | 000,075,274 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\teske boje.jpg
[2012.04.09 22:41:04 | 000,054,680 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\vegeta.jpg
[2012.04.09 20:19:30 | 000,038,306 | ---- | C] () -- C:\Documents and Settings\Spika\Desktop\120 km-h.jpg
[2012.03.31 00:46:24 | 000,309,358 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012.03.29 20:20:28 | 000,003,883 | ---- | C] () -- C:\Documents and Settings\Spika\Local Settings\Application Data\recently-used.xbel
[2012.01.24 19:48:48 | 000,000,533 | ---- | C] () -- C:\WINDOWS\eReg.dat

LKockica
07.05.2012., 12:33
[2011.12.29 12:34:43 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.12.29 12:34:43 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011.12.29 12:34:42 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.12.29 12:34:42 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.12.11 23:21:42 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.10.02 13:57:23 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2011.09.16 18:21:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2011.09.16 18:18:40 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2011.09.16 18:18:40 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2011.05.08 19:54:16 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Spika\Local Settings\Application Data\YS.SAV
[2011.04.30 21:11:07 | 000,165,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atjsgt.sys
[2011.04.30 21:11:06 | 000,016,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\linsgt.sys
[2011.04.27 23:29:16 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011.04.27 23:29:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011.01.19 14:29:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.01.19 14:28:43 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.01.19 14:28:43 | 000,205,156 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.01.19 14:28:43 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.12.15 04:01:58 | 000,498,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.12.08 15:51:12 | 000,000,174 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.10.24 19:03:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.10.04 22:17:37 | 000,020,886 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2010.09.27 02:50:25 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2010.09.13 10:40:27 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.09.12 19:39:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.09.02 15:45:26 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.09.02 15:45:26 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2560C7FE6D.sys
[2010.08.31 19:35:00 | 000,073,832 | R--- | C] () -- C:\WINDOWS\System32\SuperFrameSplitter.dll
[2010.08.31 19:35:00 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\RTKDABMWare.dll
[2010.08.31 11:01:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.08.02 00:01:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.08.01 23:54:47 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.08.01 13:27:10 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.08.01 13:27:08 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.08.01 13:27:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.08.01 13:26:48 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.08.01 13:25:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.08.01 13:14:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\igfxtvcx.dll
[2010.08.01 13:01:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.08.01 12:20:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.30 21:00:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.07.30 20:57:37 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.30 20:10:50 | 000,101,888 | ---- | C] () -- C:\Documents and Settings\Spika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.30 20:10:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.30 19:11:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.07.30 19:06:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

LKockica
07.05.2012., 12:34
========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< MD5 for: AFD.SYS >
[2008.04.14 14:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 15:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.02.16 15:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.10.16 17:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 12:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 16:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 12:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 15:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 13:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 13:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFi les\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFi les\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemroot%\*. /mp /s >

LKockica
07.05.2012., 12:34
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.04.27 17:10:24 | 000,867,816 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.04.27 17:10:24 | 000,867,816 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.04.27 17:10:24 | 000,867,816 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.04.27 17:10:30 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.04.27 17:10:30 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.04.27 17:10:30 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008.04.14 14:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008.04.14 14:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008.04.14 14:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008.04.14 14:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.04.27 17:10:24 | 000,867,816 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.04.27 17:10:24 | 000,867,816 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.04.27 17:10:24 | 000,867,816 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.04.27 17:10:30 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.04.27 17:10:30 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.04.27 17:10:30 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008.04.14 14:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008.04.14 14:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008.04.14 14:00:00 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008.04.14 14:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

LKockica
07.05.2012., 12:36
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /s >
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup -- [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
"RTHDCPL" = RTHDCPL.EXE -- [2007.04.10 23:28:44 | 016,126,464 | ---- | M] (Realtek Semiconductor Corp.)
"nwiz" = C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet -- [2010.07.07 23:52:40 | 001,753,192 | ---- | M] ()
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit -- [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
"Google Desktop Search" = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup -- [2010.08.04 01:57:46 | 000,030,192 | ---- | M] (Google)
"ArcSoft Connection Service" = C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -- [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
"avast" = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui -- [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software)
"Iminent" = C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" -- [2011.12.23 14:07:20 | 000,445,416 | ---- | M] (Iminent)
"IminentMessenger" = C:\Program Files\Iminent\Iminent.Messengers.exe /startup -- [2011.12.23 14:07:20 | 000,881,144 | ---- | M] (Iminent)
"ClocX" = D:\ClocX\ClocX.exe -- [2005.01.26 11:04:50 | 000,270,336 | ---- | M] (BonSoft)
"MP10_EnsureFileVer" = C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions -- [2008.04.14 14:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation)
"SunJavaUpdateSched" = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" -- [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.)
"Malwarebytes' Anti-Malware" = "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray -- [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

LKockica
07.05.2012., 12:37
< HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost /s >
"HTTPFilter" = HTTPFilter [binary data]
"LocalService" = [Binary data over 100 bytes]
"NetworkService" = DnsCache [binary data]
"netsvcs" = [Binary data over 100 bytes]
"DcomLaunch" = DcomLaunchTermService [binary data]
"rpcss" = RpcSs [binary data] -- [2009.02.09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"eapsvcs" = eaphost [binary data]
"dot3svc" = dot3svc [binary data] -- [2008.04.14 14:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"termsvcs" = TermService [binary data]
"WudfServiceGroup" = WUDFSvc [binary data] -- [2006.09.28 18:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
"CoInitializeSecurityParam" = 1
"DefaultRpcStackSize" = 8
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc]
"AuthenticationCapabilities" = 12320
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs]
"AuthenticationCapabilities" = 12320
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"CoInitializeSecurityParam" = 1
"AuthenticationCapabilities" = 8192
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"CoInitializeSecurityParam" = 1
"AuthenticationCapabilities" = 12320
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\PCHealth]
"CoInitializeSecurityParam" = 2
"AuthenticationCapabilities" = 64
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam" = 1
"DefaultRpcStackSize" = 8

< End of report >

LKockica
07.05.2012., 12:37
EXTRAS


OTL Extras logfile created on: 7.5.2012 12:54:41 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Spika\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,78% Memory free
3,85 Gb Paging File | 2,59 Gb Available in Paging File | 67,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,68 Gb Total Space | 9,20 Gb Free Space | 18,53% Space Free | Partition Type: NTFS
Drive D: | 99,36 Gb Total Space | 39,95 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 196,84 Gb Free Space | 21,13% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Spika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

LKockica
07.05.2012., 12:38
========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

LKockica
07.05.2012., 12:39
========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

LKockica
07.05.2012., 12:40
"K:\Igrice\Steam\Steam.exe" = K:\Igrice\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Spika\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Spika\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"K:\Igrice\Steam\steamapps\common\dc universe online\LaunchPad.exe" = K:\Igrice\Steam\steamapps\common\dc universe online\LaunchPad.exe:*:Enabled:DC Universe Online -- ()
"K:\Tehnikalije\stickynotes.exe" = K:\Tehnikalije\stickynotes.exe:*:Enabled:Sticky-Notes -- ()
"K:\Igrice\BF1942.exe" = K:\Igrice\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\Iminent\Iminent.exe" = C:\Program Files\Iminent\Iminent.exe:*:Enabled:Iminent Firewall Rule -- (Iminent)
"C:\Program Files\Iminent\Iminent.Messengers.exe" = C:\Program Files\Iminent\Iminent.Messengers.exe:*:Enabled:Imi nent.Messengers Firewall Rule -- (Iminent)

LKockica
07.05.2012., 12:41
========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:Bea rShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe" = C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:*:Enabled:ArcSoft TotalMedia -- (ArcSoft, Inc.)
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe" = C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled: GameCenter -- (Cyanide)
"C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)
"D:\Binaries\Wolverine.exe" = D:\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine -- (Raven Software)

LKockica
07.05.2012., 12:41
========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"_{1E964D62-3397-45B7-A9D2-F27C22D9D4BA}" = Corel Painter 12
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{18522005-B8F6-4552-A228-823328696F48}" = Yamaha Supercross
"{1A6D6B28-888F-4512-910E-89FB2E189FEA}" = Vizzed Retro Game Room
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1E964D62-3397-45B7-A9D2-F27C22D9D4BA}" = Painter 12 - Setup Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2333E82C-E577-4982-B60F-80C74BA69A07}" = Corel Painter 12 - IPM
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D8D185-F70E-4311-A511-22E979A036C5}" = Iron Man
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3D88D0F7-FE8C-46A9-9966-3FEE8CAAD8F8}" = LIMBO [Install&Play]
"{44FDF3F0-9DEF-46A6-A552-404BBF55451B}" = Painter 12 - Core
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD8E034-E0F4-4509-A753-467A8E854CD8}" = Iminent
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF
"{64958DA4-79D3-43FD-AF06-720DAD044F9E}" = LEGO® Pirates of the Caribbean The Video Game
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DEE4C35-1C60-413E-9630-77A0222D5C45}" = CSI-Dark Motives
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

LKockica
07.05.2012., 12:42
"{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3(TM)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A5CB0BC7-9553-420D-A3CD-D3C59FB99872}" = Painter 12 - EN
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B073B30C-7D4C-401D-ABF6-993F7A0DE762}" = Mystery Case Files - 13th Skull Collectors Edition
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1A8A5D7-0613-4373-BB0C-2AA428C935BD}" = NWZ-B160 WALKMAN Guide
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B4C89330-0416-4B4A-93C1-E577D208D803}" = Sticky-Notes
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Years 1-4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2776738-1A97-45F2-BE5A-DBBC66ACB9D4}" = Painter 12 - Painter
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FBAAC4C8-D5ED-4308-9FC6-84E44E392395}" = Painter 12 - Content
"1947ed9c549f680a9ed3f1fdbb9337a4" = Myst V End Of Ages
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ArtRage Free_is1" = ArtRage 2.2 Free

LKockica
07.05.2012., 12:43
"avast" = avast! Free Antivirus
"BFG-Azada" = Azada ™
"BFG-Azada - Ancient Magic" = Azada: Ancient Magic ™
"Champions Online" = Champions Online
"ClocX" = ClocX (1.5b1)
"Comical_is1" = Comical 0.8
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Dia" = Dia (remove only)
"DriverAgent.exe" = DriverAgent by eSupport.com
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"FontCreator6_is1" = High-Logic FontCreator 6.5
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"GameCenter" = GameCenter
"GLC_Player" = GLC_Player
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"IMBoosterARP" = Iminent
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM)
"InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3 (TM)
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
"LucasArts' Star Wars: Episode I Racer" = LucasArts' Star Wars: Episode I Racer
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Miuchiz - Planet Mion" = Miuchiz - Planet Mion
"Movie Player Pro ActiveX Control_is1" = Movie Player Pro ActiveX Control
"Mozilla Firefox 12.0 (x86 hr)" = Mozilla Firefox 12.0 (x86 hr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"mswt" = MS Worldtour Kart
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"PROPLUS" = Microsoft Office Professional Plus 2007
"QuickTime" = QuickTime
"SearchCore for Browsers" = SearchCore for Browsers
"Steam App 24200" = DC Universe Online
"Steam App 400" = Portal
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"The Incredible Hulk" = The Incredible Hulk
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VMidi" = vanBasco's Karaoke Player
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

LKockica
07.05.2012., 12:43
========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6.5.2012 15:46:38 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6.5.2012 15:47:02 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Error - 6.5.2012 17:18:44 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6.5.2012 17:20:09 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Error - 6.5.2012 19:20:45 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Error - 6.5.2012 19:37:17 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Error - 6.5.2012 19:42:11 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Error - 6.5.2012 19:57:35 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Error - 6.5.2012 19:58:03 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

Error - 7.5.2012 5:58:24 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000120e.

[ OSession Events ]
Error - 24.10.2010 13:03:57 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10887
seconds with 8700 seconds of active time. This session ended with a crash.


< End of report >

dobrota
07.05.2012., 14:06
otvori OTL i ovo kopiraj u prazno polje

:OTL
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2012.05.07 01:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O32 - AutoRun File - [2010.09.21 10:45:09 | 000,000,000 | R--D | M] - K:\autorun -- [ NTFS ]

:files
C:\WINDOWS\QTFont.qfn

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]


klik na RUN FIX

ako nemaš ccleaner (http://www.piriform.com/CCLEANER) skini ga >instaliraj

otvori program >klik na alati >klik na pokretanje s računalom
http://www.zaslike.com/files/t0j3rdoe2t1gcj678quf.png (http://www.zaslike.com/)

označi ove programe i klik na disable

[ArcSoft Connection Service]
[Iminent]
[IminentMessenger]
[Malwarebytes' Anti-Malware]
[NvCplDaemon]
[NvMediaCenter]
[nwiz]
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[Steam]
[Sticky-Notes]
[uTorrent]


ostat će ti samo avast i clock...

nakon toga

start /run / u run polje kopiraj ovo i potvrdi
sfc /scannow
zatražit će te vrlo vjerojatno da ubaciš windows cd, ubaci ga u računalo i sačekaj dok ne odradi do kraja...scan je obično jako brzo gotov

nakon toga restart i javi promjene

OTL kog se čini skroz ok i unjemu nema ništa posebno vridno pažnje..uzrok greške treba tražiti na drugm mistu..

uradi ovao, pa javi kako je

LKockica
07.05.2012., 14:11
Ne mogu nac CD od windowsa,tj u drugom je stanu vjerojatno pa cim to sredim, javim promjene! HVALA PUNO!

Mogu li sad odradit ove akcije do drugog koda? Da obavim bar ovo sa ccleanerom?

dobrota
07.05.2012., 14:43
Ne mogu nac CD od windowsa,tj u drugom je stanu vjerojatno pa cim to sredim, javim promjene! HVALA PUNO!

Mogu li sad odradit ove akcije do drugog koda? Da obavim bar ovo sa ccleanerom?

da, obavi što sada možeš :)

Gustavo
07.05.2012., 15:52
ne treba ti avast , outpost ima svoj antivirus

Zašto mi windows security center ne prepoznaje outpust kao antivirus, stalno mi ikona alerts dolje u trayu ?

LKockica
07.05.2012., 19:31
da, obavi što sada možeš :)

OTL mi se zablokirao pa sam morala restartat racunalo.

CCleaner m ne nalazi ni jedan od tri navedena programa

btw. upravo mi opet ukazuje na onaj problem koji smo prije neki dan rjesavali . ne zeli otvorit istu stranicu.

http://i1249.photobucket.com/albums/hh508/sonjecka1/pro.jpg

dobrota
08.05.2012., 11:27
OTL mi se zablokirao pa sam morala restartat racunalo.

CCleaner m ne nalazi ni jedan od tri navedena programa

btw. upravo mi opet ukazuje na onaj problem koji smo prije neki dan rjesavali . ne zeli otvorit istu stranicu.

http://i1249.photobucket.com/albums/hh508/sonjecka1/pro.jpg

ostavi samo avast i clocX, a sve ostalo postavi na disable

betatestalo
15.05.2012., 07:33
http://pastebin.com/fqEGf6y4

http://pastebin.com/1b9pujsg

dobrota savjetuj molim te :)

dobrota
15.05.2012., 12:56
http://pastebin.com/fqEGf6y4

http://pastebin.com/1b9pujsg

dobrota savjetuj molim te :)

otvori OTL i ovo kopiraj u prazno polje
:services

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm266YYHR File not found
O33 - MountPoints2\{3809bd3c-b80b-11db-99cf-00012982bb99}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{3809bd3c-b80b-11db-99cf-00012982bb99}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{3809bd3c-b80b-11db-99cf-00012982bb99}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\{41e125d8-b28d-11db-99ca-00012982bb99}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{41e125d8-b28d-11db-99ca-00012982bb99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41e125d8-b28d-11db-99ca-00012982bb99}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{4d3f01c5-ddf8-11dc-9b50-00012982bb99}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{4d3f01c5-ddf8-11dc-9b50-00012982bb99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d3f01c5-ddf8-11dc-9b50-00012982bb99}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{611f8811-0378-11dc-9a3c-00012982bb99}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{611f8811-0378-11dc-9a3c-00012982bb99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{611f8811-0378-11dc-9a3c-00012982bb99}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{e4689bbe-e993-11de-b05c-00012982bb99}\Shell\AutoRun\command - "" = F:\WDSetup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29

:files


:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]

klik na RUN FIX

log koji dobiješ kopiraj

2.skini combofix (http://www.bleepingcomputer.com/download/anti-virus/combofix) i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odgovori potvrdno
-log kopiraj

betatestalo
15.05.2012., 14:01
Nakon sta sam pokrenia RUN FIX, sve je uredno proslo, samo se nije tia izgasit... pisalo je ono windows is shutting down sigurno 15 min, pa sam ga rucno izgasia i upalia.

Evo loga koji se pojavia nakon dizanja windowsa:
http://pastebin.com/61QGk01C

sad combofix i to je to?

ne znan koje iman antiviruse instalirane

betatestalo
15.05.2012., 14:02
greska za dupli post...

kako cu znat koji su antivirusi install? (nije moj komp)

dobrota
15.05.2012., 14:20
greska za dupli post...

kako cu znat koji su antivirusi install? (nije moj komp)

na ovom račnal nemaš instaliran antivirus..imaš ad-aware i malwarebytes

izbriši ad-aware preko add/remove i pokreni combofix

betatestalo
16.05.2012., 06:34
na ovom račnal nemaš instaliran antivirus..imaš ad-aware i malwarebytes

izbriši ad-aware preko add/remove i pokreni combofix

Maka sam ga bia vec prije (ad aware).

Evo log od combofixa:

http://pastebin.com/fSP5UXCf

dobrota
16.05.2012., 11:03
Maka sam ga bia vec prije (ad aware).

Evo log od combofixa:

http://pastebin.com/fSP5UXCf

otvori notepad i ovo kopiraj u notepad

ClearJavaCache::

Driver::
Lbd

zatvori notepad i spremi kao CFScript na desktop
-skriptu s mišem uvuci u combofix.exe
-log koji dobieš kopiraj

2.pokreni malwarebytes>update>quick scan
-log kopiraj

betatestalo
16.05.2012., 14:11
combofix:
http://pastebin.com/6nBTp2Bg

sutra cu malwarebytes (ne znam iman li ga uopce instaliranog?....)

dobrota
16.05.2012., 14:24
combofix:
http://pastebin.com/6nBTp2Bg

sutra cu malwarebytes (ne znam iman li ga uopce instaliranog?....)

mislim da ga imaš instaliranog, ..ok, možeš izbrisati combofix i OTL

otvori OTL i klik na clean up

instaliraj i neki antivirus sad kad je računalo čisto od virusa

betatestalo
23.05.2012., 07:22
dobrota, ako nije problem evo jos jedan komp, usporen je, mislim da nema virusa :S

OTL:
http://pastebin.com/kCDr1s8H
Extras:
http://pastebin.com/c1MSm622

dobrota
23.05.2012., 11:09
dobrota, ako nije problem evo jos jedan komp, usporen je, mislim da nema virusa :S

OTL:
http://pastebin.com/kCDr1s8H
Extras:
http://pastebin.com/c1MSm622

ovaj je zaražen s rootkitom :D

1.otvori OTL i ovo kopiraj u prazno polje
:OTL
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - AutoRun File - [2004.05.01 03:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[C:\WINDOWS\$NtUninstallKB3255$] -> -> Unknown point type
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:files
rmdir C:\WINDOWS\$NtUninstallKB3255$ /c
ipconfig /flushdns /c

:Commands
[Reboot]

klik na RUN FIX
log kopiraj

2.skini tdsskiller (http://support.kaspersky.com/viruses/solutions?qid=208280684) i spremi na desktop
pokreni program >klik na change parameters >sve označi i klik na start scan
ako program zatraži restart dozvoli
log se obično nalazi u c:/ i izgleda otpriilike ovako
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

3.skinicombofix (http://www.bleepingcomputer.com/download/combofix/) i spremi na desktop
isljuči antivirus
pokreni combofix i na sve što traži odgovori potvrdno
log kopiraj

betatestalo
23.05.2012., 12:32
http://pastebin.com/p32w0uyv - otl

http://pastebin.com/snEGedxt - tdsskiller

combofix neki error... ne mogu ni upload pic... probat cu izgasit avg skroz...

edit, evo:

http://i45.tinypic.com/33mmxps.jpg

edit2:

uspija je combofix... nasa je rootkit, reboota se, sad tek skenira prvi put... na stage 4 je tek i ide poprilicno sporo :D

dobrota
23.05.2012., 12:52
http://pastebin.com/p32w0uyv - otl

http://pastebin.com/snEGedxt - tdsskiller

combofix neki error... ne mogu ni upload pic... probat cu izgasit avg skroz...

edit, evo:

http://i45.tinypic.com/33mmxps.jpg

najolje bi bilo da za sad kompletno izbrišeš AVG s računala(add/remove), pa da ga kasnije instaliraš

ponovo pokreni tdsskiller da se uvjerimo da je rootkit uklonjen, sad ne treba ništa dodatno označavati (ostavi po defoultu)

izbriši kopiju combofix.exe >prije nego skineš novu kopiju combofix-a preimenuj ga u svchost
spremi na desktop i pokreni
ako opet zašteka, odi u safe mode i pokreni combofix

dobrota
23.05.2012., 12:54
edit2:

uspija je combofix... nasa je rootkit, reboota se, sad tek skenira prvi put... na stage 4 je tek i ide poprilicno sporo :D

ok, nemoj sad ništa prekidati ....ako combofix završi i izbaci log, odradi samo dio s tdsskillerom

a ako ne završi do kraja ili ne izbaci log, odradi dio s preimenovanim combofixom

betatestalo
23.05.2012., 13:07
ok, nemoj sad ništa prekidati ....ako combofix završi i izbaci log, odradi samo dio s tdsskillerom

a ako ne završi do kraja ili ne izbaci log, odradi dio s preimenovanim combofixom

evo log od combofix-a:

http://pastebin.com/8EXCGxHZ

stvarno je dugo trajalo, uspija je izbacit napokon log uz 2 reboota... :D

sad cu i tdsskillera pokrenit

edit:

nije nasa nista osim ovog safe boot-a, evo i log:
http://pastebin.com/FpV7cYxS

p.s. problem je bia ovaj rootkip.boot.whistler.a?!

dobrota
23.05.2012., 13:29
evo log od combofix-a:

http://pastebin.com/8EXCGxHZ

stvarno je dugo trajalo, uspija je izbacit napokon log uz 2 reboota... :D

sad cu i tdsskillera pokrenit

edit:

nije nasa nista osim ovog safe boot-a, evo i log:
http://pastebin.com/FpV7cYxS

p.s. problem je bia ovaj rootkip.boot.whistler.a?!

da, ovaj safebot je definitivno sumnjiv

1.otvori OTL i ovo kopiraj u prazno polje

/md5start
SafeBoot.sys
/md5stop

-klik na NONE
-klik na RUN SCAN

log kopiraj

2.skini aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) i spremi na desktop
pokreni program >klik na scan, kad završi scan klik na save log
-log kopiraj

3.skini farbar service scaner (http://go.techguy.org/?id=266X416&site=techguy.org&xs=1&url=http%3A%2F%2Fdownload.bleepingcomputer.com%2Ff arbar%2FFSS.exe&xguid=8c78742ecfddcff09f26828ad78288ae&xcreo=0&sref=http%3A%2F%2Fforums.techguy.org%2Fvirus-other-malware-removal%2F1032865-internet-wont-work-after-removing.html) i spremi na desktop
pokreni program >sve označi i klik na scan
log kopiraj

betatestalo
23.05.2012., 13:38
izgleda da nije uspija tu md5 funkciju? otl log > http://pastebin.com/1bW1r6Lw

sad cu 2. i 3.

2 > http://pastebin.com/Eei7ek8p

3 > http://pastebin.com/FPc0r7sK

dobrota
23.05.2012., 13:47
izgleda da nije uspija tu md5 funkciju? otl log > http://pastebin.com/1bW1r6Lw

sad cu 2. i 3.

2 > http://pastebin.com/Eei7ek8p

3 > http://pastebin.com/FPc0r7sK

ovaj ile ti se nalazi na desktopu, uploadaj ga na virustotal i javi rezultate

C:\Documents and Settings\Administrator\Desktop\MBR.dat

uradi to dok ti ne uploadam novi safebot kojeg ćemo zamjeniti

betatestalo
23.05.2012., 13:54
ovaj ile ti se nalazi na desktopu, uploadaj ga na virustotal i javi rezultate

C:\Documents and Settings\Administrator\Desktop\MBR.dat

uradi to dok ti ne uploadam novi safebot kojeg ćemo zamjeniti

kad sam ga isa prvi put uploadat, pisalo mi je da je vec taj fajl uploadan na taj i taj datum i uglavnom 0/xx pisalo... svejedno sam izabra reanalyze i evo:
File name: MBR.dat
Detection ratio: 0 / 42
Analysis date: 2012-05-23 12:51:48 UTC ( 1 minute ago )
No comments

dobrota
23.05.2012., 14:05
kad sam ga isa prvi put uploadat, pisalo mi je da je vec taj fajl uploadan na taj i taj datum i uglavnom 0/xx pisalo... svejedno sam izabra reanalyze i evo:
File name: MBR.dat
Detection ratio: 0 / 42
Analysis date: 2012-05-23 12:51:48 UTC ( 1 minute ago )
No comments

dobro

ponovo pokreni tdsskiller, i kad završi scan safebot.sys označi za delete

nakon toga otvori OTL i klik na clean up

nakon toga skini malwarebytes >update> quick scan
log kopiraj


kako sad radi računalo ?

betatestalo
23.05.2012., 14:12
dobro

ponovo pokreni tdsskiller, i kad završi scan safebot.sys označi za delete

nakon toga otvori OTL i klik na clean up

nakon toga skini malwarebytes >update> quick scan
log kopiraj


kako sad radi računalo ?

nakon deletanja safeboot.sys, ne zeli se pokrenit windowsi...

we are sorry for the incovenience bla bla..
run in safe mode, with networking, with comand prompt
start windows normally

proba sam i safe mode i start normally, ali nista :ne zna:
kad bi isa na safe mode.. provrtija bi nekoliko redova i predkraj bi uocia taj safeboot.sys izmedu redaka... mozda mu je to neki neophodni file?

diga sam ga na last know version of windows...

edit:
opet tdsstkiller pronalazi taj safeboot.sys, suspicious object, medium risk

dobrota
23.05.2012., 14:35
nakon deletanja safeboot.sys, ne zeli se pokrenit windowsi...

we are sorry for the incovenience bla bla..
run in safe mode, with networking, with comand prompt
start windows normally

proba sam i safe mode i start normally, ali nista :ne zna:
kad bi isa na safe mode.. provrtija bi nekoliko redova i predkraj bi uocia taj safeboot.sys izmedu redaka... mozda mu je to neki neophodni file?

diga sam ga na last know version of windows...

edit:
opet tdsstkiller pronalazi taj safeboot.sys, suspicious object, medium risk

laptop ti je HP ?

vrlo vjerojatno da je, safeboot.sys osim što pripada mcafee antivirusu, pripada i hp-u ...a to je taj...

uploadaj ga na virustotal da vidimo što će antivirusi reć

betatestalo
23.05.2012., 14:53
laptop ti je HP ?

vrlo vjerojatno da je, safeboot.sys osim što pripada mcafee antivirusu, pripada i hp-u ...a to je taj...

uploadaj ga na virustotal da vidimo što će antivirusi reć

Hp je komp (ali mislim da je integrirana graficka - nije laptop),

malwarebytes nije nista nasa! :)

komp radi brze... stavia sam ga na virustotal, ali ne zeli uploadat.. computing hash :/
probat cu kasnije, sad mogu aktivirat avg? hvala puno, placam pice :D

dobrota
23.05.2012., 15:00
Hp je komp (ali mislim da je integrirana graficka - nije laptop),

malwarebytes nije nista nasa! :)

komp radi brze... stavia sam ga na virustotal, ali ne zeli uploadat.. computing hash :/
probat cu kasnije, sad mogu aktivirat avg? hvala puno, placam pice :D

može :)

bellisima
25.05.2012., 17:05
Dobrota, trebam tvoju pomoc, laptop mi se nece upaliti, pa sam napravila OTL.log u safe modu, pa molim te pogledaj

http://pastebin.com/nZCqS6Zw

dobrota
25.05.2012., 17:40
Dobrota, trebam tvoju pomoc, laptop mi se nece upaliti, pa sam napravila OTL.log u safe modu, pa molim te pogledaj

http://pastebin.com/nZCqS6Zw

ako imaš usb stik >formatiraj ga i uradi scan s Farbar Recovery Scan Tool
na ovom linku je sve detaljno opisano, a i s farbarom ćemo pogledati malo dublje u račaunalo i prije otkriti razlog zašto se ne diže u normal modeu
http://www.forum.hr/showpost.php?p=38715336&postcount=27

bellisima
25.05.2012., 17:54
Dobrota, nemam usb stick, ustvari imam, ali ne znam kad sam ga zadnji put koristila, ali cesto koristim vanjski disk, na kojem su mi filmovi, slike i ostalo.

bellisima
25.05.2012., 17:55
Da, htjela sam pitati da li da to napravim sa vanjskim diskom . . .

dobrota
25.05.2012., 18:03
Dobrota, nemam usb stick, ustvari imam, ali ne znam kad sam ga zadnji put koristila, ali cesto koristim vanjski disk, na kojem su mi filmovi, slike i ostalo.

ako imaš usb stick >bilo bi bolje s njim...dakle, stik najprije trebaš formatirati i nastavi dalje prema upustvima

ako ne možeš pronaći stik, odradi preko vanjskog diska..u tom slučaju nemoj formatirati :)

bellisima
25.05.2012., 20:13
Pokusla sam, ali u command promptu mi ne prepoznaje stik, odnosno F je dodjeljeno stiku, ali pise da ga ne prepoznaje. Nisam nista napravila, ali se ovaj put upalio laptop i radi.

dobrota
25.05.2012., 20:22
Pokusla sam, ali u command promptu mi ne prepoznaje stik, odnosno F je dodjeljeno stiku, ali pise da ga ne prepoznaje. Nisam nista napravila, ali se ovaj put upalio laptop i radi.

ajde dok radi probaj ovo

otvori OTL i u prazno polje kopiraj ovo

netsvcs
msconfig
safebootminimal
safebootnetwork
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\*.*
%windir%\ServiceProfiles\LocalService\AppData\Loca l\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Lo cal\Temp\*.*
%windir%\temp*.*
%windir%\system32\*.
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_MSIL\*.* /S /MD5
/md5start
smss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
explorer.exe
netbt.sys
ipsec.sys
hlp.dat
/md5stop

-klik na run scan
-log kopiraj

2.skini farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) i spremi na desktop

-sve označi i klik na scan
-log kopiraj

3.3.skini aswMBR (http://public.avast.com/~gmerek/aswMBR.htm) i spremi na desktop

-pokreni program klikom na start scan

-kad zavri scan klik na save log
-log kopiraj

bellisima
25.05.2012., 20:37
Avast mi ne da da otvorim OTL, odmah se zatvori, pa cu probati ovo drugo sto si napisao.

dobrota
25.05.2012., 20:40
Avast mi ne da da otvorim OTL, odmah se zatvori, pa cu probati ovo drugo sto si napisao.

isključi avast dok traje OTL scan, ili pogledaj u avast sandboxu i označi OTL kao trusted ili kako se već zove u avastu

bellisima
25.05.2012., 21:01
Ipak sam uspjela, evo OTL.log

http://pastebin.com/S7L9EtBW

bellisima
25.05.2012., 21:06
Evo farbar service scanner log

http://pastebin.com/AeEUTjT6

bellisima
25.05.2012., 21:25
Evo i aswMBR log

http://pastebin.com/giyvCj3e

dobrota
26.05.2012., 11:43
Ipak sam uspjela, evo OTL.log

http://pastebin.com/S7L9EtBW

otvori OTL i ovo kopiraj u prazno polje
:OTL
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE379
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

:Commands
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[Reboot]

klik na RUN FIX
-log kopiraj

2.skini comofix (http://www.bleepingcomputer.com/download/combofix/) i spremi na desktop
-isključi antivirus
-pokreni combofix i na sve što traži odovri potvrdno
-log kopiraj

bellisima
26.05.2012., 12:23
OTL. log

http://pastebin.com/uhWTsc93