MyCity » Ambulanta -> Arhiva Ambulante » Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

Napisano na dan: 15.9.2012

Strana:
1
2
3

Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

sake86 Poslao: 15 Sep 2012 20:57 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav! Evo imam nekih problema sa računalom, a tražeći rješenje online naletio sam na ove stranice. Vidim po nekim analizama da ste stvarno stručni pa vam se iz tog razloga i obraćam. Dakle radi se o sljedećem; Prije nekoliko dana sam bio u kopiraonici, nosio neke dokumente na printanje (USB stick). Tek par dana kasnije (btw. u tom vremenu sam koristio USB stick više puta) primjetio sam da su mi svi folderi na sticku "postali" aplikacije, tj. dobili su ekstenziju ".exe" i "težinu" 332kb. Mogu normalno ući u te "foldere" i koristiti sve što je u njima, ali se primijeti da malo sporije ulazi u njih. Na nesreću na ovom računalu nemam instaliran antivirus (ima samo Norton Security Scan, koliko sam uspio vidjeti), pa sam ubacio stick u drugo (XP-SP2) računalo gdje mi se vrti NOD32, i on mi je javio da su mi folderi zaraženi sranjem kojeg je on prepoznao kao "Win32/Spy.KeyLogger.NHI trojan". NOD32 nije ništa obrisao, samo je skenirao USB stick i javio log. Dakle, kao što sad već vjerojatno i pretpostavljate (jer vidim da je bilo sličnih upita na forumu) original folderi su sakriveni i ne prikazuju se (premda je opcija "show hidden files and folders" uključena), a prikazan je samo "[ime foldera].exe". Kreiranjem shortcut-a (na računalu) uspio sam ući u svaki od sakrivenih foldera i podatke koji su mi trebali prebaciti u nove foldere na sticku, a ove zaražene i nevidljive sam obrisao. NOD32 sken nakon toga pokazuje da nema zaraženih fajlova. Prebacim stick nazad u prvo računalo (Win7) i opet vidim isti problem, zatim ga vratim u XP računalo (sa AV-om) i vidim da se sve vratilo na staro stanje, isti folderi zaraženi itd. Tad sam shvatio da je cijelo Win7 računalo zaraženo tim sranjem. Vidim da su i drugi imali problema sa tim pa se spominju sljedeće lokacije kao kritične (zaražene), pa evo samo da kažem da je isti slučaj i kod mene: `C:\OptionalComponents\lsass.exe C:\Users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk = C:\configuration\configuration.exe` Veličina istih je također 332kb. Dakle, riječ je o: OS = 32-bit WIN7 veza = 4Mbit ADSL Slijedio sam upute za postavljanje LOG-ova, pa evo da ih i okačim; BITNA NAPOMENA: DDS log sam kreirao 14.9.2012., a nakon njega sam pokušao kreirati i GMER logove gdje su se javile neke greške (detaljnije ispod DDS loga). Dakle evo prvo DDS log i Attach: DDS report . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Matei at 11:27:20 on 2012-09-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.385.1033.18.2039.273 [GMT 2:00] . SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\System32\spoolsv.exe C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\windows\system32\svchost.exe -k WindowsMobile C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Users\Matei\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Program Files\BlazeVideo_zadnji\BlazeDTV 6.0\MediaDetector.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Matei\AppData\Local\Temp\DAT95D5.tmp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\OptionalComponents\lsass.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe C:\windows\system32\NOTEPAD.EXE C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = [Link mogu videti samo ulogovani korisnici] uDefault_Page_URL = [Link mogu videti samo ulogovani korisnici] mDefault_Page_URL = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyOverride = .local uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll uURLSearchHooks: ChatVibes.com Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - c:\program files\chatvibes.com\prxtbChat.dll uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\video download toolbar db toolbar\tbhelper.dll uURLSearchHooks: MRwinforlife Toolbar: {366ba2cd-bd9a-441f-8d60-e825281514c4} - c:\program files\mrwinforlife\tbMRwi.dll mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll mURLSearchHooks: ChatVibes.com Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - c:\program files\chatvibes.com\prxtbChat.dll mURLSearchHooks: MRwinforlife Toolbar: {366ba2cd-bd9a-441f-8d60-e825281514c4} - c:\program files\mrwinforlife\tbMRwi.dll BHO: bflix Class: {0c9f4179-6ce2-4c6a-a3e5-67ff3592a12e} - c:\program files\bflix\BFlix.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: MRwinforlife Toolbar: {366ba2cd-bd9a-441f-8d60-e825281514c4} - c:\program files\mrwinforlife\tbMRwi.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - c:\progra~1\funmoods\1.5.23.22\bh\escort.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ChatVibes.com Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - c:\program files\chatvibes.com\prxtbChat.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\video download toolbar db toolbar\tbcore3.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: ChatVibes.com Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - c:\program files\chatvibes.com\prxtbChat.dll TB: Video Download Toolbar DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\video download toolbar db toolbar\tbcore3.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll TB: MRwinforlife Toolbar: {366ba2cd-bd9a-441f-8d60-e825281514c4} - c:\program files\mrwinforlife\tbMRwi.dll TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - c:\progra~1\funmoods\1.5.23.22\escorTlbr.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [googletalk] c:\users\matei\appdata\roaming\google\google talk\googletalk.exe /autostart uRun: [Google Update] "c:\users\matei\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [Magic Tree] c:\users\matei\appdata\local\temp\rar$ex04.311\MagicTree.exe uRun: [BlazeServoTool] "c:\program files\blazevideo_zadnji\blazedtv 6.0\MediaDetector.exe" uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [DAT95D5.tmp.exe] c:\users\matei\appdata\local\temp\DAT95D5.tmp.exe uRun: [<NO NAME>] uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iWearMonitor] "c:\program files\vuzix corporation\iwear vr920\iWearTaskBar.exe" -Startup mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [syshost32] c:\windows\installer\{651f552b-24e2-9513-a789-6b24873745a3}\syshost.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\matei\appdata\roaming\micros~1\windows\startm~1\programs\startup\config~1.lnk - c:\configuration\configuration.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\matei\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\ Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7EA85F30-BA75-4389-908A-DF85D20C2607} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\148656C6 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\4586F6D637F6E6645314548314 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\D41657E61602E4564777F627B60294E636E2 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\E4F667F6762716469637B6165373 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{F86E513A-5496-4C24-B2FD-CB8A0CE3738E} : DhcpNameServer = 192.168.2.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\matei\appdata\roaming\mozilla\firefox\profiles\sz37guy9.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\matei\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\matei\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.BabylonToolbar_i.hardId - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:12:22 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.incredibar_i.id - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.incredibar_i.hardId - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.incredibar_i.instlDay - 15349 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:43:29 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OypnqRJNq FF - user.js: extensions.incredibar_i.upn2n - 92260700927374084 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10606 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.tlbrSrchUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.id - D8D38515D6C7D71B FF - user.js: extensions.funmoods.instlDay - 15543 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:39:56 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - nv1 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - nv1 FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-29 218688] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-7-12 81920] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-14 635416] R2 Realtek87B;Realtek87B;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2012-1-11 40960] R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-19 2984832] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-12 29472] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-1-14 228408] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-7-12 862208] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-20 313856] S1 hpipppqh;hpipppqh;c:\windows\system32\drivers\hpipppqh.sys [2012-9-5 43600] S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-14 214024] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-16 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-12-4 23456] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-12-6 201168] S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-16 136176] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-12-6 101120] S3 IT9135BDA;WinFast DTV Dongle Dual Devices;c:\windows\system32\drivers\IT9135BDA.sys [2010-12-19 123008] S3 iwrstreo;WDF Driver for Vuzix VR920;c:\windows\system32\drivers\iwrstreo.sys [2012-1-12 9728] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-14 79816] S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-14 35272] S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-14 34248] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 114144] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2012-1-11 375808] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-17 1343400] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-7-23 114688] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-7-23 105088] . =============== Created Last 30 ================ . 2012-09-05 09:38:51 43600 ----a-w- c:\windows\system32\drivers\hpipppqh.sys 2012-09-05 09:24:28 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84729da0-9cf8-4767-afbb-23d006d75d79}\offreg.dll 2012-09-05 09:22:48 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84729da0-9cf8-4767-afbb-23d006d75d79}\mpengine.dll 2012-09-04 07:37:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-04 07:35:49 -------- d-----w- c:\users\matei\appdata\roaming\SpeedyPC Software 2012-09-04 07:35:49 -------- d-----w- c:\users\matei\appdata\roaming\DriverCure 2012-09-04 07:35:18 -------- d-----w- c:\programdata\SpeedyPC Software 2012-09-01 08:31:40 -------- d-----w- C:\games 2012-08-31 07:42:59 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-08-28 13:25:54 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2012-08-28 13:25:54 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2012-08-28 13:25:54 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2012-08-28 13:22:54 -------- d-----w- C:\Riot Games 2012-08-28 09:14:55 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-08-28 09:14:55 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-08-28 08:55:22 -------- d-----w- c:\users\matei\appdata\local\PMB Files 2012-08-28 08:55:18 -------- d-----w- c:\programdata\PMB Files 2012-08-28 08:54:47 -------- d-----w- c:\program files\Pando Networks 2012-08-23 18:19:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-17 01:11:29 927504 ----a-w- c:\users\matei\appdata\roaming\mfc40u.dll 2012-08-17 01:11:29 499712 ----a-w- c:\users\matei\appdata\roaming\msvcp71.dll 2012-08-17 01:11:29 401462 ----a-w- c:\users\matei\appdata\roaming\msvcp60.dll 2012-08-17 01:11:29 348160 ----a-w- c:\users\matei\appdata\roaming\msvcr71.dll 2012-08-17 01:11:29 151552 ----a-w- c:\users\matei\appdata\roaming\XMessageBox.dll 2012-08-17 01:11:29 1060864 ----a-w- c:\users\matei\appdata\roaming\mfc71.dll 2012-08-17 01:11:29 1047552 ----a-w- c:\users\matei\appdata\roaming\MFC71u.dll 2012-08-17 01:11:29 1007616 ----a-w- c:\users\matei\appdata\roaming\LiveUpdate.exe 2012-08-17 01:11:29 -------- d-----w- c:\users\matei\appdata\roaming\log 2012-08-16 16:19:47 -------- d-----w- c:\users\matei\appdata\local\Unity . ==================== Find3M ==================== . 2012-09-04 07:37:45 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-15 00:05:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 00:05:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 11:29:06,77 =============== ATTACH.txt [Link mogu videti samo ulogovani korisnici] Kao što rekoh, kad sam pokrenuo GMER, bacio je jednu od onih grešaka (0x000nešto) ali normalno se pokrenuo. Dobio sam Gmer1 log, i evo ga ovdje: [Link mogu videti samo ulogovani korisnici] Nakon toga sam kreirao i Gmer2 log, i evo ga ovdje: [Link mogu videti samo ulogovani korisnici] Kad sam pokušao kreirati Gmer3 log jednostavno opcija SCAN nije radila, tj. ništa se nije događalo. Upute kažu da, ako GMER ne radi, treba koristiti RootRepeal, pa sam tako i napravio. Međutim pokretanjem njega opet se javilo nekoliko tih istih(ili sličnih) errora (0x000nešto), i nisam mogao dobiti logove. Odlučio sam napraviti restart laptopa, pa krenuti sve ispočetka. Pri bootanju windowsa pojavila se greška "Windows failed to load because a critical system driver is missing or corrupt." Radi se o fajlu: "\windows\system32\Drivers\73fea73ece5f671b.sys" (status: 0xc0000098). Pokušao sam odraditi repair windows-a no neuspješno, nakon toga system restore to an earlier time, ali ni to nije uspjelo jer je navodno omogućen anitivirus pa ga ometa. Bio mi je sumnjiv taj fajl "73fea73ece5f671b.sys", proguglao sam ga, nisam ništa pronašao pa sam pogledao na još dva različita računala u njihove windows\system32\drivers" foldere i vidio da kod njih nema takvog fajla uopće u tim folderima (ostali su više manje slični). Zatim sam kreirao bootabilni winXP (na drugi USB stick) te pomoću njega taj fajl "73fea73ece5f671b.sys" maknuo u drugi folder, te se windows nakon toga normalno bootao (fajl nisam brisao, ako bude trebao kasnije). Ulogirao sam se u windows te odmah pokrenuo GMER, nije javljao nikakve greške ovaj put ali mi pri pokušaju da dobijem friški Gmer1 log laptop totalno zamrzne u pola posla. Pokušao dvaput i opet isto. Laptop inače sve druge stvari radi sasvim normalno. Također ne radi ni RootRepeal, opet baca one iste greške kao i prije. Zato sam odlučio kreirati Gmer2 log, stavio sam mu ime "Gmer2drugi" i evo ga ovdje: [Link mogu videti samo ulogovani korisnici] Nakon toga normalno sam dobio i Gmer3 log, on je ovdje: [Link mogu videti samo ulogovani korisnici] Evo, mislim da nisam nikad duži post na forumu ostavio Eto, pomagajte ako ikako možete Unaprijed HVALA

Profil

argus Poslao: 15 Sep 2012 22:04 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	1Ovo se svidja korisniku: TwinHeadedEagle Registruj se da bi pohvalio/la poruku! Pozdrav i dobrodosao u Ambulantu. Molicu te da striktno pratis moja uputstva i da ne prikljucujes USB stick dok ti ja ne kazem. Kad zavrsimo ciscenje instaliraces Antivirus. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: 1. deaktiviraj zaštitni softver (uputstvo); 2. zatvori pokrenute programe; 3. dvoklikom pokreni program ComboFix; 4. u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: 1. klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; 2. klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; 3. klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

sake86 Poslao: 16 Sep 2012 00:04 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav još jednom i hvala na odgovoru! Stanje je ovakvo - nakon skeniranja Combofix je izbacio ovo: [Link mogu videti samo ulogovani korisnici] Neznam da li je ovo način na koji radi ComboFix i dio dijagnostike ( ), ali sam primjetio da sada ne mogu pokrenuti niti jednu aplikaciju na računalu - npr. pri pokretanju browsera kaže mi: `C:\Program Files\Internet Explorer\iexplore.exe Illegal operation attempted on a registry key that has been marked for deletion.` Trenutno ne mogu pokrenuti niti jednu aplikaciju, dakle čak ni notepad, winrar ni bilo što drugo Što da radim ComboFix 12-09-15.02 - Matei 5.09.2012. 23:13:29.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.385.1033.18.2039.900 [GMT 2:00] Running from: c:\users\Matei\Desktop\ComboFix.exe SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\BFlix\BFLIx.dll c:\program files\HBLite c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll c:\program files\ShoppingReport2 c:\program files\ShoppingReport2\Uninst.exe c:\program files\Video Download Toolbar DB Toolbar\tbHElper.dll c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 c:\programdata\HBLiteSA c:\programdata\HBLiteSA\HBLiteSA.dat c:\programdata\HBLiteSA\HBLiteSA_kyf.dat c:\programdata\HBLiteSA\HBLiteSAAbout.mht c:\programdata\HBLiteSA\HBLiteSAau.dat c:\programdata\HBLiteSA\HBLiteSAEULA.mht c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk c:\users\Matei\AppData\Local\Minibar c:\users\Matei\AppData\Local\Minibar\chrome\background.html c:\users\Matei\AppData\Local\Minibar\chrome\cached_http_request.js c:\users\Matei\AppData\Local\Minibar\chrome\extension_info.json c:\users\Matei\AppData\Local\Minibar\chrome\icons\icon128.png c:\users\Matei\AppData\Local\Minibar\chrome\icons\icon19.png c:\users\Matei\AppData\Local\Minibar\chrome\icons\icon32.png c:\users\Matei\AppData\Local\Minibar\chrome\icons\icon48.png c:\users\Matei\AppData\Local\Minibar\chrome\includes\content.js c:\users\Matei\AppData\Local\Minibar\chrome\includes\content_kango.js c:\users\Matei\AppData\Local\Minibar\chrome\includes\content_messaging.js c:\users\Matei\AppData\Local\Minibar\chrome\includes\content_userscript.js c:\users\Matei\AppData\Local\Minibar\chrome\kango-ui\button.js c:\users\Matei\AppData\Local\Minibar\chrome\kango-ui\ui.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\browser.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\console.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\event_listener.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\initialize.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\io.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\jsonstorage.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\kango.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\lang.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\messaging.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\userscript_engine.js c:\users\Matei\AppData\Local\Minibar\chrome\kango\xhr.js c:\users\Matei\AppData\Local\Minibar\chrome\main.js c:\users\Matei\AppData\Local\Minibar\chrome\manifest.json c:\users\Matei\AppData\Local\Minibar\chrome\minibar\actions.js c:\users\Matei\AppData\Local\Minibar\chrome\minibar\cachedxhr.js c:\users\Matei\AppData\Local\Minibar\chrome\minibar\config.js c:\users\Matei\AppData\Local\Minibar\chrome\minibar\macros.js c:\users\Matei\AppData\Local\Minibar\chrome\minibar\minibar.js c:\users\Matei\AppData\Local\Minibar\chrome\popup.html c:\users\Matei\AppData\Local\Minibar\chrome\popup.js c:\users\Matei\AppData\Local\Minibar\chrome\tab.html c:\users\Matei\AppData\Local\Minibar\chrome\tab.js c:\users\Matei\AppData\Local\Minibar\chrome_installer.js c:\users\Matei\AppData\Local\Minibar\common.js c:\users\Matei\AppData\Local\Minibar\install.json c:\users\Matei\AppData\Local\Minibar\minibar.crx c:\users\Matei\AppData\Local\Minibar\sqlite3.exe c:\users\Matei\AppData\Local\Minibar\Uninstall.exe c:\users\Matei\AppData\Local\Temp\DAT95D5.tmp.exe c:\users\Matei\AppData\Roaming\addDefaultValueForDevicePathKey.reg c:\users\Matei\AppData\Roaming\HBLite c:\users\Matei\AppData\Roaming\mfc40u.dll c:\users\Matei\AppData\Roaming\mfc71.dll c:\users\Matei\AppData\Roaming\MFC71u.dll c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\chrome.manifest c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\loader.xul c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\install.rdf c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf c:\users\Matei\AppData\Roaming\msvcp60.dll c:\users\Matei\AppData\Roaming\msvcp71.dll c:\users\Matei\AppData\Roaming\msvcr71.dll c:\users\Matei\AppData\Roaming\XMessageBox.dll c:\windows\Installer\{651F552B-24E2-9513-A789-6B24873745A3}\syshost.exe c:\windows\system32\AF15BDAEX.dll . . ((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 ))))))))))))))))))))))))))))))) . . 2012-09-15 21:22 . 2012-09-15 21:22 -------- d-----w- c:\users\luckystar894\AppData\Local\temp 2012-09-15 21:22 . 2012-09-15 21:22 -------- d-----w- c:\users\ferrosaly\AppData\Local\temp 2012-09-15 21:22 . 2012-09-15 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-15 18:05 . 2012-09-15 18:10 -------- d-----w- C:\file iz windows foldera 2012-09-15 17:03 . 2012-09-15 17:03 -------- dc----w- c:\users\Matei\AppData\Local\MigWiz 2012-09-05 09:38 . 2012-09-05 09:38 43600 ----a-w- c:\windows\system32\drivers\hpipppqh.sys 2012-09-05 09:24 . 2012-09-15 17:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\offreg.dll 2012-09-05 09:22 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\mpengine.dll 2012-09-04 07:37 . 2012-09-04 07:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\SpeedyPC Software 2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\DriverCure 2012-09-04 07:35 . 2012-09-14 06:38 -------- d-----w- c:\programdata\SpeedyPC Software 2012-09-01 08:31 . 2012-09-01 08:31 -------- d-----w- C:\games 2012-08-31 07:42 . 2012-08-31 07:42 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-28 13:25 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2012-08-28 13:25 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2012-08-28 13:25 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2012-08-28 13:22 . 2012-08-28 13:33 -------- d-----w- C:\Riot Games 2012-08-28 09:14 . 2012-08-28 09:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-08-28 09:14 . 2012-08-28 09:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-08-28 08:55 . 2012-08-28 09:26 -------- d-----w- c:\users\Matei\AppData\Local\PMB Files 2012-08-28 08:55 . 2012-08-28 08:55 -------- d-----w- c:\programdata\PMB Files 2012-08-28 08:54 . 2012-08-28 08:54 -------- d-----w- c:\program files\Pando Networks 2012-08-23 18:19 . 2012-08-23 18:19 -------- d-----w- c:\program files\Common Files\Java 2012-08-23 18:19 . 2012-09-04 07:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-17 01:11 . 2012-08-17 01:11 -------- d-----w- c:\users\Matei\AppData\Roaming\log 2012-08-17 01:11 . 2009-12-31 13:12 1007616 ----a-w- c:\users\Matei\AppData\Roaming\LiveUpdate.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-04 07:37 . 2010-07-12 21:47 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-15 00:05 . 2012-03-30 14:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 00:05 . 2012-01-03 09:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-31 07:42 . 2011-11-25 22:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] "{c34bfb11-eff0-4123-a7a5-79051ef24cf5}"= "c:\program files\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936] "{366ba2cd-bd9a-441f-8d60-e825281514c4}"= "c:\program files\MRwinforlife\tbMRwi.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}] . [HKEY_CLASSES_ROOT\clsid\{366ba2cd-bd9a-441f-8d60-e825281514c4}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{366ba2cd-bd9a-441f-8d60-e825281514c4}] 2009-12-31 09:53 2349080 ----a-w- c:\program files\MRwinforlife\tbMRwi.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}] 2011-05-09 09:49 176936 ----a-w- c:\program files\ChatVibes.com\prxtbChat.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] "{c34bfb11-eff0-4123-a7a5-79051ef24cf5}"= "c:\program files\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936] "{366ba2cd-bd9a-441f-8d60-e825281514c4}"= "c:\program files\MRwinforlife\tbMRwi.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}] . [HKEY_CLASSES_ROOT\clsid\{366ba2cd-bd9a-441f-8d60-e825281514c4}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184] "{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] "{C34BFB11-EFF0-4123-A7A5-79051EF24CF5}"= "c:\program files\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "googletalk"="c:\users\Matei\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "BlazeServoTool"="c:\program files\BlazeVideo_zadnji\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-27 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "iWearMonitor"="c:\program files\Vuzix Corporation\iWear VR920\iWearTaskBar.exe" [2008-11-24 591144] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-23 296056] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\bluetrainstreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\bluetrainstreet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\users\ferrosaly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ configuration.lnk - c:\configuration\configuration.exe [2012-7-6 340339] Dropbox.lnk - c:\users\ferrosaly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192] . c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ configuration.lnk - c:\configuration\configuration.exe [2012-7-6 340339] Dropbox.lnk - c:\users\luckystar894\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ configuration.lnk - c:\configuration\configuration.exe [2012-7-6 340339] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Connect Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk backup=c:\windows\pss\Connect Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk] path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk] path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk backup=c:\windows\pss\RollerCoaster Tycoon 3_ Wild Registration.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-06-17 20:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-06-02 10:34 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] 2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe . R2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R3 IT9135BDA;WinFast DTV Dongle Dual Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x] R3 iwrstreo;WDF Driver for Vuzix VR920;c:\windows\system32\Drivers\iwrstreo.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x] S2 Realtek87B;Realtek87B;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . --- Other Services/Drivers In Memory --- . NewlyCreated - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:05] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36] . 2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001Core1cd08588542983b.job - c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001UA1cd0858863008f5.job - c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08] . 2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007Core.job - c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007UA.job - c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55] . 2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008Core.job - c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008UA.job - c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56] . 2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009Core.job - c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009UA.job - c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16] . 2012-08-21 c:\windows\Tasks\HPCeeScheduleForMatei.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15] . 2012-09-13 c:\windows\Tasks\Norton Security Scan for Matei.job - c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-20 09:45] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\Matei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\ Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.BabylonToolbar_i.hardId - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:12 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.incredibar_i.id - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.incredibar_i.hardId - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.incredibar_i.instlDay - 15349 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:43 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OypnqRJNq FF - user.js: extensions.incredibar_i.upn2n - 92260700927374084 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10606 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.tlbrSrchUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.id - D8D38515D6C7D71B FF - user.js: extensions.funmoods.instlDay - 15543 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:39 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - nv1 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - nv1 FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM-Run-NortonOnlineBackupReminder - c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe HKLM-Run-syshost32 - c:\windows\Installer\{651F552B-24E2-9513-A789-6B24873745A3}\syshost.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe MSConfigStartUp-HW_OPENEYE_OUC_ - c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe AddRemove-FrostWire - c:\program files\FrostWire\Uninstall.exe AddRemove-LSI Soft Modem - c:\windows\agrsmdel AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe AddRemove-{B3942F58-363E-4475-92E8-EB660BE25526}_is1 - c:\program files\StuntMANIA\unins000.exe AddRemove-2085422930.desktoptv.spb.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1368) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\IDT\WDM\STacSV.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-09-15 23:29:41 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-15 21:29 . Pre-Run: 28.548.698.112 bytes free Post-Run: 30.341.251.072 bytes free . - - End Of File - - B882F1AF6D8D7B5AD91F1C9E2C58CFB1

Profil

argus Poslao: 16 Sep 2012 00:05 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	1Ovo se svidja korisniku: ThePhilosopher Registruj se da bi pohvalio/la poruku! Samo restartuj racunar i sve ce biti u redu. U medjuvrtemenu deinstaliraj sledece: 1ClickDownloader Babylon toolbar on IE BFlix BitTorrentBar Toolbar ChatVibes.com Toolbar Conduit Engine DAEMON Tools Toolbar Driver Detective DriverAgent by eSupport.com DVDVideoSoftTB Toolbar Error Repair Tool 3.00 McAfee Security Scan Plus MRwinforlife Toolbar Norton Online Backup Norton Security Scan

Profil

sake86 Poslao: 16 Sep 2012 00:09 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, komp sam resetirao i sad je sve u redu, kako si i rekao Što dalje? Čekam upute...

Profil

Sass Drake Poslao: 16 Sep 2012 00:54 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Ukoliko nisi već deinstalirao programe sa spiska koji ti je argus dao, uradi sljedeće. Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe ako ti ne trebaju: 1ClickDownloader Babylon toolbar on IE BFlix BitTorrentBar Toolbar ChatVibes.com Toolbar Conduit Engine DAEMON Tools Toolbar Driver Detective DriverAgent by eSupport.com DVDVideoSoftTB Toolbar Error Repair Tool 3.00 McAfee Security Scan Plus MRwinforlife Toolbar Norton Online Backup Norton Security Scan Korak 2 Otvori Notepad i iskopiraj sljedeći tekst: Driver:: hpipppqh File:: c:\windows\system32\drivers\hpipppqh.sys c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk Folder:: c:\configuration c:\windows\Installer\{651F552B-24E2-9513-A789-6B24873745A3} RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sljedećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja. Korak 3 Spakuj u ZIP, RAR ili 7Z arhivu sljedeće foldere: C:\Qoobox C:\file iz windows foldera i pošalji ga preko sljedećeg linka: [Link mogu videti samo ulogovani korisnici] Javi kada to uradiš i sačekaj dalja uputstva.

Profil

sake86 Poslao: 16 Sep 2012 01:44 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo, deinstalirao sve osim "Norton Online Backup", kaže "There si a problem with this Windows Installer package. A program run as a part of the setup did not finish as expected. Contact your support personnel or package vendor." Bilo kako bilo, nastavio sam dalje i evo traženih rezultata: KORAK 2 log nakon čišćenja/skeniranja: [Link mogu videti samo ulogovani korisnici] ComboFix 12-09-15.02 - Matei 6.09.2012. 1:14.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.385.1033.18.2039.1059 [GMT 2:00] Running from: c:\users\Matei\Desktop\ComboFix.exe Command switches used :: c:\users\Matei\Desktop\CFScript.txt SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" "c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" "c:\windows\system32\drivers\hpipppqh.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\configuration c:\configuration\configuration.exe c:\windows\Installer\{651F552B-24E2-9513-A789-6B24873745A3} . . ((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 ))))))))))))))))))))))))))))))) . . 2012-09-15 23:24 . 2012-09-15 23:24 -------- d-----w- c:\users\luckystar894\AppData\Local\temp 2012-09-15 23:24 . 2012-09-15 23:24 -------- d-----w- c:\users\ferrosaly\AppData\Local\temp 2012-09-15 23:24 . 2012-09-15 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-15 23:24 . 2012-09-15 23:24 -------- d-----w- c:\users\bluetrainstreet\AppData\Local\temp 2012-09-15 18:05 . 2012-09-15 18:10 -------- d-----w- C:\file iz windows foldera 2012-09-15 17:03 . 2012-09-15 17:03 -------- dc----w- c:\users\Matei\AppData\Local\MigWiz 2012-09-05 09:38 . 2012-09-05 09:38 43600 ----a-w- c:\windows\system32\drivers\hpipppqh.sys 2012-09-05 09:24 . 2012-09-15 17:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\offreg.dll 2012-09-05 09:22 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\mpengine.dll 2012-09-04 07:37 . 2012-09-04 07:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\SpeedyPC Software 2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\DriverCure 2012-09-04 07:35 . 2012-09-14 06:38 -------- d-----w- c:\programdata\SpeedyPC Software 2012-09-01 08:31 . 2012-09-01 08:31 -------- d-----w- C:\games 2012-08-31 07:42 . 2012-08-31 07:42 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-28 13:25 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2012-08-28 13:25 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2012-08-28 13:25 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2012-08-28 13:22 . 2012-08-28 13:33 -------- d-----w- C:\Riot Games 2012-08-28 09:14 . 2012-08-28 09:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-08-28 09:14 . 2012-08-28 09:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-08-28 08:55 . 2012-08-28 09:26 -------- d-----w- c:\users\Matei\AppData\Local\PMB Files 2012-08-28 08:55 . 2012-08-28 08:55 -------- d-----w- c:\programdata\PMB Files 2012-08-28 08:54 . 2012-08-28 08:54 -------- d-----w- c:\program files\Pando Networks 2012-08-23 18:19 . 2012-08-23 18:19 -------- d-----w- c:\program files\Common Files\Java 2012-08-23 18:19 . 2012-09-04 07:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-17 01:11 . 2012-08-17 01:11 -------- d-----w- c:\users\Matei\AppData\Roaming\log 2012-08-17 01:11 . 2009-12-31 13:12 1007616 ----a-w- c:\users\Matei\AppData\Roaming\LiveUpdate.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-04 07:37 . 2010-07-12 21:47 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-15 00:05 . 2012-03-30 14:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 00:05 . 2012-01-03 09:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-31 07:42 . 2011-11-25 22:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "googletalk"="c:\users\Matei\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "BlazeServoTool"="c:\program files\BlazeVideo_zadnji\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-27 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "iWearMonitor"="c:\program files\Vuzix Corporation\iWear VR920\iWearTaskBar.exe" [2008-11-24 591144] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-23 296056] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\bluetrainstreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\bluetrainstreet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\users\ferrosaly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ configuration.lnk - c:\configuration\configuration.exe [N/A] Dropbox.lnk - c:\users\ferrosaly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192] . c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ configuration.lnk - c:\configuration\configuration.exe [N/A] Dropbox.lnk - c:\users\luckystar894\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ configuration.lnk - c:\configuration\configuration.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Connect Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk backup=c:\windows\pss\Connect Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk] path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk] path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk backup=c:\windows\pss\RollerCoaster Tycoon 3_ Wild Registration.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-06-17 20:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-06-02 10:34 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] 2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:05] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36] . 2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001Core1cd08588542983b.job - c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001UA1cd0858863008f5.job - c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08] . 2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007Core.job - c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007UA.job - c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55] . 2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008Core.job - c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008UA.job - c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56] . 2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009Core.job - c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16] . 2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009UA.job - c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16] . 2012-08-21 c:\windows\Tasks\HPCeeScheduleForMatei.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\Matei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\ Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.BabylonToolbar_i.hardId - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:12 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.incredibar_i.id - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.incredibar_i.hardId - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.incredibar_i.instlDay - 15349 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:43 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OypnqRJNq FF - user.js: extensions.incredibar_i.upn2n - 92260700927374084 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10606 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.tlbrSrchUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.id - D8D38515D6C7D71B FF - user.js: extensions.funmoods.instlDay - 15543 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:39 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - nv1 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - nv1 FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) URLSearchHooks-{c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - (no file) AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe AddRemove-BFlix - c:\program files\BFlix\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-16 01:26:35 ComboFix-quarantined-files.txt 2012-09-15 23:26 ComboFix2.txt 2012-09-15 21:29 . Pre-Run: 30.553.473.024 bytes free Post-Run: 30.369.181.696 bytes free . - - End Of File - - 203977CED664BDE993D6D18B0EE3AA3B KORAK 3 zaRARani fajlovi su uspješno uploadani pod nazivom "Korak3.rar"

Profil

Sass Drake Poslao: 16 Sep 2012 02:39 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: `Drivers to delete: hpipppqh Files to delete: c:\windows\system32\drivers\hpipppqh.sys c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk` Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu. Korak 2 Ponovo pokreni ComboFix i postavi njegov izvještaj. Korak 3 Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Search. Kada program završi analizu otvoriće se Notepad sa izvještajem. Kopiraj sadržaj tog izvještaja u temu. Napomena: Izvještaj ce takođe biti sačuvan na C:\AdwCleaner[R1].txt

Profil

sake86 Poslao: 16 Sep 2012 16:01 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! KORAK 1 - avenger log Logfile of The Avenger Version 2.0, (c) by Swandog46 [Link mogu videti samo ulogovani korisnici] Platform: Windows Vista ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\hpipppqh" not found! Deletion of driver "hpipppqh" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "c:\windows\system32\drivers\hpipppqh.sys" deleted successfully. File "c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" deleted successfully. File "c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" deleted successfully. Completed script processing. ***************** Finished! Terminate. KORAK 2 - ComboFix log ComboFix 12-09-15.02 - Matei 6.09.2012. 15:31:54.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.385.1033.18.2039.990 [GMT 2:00] Running from: c:\users\Matei\Desktop\ComboFix.exe SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))))) . . 2012-09-16 13:42 . 2012-09-16 13:42 -------- d-----w- c:\users\luckystar894\AppData\Local\temp 2012-09-16 13:42 . 2012-09-16 13:42 -------- d-----w- c:\users\ferrosaly\AppData\Local\temp 2012-09-16 13:42 . 2012-09-16 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-16 13:42 . 2012-09-16 13:42 -------- d-----w- c:\users\bluetrainstreet\AppData\Local\temp 2012-09-15 18:05 . 2012-09-15 18:10 -------- d-----w- C:\file iz windows foldera 2012-09-15 17:03 . 2012-09-15 17:03 -------- dc----w- c:\users\Matei\AppData\Local\MigWiz 2012-09-05 09:24 . 2012-09-15 17:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\offreg.dll 2012-09-05 09:22 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\mpengine.dll 2012-09-04 07:37 . 2012-09-04 07:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\SpeedyPC Software 2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\DriverCure 2012-09-04 07:35 . 2012-09-14 06:38 -------- d-----w- c:\programdata\SpeedyPC Software 2012-09-01 08:31 . 2012-09-01 08:31 -------- d-----w- C:\games 2012-08-31 07:42 . 2012-08-31 07:42 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-28 13:25 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2012-08-28 13:25 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2012-08-28 13:25 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2012-08-28 13:22 . 2012-08-28 13:33 -------- d-----w- C:\Riot Games 2012-08-28 09:14 . 2012-08-28 09:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-08-28 09:14 . 2012-08-28 09:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-08-28 08:55 . 2012-08-28 09:26 -------- d-----w- c:\users\Matei\AppData\Local\PMB Files 2012-08-28 08:55 . 2012-08-28 08:55 -------- d-----w- c:\programdata\PMB Files 2012-08-28 08:54 . 2012-08-28 08:54 -------- d-----w- c:\program files\Pando Networks 2012-08-23 18:19 . 2012-08-23 18:19 -------- d-----w- c:\program files\Common Files\Java 2012-08-23 18:19 . 2012-09-04 07:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-04 07:37 . 2010-07-12 21:47 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-15 00:05 . 2012-03-30 14:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 00:05 . 2012-01-03 09:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-31 07:42 . 2011-11-25 22:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "googletalk"="c:\users\Matei\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "BlazeServoTool"="c:\program files\BlazeVideo_zadnji\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-27 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "iWearMonitor"="c:\program files\Vuzix Corporation\iWear VR920\iWearTaskBar.exe" [2008-11-24 591144] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-23 296056] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\bluetrainstreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\bluetrainstreet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\users\ferrosaly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ configuration.lnk - c:\configuration\configuration.exe [N/A] Dropbox.lnk - c:\users\ferrosaly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192] . c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\luckystar894\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Connect Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk backup=c:\windows\pss\Connect Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk] path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk] path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk backup=c:\windows\pss\RollerCoaster Tycoon 3_ Wild Registration.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-06-17 20:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-06-02 10:34 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] 2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe . R2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R3 IT9135BDA;WinFast DTV Dongle Dual Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x] R3 iwrstreo;WDF Driver for Vuzix VR920;c:\windows\system32\Drivers\iwrstreo.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x] S2 Realtek87B;Realtek87B;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:05] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001Core1cd08588542983b.job - c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001UA1cd0858863008f5.job - c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007Core.job - c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007UA.job - c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008Core.job - c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008UA.job - c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009Core.job - c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009UA.job - c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16] . 2012-08-21 c:\windows\Tasks\HPCeeScheduleForMatei.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\Matei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\ Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.BabylonToolbar_i.hardId - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:12 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.incredibar_i.id - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.incredibar_i.hardId - 9e16d71b000000000000701a04fa5b25 FF - user.js: extensions.incredibar_i.instlDay - 15349 FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:43 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OypnqRJNq FF - user.js: extensions.incredibar_i.upn2n - 92260700927374084 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10606 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.tlbrSrchUrl - [Link mogu videti samo ulogovani korisnici] FF - user.js: extensions.funmoods.id - D8D38515D6C7D71B FF - user.js: extensions.funmoods.instlDay - 15543 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:39 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - nv1 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - nv1 FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5604) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll . Completion time: 2012-09-16 15:44:05 ComboFix-quarantined-files.txt 2012-09-16 13:44 ComboFix2.txt 2012-09-15 21:29 . Pre-Run: 29.994.635.264 bytes free Post-Run: 29.978.710.016 bytes free . - - End Of File - - D1E5C33DB5D05FD8BD4B212C6DC4197E KORAK 3 - AdwCleaner log # AdwCleaner v2.001 - Logfile created 09/16/2012 at 15:51:24 # Updated 09/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Matei - MATEI-HP # Boot Mode : Normal # Running from : C:\Users\Matei\Desktop\adwcleaner.exe # Option [Search] *** [Services] * * [Files / Folders] * File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\user.js File Found : C:\Users\Matei\AppData\Local\funmoods.crx File Found : C:\Users\Matei\AppData\Local\funmoods-speeddial.crx File Found : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\searchplugins\MyStart Search.xml File Found : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\searchplugins\search.xml Folder Found : C:\Program Files\DAEMON Tools Toolbar Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Premium Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\Conduit Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\PriceGong Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\ferrosaly\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\ferrosaly\AppData\LocalLow\Conduit Folder Found : C:\Users\ferrosaly\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\ferrosaly\AppData\LocalLow\PriceGong Folder Found : C:\Users\ferrosaly\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\luckystar894\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\luckystar894\AppData\LocalLow\Conduit Folder Found : C:\Users\luckystar894\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\luckystar894\AppData\LocalLow\PriceGong Folder Found : C:\Users\luckystar894\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\Matei\AppData\Local\Babylon Folder Found : C:\Users\Matei\AppData\Local\bearshare Folder Found : C:\Users\Matei\AppData\Local\Conduit Folder Found : C:\Users\Matei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Folder Found : C:\Users\Matei\AppData\LocalLow\Conduit Folder Found : C:\Users\Matei\AppData\LocalLow\ShoppingReport2 Folder Found : C:\Users\Matei\AppData\LocalLow\Toolbar4 Folder Found : C:\Users\Matei\AppData\Roaming\Babylon Folder Found : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} * [Registry] * Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2 Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKCU\Software\SMTTB2009 Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Somoto Toolbar Key Found : HKCU\Software\SweetIm Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\f Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Found : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand.1 Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl.1 Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2455325 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3080215 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Found : HKLM\Software\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Found : HKLM\Software\Minibar Key Found : HKLM\Software\QuestScan Key Found : HKLM\SOFTWARE\Software Key Found : HKLM\Software\SweetIm Key Found : HKU\S-1-5-21-3642603568-148322541-961638693-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-3642603568-148322541-961638693-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Key Found : HKU\S-1-5-21-3642603568-148322541-961638693-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Key Found : HKU\S-1-5-21-3642603568-148322541-961638693-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [hblite@hblite.com] * [Internet Browsers] * -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = [Link mogu videti samo ulogovani korisnici] -\\ Mozilla Firefox v15.0 (en-US) Profile name : default File : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\prefs.js Found : user_pref("backup.old.browser.search.defaultenginename", "MyStart Search"); Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100995"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "9e16d71b000000000000701a04fa5b25"); Found : user_pref("extensions.BabylonToolbar_i.id", "9e16d71b000000000000701a04fa5b25"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15344"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100995&babsrc=NT_s[...] Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:12:22"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Found : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,info@thebflix.com:1.1,{972ce4c6-7e[...] Found : user_pref("extensions.funmoods.aflt", "nv1"); Found : user_pref("extensions.funmoods.autoRvrt", false); Found : user_pref("extensions.funmoods.cntry", "HR"); Found : user_pref("extensions.funmoods.cv", "cv5"); Found : user_pref("extensions.funmoods.dfltLng", ""); Found : user_pref("extensions.funmoods.dfltSrch", true); Found : user_pref("extensions.funmoods.dnsErr", true); Found : user_pref("extensions.funmoods.envrmnt", "production"); Found : user_pref("extensions.funmoods.excTlbr", false); Found : user_pref("extensions.funmoods.hdrMd5", "6BA5E4D09944FAA0FD6079536E0D7FC4"); Found : user_pref("extensions.funmoods.hmpg", true); Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...] Found : user_pref("extensions.funmoods.id", "D8D38515D6C7D71B"); Found : user_pref("extensions.funmoods.instlDay", "15543"); Found : user_pref("extensions.funmoods.instlRef", "nv1"); Found : user_pref("extensions.funmoods.isdcmntcmplt", true); Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:39:56"); Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Found : user_pref("extensions.funmoods.newTab", true); Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...] Found : user_pref("extensions.funmoods.prdct", "funmoods"); Found : user_pref("extensions.funmoods.prtnrId", "funmoods"); Found : user_pref("extensions.funmoods.sg", "none"); Found : user_pref("extensions.funmoods.smplGrp", "none"); Found : user_pref("extensions.funmoods.srchPrvdr", "Search"); Found : user_pref("extensions.funmoods.tlbrId", "base"); Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...] Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:39:56"); Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Found : user_pref("extensions.funmoods_i.newTab", true); Found : user_pref("extensions.funmoods_i.smplGrp", "none"); Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:39:56"); Found : user_pref("extensions.incredibar_i.aflt", "orgnl"); Found : user_pref("extensions.incredibar_i.dfltLng", ""); Found : user_pref("extensions.incredibar_i.did", "10606"); Found : user_pref("extensions.incredibar_i.excTlbr", "false"); Found : user_pref("extensions.incredibar_i.hardId", "9e16d71b000000000000701a04fa5b25"); Found : user_pref("extensions.incredibar_i.id", "9e16d71b000000000000701a04fa5b25"); Found : user_pref("extensions.incredibar_i.installerproductid", "26"); Found : user_pref("extensions.incredibar_i.instlDay", "15349"); Found : user_pref("extensions.incredibar_i.instlRef", ""); Found : user_pref("extensions.incredibar_i.ms_url_id", ""); Found : user_pref("extensions.incredibar_i.newTab", false); Found : user_pref("extensions.incredibar_i.ppd", ""); Found : user_pref("extensions.incredibar_i.prdct", "incredibar"); Found : user_pref("extensions.incredibar_i.productid", "26"); Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Found : user_pref("extensions.incredibar_i.smplGrp", "none"); Found : user_pref("extensions.incredibar_i.tlbrId", "base"); Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OypnqRJNq&loc=IB[...] Found : user_pref("extensions.incredibar_i.upn2", "6OypnqRJNq"); Found : user_pref("extensions.incredibar_i.upn2n", "92260700927374084"); Found : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27"); Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2715:43:29"); Found : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27"); Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OypnqRJNq&&i=26&search="[...] Profile name : default File : C:\Users\bluetrainstreet\AppData\Roaming\Mozilla\Firefox\Profiles\k4s2rgp3.default\prefs.js [OK] File is clean. -\\ Google Chrome v21.0.1180.89 File : C:\Users\Matei\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\bluetrainstreet\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\luckystar894\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\ferrosaly\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v11.60.1185.0 File : C:\Users\Matei\AppData\Roaming\Opera\Opera\operaprefs.ini Found : Home URL=hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0D[...] File : C:\Users\bluetrainstreet\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. *********************** AdwCleaner[R1].txt - [19299 octets] - [16/09/2012 15:51:24] ########## EOF - C:\AdwCleaner[R1].txt - [19360 octets] ##########

Profil

Sass Drake Poslao: 16 Sep 2012 16:59 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Otvori Notepad i kopiraj sljedeći tekst: `del /F /Q "c:\users\ferrosaly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" >> log.txt 2>&1 notepad log.txt` Snimi ga na Desktop pod imenom shellscript.bat Obrati pažnju na ekstenziju .bat Klikni desnim tasterom miša na shellscript.bat i klikni na Run as Administrator. Klikni na Yes u prozoru koji će ti iskočiti. Kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u. Ako se u Notepad-u ne pojavi nikakav tekst to znači da je sve prošlo kako treba i potrebno je samo da to napomeneš u poruci. Ukoliko ti se Notepad ne otvori, otvori ručno fajl log.txt i postavi njegov sadržaj na forum. Korak 2 Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder: C:\Avenger i pošalji ga preko sljedećeg linka: [Link mogu videti samo ulogovani korisnici] Korak 3 Ponovo pokreni AdwCleaner. Klikni na dugme Delete i pričekaj da program završi. Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni na Ok kao potvrdu. Na sledeća dva prozora koja se otvore (Informations i Restart required) klikni Ok. Računar će se restartovati. Otvoriće se Notepad sa izvještajem. Kopiraj sadržaj tog izvještaja u temu. Napomena: Izvještaj ce takođe biti sačuvan na C:\AdwCleaner[S1].txt Kakvo je stanje sistema?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

Ko je trenutno na forumu

Ukupno su 956 korisnika na forumu :: 58 registrovanih, 9 sakrivenih i 889 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, 6.5lapua, aleksmajstor, arsa, Arsenije, Asteker, baltazar01, Betta, Bivan, Bosnjo, branko7, Brankojle, cenejac111, Crazzer, DavidA, dejanbenkovic, Dioniss, dj.ape, djuradj, Dolinc, Dorcolac, Draganeli, drgrozozo, Georgius, Gogi_avio, ivan979, jalos, Joint Chief, KAIS, Kole1975, mgolub, milanstankovic087, Mimis82, MiroslavD, mm1811, momcilob55, Najax, nevjerna beba, Nobunaga, Novakomp, oddsock, Panter, Polifon, Prečanin30, PrincipL, redstar72, samsung, sedan, Siti2, TheDictator, Tihi86, Velizar Laro, Vlad000, vladulns, Wrangler, zeo, zokilivac, zzapNDjuric99

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by