MyCity » Ambulanta -> Arhiva Ambulante » molim za pomoc verovatno virus

molim za pomoc verovatno virus

Napisano na dan: 9.6.2012

molim za pomoc verovatno virus
Sledeća strana Pagination

Idi na vrh

Poslao: 09 Jun 2012 03:42
Idi na vrh
offline
  • Pridružio: 01 Apr 2005
  • Poruke: 10

problem se sastoji u nemogucnosti otvaranja preko ikonica na monitoru ne reaguje ni na jednu ikonicu zamrzne se
posle gasenja nekih procesa iz taskmanagera prorade i posle nekog vremena opet se ukoci
i dosta je usporen racunar
skenirao sam sa malwarebytesom jedino sto je nasao je 455 fajlova u system restore od programa turkojan koji sam ja instalirao zbog upravljanja sa drugog racunara ali on mi nikada nije pravio problem.sledecim skeniranjem nije nasao nista
antivirus je microsoft securite essential ni on skeniranjem ne nalazi nista
xp home adsl 4Mb

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ASJA at 23:57:15 on 2012-06-08
Microsoft Windows XP Home Edition 5.1.2600.3.1250.385.1033.18.2037.1218 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\addins\apc_host.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\ASJA\Application Data\Mikogo 4\M4-Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\ASJA\Application Data\Mikogo 4\M4-Capture.exe
C:\Documents and Settings\ASJA\Application Data\Mikogo 4\mikogo-host.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.hr/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://home.sweetim.com
mSearchAssistant = hxxp://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\myfacesounds toolbar\tbhelper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: softonic-eng62 Toolbar: {6a9497fe-dd87-4adb-9edc-9269e7196926} - c:\program files\softonic-eng62\prxtbsof2.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: FMTLB0001 Class: {3873f029-a2f7-42d1-94c1-a35ed1c59096} - c:\program files\myfacesounds toolbar\tbcore3.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll
BHO: softonic-eng62 Toolbar: {6a9497fe-dd87-4adb-9edc-9269e7196926} - c:\program files\softonic-eng62\prxtbsof2.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: MyFaceSounds Toolbar: {8b52078d-b630-4b00-a0ab-54d51cedd9aa} - c:\program files\myfacesounds toolbar\tbcore3.dll
TB: softonic-eng62 Toolbar: {6a9497fe-dd87-4adb-9edc-9269e7196926} - c:\program files\softonic-eng62\prxtbsof2.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RDReminder] c:\program files\regclean pro\Regcleanpro.exe -rem
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_26.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://www.hypo.hr/hyponet/html/DigSign/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} - hxxps://www.hypo.hr/hyponet/html/DigSign/hslESignDoc2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{C3E66158-231D-44EB-9E4B-8084DF51339A} : NameServer = 195.29.166.116,195.29.166.117
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\asja\application data\mozilla\firefox\profiles\6yd732kb.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\asja\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\asja\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\asja\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\asja\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\asja\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-6-8 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-6-8 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-6-8 656320]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2008-3-28 198184]
R2 APC-Host;APC-Host;c:\windows\addins\apc_host.exe [2007-6-18 118784]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-8-10 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-8-10 47640]
R2 M4-Service;M4-Service;c:\documents and settings\asja\application data\mikogo 4\M4-Service.exe [2011-8-4 1003888]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-5-2 14639]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2007-6-25 10193]
R3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [2008-6-3 63288]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-6-7 44032]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-22 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-25 257696]
S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2007-5-16 22988]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-7 1684736]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-22 135664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-6-8 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-6-8 1150936]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-06-08 13:59:20 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ab8849f5-69df-40a0-a855-9318a4fba89f}\mpengine.dll
2012-06-08 01:27:24 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-06-08 01:27:24 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-08 01:27:22 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-06-08 01:27:17 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-06-08 01:27:17 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-06-08 01:27:09 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-06-08 01:26:37 -------- d-----w- c:\program files\common files\PC Tools
2012-06-08 01:26:37 -------- d-----w- c:\documents and settings\asja\application data\PC Tools
2012-06-08 01:26:37 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-06-08 01:26:10 17280 ----a-w- c:\windows\system32\roboot.exe
2012-06-08 01:26:08 -------- d-----w- c:\program files\RegClean Pro
2012-06-08 01:26:07 -------- d-----w- c:\documents and settings\asja\application data\systweak
2012-06-07 23:31:00 -------- d-----w- c:\program files\PC Tools Security
2012-06-07 13:17:24 6737808 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-06 22:00:59 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-06-06 22:00:28 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-06-06 21:59:47 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-06-06 21:57:36 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-06-06 21:55:05 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-06-06 21:52:57 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-06 21:52:56 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-06 21:52:56 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-06 21:52:25 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-06-06 21:52:01 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-06 21:35:58 -------- d-----w- c:\windows\system32\scripting
2012-06-06 21:35:57 -------- d-----w- c:\windows\system32\en
2012-06-06 21:35:57 -------- d-----w- c:\windows\l2schemas
2012-06-06 21:35:56 -------- d-----w- c:\windows\system32\bits
2012-06-06 21:31:40 -------- d-----w- c:\windows\network diagnostic
2012-06-06 21:28:40 -------- d-----w- c:\windows\EHome
2012-05-31 13:22:09 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2012-05-30 11:59:30 4966600 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-05-25 00:12:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 22:38:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-10 22:34:32 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 00:14:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 18:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 23:58:28,17 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 09 Jun 2012 13:22
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Preuzmi program CatchMe.

Dvoklikom pokreni catchme.exe i klikni na tab Script.
U (beli) prozor programa iskopiraj sledeći tekst:

files:
 C:\WINDOWS\addins\apc_host.exe
 

Klikni na dugme Run.

Kada se pojavi poruka sa obaveštenjem, klikni na dugme OK.

Po završetku procesa, na Desktopu će se nalaziti datoteka catchme.zip.
Tu datoteku je neophodno postaviti (uploadovati) na forum preko sledeće forme:
http://www.mycity.rs/ambulanta-upload.php



Arrow Korak 2

Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj sljedeće programe ako ti nisu potrebni:

Conduit Engine
Facemoods Toolbar
softonic-eng62 Toolbar
SweetIM Toolbar for Internet Explorer 4.0



Arrow Korak 3

Preuzmi program OTL sa donjeg linka na Desktop:

download link

Dvoklikom pokreni OTL;
klikni Run Scan;
po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.

Priloži izvještaj OTL.txt uz poruku korišćenjem opcije Prikači fajl.

Poslao: 09 Jun 2012 14:02
Idi na vrh
offline
  • Pridružio: 01 Apr 2005
  • Poruke: 10

catchme.exe kad kopiram C:\WINDOWS\addins\apc_host.exe i stisnem run dobijem poruku
script command not faund
saljem OTL.txt



OTL logfile created on: 9.6.2012 13:50:01 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\ASJA\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,60% Memory free
3,84 Gb Paging File | 3,11 Gb Available in Paging File | 81,11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 265,02 Gb Free Space | 88,91% Space Free | Partition Type: NTFS

Computer Name: ASJA-8C83AF4FD8 | User Name: ASJA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.09 13:49:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ASJA\Desktop\OTL.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011.10.15 18:14:37 | 001,587,552 | ---- | M] () -- C:\Documents and Settings\ASJA\Application Data\Mikogo 4\M4-Capture.exe
PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.08.12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.08.04 10:55:50 | 005,420,408 | ---- | M] () -- C:\Documents and Settings\ASJA\Application Data\Mikogo 4\mikogo-host.exe
PRC - [2011.08.04 10:40:56 | 001,003,888 | ---- | M] () -- C:\Documents and Settings\ASJA\Application Data\Mikogo 4\M4-Service.exe
PRC - [2011.07.08 09:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.07.06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011.07.06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011.01.11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009.04.09 09:09:54 | 000,142,888 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2008.07.24 18:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.28 17:46:36 | 000,198,184 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.09 13:32:25 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\ASJA\Local Settings\Temp\catchme.dll
MOD - [2012.05.25 02:14:34 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011.11.03 17:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011.10.15 18:14:37 | 001,587,552 | ---- | M] () -- C:\Documents and Settings\ASJA\Application Data\Mikogo 4\M4-Capture.exe
MOD - [2011.08.22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.08.12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.08.12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.08.12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.08.12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.08.12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.08.04 10:55:50 | 005,420,408 | ---- | M] () -- C:\Documents and Settings\ASJA\Application Data\Mikogo 4\mikogo-host.exe
MOD - [2011.08.04 10:40:56 | 001,003,888 | ---- | M] () -- C:\Documents and Settings\ASJA\Application Data\Mikogo 4\M4-Service.exe
MOD - [2011.07.08 09:16:28 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008.03.28 17:46:36 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\aicext.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.25 02:14:34 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.08.04 10:40:56 | 001,003,888 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\ASJA\Application Data\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011.07.06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011.07.06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011.01.11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008.03.28 17:46:36 | 000,198,184 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [File_System | Disabled | Running] -- system32\drivers\pctEFA.sys -- (pctEFA)
DRV - File not found [Kernel | Disabled | Running] -- system32\drivers\pctDS.sys -- (pctDS)
DRV - File not found [Kernel | Disabled | Running] -- system32\drivers\PCTCore.sys -- (PCTCore)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ASJA\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ASJA\LOCALS~1\Temp\axgoakod.sys -- (axgoakod)
DRV - [2012.06.08 23:58:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AB8849F5-69DF-40A0-A855-9318A4FBA89F}\MpKsl4bf58a93.sys -- (MpKsl4bf58a93)
DRV - [2011.08.19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.07.06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009.08.10 12:07:32 | 000,089,600 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GemCCID.sys -- (GemCCID)
DRV - [2009.07.27 09:09:52 | 000,044,032 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.06.25 08:07:44 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.06.25 08:07:40 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.06.25 08:07:40 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008.07.24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008.07.24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.06.03 23:22:16 | 000,063,288 | ---- | M] (Castles Technology Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ezusb.sys -- (EZUSB)
DRV - [2007.06.25 07:04:10 | 000,010,193 | ---- | M] (ActivIdentity) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akspcsc.sys -- (akspcsc)
DRV - [2007.05.16 09:19:54 | 000,022,988 | ---- | M] (ActivIdentity) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksim.sys -- (AKSIM)
DRV - [2007.05.02 13:35:58 | 000,014,639 | ---- | M] (ActivIdentity) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksbus.sys -- (aksbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.hr/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\MyFaceSounds Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = start.facemoods.com/?a=stonicla&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enHR385
IE - HKCU\..\SearchScopes\{89BE513C-45F8-4B27-B32A-F120E7EFCBA1}: "URL" = websearch.ask.com/redirect?client=ie&tb.....crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^AAO&apn_dtid=^YYYYYY^YY^HR&apn_uid=6D629058-DF17-4DAF-A1B8-707C190DB498&apn_sauid=3582CA95-90D4-4230-82F4-94C21C8153BF
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = search.myfacesounds.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3021045
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1eynUo1LjsY
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\ASJA\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\ASJA\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\ASJA\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ASJA\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ASJA\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\ASJA\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.28 23:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.07.28 23:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ASJA\Application Data\Mozilla\Extensions
[2012.06.09 13:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ASJA\Application Data\Mozilla\Firefox\Profiles\6yd732kb.default\extensions
[2012.06.09 11:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.30 16:00:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.07.08 09:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.07.21 01:42:53 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicla.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FMTLB0001 Class) - {3873F029-A2F7-42D1-94C1-A35ED1C59096} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MyFaceSounds Toolbar) - {8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MyFaceSounds Toolbar) - {8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} upload.facebook.com/controls/2009.07.28_v5......ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} hypo.hr/hyponet/html/DigSign/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} hypo.hr/hyponet/html/DigSign/hslESignDoc2.cab (ESignDoc2 Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3E66158-231D-44EB-9E4B-8084DF51339A}: NameServer = 195.29.166.116,195.29.166.117
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\ASJA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ASJA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.31 19:37:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.09 13:49:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ASJA\Desktop\OTL.exe
[2012.06.09 13:39:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.09 11:28:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ASJA\Recent
[2012.06.08 23:57:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ASJA\My Documents\My Videos
[2012.06.08 23:57:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ASJA\Start Menu\Programs\Administrative Tools
[2012.06.08 23:56:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\ASJA\Desktop\dds.scr
[2012.06.08 23:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ASJA\Desktop\New Folder (8)
[2012.06.08 03:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ASJA\Desktop\New Folder (7)
[2012.06.08 03:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.06.08 03:26:10 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2012.06.08 03:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ASJA\Application Data\systweak
[2012.06.08 02:19:25 | 065,442,523 | ---- | C] (PC Tools) -- C:\Documents and Settings\ASJA\Desktop\sdsetup_dl.exe
[2012.06.08 01:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.06.08 01:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012.06.08 01:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ASJA\Desktop\New Folder (6)
[2012.06.07 00:00:59 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012.06.07 00:00:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012.06.06 23:59:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012.06.06 23:56:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.06.06 23:55:05 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012.06.06 23:52:57 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012.06.06 23:52:25 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012.06.06 23:52:01 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012.06.06 23:35:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012.06.06 23:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012.06.06 23:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012.06.06 23:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012.06.06 23:31:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012.06.06 23:28:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012.06.06 23:28:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2012.05.31 15:22:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012.05.30 18:00:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.05.25 02:12:32 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.11 00:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.05.11 00:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.09 13:49:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ASJA\Desktop\OTL.exe
[2012.06.09 13:38:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.09 13:31:17 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\ASJA\Desktop\catchme.exe
[2012.06.09 13:04:00 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-299502267-682003330-1004UA.job
[2012.06.09 12:56:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.09 11:34:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1547161642-299502267-682003330-1004UA.job
[2012.06.09 11:14:11 | 000,000,153 | ---- | M] () -- C:\WINDOWS\0RP3RE9F.bat
[2012.06.09 10:56:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.09 00:03:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\ASJA\Desktop\q8mpgzk8.exe
[2012.06.08 23:57:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\ASJA\Desktop\dds.scr
[2012.06.08 23:53:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.06.08 23:43:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.08 20:04:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-299502267-682003330-1004Core.job
[2012.06.08 17:34:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1547161642-299502267-682003330-1004Core.job
[2012.06.08 10:00:45 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.06.08 03:23:11 | 065,442,523 | ---- | M] (PC Tools) -- C:\Documents and Settings\ASJA\Desktop\sdsetup_dl.exe
[2012.06.08 01:32:00 | 000,626,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012.06.07 11:43:32 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.07 01:09:40 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\ASJA\Desktop\Cmd.lnk
[2012.06.06 23:58:50 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.06 23:58:50 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.06 23:58:15 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.06.06 23:57:44 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\ASJA\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012.06.06 23:57:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.06 23:31:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012.06.02 16:02:44 | 000,167,274 | ---- | M] () -- C:\Documents and Settings\ASJA\Desktop\vlada.jpg
[2012.05.31 15:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012.05.30 17:58:44 | 000,043,561 | ---- | M] () -- C:\Documents and Settings\ASJA\Desktop\ana
[2012.05.27 23:26:37 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\ASJA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.25 02:14:34 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.25 02:14:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.05.21 15:30:01 | 000,000,182 | ---- | M] () -- C:\Debug_view144.ini
[2012.05.19 02:28:37 | 000,098,211 | ---- | M] () -- C:\Documents and Settings\ASJA\Desktop\intouchables_2011_french_dvdrip_xvid-legion11.srt
[2012.05.12 10:59:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.05.11 00:39:22 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.09 13:31:04 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\ASJA\Desktop\catchme.exe
[2012.06.09 11:14:11 | 000,000,153 | ---- | C] () -- C:\WINDOWS\0RP3RE9F.bat
[2012.06.09 00:03:06 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\ASJA\Desktop\q8mpgzk8.exe
[2012.06.08 01:31:52 | 000,626,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012.06.06 23:52:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.06 23:52:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.06.02 16:02:34 | 000,167,274 | ---- | C] () -- C:\Documents and Settings\ASJA\Desktop\vlada.jpg
[2012.05.30 17:58:40 | 000,043,561 | ---- | C] () -- C:\Documents and Settings\ASJA\Desktop\ana
[2012.05.25 02:12:33 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.19 02:28:37 | 000,098,211 | ---- | C] () -- C:\Documents and Settings\ASJA\Desktop\intouchables_2011_french_dvdrip_xvid-legion11.srt
[2012.05.11 00:49:11 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.05.11 00:39:13 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.04.23 22:43:04 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\ASJA\Application Data\result.db
[2011.09.13 01:35:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\ASJA\Application Data\PUTTY.RND
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011.07.28 23:12:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.07.26 08:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011.07.21 01:13:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\ASJA\Local Settings\Application Data\PUTTY.RND
[2011.01.30 23:02:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.24 17:36:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.05 14:10:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.13 11:53:00 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\ASJA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >




mycity.rs/must-login.png

Poslao: 09 Jun 2012 14:06
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

savslob ::catchme.exe kad kopiram C:\WINDOWS\addins\apc_host.exe i stisnem run dobijem poruku
script command not faund
saljem OTL.txt

https://www.mycity.rs/must-login.png

Dobijaš poruku zato što nisi kopirao sve iz Kod polja. Nedostaje ti :files.

Poslao: 09 Jun 2012 14:20
Idi na vrh
offline
  • Pridružio: 01 Apr 2005
  • Poruke: 10

da, hvala na pomoci
uplodovao sam fajl

Poslao: 09 Jun 2012 18:11
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Ponovo pokreni program OTL dvoklikom na ikonu.

U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:

:files
C:\Program Files\MyFaceSounds Toolbar


:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\MyFaceSounds Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{89BE513C-45F8-4B27-B32A-F120E7EFCBA1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STC-US&o=1716&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=^AAO&apn_dtid=^YYYYYY^YY^HR&apn_uid=6D629058-DF17-4DAF-A1B8-707C190DB498&apn_sauid=3582CA95-90D4-4230-82F4-94C21C8153BF
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.myfacesounds.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3021045
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1eynUo1LjsY
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
[2011.07.21 01:42:53 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicla.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FMTLB0001 Class) - {3873F029-A2F7-42D1-94C1-A35ED1C59096} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyFaceSounds Toolbar) - {8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (MyFaceSounds Toolbar) - {8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll ()

:commands
[emptytemp]
[purity]
[emptyjava]
[emptyflash]
[reboot]



Klikni taster Run Fix;

Izvještaj koji dobiješ iskopiraj ovde u poruci.



Arrow Korak 2

Ponovo pokreni OTL, klikni na Run Scan i postavi novi OTL izvještaj.


Question

Kakvo je sad stanje sistema?

Poslao: 09 Jun 2012 21:23
Idi na vrh
offline
  • Pridružio: 01 Apr 2005
  • Poruke: 10

Napisano: 09 Jun 2012 20:05

ako je dobro uradjeno evo izvestaj
trazio je restart pa run i izbacio izvestaj
All processes killed
========== FILES ==========
C:\Program Files\MyFaceSounds Toolbar folder moved successfully.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ deleted successfully.
File C:\Program Files\MyFaceSounds Toolbar\tbhelper.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89BE513C-45F8-4B27-B32A-F120E7EFCBA1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89BE513C-45F8-4B27-B32A-F120E7EFCBA1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicla.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3873F029-A2F7-42D1-94C1-A35ED1C59096}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3873F029-A2F7-42D1-94C1-A35ED1C59096}\ deleted successfully.
File C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}\ deleted successfully.
File C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}\ not found.
File C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ASJA
->Temp folder emptied: 172595711 bytes
->Temporary Internet Files folder emptied: 13526626 bytes
->Java cache emptied: 1027191 bytes
->FireFox cache emptied: 52757847 bytes
->Flash cache emptied: 57211 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12382535 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: NetworkService
->Temp folder emptied: 3599104 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3621773 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15154703 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2289217 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 264,00 mb


[EMPTYJAVA]

User: All Users

User: ASJA
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: ASJA
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06092012_184327

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\ASJA\Local Settings\Temp\Temporary Internet Files\Content.IE5\P0K9GL1S\4xG397dIZNTE09PVdTaWj7lnMXPoj7PvgOwB9B2Z4Ng0yJW6yn1zg9cK3snwTioP3DLdwauRL3zDhiWq7HJflZU62yvItvrXm75hZ1z8H5_8Ua1b3jXyGznVll80iVf1VtpW8uegrYTBpf8lKiVAyliWmSmUV65CtpG5xCB28d16VI[1].png not found!

Registry entries deleted on Reboot...

Dopuna: 09 Jun 2012 20:21

evo i novi OTL izvestaj
mycity.rs/must-login.png

Dopuna: 09 Jun 2012 21:23

za sada radi ok
najlepse hvala na pomoci

Poslao: 10 Jun 2012 00:34
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ako ti sad radi OK, onda ti još ostaje da uradiš sljedeće:


Arrow

Ponovo pokreni OTL i klikni na dugme CleanUp.



Exclamation

Posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



Idea

Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html

Facebook stranica MCShield-a: http://www.facebook.com/MCShield


Pozdrav.

Poslao: 10 Jun 2012 18:23
Idi na vrh
offline
  • Pridružio: 01 Apr 2005
  • Poruke: 10

sve uradjeno
hvala puno
pozdrav i svako dobro

MyCity » Ambulanta -> Arhiva Ambulante » molim za pomoc verovatno virus

Ko je trenutno na forumu
 

Ukupno su 916 korisnika na forumu :: 10 registrovanih, 0 sakrivenih i 906 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., babaroga, galijot, ozzy, Parker, pein, Srle993, strelac07, yrraf