MyCity » Ambulanta -> Arhiva Ambulante » Infekcija kao u igrici, mislim da je stigla sa FB

Infekcija kao u igrici, mislim da je stigla sa FB

Napisano na dan: 21.2.2012
2

Infekcija kao u igrici, mislim da je stigla sa FB
Pagination Prethodna strana

Idi na vrh

Poslao: 22 Feb 2012 13:36
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Dubara :: https://www.mycity.rs/must-login.png


Okacio si Extras izvestaj koji mi nije toliko bitan. Potrebno je postaviti OTL izvestaj. OTL izvestaj se nalazi snimljen na lokaciji odakle si pokretao OTL alat (trebalo bi da je to Destkop).

Poslao: 22 Feb 2012 14:22
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

Napisano: 22 Feb 2012 13:53

Morao sam ponovo skenirati. Evo i tog loga:
https://www.mycity.rs/must-login.png


OTL logfile created on: 22.2.2012 13:47:09 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Druid\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000141a | Country: Bosna i Hercegovina | Language: BSB | Date Format: d.M.yyyy

2,97 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,61% Memory free
5,93 Gb Paging File | 4,46 Gb Available in Paging File | 75,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231,72 Gb Total Space | 103,05 Gb Free Space | 44,47% Space Free | Partition Type: NTFS
Drive D: | 219,97 Gb Total Space | 11,74 Gb Free Space | 5,34% Space Free | Partition Type: NTFS

Computer Name: DRUID-PC | User Name: Druid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.22 12:48:24 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Druid\Desktop\OTL (1).exe
PRC - [2012.02.15 06:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011.12.09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\Druid\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011.10.13 12:15:35 | 000,246,112 | ---- | M] () -- C:\ProgramData\Mobilni internet\OnlineUpdate\ouc.exe
PRC - [2011.07.10 23:40:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.09 20:56:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.24 13:30:12 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.03.14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011.03.14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.15 17:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.06.29 15:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2010.06.25 08:18:42 | 002,835,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010.06.25 08:18:42 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.06.25 08:18:42 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010.06.17 15:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2010.01.14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.09 19:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009.03.27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2006.11.03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2012.02.22 10:06:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e35225542ef297aaf88f2eb5246f64b6\IAStorCommon.ni.dll
MOD - [2012.02.22 10:06:53 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\fd74c7e1461fb8aa15521aae53aa462b\IAStorUtil.ni.dll
MOD - [2012.02.22 09:44:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\85d2da5c3b0c9917d4e40cdea289769d\WindowsBase.ni.dll
MOD - [2012.02.22 09:42:39 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ccf457be3f66f84e23d4caafc4cc7e37\System.Windows.Forms.ni.dll
MOD - [2012.02.22 09:42:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4d4d69098a3740689576376a9b9cefb5\System.Runtime.Remoting.ni.dll
MOD - [2012.02.22 09:42:13 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\94b3013039efd2f5ae062838a27f3d91\System.Web.ni.dll
MOD - [2012.02.22 09:42:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fbdb63c3744c6c867e0f8bc2c14d7be3\System.Drawing.ni.dll
MOD - [2012.02.22 09:41:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1053f680799506720951330abcb1c9f5\System.Xml.ni.dll
MOD - [2012.02.22 09:41:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0736f9e65b39dc283e1d1a9a27707cdc\System.Configuration.ni.dll
MOD - [2012.02.22 09:41:44 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e38f14b5daaf1315843187c06bac98c1\System.ni.dll
MOD - [2012.02.22 09:41:29 | 011,491,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d135207962cef7cd09852071530b2219\mscorlib.ni.dll
MOD - [2012.02.15 06:03:36 | 000,429,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012.02.15 06:03:34 | 003,772,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012.02.15 06:02:10 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012.02.15 06:02:08 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012.02.15 06:02:07 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2012.02.15 03:00:24 | 008,593,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (HWDeviceService.exe)
SRV - [2012.02.22 13:23:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.10.13 12:15:35 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobilni internet\UpdateDog\ouc.exe -- (Mobilni internet. RunOuc)
SRV - [2011.07.10 23:40:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.09 20:56:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.15 17:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.06.25 08:18:42 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.06.17 15:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2009.11.09 19:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011.10.13 12:15:37 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.10.13 12:15:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011.10.13 12:15:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011.07.10 23:40:39 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.10 23:40:39 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.23 14:51:54 | 000,023,128 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\johci.sys -- (johci)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.12 00:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.10.18 10:20:46 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010.08.24 17:11:46 | 000,140,376 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.07.16 14:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010.07.16 14:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.06.17 15:09:00 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2010.04.14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010.01.13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2010.01.07 02:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009.10.26 08:01:40 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009.08.13 11:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.11.08 09:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com/?sp=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bs-ba
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E F0 0C 02 9D 8B CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Druid\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Druid\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Druid\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Druid\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


[2011.12.09 21:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Druid\AppData\Roaming\Mozilla\Extensions
[2011.12.09 21:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions
[2011.12.09 21:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.02.22 08:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.26 07:59:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010.10.10 21:18:16 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.28 08:53:14 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.12.26 00:49:32 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

========== Chrome ==========

CHR - default_search_provider: Messenger Plus Smartbar Search (Enabled)
CHR - default_search_provider: search_url = http://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Druid\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Druid\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Downloader for YouTube = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnjkblhejbcbdleomcilelngjdenjjc\1.1.3_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.3_0\
CHR - Extension: Google pretra\u017Eivanje = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: SingleFile Core = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma\0.3.4_0\
CHR - Extension: Extension YouTube = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnbeebaenahmkbffnimghceldeeihfak\1.3.0_0\
CHR - Extension: SingleFile = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle\0.3.4_0\
CHR - Extension: Prakti\u010Dne oznake = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.8.30_0\
CHR - Extension: Gmail = C:\Users\Druid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.02.22 11:27:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - Startup: C:\Users\Druid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2012.01.19 14:22:34 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2012.01.19 14:22:34 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2012.01.19 14:22:34 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.01.19 14:22:34 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.01.19 14:22:34 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2012.01.19 14:22:34 | 000,000,000 | ---D | M]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35BF7CA1-C907-47D9-8635-FDC813155513}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82AAB405-D844-41D3-A8D4-8FC0AA3F92B7}: DhcpNameServer = 79.143.168.8 79.143.160.20 62.68.96.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD0C2ED1-75F1-4B05-B721-EE3661ACFEC4}: DhcpNameServer = 87.250.98.250 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE4D80B2-BB1B-4E72-9C29-86B1E0B62233}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.22 13:23:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012.02.22 13:22:56 | 006,664,704 | ---- | C] (Hazar & Co.) -- C:\Users\Druid\Desktop\RemoveWAT 2.2.6.exe
[2012.02.22 12:48:42 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Druid\Desktop\OTL (1).exe
[2012.02.22 11:39:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.02.22 11:27:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.02.22 09:48:44 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\vordic
[2012.02.22 09:16:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.02.22 09:15:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.02.22 09:02:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.22 09:02:01 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.22 09:02:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.22 09:02:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.22 09:02:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.22 09:01:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.22 08:57:43 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012.02.22 08:57:31 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012.02.22 08:57:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.02.22 08:57:10 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.02.22 08:57:10 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.02.22 08:57:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.02.22 08:57:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.02.22 08:57:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.02.22 08:57:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.02.22 08:57:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.02.22 08:57:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.02.22 08:57:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.02.22 08:57:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.02.22 08:57:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.02.22 08:57:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.02.22 08:57:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.02.22 08:57:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.02.22 08:57:03 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012.02.22 08:57:03 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012.02.22 08:57:03 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012.02.22 08:57:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012.02.22 08:57:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.02.22 08:57:02 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012.02.22 08:57:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.22 08:57:00 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.02.22 08:57:00 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.02.22 08:56:57 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2012.02.22 08:56:55 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012.02.22 08:56:55 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012.02.22 08:56:55 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012.02.22 08:56:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012.02.22 08:56:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012.02.22 08:56:54 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.02.22 08:56:53 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.02.22 08:55:09 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.21 15:56:24 | 000,000,000 | ---D | C] -- C:\Users\Druid\AppData\Local\temp
[2012.02.21 15:45:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.02.21 15:45:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.02.21 15:45:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.02.21 15:44:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.21 15:44:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.21 15:44:35 | 004,414,945 | R--- | C] (Swearware) -- C:\Users\Druid\Desktop\ComboFix.exe
[2012.02.19 20:37:45 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\rav5
[2012.02.19 09:05:38 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\ogr
[2012.02.18 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\rav4
[2012.02.18 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\zf
[2012.02.15 21:50:43 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\KONKURS
[2012.02.15 17:18:06 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\rav3
[2012.02.13 12:34:06 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\english
[2012.02.13 08:38:23 | 000,000,000 | ---D | C] -- C:\Users\Druid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012.02.12 15:35:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.12 15:35:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.12 15:35:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.12 15:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.11 16:48:26 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\rav2
[2012.02.10 19:18:56 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\M
[2012.02.03 09:53:07 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\rav
[2012.02.01 11:58:34 | 000,000,000 | ---D | C] -- C:\Users\Druid\AppData\Roaming\mIRC
[2012.01.26 14:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.01.26 14:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.01.26 14:27:39 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\Photoshop
[2012.01.25 10:38:12 | 000,000,000 | ---D | C] -- C:\Users\Druid\AppData\Local\Eraser 6
[2012.01.25 01:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2012.01.23 16:53:24 | 000,000,000 | ---D | C] -- C:\Users\Druid\Desktop\modrica
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.22 13:45:26 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012.02.22 13:35:20 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.22 13:35:20 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.22 13:25:28 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.22 13:25:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.22 13:24:59 | 2389,929,984 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.22 13:24:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793570887-241099436-4204899-1001UA.job
[2012.02.22 13:23:53 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012.02.22 13:23:53 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012.02.22 13:23:53 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.22 13:23:53 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.22 13:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.22 12:48:24 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Druid\Desktop\OTL (1).exe
[2012.02.22 12:00:10 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.22 11:55:12 | 000,001,047 | ---- | M] () -- C:\Users\Druid\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.02.22 11:27:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.02.22 09:38:10 | 000,364,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.22 09:30:43 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012.02.21 18:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793570887-241099436-4204899-1001Core.job
[2012.02.21 15:43:35 | 004,414,945 | R--- | M] (Swearware) -- C:\Users\Druid\Desktop\ComboFix.exe
[2012.02.21 11:57:24 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012.02.21 10:34:56 | 000,002,192 | ---- | M] () -- C:\Users\Druid\Desktop\Google Chrome.lnk
[2012.02.15 22:26:27 | 000,045,568 | ---- | M] () -- C:\Users\Druid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.12 15:35:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.02.12 15:35:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.12 15:35:35 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.12 15:35:35 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.03 12:38:03 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.25 01:14:00 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.22 11:55:12 | 000,001,047 | ---- | C] () -- C:\Users\Druid\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.02.22 11:55:12 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.21 15:45:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.21 15:45:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.21 15:45:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.21 15:45:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.21 15:45:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.21 11:55:56 | 000,000,824 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012.02.21 10:34:56 | 000,002,192 | ---- | C] () -- C:\Users\Druid\Desktop\Google Chrome.lnk
[2012.01.25 01:14:00 | 000,001,719 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012.01.25 01:14:00 | 000,001,707 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011.10.30 18:07:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2011.08.23 09:36:01 | 000,000,029 | ---- | C] () -- C:\Windows\coolacm.ini
[2011.07.18 06:32:23 | 000,000,000 | ---- | C] () -- C:\Users\Druid\AppData\Local\{4BE7199E-8F54-4756-B072-242D3DCA0729}
[2011.07.01 09:10:06 | 000,000,000 | ---- | C] () -- C:\Users\Druid\AppData\Local\{3D6ED715-2E75-4B86-997D-9E18FE79B97D}
[2011.06.23 21:15:24 | 001,481,728 | ---- | C] () -- C:\Windows\System32\legitcheckcontrol.dll.bak
[2011.06.23 21:15:24 | 001,481,728 | ---- | C] () -- C:\Windows\System32\LegitCheckControl.dll
[2011.06.23 21:15:24 | 000,323,072 | ---- | C] () -- C:\Windows\System32\wgatray.exe.bak
[2011.06.23 21:15:24 | 000,323,072 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2011.06.23 21:15:24 | 000,190,976 | ---- | C] () -- C:\Windows\System32\wgalogon.dll.bak
[2011.06.23 21:15:24 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2011.06.09 07:49:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.09 07:47:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.10 12:38:02 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.04.15 05:58:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.05 11:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2011.02.24 16:27:38 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.27 10:23:26 | 001,486,848 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2010.12.27 10:23:26 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2010.12.27 10:23:11 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2010.12.27 10:23:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2010.12.27 10:23:06 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2010.12.09 14:29:30 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.12.07 15:34:36 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010.10.21 08:48:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.10 21:30:51 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.10.05 17:33:31 | 000,045,568 | ---- | C] () -- C:\Users\Druid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 16:32:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.04 14:19:03 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2010.10.04 14:19:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.10.04 13:07:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

< End of report >




Dopuna: 22 Feb 2012 13:56

Čini mi se da oni prozori više ne iskaču. Smile

Dopuna: 22 Feb 2012 14:09

Ako su logovi čisti - hvala na pomoći AMF timu i goranu9888....
Dosadnih prozora više nema....

Dopuna: 22 Feb 2012 14:22

I samo još jedna napomena; Iako sam uradio update programa Malwarebytes Anti-Malware ranije čišćenje nije uspjelo jer se radilo o starijoj verziji tog programa koji sam imao. To sam pokušao prije nego što sam pokrenuo ovu temu.

Poslao: 22 Feb 2012 14:49
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Ponovo pokreni program OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:

:OTL
[2011.12.09 21:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2010.10.10 21:18:16 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.08.28 08:53:14 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 [2010.12.26 00:49:32 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found

:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]



Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.




Citat:I samo još jedna napomena; Iako sam uradio update programa Malwarebytes Anti-Malware ranije čišćenje nije uspjelo jer se radilo o starijoj verziji tog programa koji sam imao. To sam pokušao prije nego što sam pokrenuo ovu temu.


Ne razumem te bas najbolje. Izvestaj koji si mi prilozio uz poruku nakon skeniranja MBAM-a pokazuje da su detektovani fajlovi uspesno uklonjeni.



Ukoliko ti ne radi Avira - reinstaliraj je iz Control Panel -> Programs and Features.





Arrow

Kakvo je sada stanje sistema? Ima li nekih problema?








goran9888 (AMF Tim)

Poslao: 22 Feb 2012 15:04
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

Stanje sistema odlično - sve radi ok i nema smetnji.
Još jednom hvala i evo traženog loga:


All processes killed
========== OTL ==========
C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Druid\AppData\Roaming\Mozilla\Firefox\Profiles\tij92x04.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mhtb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669A2A3A-F19C-452D-800D-1240299756C1}\ deleted successfully.
File {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Druid
->Temp folder emptied: 6915830 bytes
->Temporary Internet Files folder emptied: 33172630 bytes
->Java cache emptied: 7940794 bytes
->Google Chrome cache emptied: 130492187 bytes
->Flash cache emptied: 3775546 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524288 bytes
RecycleBin emptied: 1195562 bytes

Total Files Cleaned = 175,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Druid
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Druid
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02222012_150004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Poslao: 22 Feb 2012 17:25
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.







Arrow


Pokreni alat OTL i u okviru njegovog GUI-a klikni na dugme CleanUp (obrisace sebe i fajlove/foldere koje je kreirao tokom koriscenja u slucaju).




---------------------------------------------



- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Vise o MCShield-u mozes saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html


- Poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


- Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.
Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.






Poslao: 22 Feb 2012 21:43
Idi na vrh
offline
  • Pridružio: 26 Jul 2007
  • Poruke: 1080
  • Gde živiš: u blizini

OTL i ComboFix su deinstalirani a provjerio sam i pretraživač. Hvala timu na izdvojenom vremenu i tehničkoj podršci... Smile

MyCity » Ambulanta -> Arhiva Ambulante » Infekcija kao u igrici, mislim da je stigla sa FB

Ko je trenutno na forumu
 

Ukupno su 863 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 859 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Fog of War, Koridor, saputnik plavetnila, wizzardone