MyCity » Ambulanta -> Arhiva Ambulante » Virus ili?

Virus ili?

Napisano na dan: 26.11.2013

Strana:
1
2

Virus ili?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

elvin85 Poslao: 26 Nov 2013 17:01 Idi na vrh
offline elvin85 Novi MyCity građanin Pridružio: 10 Mar 2011 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 26 Nov 2013 16:48 Pozdrav! S kompjuterom mi se desilo nesto cudno. Igrajuci Football Manager sam kliknuo na grb Man Utd-a i odjednom mi se display prosarao raznim bojama. Mislio sam da je neki bug i da je samo do igre ali kompjuter se odjednom ugasio. Kad sam ga ponovo upalio ista stvar se desila i poceo je da blica da bi se na kraju monitor ugasio. Restartovao sam ga i startovao u safe modu pokusao sa malwerbytesom da skeniram ali nista i dalje ne mogu da startujem u normal modu pa vas molim za pomoc. Hvala. DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Ermin at 16:37:56 on 2013-11-26 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.512.56 [GMT 1:00] . . ============== Running Processes ================ . C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = [Link mogu videti samo ulogovani korisnici] mStart Page = [Link mogu videti samo ulogovani korisnici] mSearchAssistant = [Link mogu videti samo ulogovani korisnici]{searchTerms}&f=4 BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - <orphaned> BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - TB: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033 mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\dajava.cab DPF: Internet Explorer Classes for Java - [Link mogu videti samo ulogovani korisnici]\windows\system\iejava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\xmldso.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - [Link mogu videti samo ulogovani korisnici] DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici] TCP: NameServer = 192.168.0.1 TCP: Interfaces\{2A906AC4-E34D-4D11-B7ED-6A388AA2CD31} : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= c:\progra~1\contin~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2013-11-8 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2013-11-8 5248] S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2005-8-20 19968] S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-26 418376] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-26 701512] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-26 22856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-11-26 40776] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011-4-23 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011-4-23 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011-4-23 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011-4-23 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011-4-23 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011-4-23 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011-4-23 115752] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2011-4-23 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2011-4-23 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2011-4-23 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2011-4-23 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2011-4-23 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2011-4-23 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2011-4-23 109736] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-10-8 252928] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-10-8 398720] . =============== File Associations =============== . FileExt: .txt: Applications\c:\windows\system32\nxtepad.exe - hkcr\unknown\shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas] ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe" . =============== Created Last 30 ================ . 2013-11-26 15:32:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-11-26 14:58:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-11-26 14:58:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-11-08 16:32:57 5248 ----a-w- c:\windows\system32\drivers\d347prt.sys 2013-11-08 16:32:57 155136 ----a-w- c:\windows\system32\drivers\d347bus.sys 2013-11-08 16:32:46 -------- d-----w- c:\program files\D-Tools 2013-11-07 19:54:39 -------- d-----w- c:\documents and settings\all users\application data\WinterSoft 2013-10-30 17:47:22 -------- d-----w- c:\windows\SxsCaPendDel . ==================== Find3M ==================== . . ============= FINISH: 16:41:13.53 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Dopuna: 26 Nov 2013 17:01 [Link mogu videti samo ulogovani korisnici] Ovako trenutno izgleda moj desktop i svaki potezmisom na njemu ostaje trag. Nesto sam grdno zeznuo

Profil

Sass Drake Poslao: 26 Nov 2013 19:52 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sudeći po screenshotu grafička je odslužila svoje. Ukoliko si voljan, uklonićemo junkware sa sistema i izvršiti dodatne provjere. Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop Dvoklikom pokreni program. Klikni na dugme Scan i sačekaj da se završi skeniranje. Klikni na dugme Clean i pričekaj da program završi. Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu. Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem. Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl" Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

Profil

elvin85 Poslao: 26 Nov 2013 21:00 Idi na vrh
offline elvin85 Novi MyCity građanin Pridružio: 10 Mar 2011 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] Evo trazeni fajl, a evo ispod jos jedan ss iz safe moda pa mozda na osnovu njega otklonite sumnju vezano za graficku. [Link mogu videti samo ulogovani korisnici]

Profil

Sass Drake Poslao: 26 Nov 2013 21:26 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop: Postoji 32-bit. i 64-bitna verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom. Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija. dvoklikom pokreni program, kada se alat pokrene klikni Yes na Disclaimer prozor; pod Optional Scan sekciji, označi List BCD i Driver MD5 polja; klikni na dugme Scan; po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan; iskopiraj sadržaj FRST.txt izveštaja u poruku; po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt); okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

Profil

elvin85 Poslao: 27 Nov 2013 07:36 Idi na vrh
offline elvin85 Novi MyCity građanin Pridružio: 10 Mar 2011 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01 Ran by Ermin (administrator) on ERMIN on 27-11-2013 07:31:52 Running from C:\Documents and Settings\Ermin\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) =================== (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [DAEMON Tools-1033] - "C:\Program Files\D-Tools\daemon.exe" -lang 1033 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {BF4D7ADC-E68A-4258-AFD4-13AFBF48744F} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms} BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: No Name - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {147D6308-0614-4112-89B1-31402F9B82C4} - No File Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} [Link mogu videti samo ulogovani korisnici] DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Link mogu videti samo ulogovani korisnici] Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SYSTEM32\shell32.dll [8461312 2008-04-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Ermin\Application Data\Mozilla\Firefox\Profiles\482r4v2m.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Ermin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File FF SearchPlugin: C:\Documents and Settings\Ermin\Application Data\Mozilla\Firefox\Profiles\482r4v2m.default\searchplugins\winamp-search.xml FF Extension: No Name - C:\Documents and Settings\Ermin\Application Data\Mozilla\Firefox\Profiles\482r4v2m.default\Extensions\Extensions.rdf FF Extension: No Name - C:\Documents and Settings\Ermin\Application Data\Mozilla\Firefox\Profiles\482r4v2m.default\Extensions\installed-extensions.txt FF Extension: OneClickDownloader - C:\Documents and Settings\Ermin\Application Data\Mozilla\Firefox\Profiles\482r4v2m.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Ermin\Application Data\IDM\idmmzcc5 Chrome: ======= CHR HomePage: [Link mogu videti samo ulogovani korisnici] CHR RestoreOnStartup: "hxxp://www.google.ba/webhp?source=search_app" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) CHR Extension: (YouTube) - C:\DOCUME~1\Ermin\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\DOCUME~1\Ermin\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\DOCUME~1\Ermin\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\DOCUME~1\Ermin\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 cmuda; C:\Windows\System32\drivers\cmuda.sys [417871 2002-08-26] (C-Media Inc) R0 d347bus; C:\Windows\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( ) R0 d347prt; C:\Windows\System32\Drivers\d347prt.sys [5248 2004-08-22] ( ) S3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2005-11-29] (DT Soft Ltd.) S3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2008-07-10] (LogMeIn, Inc.) S3 HCF_MSFT; C:\Windows\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 RTL8023; C:\Windows\System32\DRIVERS\Rtlnic51.sys [65280 2003-08-13] (Realtek Semiconductor Corporation ) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation) U0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2012-02-01] (Duplex Secure Ltd.) S1 SysTool; C:\Windows\System32\DRIVERS\SysTool.sys [19968 2005-08-20] (W1zzard) S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [252928 2010-01-12] (Vimicro Corporation) S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation) U4 Alerter; U5 Browser; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S4 IntelIde; No ImagePath U5 lanmanserver; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) S3 mcdbus; system32\DRIVERS\mcdbus.sys [x] U4 Messenger; %SystemRoot%\system32\svchost.exe -k netsvcs U5 Netlogon; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 USBAAPL; System32\Drivers\usbaapl.sys [x] ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\Windows\System32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\Windows\System32\drivers\afd.sys 322D0E36693D6E24A2398BEE62A268CD C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\Windows\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE C:\Windows\System32\drivers\cmuda.sys BF03FDDE79AAB05F01779D39342CA9AB C:\Windows\System32\DRIVERS\d347bus.sys 5776322F93CDB91086111F5FFBFDA2A0 C:\Windows\System32\Drivers\d347prt.sys B49F79ACE459763F4E0380071BE9CB45 C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25 C:\Windows\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\Windows\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\Windows\System32\Drivers\dtscsi.sys 6461E57BB51A848AAE26F52427B7CF9E C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\Windows\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\Windows\System32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\Windows\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\Windows\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A C:\Windows\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\Windows\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063 C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\Windows\System32\DRIVERS\hamachi.sys 7929A161F9951D173CA9900FE7067391 C:\Windows\System32\DRIVERS\HCF_MSFT.sys 4236E014632F4163F53EBB717F41594C C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\Windows\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9 C:\Windows\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\Windows\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B C:\Windows\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\Windows\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\Windows\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\Windows\System32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517 C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\Windows\System32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\Windows\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\Windows\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\Windows\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D C:\Windows\System32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1 C:\Windows\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\Windows\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97 C:\Windows\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\Windows\System32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\Windows\System32\DRIVERS\nv4_mini.sys 9F4384AA43548DDD438F7B7825D11699 C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\Windows\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\Windows\System32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\Windows\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\Windows\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\Windows\System32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\Windows\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26 C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\Windows\System32\DRIVERS\PxHelp20.sys D86B4A68565E444D76457F14172C875A C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\Windows\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1 C:\Windows\System32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD C:\Windows\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\Windows\System32\DRIVERS\Rtlnic51.sys 29F9879A1FD386F7251AE9FDADB2CBF1 C:\Windows\System32\DRIVERS\s0016bus.sys 59509AD6CBC28F2C73056268985B3E48 C:\Windows\System32\DRIVERS\s0016mdfl.sys B98C3A6F91F4FBA285AF9606A240C6B4 C:\Windows\System32\DRIVERS\s0016mdm.sys 8A83426F4FB7B5212825D9DE76368B1A C:\Windows\System32\DRIVERS\s0016mgmt.sys 7A78BBA97FEB5E6D24C49E93A3BF7287 C:\Windows\System32\DRIVERS\s0016nd5.sys 34EF7B5F611957B73E7219DD5A222AD1 C:\Windows\System32\DRIVERS\s0016obex.sys 36792935847143E4A3CDA0DC87248487 C:\Windows\System32\DRIVERS\s0016unic.sys 927208754FB27FC3E7A659E77500C5D1 C:\Windows\System32\DRIVERS\s0017bus.sys 594FF5620661D1386475406E78CB6F2F C:\Windows\System32\DRIVERS\s0017mdfl.sys 7258F550419D543BC5C8E80C578A5D54 C:\Windows\System32\DRIVERS\s0017mdm.sys 1DE4F6607FEB17A15DBD4F1B139E6D2F C:\Windows\System32\DRIVERS\s0017mgmt.sys 9814E6BACC06D2526CD52981C7EEEDF0 C:\Windows\System32\DRIVERS\s0017nd5.sys 2C62CD58225973F26682CD4F783DDEDE C:\Windows\System32\DRIVERS\s0017obex.sys F87C3422E84B2FB1B43E0A26247AD5A5 C:\Windows\System32\DRIVERS\s0017unic.sys DF5E7360A0AFA5956BF75DA683D0679F C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE C:\Windows\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7 C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\Windows\System32\DRIVERS\sisagp.sys 6B33D0EBD30DB32E27D1D78FE946A754 C:\Windows\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14 C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\Windows\System32\Drivers\sptd.sys F42EFEFB765235F24B24E1D2B6F99F46 C:\Windows\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\Windows\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2 C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\Windows\System32\DRIVERS\SysTool.sys C015452300111692A1A44E46ABC3C24E C:\Windows\System32\DRIVERS\tcpip.sys 93EA8D04EC73A85DB02EB8805988F733 C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61 C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\Windows\System32\drivers\usbaudio.sys E919708DB44ED8543A7C017953148330 C:\Windows\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8 C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\Windows\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B C:\Windows\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00 C:\Windows\System32\DRIVERS\usbscan.sys A0B8CF9DEB1184FBDD20784A58FA75D4 C:\Windows\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\Windows\System32\Drivers\usbvideo.sys 63BBFCA7F390F4C49ED4B96BFB1633E0 C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\Windows\System32\Drivers\VMUVC.sys 396138D1F159EBC7C1732A92094C8A7E C:\Windows\System32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\Windows\System32\drivers\vvftUVC.sys D3EE7CC6B0C29083A874DB9D890BCEB5 C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\Windows\System32\Drivers\wpdusb.sys 1385E5AA9C9821790D33A9563B8D2DD0 C:\Windows\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8 C:\Windows\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78 C:\Windows\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-27 07:30 - 2013-11-27 07:30 - 00000000 ____D C:\FRST 2013-11-26 20:46 - 2013-11-26 20:51 - 00000000 ____D C:\AdwCleaner 2013-11-26 20:14 - 2013-11-26 20:14 - 00012618 _____ C:\ComboFix.txt 2013-11-26 20:14 - 2013-11-26 20:14 - 00000000 ____D C:\Documents and Settings\Ermin\Local Settings\Application Data\PCHealth 2013-11-26 19:37 - 2013-11-26 20:14 - 00000000 ____D C:\Qoobox 2013-11-26 19:37 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2013-11-26 19:37 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2013-11-26 19:37 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2013-11-26 19:37 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2013-11-26 19:37 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2013-11-26 19:37 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2013-11-26 19:37 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe 2013-11-26 19:37 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe 2013-11-26 19:37 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe 2013-11-26 19:29 - 2013-11-26 19:30 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-11-26 19:29 - 2013-11-26 19:29 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-11-26 19:29 - 2013-11-26 19:29 - 00000000 ____D C:\Documents and Settings\Administrator 2013-11-26 19:29 - 2005-04-28 18:42 - 00000000 ____H C:\Documents and Settings\Administrator\hpothb07.tif 2013-11-26 19:29 - 2005-04-28 18:42 - 00000000 ____H C:\Documents and Settings\Administrator\hpothb07.dat 2013-11-26 19:29 - 2004-08-22 20:49 - 00001503 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk 2013-11-26 19:29 - 2004-08-22 20:49 - 00000696 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 2013-11-26 19:29 - 2004-08-22 20:48 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories 2013-11-26 18:26 - 2013-11-26 19:32 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2013-11-26 18:22 - 2013-11-26 18:22 - 00700432 _____ C:\Documents and Settings\Ermin\Local Settings\Application Data\census.cache 2013-11-26 18:20 - 2013-11-26 18:20 - 00175516 _____ C:\Documents and Settings\Ermin\Local Settings\Application Data\ars.cache 2013-11-26 17:28 - 2013-11-26 17:28 - 00000036 _____ C:\Documents and Settings\Ermin\Local Settings\Application Data\housecall.guid.cache 2013-11-26 15:51 - 2013-11-27 07:29 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2013-11-26 15:42 - 2013-11-26 15:41 - 00106496 _____ C:\WINDOWS\Minidump\Mini112613-02.dmp 2013-11-26 15:40 - 2013-11-26 15:40 - 00106496 _____ C:\WINDOWS\Minidump\Mini112613-01.dmp 2013-11-10 18:54 - 2013-11-10 18:54 - 00000661 _____ C:\Documents and Settings\Ermin\Desktop\Football Manager 2014.lnk 2013-11-09 18:59 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2013-11-09 18:59 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2013-11-09 18:59 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2013-11-09 18:59 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2013-11-09 18:59 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2013-11-09 18:59 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2013-11-09 18:59 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2013-11-09 18:59 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2013-11-09 18:59 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll 2013-11-09 18:59 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll 2013-11-09 18:59 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll 2013-11-09 18:59 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll 2013-11-09 18:59 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll 2013-11-09 18:59 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll 2013-11-09 18:59 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll 2013-11-09 18:59 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll 2013-11-09 18:59 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll 2013-11-09 18:59 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2013-11-09 18:59 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll 2013-11-08 17:32 - 2004-08-22 16:31 - 00155136 _____ ( ) C:\WINDOWS\system32\Drivers\d347bus.sys 2013-11-08 17:32 - 2004-08-22 16:31 - 00005248 _____ ( ) C:\WINDOWS\system32\Drivers\d347prt.sys 2013-11-07 20:54 - 2013-11-07 20:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinterSoft 2013-10-30 18:47 - 2013-10-30 18:51 - 00000000 ____D C:\WINDOWS\SxsCaPendDel ==================== One Month Modified Files and Folders ======= 2013-11-27 07:30 - 2013-11-27 07:30 - 00000000 ____D C:\FRST 2013-11-27 07:29 - 2013-11-26 15:51 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2013-11-26 21:24 - 2004-08-25 11:59 - 01291000 _____ C:\WINDOWS\WindowsUpdate.log 2013-11-26 21:24 - 2004-08-22 20:56 - 00000178 ___SH C:\Documents and Settings\Ermin\ntuser.ini 2013-11-26 21:15 - 2012-12-07 14:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-11-26 21:15 - 2004-08-22 20:45 - 00000273 _____ C:\WINDOWS\wiadebug.log 2013-11-26 21:15 - 2004-08-22 20:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-11-26 21:14 - 2012-10-15 06:32 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-26 21:14 - 2004-08-22 20:58 - 00179235 _____ C:\WINDOWS\system32\nvapps.xml 2013-11-26 21:14 - 2004-08-22 20:45 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-11-26 20:51 - 2013-11-26 20:46 - 00000000 ____D C:\AdwCleaner 2013-11-26 20:40 - 2012-10-15 06:32 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-26 20:14 - 2013-11-26 20:14 - 00012618 _____ C:\ComboFix.txt 2013-11-26 20:14 - 2013-11-26 20:14 - 00000000 ____D C:\Documents and Settings\Ermin\Local Settings\Application Data\PCHealth 2013-11-26 20:14 - 2013-11-26 19:37 - 00000000 ____D C:\Qoobox 2013-11-26 20:09 - 2004-08-22 20:47 - 00000000 ____D C:\WINDOWS\system32\Restore 2013-11-26 20:09 - 2004-08-22 20:36 - 00000324 _____ C:\WINDOWS\system.ini 2013-11-26 20:05 - 2004-08-22 20:16 - 00000000 ____D C:\WINDOWS\HELP 2013-11-26 19:37 - 2011-03-10 08:05 - 00000000 ____D C:\WINDOWS\ERDNT 2013-11-26 19:32 - 2013-11-26 18:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2013-11-26 19:32 - 2005-02-20 00:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2013-11-26 19:30 - 2013-11-26 19:29 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-11-26 19:29 - 2013-11-26 19:29 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-11-26 19:29 - 2013-11-26 19:29 - 00000000 ____D C:\Documents and Settings\Administrator 2013-11-26 18:22 - 2013-11-26 18:22 - 00700432 _____ C:\Documents and Settings\Ermin\Local Settings\Application Data\census.cache 2013-11-26 18:20 - 2013-11-26 18:20 - 00175516 _____ C:\Documents and Settings\Ermin\Local Settings\Application Data\ars.cache 2013-11-26 17:28 - 2013-11-26 17:28 - 00000036 _____ C:\Documents and Settings\Ermin\Local Settings\Application Data\housecall.guid.cache 2013-11-26 15:41 - 2013-11-26 15:42 - 00106496 _____ C:\WINDOWS\Minidump\Mini112613-02.dmp 2013-11-26 15:40 - 2013-11-26 15:40 - 00106496 _____ C:\WINDOWS\Minidump\Mini112613-01.dmp 2013-11-23 18:03 - 2008-03-28 16:01 - 00000000 ____D C:\Documents and Settings\Ermin\Application Data\Skype 2013-11-17 19:43 - 2010-12-30 10:00 - 00000000 ____D C:\Documents and Settings\Ermin\My Documents\Posao 2013-11-17 19:41 - 2013-06-17 19:00 - 00000000 ____D C:\Documents and Settings\Ermin\Application Data\vlc 2013-11-11 15:18 - 2004-08-22 21:17 - 00169472 _____ C:\Documents and Settings\Ermin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-10 18:54 - 2013-11-10 18:54 - 00000661 _____ C:\Documents and Settings\Ermin\Desktop\Football Manager 2014.lnk 2013-11-10 07:40 - 2013-05-23 15:46 - 00000000 ____D C:\Documents and Settings\Ermin\My Documents\Sports Interactive 2013-11-09 18:59 - 2013-05-14 20:24 - 00102931 _____ C:\WINDOWS\setupapi.log 2013-11-09 18:59 - 2004-08-22 20:47 - 00000000 ____D C:\WINDOWS\system32\DirectX 2013-11-09 18:17 - 2011-04-02 20:14 - 00000000 ____D C:\Documents and Settings\Ermin\Application Data\uTorrent 2013-11-08 17:31 - 2004-11-15 22:08 - 00000000 ____D C:\WINDOWS\Downloaded Installations 2013-11-08 13:11 - 2011-01-02 18:49 - 00000000 ____D C:\Games 2013-11-07 20:59 - 2013-05-15 05:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate 2013-11-07 20:54 - 2013-11-07 20:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinterSoft 2013-11-06 14:50 - 2008-07-10 12:50 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Sports Interactive 2013-10-30 18:51 - 2013-10-30 18:47 - 00000000 ____D C:\WINDOWS\SxsCaPendDel 2013-10-30 18:48 - 2013-07-25 07:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Files to move or delete: ==================== C:\Documents and Settings\Administrator\hpothb07.dat C:\Documents and Settings\All Users\hpothb07.dat C:\Documents and Settings\Default User\hpothb07.dat C:\Documents and Settings\Ermin\hpothb07.dat C:\Documents and Settings\Ermin\jagex_runescape_preferences.dat C:\Documents and Settings\LocalService\hpothb07.dat Some content of TEMP: ==================== C:\Documents and Settings\Ermin\Local Settings\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2004-08-22 20:36] - [2008-04-14 04:42] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ [Link mogu videti samo ulogovani korisnici]

Profil

Sass Drake Poslao: 27 Nov 2013 12:21 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ko ti je rekao da pokrećeš ComboFix?

Profil

elvin85 Poslao: 27 Nov 2013 14:42 Idi na vrh
offline elvin85 Novi MyCity građanin Pridružio: 10 Mar 2011 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije niko. Ali sam pokusao s malwerbytesim i combofixom. Valjda nisam zeznu. Sta mi je ciniti?

Profil

Sass Drake Poslao: 27 Nov 2013 16:17 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix je kompleksan alat čijim nepravilnim rukovanjem možep oštetiti operativni sistem i ubuduće ga ne pokreći na svoju ruku. Postavi mi ComboFix izvještaj koj ise nalazi na C:\ComboFix.txt

Profil

elvin85 Poslao: 27 Nov 2013 16:43 Idi na vrh
offline elvin85 Novi MyCity građanin Pridružio: 10 Mar 2011 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici]

Profil

Sass Drake Poslao: 27 Nov 2013 17:06 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema ništa maliciozno u postavljenim izvještajima. Skini na Desktop i pokreni ovaj alat: [Link mogu videti samo ulogovani korisnici] Nakon što on završi: Uklonićemo korišćene alate. Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop Dvoklikom pokreni program. Štikliraj sledeće opcije: Remove disinfection tools Purge System Restore Reset system settings Klikni na dugme "Run" i pričekaj da program završi rad. Kada alat završi, otvoriće izvješ0taj u Notepadu. Napomena: Izvještaj ce takodje biti sacuvan na C:\DelFix.txt Taj izvještaj mi nije potreban. Posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj. Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield. Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja. Home Page MCShield-a: [Link mogu videti samo ulogovani korisnici] Više o MCShield-u možeš saznati u ovoj temi: [Link mogu videti samo ulogovani korisnici] Facebook stranica MCShield-a: [Link mogu videti samo ulogovani korisnici] Pozdrav.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus ili?

Ko je trenutno na forumu

Ukupno su 1186 korisnika na forumu :: 138 registrovanih, 12 sakrivenih i 1036 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100ka, AndrejPetar, anta, Apok, armor, Azzo, B61, Banovo Brdo, bavar357, bgs, bladesu, bojcistv, Botovac, Brankojle, Brot, Bubimir, BWG, Centauro, Cian, CraniumWhite, crnogorac, Cvijo_ue, d.arsenal321, darkkran, debeli, DeerHunter, Denaya, Dimitrise93, dinamik, Django777, Djota1, Dorcolac, draganl, Duce, E_Kurir, FileFinder, FOX, Frunze, geo.dule, Gerila015, goranvas, Haris, havoc995, Igor Antonic, ikan, ILGromovnik, IQ116, Istman, joca83, jodzula, jon istvan, Jose, jukeboxer, kaisarevic1, Klass, Kobrim, kojotuzamku, Kruger, Kubovac, kunktator, kybonacci, Lap720, lcc, Lep1na, ljubo70, LostInSpaceandTime, mack8, Manjane, marko.markovic, Mi lao shu, MIG-3, Miki01, milanpb, milanpetkovicv, mile.ilic75, Miloš Popović, minmatar34957, MiroslavD, mladen.zovko, mrav pesadinac, Najax, Ne doznajem se u oružje, neutrino, niksa517, opt1, OtacMakarije, ozzy, pein, pfc74, Pilipenda, ping15, Podljub, Povratak1912, prikolica, Primus17, PrincipL, proka89, promajauglavi, raptorsi, RJ, rodoljub, Romibrat, rr559, S2M, Samo gledam, sap, sarma, Sass Drake, Sava89, sekretar, shadower78, Simonsen23, skvara, Slobodan Filipović, srle45, Tas011, TBoy, Titan, Tribal, Trivo, TTN, tuja, ujke, Velizar Laro, vidra1, virked, VJ, VNVK, Vrač, YugoSlav, zdrebac, ZlatniRez, Zoca, zoran77, Zorge, Zvone, ZZZ, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by