Zaražen PC? (Razni softverski problemi) @ Bug.hr Forum

14 godina

offline

sub 10.11.2012 22:03

Odgovori Citiraj

Zaražen PC?

Pozdrav svima! Imam neugodan problem! Slike dolje sve govore! Nakon nekoliko restartova PC se normalno podiže, ali Comodo i dalje nešto u pozadini blokira. Tijekom onih problema sa slika, na nešto sam odgovorio Deny i ostavio kvačicu na remember. Sad stalno blokira nešto u vezi sa WMPlayerom. Malware Bytes quick i full scan pokazuju da je sve čisto isto kao i Spybot S&D! Ali i dalje nemam svoje stare točke vraćanja!

Nešto mi je ovdje sumnjivo. Molim vas, pomagajte! Ne znam više što da napravim! Skenirao sam iz Safe modea i MBAM kaže da je sve čisto. Btw, jedva sam ušao u safe mode. To je bila takva sporost....

Kao što rekoh, sad normalno sve ovo pišem sa ovog PC-a, ali imam osjećaj da mi se uvukla neka sofisticirana gamad u PC! RAM mi je zauzet 46% uz isti broj procesa kao i prije, a normalno zauzeće RAM-a mi je uvijek 25-28% u mirovanju! Najprije kao da je sve riknulo, pa onda odjednom sve "normalno"... Ja dalje ne znam što ću!

Help!

EDIT: Evo opet sam ga restartao. Zauzeće RAM-a je sad OK, ali ovaj temp je čudan. Idem to probati pobrisati. Ovo sa zadnje slike. To mi se sve večeras uselilo...

Ako tko zna što bih sve trebao napraviti, molim da kaže. Svaka sugestija je dobrodošla!

P.S. Selim se na AV temu.

Podizanje PC-a

pomutnja u akcijskom centru

Comodo prestao raditi

nema mojih točaka vraćanja

nakon restarta

comodo stalno nešto blokira od prije

čudan temp

Poruka je uređivana zadnji put sub 10.11.2012 22:51 (diskDEfragmenter).

Moj PC

trajni link

0 0 hvala 0

softwaremaniac

14 godina

offline

sub 10.11.2012 22:41

Odgovori Citiraj

Re: Zaražen PC?

diskDEfragmenter kaže...

Pozdrav svima! Imam neugodan problem! Slike dolje sve govore! Nakon nekoliko restartova PC se normalno podiže, ali Comodo i dalje nešto u pozadini blokira. Tijekom onih problema sa slika, na nešto sam odgovorio Deny i ostavio kvačicu na remember. Sad stalno blokira nešto u vezi sa WMPlayerom. Malware Bytes quick i full scan pokazuju da je sve čisto isto kao i Spybot S&D! Ali i dalje nemam svoje stare točke vraćanja!

Nešto mi je ovdje sumnjivo. Molim vas, pomagajte! Ne znam više što da napravim! Skenirao sam iz Safe modea i MBAM kaže da je sve čisto. Btw, jedva sam ušao u safe mode. To je bila takva sporost....

Kao što rekoh, sad normalno sve ovo pišem sa ovog PC-a, ali imam osjećaj da mi se uvukla neka sofisticirana gamad u PC! RAM mi je zauzet 46% uz isti broj procesa kao i prije, a normalno zauzeće RAM-a mi je uvijek 25-28% u mirovanju! Najprije kao da je sve riknulo, pa onda odjednom sve "normalno"... Ja dalje ne znam što ću!

Help!

EDIT: Evo opet sam ga restartao. Zauzeće RAM-a je sad OK, ali ovaj temp je čudan. Idem to probati pobrisati. Ovo sa zadnje slike. To mi se sve večeras uselilo...

Ako tko zna što bih sve trebao napraviti, molim da kaže. Svaka sugestija je dobrodošla!

Skeniraj sa CCE

Moj PC

trajni link nadporuka

0 0 hvala 1

Vehid

11 godina

neaktivan

offline

sub 10.11.2012 23:26

Odgovori Citiraj

Re: Zaražen PC?

diskDEfragmenter kaže...

Pozdrav svima! Imam neugodan problem! Slike dolje sve govore! Nakon nekoliko restartova PC se normalno podiže, ali Comodo i dalje nešto u pozadini blokira. Tijekom onih problema sa slika, na nešto sam odgovorio Deny i ostavio kvačicu na remember. Sad stalno blokira nešto u vezi sa WMPlayerom. Malware Bytes quick i full scan pokazuju da je sve čisto isto kao i Spybot S&D! Ali i dalje nemam svoje stare točke vraćanja!

Nešto mi je ovdje sumnjivo. Molim vas, pomagajte! Ne znam više što da napravim! Skenirao sam iz Safe modea i MBAM kaže da je sve čisto. Btw, jedva sam ušao u safe mode. To je bila takva sporost....

Kao što rekoh, sad normalno sve ovo pišem sa ovog PC-a, ali imam osjećaj da mi se uvukla neka sofisticirana gamad u PC! RAM mi je zauzet 46% uz isti broj procesa kao i prije, a normalno zauzeće RAM-a mi je uvijek 25-28% u mirovanju! Najprije kao da je sve riknulo, pa onda odjednom sve "normalno"... Ja dalje ne znam što ću!

Help!

EDIT: Evo opet sam ga restartao. Zauzeće RAM-a je sad OK, ali ovaj temp je čudan. Idem to probati pobrisati. Ovo sa zadnje slike. To mi se sve večeras uselilo...

Ako tko zna što bih sve trebao napraviti, molim da kaže. Svaka sugestija je dobrodošla!

P.S. Selim se na AV temu.

Što samo jednostavno ne digneš novi OS?

trajni link nadporuka

0 0 hvala 0

diskDEfragmenter

14 godina

offline

sub 10.11.2012 23:29

Odgovori Citiraj

Re: Zaražen PC?

Vehid kaže...

Što samo jednostavno ne digneš novi OS?

Uffff.... to mi je pod zadnje.... godina dana finih brzih windowsa7 je iza mene sa puno lijepih instaliranih stvari! Teško je samo tako cijeli disk pretvoriti u 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000!!!

Moj PC

trajni link nadporuka

0 0 hvala 0

total

15 godina

offline

ned 11.11.2012 7:59

Odgovori Citiraj

Re: Zaražen PC?

diskDEfragmenter kaže...

Vehid kaže...

Što samo jednostavno ne digneš novi OS?

Uffff.... to mi je pod zadnje.... godina dana finih brzih windowsa7 je iza mene sa puno lijepih instaliranih stvari! Teško je samo tako cijeli disk pretvoriti u 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000!!!

uradi kako piše u ovom postu pa da pogledamo o čemu se radi...vrlo vjerojatno imaš rootkit

jedina razlika je što ćeš ovo kopirati u prazno polje

netsvcs

BASESERVICES

%SYSTEMDRIVE%\*.exe

/md5start

services.*

explorer.exe

winlogon.exe

Userinit.exe

svchost.exe

/md5stop

c:\windows\installer\@ /s

c:\windows\installer\*.@ /s

%systemdrive%\$Recycle.Bin|@;true;true;true

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s

>C:\commands.txt echo list vol /raw /hide /c

/wait

>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c

/wait

type c:\diskreport.txt /c

/wait

erase c:\commands.txt /hide /c

/wait

erase c:\diskreport.txt /hide /c

CREATERESTOREPOINT

trajni link nadporuka

0 0 hvala 0

diskDEfragmenter

14 godina

offline

ned 11.11.2012 11:58

Odgovori Citiraj

Zaražen PC?

Evo speedyshare:

http://speedy.sh/yS42x/Extras.Txt

http://speedy.sh/QRwJ5/OTL.Txt

A evo sve i ovdje:

OTL Extras logfile created on: 11.11.2012. 11:36:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,17% Memory free
8,00 Gb Paging File | 6,42 Gb Available in Paging File | 80,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 104,90 Gb Total Space | 53,76 Gb Free Space | 51,25% Space Free | Partition Type: NTFS
Drive D: | 360,75 Gb Total Space | 204,03 Gb Free Space | 56,56% Space Free | Partition Type: NTFS

Computer Name: ROBI777-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0061E4DD-B7D7-4033-8DD2-7828D847C85F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E9D0D9A-9F50-4B7C-A36E-AB98E638F74C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21B3CC5B-FDFC-4F1C-A446-DCF5B871F9B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{259F186C-7403-4563-A7AB-A922C1321E5A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2B81E4B5-416E-463C-A739-D73D8FF5B0E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3060B979-6785-470B-9A52-D84EFA7F9D86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{313A203E-D8F4-4CA6-AFF3-12E859AD6513}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{35270282-AC39-40E0-BACB-17BCEEFD987F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55CDDC67-5DC0-4682-9BC6-B64A93FAB74A}" = rport=445 | protocol=6 | dir=out | app=system |
"{59DDA17A-EF9B-4DCC-9B2B-2734049F5CCD}" = lport=445 | protocol=6 | dir=in | app=system |
"{84274A35-7222-477C-9FBD-EE8150F2380A}" = rport=139 | protocol=6 | dir=out | app=system |
"{9F640A2D-301A-46B7-ADCF-D5B5D3AD7474}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AA0683AD-DA92-44CE-B389-A150ADE756EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5533F7C-B15C-460C-96A6-C3EE5108E466}" = lport=138 | protocol=17 | dir=in | app=system |
"{C3895F64-D89E-41C2-8C26-DDBAB7FFCD33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5A77DA8-0A7C-4CC3-AF94-13A4AE6C4B60}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C6B22C9C-1603-461B-96BB-A414271C7CA1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7A6B4CB-08F4-454B-9F51-D9626D73FDB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{CDD6F8DD-0538-4EF2-9D3A-F5BEE12A7F3E}" = rport=138 | protocol=17 | dir=out | app=system |
"{D126BD46-3F62-4549-8054-A1384D18C994}" = rport=137 | protocol=17 | dir=out | app=system |
"{D1A278BC-5433-48D2-8330-206A2E418587}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8391088-33C2-4A55-9A6F-A394F9929A57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FB1938E5-9BC0-4E94-9CD2-9E741A192E51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FFD33123-6F0E-45B6-A312-A2B2BB0990DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5CDF90-8507-43DC-93AB-A160357B887A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{166F0901-11EB-41AF-AA4D-52921FD316D1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1DAA9CE4-092D-440E-901C-2E122407A88B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{25445717-290B-4B8D-973A-5240346601B8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B5E0BBD-9CCD-4BA1-AA31-AFAE5202F9EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2D881479-EA36-458F-BA9F-CAFA6A566588}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3B921765-1F72-467D-8B06-54D771746D83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3CCADF70-C1FE-446E-A777-7C85E1E7AE66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48DA92B5-5BF5-4EF2-9228-8F53AF408D99}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{632FC93B-3E62-4546-8E08-C52DBF7EADAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{700DF5E4-F365-42EA-B1C2-A856DDA6A654}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{73A3EAC3-9A1B-41C8-BDD9-2E39A7F0A2FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{744D6EFA-D544-48B9-9950-5E4C4CF52F35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{799A6CF7-3E72-433A-BFF0-764720741CA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{81829566-AFE1-4753-A8BD-0B1A626950F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{848343AA-91F1-4070-A029-7B6FC022A68B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{898EB3D4-DE47-4059-B741-31F12E98897D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93A0399F-2CE9-4AC8-907C-A241E6CC7004}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A27EDAF8-2B57-417E-8017-8F78AAD9D6CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AFE8CAA7-8D3A-4AEF-99FD-768DF00D4211}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8A68134-D037-4B90-AA18-892ED4454575}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B8C5D988-29B9-4124-B516-0A6F0814A478}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C03A6A5A-D372-4B53-AFBD-AD298CE8993C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0FE9783-9F79-4932-977A-0F0B4E9C6B1A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C30AAD57-624F-401F-8C74-F5BA03341003}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0E7581A-6423-4598-A5A1-C3CC192F3FBC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3DB95D3-5263-436E-99E6-442C0233E60E}" = protocol=6 | dir=out | app=system |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{496F4FDB-A4A5-4AB1-89C2-7B4FFD37F9F1}" = HP Deskjet 1050 J410 series Basic Device Software
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-041A-1000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2010
"{90140000-0015-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-041A-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2010
"{90140000-0016-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-041A-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2010
"{90140000-0018-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-041A-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2010
"{90140000-0019-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-041A-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2010
"{90140000-001A-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-041A-1000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2010
"{90140000-001B-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-1000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6464EB5E-D0CA-4346-A18C-34471731FCA6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-081A-1000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-081A-1000-0000000FF1CE}_Office14.PROPLUS_{AE4B8A02-7D88-4E81-ACFC-2C23B36F795D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-041A-1000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2010
"{90140000-002C-041A-1000-0000000FF1CE}_Office14.PROPLUS_{7869E78F-9EAB-49AD-951B-225157836944}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-041A-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Croatian) 2010
"{90140000-0043-041A-1000-0000000FF1CE}_Office14.PROPLUS_{ECF226CC-EF57-4B48-9685-83040E3DFF97}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-041A-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Croatian) 2010
"{90140000-0044-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-041A-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2010
"{90140000-006E-041A-1000-0000000FF1CE}_Office14.PROPLUS_{D17F2878-78FF-423F-95FB-BC4FD668C3D3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-041A-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Croatian) 2010
"{90140000-00A1-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-041A-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Croatian) 2010
"{90140000-00BA-041A-1000-0000000FF1CE}_Office14.PROPLUS_{6BCF123B-AAB2-4C7F-86AB-2F9B4A40D372}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Registry First Aid_is1" = Registry First Aid
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = Catalyst Control Center
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1050-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Croatian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"3D Christmas Magic Screensaver_is1" = 3D Christmas Magic
"7art Christmas Land 3D Screensaver_is1" = 7art Christmas Land 3D ScreenSaver © 2009 by 7art-screensave
"7art Christmas Night 3D Screensaver_is1" = 7art Christmas Night 3D ScreenSaver © 2009 by 7art-screensav
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belltech Business Card Designer Pro 5.2.3_is1" = Belltech Business Card Designer Pro 5.2.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fireside Christmas 3D Screensaver_is1" = Fireside Christmas 3D Screensaver 1.0
"Flashtool" = Flashtool
"FormatFactory" = FormatFactory 2.95
"Fraps" = Fraps (remove only)
"Free 3D Christmas Screensaver_is1" = Free 3D Christmas Screensaver 1.0
"Free 3D Santa Screensaver_is1" = Free 3D Santa Screensaver
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™
"HD Tune_is1" = HD Tune 2.55
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"ImTOO DVD Ripper Ultimate 6" = ImTOO DVD Ripper Ultimate 6
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools 2011" = jv16 PowerTools 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzija 1.65.1.1000
"Night Before Christmas 3D Screensaver_is1" = Night Before Christmas 3D Screensaver
"OpenAL" = OpenAL
"POP Peeper" = POP Peeper
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Rockstar Games Social Club" = Rockstar Games Social Club
"Sleeping Dogs_is1" = Sleeping Dogs
"SubtitleWorkshop" = Subtitle Workshop 2.51
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10.11.2012. 15:16:04 | Computer Name = Robi777-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01A
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 10.11.2012. 15:16:04 | Computer Name = Robi777-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01A
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 10.11.2012. 16:56:02 | Computer Name = Robi777-PC | Source = Application Error | ID = 1000
Description = Aplikacija koja je prouzročila pogrešku: wbengine.exe, verzija: 6.1.7601.17514,
vremenska oznaka: 0x4ce79951 Modul koji je prouzročio pogrešku: KERNELBASE.dll,
verzija: 6.1.7601.17651, vremenska oznaka: 0x4e21213c Kôd iznimke: 0x80070005 Pomak
pogreške 0x000000000000cacd Id postupka: 0xeb8 Vrijeme pokretanja aplikacije koja
je prouzročila pogrešku: 0x01cdbf84650bfec7 Put aplikacije koja je prouzročila pogrešku:
C:\Windows\system32\wbengine.exe Put modula koji je prouzročio pogrešku: C:\Windows\system32\KERNELBASE.dll
Id
izvješća: 08e5045c-2b79-11e2-ac1f-001d602a2360

Error - 10.11.2012. 17:03:36 | Computer Name = Robi777-PC | Source = Application Error | ID = 1000
Description = Aplikacija koja je prouzročila pogrešku: wbengine.exe, verzija: 6.1.7601.17514,
vremenska oznaka: 0x4ce79951 Modul koji je prouzročio pogrešku: KERNELBASE.dll,
verzija: 6.1.7601.17651, vremenska oznaka: 0x4e21213c Kôd iznimke: 0x80070005 Pomak
pogreške 0x000000000000cacd Id postupka: 0xab8 Vrijeme pokretanja aplikacije koja
je prouzročila pogrešku: 0x01cdbf8626356c61 Put aplikacije koja je prouzročila pogrešku:
C:\Windows\system32\wbengine.exe Put modula koji je prouzročio pogrešku: C:\Windows\system32\KERNELBASE.dll
Id
izvješća: 177a1d83-2b7a-11e2-ac1f-001d602a2360

Error - 10.11.2012. 17:15:55 | Computer Name = Robi777-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.11.2012. 17:18:33 | Computer Name = Robi777-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01A
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 10.11.2012. 17:18:33 | Computer Name = Robi777-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01A
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 11.11.2012. 6:26:36 | Computer Name = Robi777-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.11.2012. 6:29:05 | Computer Name = Robi777-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01A
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 11.11.2012. 6:29:05 | Computer Name = Robi777-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01A
language ID. The first DWORD in the Data section contains the Win32 error code.

[ System Events ]
Error - 11.11.2012. 6:24:54 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11.11.2012. 6:24:54 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11.11.2012. 6:24:54 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11.11.2012. 6:24:54 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11.11.2012. 6:25:19 | Computer Name = Robi777-PC | Source = Service Control Manager | ID = 7024
Description = Servis HomeGroup Listener prekinut je zbog pogreške specifične za
servis %%-2147023143.

Error - 11.11.2012. 6:31:46 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11.11.2012. 6:31:46 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11.11.2012. 6:31:46 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11.11.2012. 6:31:46 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11.11.2012. 6:31:46 | Computer Name = Robi777-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

< End of report >

--------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 11.11.2012. 11:36:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,17% Memory free
8,00 Gb Paging File | 6,42 Gb Available in Paging File | 80,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 104,90 Gb Total Space | 53,76 Gb Free Space | 51,25% Space Free | Partition Type: NTFS
Drive D: | 360,75 Gb Total Space | 204,03 Gb Free Space | 56,56% Space Free | Partition Type: NTFS

Computer Name: ROBI777-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.11.11 11:33:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.scr
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.05.18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012.03.11 22:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:[b]64bit:[/b] - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009.06.05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012.03.11 22:13:38 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:[b]64bit:[/b] - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.01.15 18:40:12 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:[b]64bit:[/b] - [2012.01.15 18:40:12 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:[b]64bit:[/b] - [2011.11.08 14:58:13 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009.07.18 13:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:[/b] - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.06.05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:[b]64bit:[/b] - [2009.02.13 20:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 84 B9 DA 43 9D CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Robert\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)

O1 HOSTS File: ([2011.11.07 19:12:51 | 000,438,200 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15069 more lines...
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:[b]64bit:[/b] - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: I&zvezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: P&ošalji u OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: I&zvezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: P&ošalji u OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39D07598-2001-47AD-ABFF-7342EDCFB8BB}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.11.11 11:33:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.scr
[2012.10.26 20:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2012.10.26 19:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
[2012.10.26 19:48:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Euro Truck Simulator 2
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.11.11 11:34:45 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.11.11 11:33:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.scr
[2012.11.11 11:32:00 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 11:32:00 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 11:29:05 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.11 11:29:05 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.11 11:29:05 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.11 11:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.11 11:24:44 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.09 21:45:27 | 000,011,843 | ---- | M] () -- C:\Users\Robert\Documents\bookmark.htm
[2012.10.26 20:36:01 | 000,000,821 | ---- | M] () -- C:\Users\Robert\Desktop\Sleeping Dogs.lnk
[2012.10.26 19:48:12 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.11.09 21:45:27 | 000,011,843 | ---- | C] () -- C:\Users\Robert\Documents\bookmark.htm
[2012.10.26 20:36:01 | 000,000,821 | ---- | C] () -- C:\Users\Robert\Desktop\Sleeping Dogs.lnk
[2012.10.26 19:48:12 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
[2012.04.14 18:49:52 | 000,007,168 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.13 20:31:30 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.11.26 14:12:14 | 000,000,022 | -HS- | C] () -- C:\Users\Robert\AppData\Roaming\Sys2662.Config.Repository.bin
[2011.11.07 20:06:27 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.11.07 18:53:36 | 000,000,020 | -HS- | C] () -- C:\Users\Robert\AppData\Roaming\System7777DataCollection
[2011.11.07 18:53:36 | 000,000,020 | -HS- | C] () -- C:\Windows\Sys6547SettingsDB.sys
[2011.11.07 14:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.07 14:04:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.11.07 14:04:04 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.11.07 14:04:01 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.11.07 14:04:01 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.11.07 13:43:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< >[/color]

[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2009.07.14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009.07.14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010.11.21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009.07.14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012.07.04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2012.04.24 06:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012.04.24 05:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011.03.03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009.07.14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010.11.21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009.07.14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2010.11.21 04:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011.05.24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2012.02.11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009.07.14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010.11.21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010.11.21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2010.11.21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2012.05.01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010.11.21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010.11.21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010.11.21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2012.06.02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009.07.14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010.11.21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: SERVICES >[/color]
[2009.06.10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

[color=#A23BEC]< MD5 for: SERVICES.ASFX >[/color]
[2011.09.05 18:05:06 | 000,001,793 | ---- | M] () MD5=FA15C7EC21355391225D76C910089F50 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx

[color=#A23BEC]< MD5 for: SERVICES.ASFX17 >[/color]
[2011.06.06 12:55:40 | 000,000,613 | R--- | M] () MD5=1C7E1663AE424309CB3F78D7541BECEB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70501B744AA0100000010\10.1.0\services.asfx17

[color=#A23BEC]< MD5 for: SERVICES.CFG >[/color]
[2011.09.05 18:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011.06.06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA70501B744AA0100000010\10.1.0\services.cfg

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color]
[2011.04.12 11:41:33 | 000,017,920 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\SysNative\hr-HR\services.exe.mui
[2011.04.12 11:41:33 | 000,017,920 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_aeb1662317c1aa23\services.exe.mui

[color=#A23BEC]< MD5 for: SERVICES.LNK >[/color]
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[color=#A23BEC]< MD5 for: SERVICES.MOF >[/color]
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

[color=#A23BEC]< MD5 for: SERVICES.MSC >[/color]
[2011.04.12 11:41:33 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011.04.12 11:41:35 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011.04.12 11:41:33 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011.04.12 11:41:35 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

[color=#A23BEC]< MD5 for: SERVICES.PTXML >[/color]
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

[color=#A23BEC]< MD5 for: SERVICES.SBS >[/color]
[2011.03.01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012.09.29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[color=#A23BEC]< >[/color]

[color=#A23BEC]< c:\windows\installer\@ /s >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< c:\windows\installer\*.@ /s >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< %systemdrive%\$Recycle.Bin|@;true;true;true >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >[/color]
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2010.11.21 04:24:01 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2156
"Last Counter" = 2172
"First Help" = 2157
"Last Help" = 2173
"Object List" = 2156
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 80 90 00 00 00 A0 00 00 00 14 00 00 00 34 00 00 00 02 00 20 00 01 00 00 00 02 C0 18 00 00 00 0C 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 02 00 5C 00 04 00 00 00 00 02 14 00 FF 01 0F 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 [Binary data over 200 bytes]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< type c:\diskreport.txt /c >[/color]
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: ROBI777-PC
Volume ### Ltr Label        Fs     Type        Size     Status     Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0     E                       DVD-ROM         0 B No Media
Volume 1     K                       DVD-ROM         0 B No Media
Volume 2         Rezervirano NTFS   Partition    100 MB Healthy    System
Volume 3     C   Sustav       NTFS   Partition    104 GB Healthy    Boot
Volume 4     D   Igre         NTFS   Partition    360 GB Healthy

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< >[/color]

< End of report >

Moj PC

trajni link

0 0 hvala 0

total

15 godina

offline

ned 11.11.2012 12:45

Odgovori Citiraj

Zaražen PC?

na računalu ima tragova infekcije i to ćemo sada riješiti...zamolio bi te da ne radiš ništa drugo osim onog šti ti napišem...nikakva dodatna skeniranja s raznoraznim antivirusima i sličnim alatima...to će mi samo dodatno stvarati probeme u koracima koji slijede

1. otvori OTL i ovo kopiraj u prazno polje

:OTL

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 84 B9 DA 43 9D CC 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[2011.11.26 14:12:14 | 000,000,022 | -HS- | C] () -- C:\Users\Robert\AppData\Roaming\Sys2662.Config.Repository.bin

[2011.11.07 18:53:36 | 000,000,020 | -HS- | C] () -- C:\Users\Robert\AppData\Roaming\System7777DataCollection

[2011.11.07 18:53:36 | 000,000,020 | -HS- | C] () -- C:\Windows\Sys6547SettingsDB.sys

:Commands

[purity]

[resethosts]

[emptytemp]

[emptyjava]

[CREATERESTOREPOINT]

[Reboot]

lik na RUN FIX

-log koji dobiješ nakon restarta ćeš kopirati na speedshare kao i sve ostale logove

2.sini combofix i spremi na desktop

-isključi realtime zaštitu na računalu

-pokreni combofix i na sve odgovaraj potvrdno

-log koji dobiješ kopiraj

3.skini farbar service scanner i spremi na desktop

-pokreni program, sve označi i klik na scan

-log kopiraj

trajni link

1 0 hvala 1

diskDEfragmenter

14 godina

offline

ned 11.11.2012 13:42

Odgovori Citiraj

Zaražen PC?

A evo baš sam u međuvremenu prošao sa hitmanom pro, superantispywareom i rogue killer, ali ništa nisu našli. Sorry, nisam znao. Rogue killer je nešto našao, ali nisam ništa još brisao.

Napravit ću kako si rekao.

EDIT:

Evo svi logovi:

http://speedy.sh/jk5HM/11112012-135923.log

http://speedy.sh/gNZME/combofix.txt

http://speedy.sh/UnpEd/FSS.txt

I što dalje? Mogu li nekako napraviti da mi Comodo Defense+ više ne blokirava Trusted Installer i WMOlayer? Ne mogu pokrenuti Disc cleanup. Kad isključim defense+, stvar se odmah pokreće.

Btw, sad imam i nove točke vraćanja. Hvala!!! Ima li još nešto što trebam napraviti? Za vrijeme onih pustih grešaka (jučer) sam opazio da su na trenutak bile vidljive 2 ikonice od comodoa u system tray-u, pa sam posumnjao u nekakav fake Comodo.....

Jednostavno ću deinstalirati i ponovo instalirati Comodo.

EDIT:

Sad je sve super! Idem malo pročistiti, defragmentirati itd...

Comodo više ništa ne blokira! Više se ništa ne ponaša čudno.

Total, hvala!!! Zakon si!

Ako još moram nešto napraviti, reci!

Poruka je uređivana zadnji put ned 11.11.2012 15:24 (diskDEfragmenter).

Moj PC

trajni link

0 0 hvala 0

total

15 godina

offline

ned 11.11.2012 18:01

Odgovori Citiraj

Zaražen PC?

sad je sve ok..možeš izbrisati alate koje smo koristili

otvori OTL i klik na Clean Up , ovo će izbrisati OTL i combofix, a ako FSS slučajno ostane, samo ga povuci s mišem u smeće

trajni link

0 0 hvala 1

diskDEfragmenter

14 godina

offline

ned 11.11.2012 18:25

Odgovori Citiraj

Zaražen PC?

Puno, puno, puno, puno hvala na pomoći!

Ako se opet nešto dogodi, znam kome ću se obratiti.

Veliki pozdrav!

P.S. One programe sam uklonio samo onako s desktopa prije nego što sam vidio novu poruku. Folder Qoobox mi je ostao neizbrisiv. Ali nema veze. Bitno da je sve OK.

Poruka je uređivana zadnji put ned 11.11.2012 18:50 (diskDEfragmenter).

Moj PC

trajni link

0 0 hvala 0

diskDEfragmenter

14 godina

offline

ned 11.11.2012 19:55

Odgovori Citiraj

Re: Zaražen PC?

Total, evo sad kad sam miran, samo da još nešto pitam. Kako se uopće može takva gamad uvaliti u PC kad nikad ne idem na iti malo sumnjive stranice? Zar je za zarazu dovoljno samo imati upaljen net? Mislim, jučer sam bio samo na youtube-u i tek kad sam uvečer upalio PC, dočekao me šok! I zar ne bi antivirus trebao ovakve stvari presresti prije nego uđu i naprave štetu? Je li uopće taj Comodo internet security dobro rješenje ili bi stvarno trebalo ići na neki dobri plaćeni antivirus? I,na kraju, jesu li ti rootkitovi nekakvi exe fajlovi ili samo skup fajlova i kodova koji učine zbrku? Ovako nešto nisam u 10 godina doživio!

dr. Watson

Moj PC

trajni link nadporuka

0 0 hvala 0

total

15 godina

offline

pon 12.11.2012 12:15

Odgovori Citiraj

Re: Zaražen PC?

diskDEfragmenter kaže...

Total, evo sad kad sam miran, samo da još nešto pitam. Kako se uopće može takva gamad uvaliti u PC kad nikad ne idem na iti malo sumnjive stranice? Zar je za zarazu dovoljno samo imati upaljen net? Mislim, jučer sam bio samo na youtube-u i tek kad sam uvečer upalio PC, dočekao me šok! I zar ne bi antivirus trebao ovakve stvari presresti prije nego uđu i naprave štetu? Je li uopće taj Comodo internet security dobro rješenje ili bi stvarno trebalo ići na neki dobri plaćeni antivirus? I,na kraju, jesu li ti rootkitovi nekakvi exe fajlovi ili samo skup fajlova i kodova koji učine zbrku? Ovako nešto nisam u 10 godina doživio!

tako je, za zarazu je dovoljno imati upaljen net i malo "sreće" :)....ne postoji antivirus ili internet security koji će štititi računalo 100 %, tako da se s tim ne zamaraš previše. u tvom slučaju bi bilo dobro da instalirašno script add on, pošto je to jedna od slabih točaka comoda.

a današnji rootkitovi se razvijaju nevjerojatnom brzinom (nekoliko verzija tjedno), sad zamisli koliko antivirusne tvrtke kasne za tvorcima malwarea ?...primjer, ti si još dobro i prošao, naime postoje verzije koje se jednostavno ne mogu očistiti s dosadašnjim poznatim alatima

rotkit ne mora biti nužno .exe file, da je tako, vrlo jednostavno bi se pronašli i ukonili :)

trajni link nadporuka

2 0 hvala 1

diskDEfragmenter

14 godina

offline

pon 12.11.2012 12:54

Odgovori Citiraj

Re: Zaražen PC?

Još jednom hvala na pomoci i savjetima!

dr. Watson

Moj PC

trajni link nadporuka

0 0 hvala 0

Hacker002

16 godina

offline

pon 12.11.2012 14:44

Odgovori Citiraj

Zaražen PC?

Ti si još super prošao kako je meni nekidan bilo - bio sam na internetu, ništa posebno, naslovnica Facebooka, YouTube, BUG, Mercedes forum Hrvatska u koji sad sumnjam da je zaražen) i odjednom paf - zaključa mi kompjutor i prikaže ekran sa raznim smećem kao neka 'internet policija' koja je skužila da imam nelegalno skinutog softvera na računalu i traži 100 funti da mi otključa računalo..restartam ga i iđe i sve normalno, ali nakon 2-3 inute opet taj ekran i nema dalje. Uđem u safe mode i opet ništa ne postižem. Uzmem cd od Windowsa i taman prije nego što ću ga ubacit idem za svaki slučaj provjerit jel imam koji restore point. Nisam u to bio siguran jer sam imao praksu to isključivati, i na svu sreću ovaj put izgleda nisam bio isključio i bilo ih je 4, jedan od prije par dana. I odem na njega i uspješno se vrati i nema više toga smeća. Od tad više nisam išao na taj Mercedesov forum jer je nedavno bio zaražen nekakvim malwareom pa imam sumnju na njega.

Pouka? System restore point uključiti i staviti da svaki dan radi polaznu točku za nedaj Bože.

Moj PC

trajni link

0 0 hvala 0

djigibao

16 godina

offline

pon 12.11.2012 15:19

Odgovori Citiraj

Re: Zaražen PC?

total kaže...

u tvom slučaju bi bilo dobro da instalirašno script add on, pošto je to jedna od slabih točaka comoda.

Hacker002 kaže...

Ti si još super prošao kako je meni nekidan bilo - bio sam na internetu, ništa posebno, naslovnica Facebooka, YouTube, BUG, Mercedes forum Hrvatska u koji sad sumnjam da je zaražen) i odjednom paf - zaključa mi kompjutor i prikaže ekran sa raznim smećem kao neka 'internet policija' koja je skužila da imam nelegalno skinutog softvera na računalu i traži 100 funti da mi otključa računalo..restartam ga i iđe i sve normalno, ali nakon 2-3 inute opet taj ekran i nema dalje. Uđem u safe mode i opet ništa ne postižem. Uzmem cd od Windowsa i taman prije nego što ću ga ubacit idem za svaki slučaj provjerit jel imam koji restore point. Nisam u to bio siguran jer sam imao praksu to isključivati, i na svu sreću ovaj put izgleda nisam bio isključio i bilo ih je 4, jedan od prije par dana. I odem na njega i uspješno se vrati i nema više toga smeća. Od tad više nisam išao na taj Mercedesov forum jer je nedavno bio zaražen nekakvim malwareom pa imam sumnju na njega.

Pouka? System restore point uključiti i staviti da svaki dan radi polaznu točku za nedaj Bože.

Ili se stavi browser u sandbox s SANDBOXIE-em i surfas bez brige {#}

http://av-gurus.blogspot.com/ | http://www.facebook.com/antivirusna.ekipa | http://www.youtube.com/user/TheDjigibao

Moj PC

trajni link nadporuka

2 0 hvala 2

diskDEfragmenter

14 godina

offline

pon 12.11.2012 16:14

Odgovori Citiraj

Zaražen PC?

Da, ali užas je u tome što može bilo što uletiti u pozadini dok ti, recimo, piješ Coca-Colu i gledaš svoju kolekciju slika na PC-u.

Ali, možda griješim što na PC-ju koristim IE9 (budući da imam 7-micu). Na laptopu mi je XP i na Firefoxu sam.

Što mislite? Možda bih trebao i na 7-mici preći na Firefox? On se ipak stalno nadograđuje za razliku od IE9...

I taj noscript addon je isto za Firefox.

Poruka je uređivana zadnji put pon 12.11.2012 16:28 (diskDEfragmenter).

Moj PC

trajni link

0 0 hvala 0

Hacker002

16 godina

offline

pon 12.11.2012 20:20

Odgovori Citiraj

Zaražen PC?

IE ne koristi ni moj djed a na PCu zna otići na njuškalo i par portala te pogledati imenik.

Moj PC

trajni link

1 0 hvala 0

diskDEfragmenter

14 godina

offline

pon 12.11.2012 20:59

Odgovori Citiraj

Re: Zaražen PC?

Hacker002 kaže...

IE ne koristi ni moj djed a na PCu zna otići na njuškalo i par portala te pogledati imenik.

Ma dobro... IE9 se pokazao kao dosta dobar i brz preglednik, ali je nedavno imao nekih sigurnosnih problema...

Ali, da, u pravu si... iako sam negdje pročitao da se korisnici 7-mice uglavnom drže IE-a (možda to vrijedi za većinu djedova). Ali preći ću na Firefox na PC-u. To je sigurno.

Ima jako puno korisnih addonova.

Moj PC

trajni link nadporuka

0 0 hvala 0