Backdoor.Agent

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uz pomoć Malwarebites' Anti-malvare otkrio sam u reg.bazi Backdoor.Agent ali ne mogu nikako da ga uklonim iz reg. baze uz pomoć istog. Kako da bezbedno i sigurno uklonim navedeni zloćudni softver sa kompjutera koji nije aktivan u task menadžeru?
PS
AVG ga nije dijagnostifikovao!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Potrebno je da ispratiš upustvo u Kako otvoriti temu u Ambulanti i postaviš potrebne izvještaje.







Sass Drake, MyCity AMF tim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 18 Okt 2011 9:58

Uz pomoć Malwarebites' Anti-malvare otkrio sam u reg.bazi Backdoor.Agent ali ne mogu nikako da ga uklonim iz reg. baze uz pomoć istog. Kako da bezbedno i sigurno uklonim navedeni zloćudni softver sa kompjutera koji nije aktivan u task menadžeru?
PS
AVG ga nije dijagnostifikovao!
Nisam uočio za sada veće nepravilnosti u radu mog kračunara a pomenuti Backdoor je sasslučajno detektovan o čemu prilažem kopiju izveštaja.

[Link mogu videti samo ulogovani korisnici]
I po vašem uputstvu OLTtxt:

[Link mogu videti samo ulogovani korisnici]

Oprostite mi na greškama i nerazumevanju postupka za otvaranje teme u Ambulanti. Unapred vam zahvaljujem

Dopuna: 18 Okt 2011 10:23

Koristim bežični internet Wireless 512kb/s

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 48h, osveži temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.
Za više informacija o pravilima Ambulante MyCity foruma: LINK






Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.





Sass Drake, My City AMF tim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 11-10-18.04 - Deki 18.10.2011 22:49:44.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1142 [GMT 2:00]
Running from: c:\users\Deki\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\64\AutocompletePro64.dll
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\windows\assembly\tmp\U
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 21:03 . 2011-10-18 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 08:36 . 2011-10-18 08:42 -------- d-----w- c:\users\Deki\AppData\Roaming\MCShield
2011-10-18 08:36 . 2011-10-18 08:42 -------- d-----w- c:\program files (x86)\MCShield
2011-10-17 18:17 . 2011-10-18 06:16 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-10-17 18:16 . 2011-10-17 18:17 -------- d--h--w- c:\program files (x86)\Zero G Registry
2011-10-17 18:16 . 2011-10-17 18:16 -------- d-----w- c:\program files (x86)\Sports Interactive
2011-10-17 18:15 . 2011-10-17 18:15 -------- d--h--w- c:\users\Deki\InstallAnywhere
2011-10-17 06:39 . 2011-10-17 06:39 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-16 19:07 . 2011-10-17 19:35 -------- d-----w- c:\programdata\NFS Underground
2011-10-16 17:41 . 2011-10-16 17:41 -------- d-sh--w- c:\windows\ftpcache
2011-10-16 10:19 . 2011-10-16 10:19 -------- d-----w- c:\program files (x86)\ChatVibes.com
2011-10-15 19:25 . 2011-10-15 19:25 -------- d-----w- c:\users\Deki\AppData\Roaming\Malwarebytes
2011-10-15 19:25 . 2011-10-15 19:25 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 19:25 . 2011-10-18 06:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-15 19:25 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 08:36 . 2011-10-15 08:36 -------- d-----w- c:\users\Deki\AppData\Roaming\PC Cleaners
2011-10-15 08:36 . 2011-10-15 08:33 5356304 ----a-w- c:\windows\uninst.exe
2011-10-15 08:36 . 2011-10-15 08:36 -------- d-----w- c:\programdata\PC1Data
2011-10-12 09:17 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 08:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 08:54 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 08:54 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 08:54 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 08:52 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 08:52 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 08:52 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 08:52 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 07:04 . 2011-10-12 07:04 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-10-12 06:52 . 2011-10-12 06:52 -------- d-----w- C:\My Music
2011-10-12 06:31 . 2011-10-12 06:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-12 05:59 . 2011-10-12 05:59 -------- d-----w- c:\users\Deki\AppData\Local\Real
2011-10-12 04:45 . 2011-10-12 04:45 -------- d-----w- c:\users\Deki\AppData\Local\Wicked_Interactive_LTD
2011-10-11 21:35 . 2011-10-11 21:35 -------- d-----w- c:\programdata\PMB Files
2011-10-11 21:12 . 2011-10-11 21:12 -------- d-----w- c:\program files (x86)\Pando Networks
2011-10-11 20:59 . 2011-10-11 20:59 -------- d-----w- c:\program files (x86)\Raptr
2011-10-11 09:42 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-10-11 09:42 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-10-11 09:42 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-10-11 09:41 . 2011-10-11 09:42 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-10-10 19:07 . 2011-10-10 19:07 -------- d-----w- c:\windows\system32\Macromed
2011-10-10 18:55 . 2011-10-10 18:55 -------- d-----w- c:\programdata\McAfee
2011-10-10 10:51 . 2011-10-10 10:51 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-08 00:29 . 2011-10-08 00:29 -------- d-----w- c:\program files (x86)\MSECache
2011-10-06 22:21 . 2011-10-06 22:21 -------- d-----w- c:\users\Deki\AppData\Local\vghd
2011-10-06 21:45 . 2011-10-06 21:45 -------- d-----w- c:\programdata\WidgetServer
2011-10-06 21:45 . 2011-10-06 21:45 -------- d-----w- c:\program files (x86)\AllGamesHome Toolbar
2011-10-06 15:58 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{124DE0F6-F641-4789-ABA3-761E2FD67083}\mpengine.dll
2011-10-06 07:56 . 2005-08-16 23:01 97792 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxcgpp6c.dll
2011-10-06 07:42 . 2011-10-06 07:42 -------- d-----w- c:\program files\Lexmark 2300 Series
2011-10-05 21:32 . 2011-10-05 21:32 -------- d-sh--w- c:\users\Deki\AppData\Local\6c36d5e4
2011-10-02 17:20 . 2011-10-02 17:59 -------- d-----w- c:\program files (x86)\4PLAY60
2011-09-29 16:26 . 2011-09-29 16:26 -------- d-----w- C:\cpdtoolbar@easydategroup.com
2011-09-29 16:26 . 2011-10-05 19:33 -------- d-----w- c:\users\Deki\AppData\Roaming\CupidChat
2011-09-28 08:22 . 2011-09-28 08:22 -------- d-----w- c:\programdata\AutoKMS
2011-09-27 22:28 . 2011-09-27 22:28 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-09-27 22:27 . 2011-09-27 22:27 -------- d-----w- c:\windows\PCHEALTH
2011-09-27 22:27 . 2011-09-27 22:27 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-09-27 22:24 . 2011-09-27 22:24 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-27 22:23 . 2011-09-27 22:23 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-09-27 22:21 . 2011-09-27 22:21 -------- d-----r- C:\MSOCache
2011-09-27 09:40 . 2011-09-27 21:30 -------- d-----w- c:\users\Deki\AppData\Roaming\QuickStoresToolbar
2011-09-26 17:11 . 2008-05-30 12:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-09-26 06:37 . 2011-09-26 06:37 -------- d-----w- c:\programdata\boost_interprocess
2011-09-25 19:52 . 2011-09-25 19:52 -------- d-----w- c:\users\Deki\AppData\Roaming\vlc
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\users\Deki\AppData\Local\Ilivid Player
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\users\Deki\AppData\Roaming\Bandoo
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\programdata\Bandoo
2011-09-25 19:49 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\Bandoo
2011-09-25 19:41 . 2011-09-25 19:41 -------- d-----w- c:\program files (x86)\Windows iLivid Toolbar
2011-09-25 19:41 . 2011-09-25 19:41 -------- d-----w- c:\program files (x86)\SearchCore for Browsers
2011-09-25 11:42 . 2011-09-25 11:42 -------- d-----w- c:\programdata\NCH Swift Sound
2011-09-25 11:41 . 2011-09-25 11:41 -------- d-----w- c:\program files (x86)\NCH Software
2011-09-25 11:41 . 2011-09-25 11:41 -------- d-----w- c:\users\Deki\AppData\Roaming\NCH Swift Sound
2011-09-25 11:23 . 2011-09-25 11:28 -------- d-----w- c:\programdata\RegTask
2011-09-25 07:33 . 2011-09-25 10:46 -------- d-----w- c:\users\Deki\AppData\Roaming\Raptr
2011-09-25 07:27 . 2011-09-25 07:27 -------- d-----w- c:\users\Deki\.swt
2011-09-25 07:26 . 2011-09-25 07:26 -------- d-----w- c:\program files (x86)\Conduit
2011-09-25 07:26 . 2011-10-16 10:19 -------- d-----w- c:\users\Deki\AppData\Local\Conduit
2011-09-25 07:26 . 2011-09-25 07:26 -------- d-----w- c:\program files (x86)\Vuze_Remote
2011-09-24 12:35 . 2011-09-24 12:36 -------- d-----w- c:\users\Deki\AppData\Local\Windows Live Writer
2011-09-24 12:35 . 2011-09-24 12:35 -------- d-----w- c:\users\Deki\AppData\Roaming\Windows Live Writer
2011-09-22 11:07 . 2011-09-22 11:07 -------- d-----w- c:\users\Deki\AppData\Local\PackageAware
2011-09-20 17:29 . 2011-10-12 20:36 -------- d-----w- c:\users\Deki\AppData\Local\Facebook
2011-09-19 18:53 . 2011-09-19 18:53 -------- d-----w- c:\users\Deki\AppData\Roaming\Babylon
2011-09-19 18:53 . 2011-09-19 18:53 -------- d-----w- c:\users\Deki\AppData\Local\Babylon
2011-09-19 18:53 . 2011-09-19 18:53 -------- d-----w- c:\programdata\Babylon
2011-09-19 18:51 . 2011-09-19 18:55 -------- d-----w- c:\users\Deki\AppData\Local\MediaGet2
2011-09-19 12:19 . 2010-04-27 02:25 18944 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2011-09-19 12:19 . 2010-04-27 02:25 161280 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2011-09-19 12:19 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2011-09-19 12:19 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2011-09-19 12:19 . 2010-04-27 02:25 15360 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2011-09-19 12:19 . 2010-04-27 02:25 15360 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2011-09-19 12:19 . 2010-04-27 02:25 127488 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2011-09-19 12:18 . 2010-04-27 02:25 18944 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2011-09-19 12:18 . 2010-04-27 02:25 161280 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2011-09-19 12:18 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2011-09-19 12:18 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2011-09-19 09:12 . 2011-09-19 09:12 -------- d-----w- c:\programdata\Installations
2011-09-19 08:57 . 2011-09-19 08:57 -------- d-----w- c:\users\Deki\AppData\Local\Innovative Solutions
2011-09-19 08:57 . 2011-09-19 08:57 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2011-09-19 08:57 . 2011-09-19 19:06 -------- d-----w- c:\programdata\Innovative Solutions
2011-09-19 08:23 . 2011-09-19 08:23 -------- d-----w- c:\users\Deki\AppData\Roaming\GHISLER
2011-09-19 08:23 . 2006-11-22 05:00 545 ----a-w- c:\windows\UC.PIF
2011-09-19 08:23 . 2006-11-22 05:00 545 ----a-w- c:\windows\RAR.PIF
2011-09-19 08:23 . 2006-11-22 05:00 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-09-19 08:23 . 2006-11-22 05:00 545 ----a-w- c:\windows\LHA.PIF
2011-09-19 08:23 . 2006-11-22 05:00 545 ----a-w- c:\windows\ARJ.PIF
2011-09-19 08:11 . 2011-09-19 08:11 -------- d-----w- c:\users\Deki\AppData\Local\Eraser 6
2011-09-19 06:18 . 2011-10-15 19:52 -------- d-----w- c:\users\Deki\AppData\Local\ElevatedDiagnostics
2011-09-19 04:57 . 2011-09-19 09:56 -------- d-----w- c:\windows\SysWow64\Samsung PC Studio Codecs
2011-09-18 22:25 . 2011-09-19 10:36 -------- d-----w- c:\windows\SysWow64\Samsung
2011-09-18 22:24 . 2004-10-22 00:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-09-18 22:24 . 2004-10-22 00:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-09-18 22:24 . 2004-10-22 00:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-09-18 22:24 . 2004-10-22 00:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-09-18 22:24 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-09-18 22:24 . 2004-10-22 00:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-09-18 22:24 . 2011-09-18 22:24 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-09-18 22:24 . 2011-09-18 22:24 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-09-18 22:17 . 2010-07-04 17:11 25960 ----a-w- c:\windows\SysWow64\FsExService64.Exe
2011-09-18 22:17 . 2010-06-14 07:32 16448 ----a-w- c:\windows\SysWow64\drivers\TFsExDisk.Sys
2011-09-18 22:16 . 2011-09-19 12:17 -------- d-----w- c:\users\Deki\AppData\Roaming\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 06:38 . 2011-09-12 15:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-17 06:38 . 2011-09-10 02:37 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-17 06:37 . 2011-09-10 02:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-12 06:31 . 2011-08-27 15:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-10 19:14 . 2011-08-28 08:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-10 13:39 . 2011-09-10 02:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-10 13:38 . 2011-09-12 15:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-10 13:35 . 2011-09-12 15:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-09 15:27 . 2011-09-10 02:35 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 13:27 . 2011-09-12 15:07 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-09-14 17:00 . 2011-09-14 02:23 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-09-14 02:23 . 2011-09-14 02:23 13048 ----a-w- c:\windows\system32\avgrssta.dll
2011-09-14 02:23 . 2011-09-14 02:23 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-09-14 02:23 . 2011-09-14 02:23 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-09-06 20:45 . 2011-09-13 02:27 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-31 21:29 . 2011-08-31 21:29 4023808 ----a-w- c:\windows\SysWow64\x264vfw.dll
2011-08-31 21:00 . 2011-08-31 21:00 756736 ----a-w- c:\windows\SysWow64\lameACM.acm
2011-08-29 08:00 . 2011-08-29 08:00 1282560 ----a-w- c:\windows\SysWow64\VSFilter.dll
2011-08-28 22:45 . 2011-08-28 22:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-28 22:45 . 2011-08-28 22:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-28 22:45 . 2011-08-28 22:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-28 22:45 . 2011-08-28 22:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-28 22:45 . 2011-08-28 22:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-28 22:45 . 2011-08-28 22:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-28 22:45 . 2011-08-28 22:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-28 22:45 . 2011-08-28 22:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-28 22:45 . 2011-08-28 22:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-28 22:45 . 2011-08-28 22:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-28 22:45 . 2011-08-28 22:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-28 22:45 . 2011-08-28 22:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-28 22:45 . 2011-08-28 22:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-28 22:45 . 2011-08-28 22:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-28 22:45 . 2011-08-28 22:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-28 22:45 . 2011-08-28 22:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-28 22:45 . 2011-08-28 22:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-28 22:45 . 2011-08-28 22:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-28 22:45 . 2011-08-28 22:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-28 22:45 . 2011-08-28 22:45 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-28 22:45 . 2011-08-28 22:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-28 22:45 . 2011-08-28 22:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-28 22:45 . 2011-08-28 22:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-28 22:45 . 2011-08-28 22:45 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-28 22:45 . 2011-08-28 22:45 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-28 22:45 . 2011-08-28 22:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-28 22:45 . 2011-08-28 22:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-28 22:45 . 2011-08-28 22:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-28 22:45 . 2011-08-28 22:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-28 22:45 . 2011-08-28 22:45 448512 ----a-w- c:\windows\system32\html.iec
2011-08-28 22:45 . 2011-08-28 22:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-28 22:45 . 2011-08-28 22:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-28 22:45 . 2011-08-28 22:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-28 22:45 . 2011-08-28 22:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-28 22:45 . 2011-08-28 22:45 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-28 22:45 . 2011-08-28 22:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-28 19:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-28 19:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-28 01:03 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-29 00:49 . 2011-07-29 00:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-29 00:48 . 2011-07-29 00:48 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-29 00:48 . 2011-07-29 00:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-28 22:23 . 2011-07-28 22:23 9980416 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 22:09 . 2011-07-28 22:09 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:40 . 2011-07-28 21:40 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-07-28 21:39 . 2011-07-28 21:39 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:36 . 2011-07-28 21:36 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-07-28 21:34 . 2011-07-28 21:34 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-07-28 21:30 . 2011-07-28 21:30 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-07-28 21:20 . 2009-07-13 21:59 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-07-28 21:12 . 2011-07-28 21:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2011-07-28 21:11 . 2011-07-28 21:11 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-07-28 21:10 . 2011-07-28 21:10 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2011-07-28 21:09 . 2011-07-28 21:09 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-07-28 21:03 . 2011-07-28 21:03 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-07-28 21:02 . 2011-07-28 21:02 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-07-28 21:01 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:54 . 2011-07-28 20:54 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-07-28 20:54 . 2011-07-28 20:54 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 309248 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:53 . 2011-07-28 20:53 40960 ----a-w- c:\windows\system32\atiuxp64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c34bfb11-eff0-4123-a7a5-79051ef24cf5}"= "c:\program files (x86)\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 17:15 2532680 ----a-w- c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1}]
2011-07-18 11:43 2376824 ----a-w- c:\program files (x86)\ButterscotchToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\ChatVibes.com\prxtbChat.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
"{AF3D7884-B142-414E-943D-75D8D54E1FFF}"= "c:\program files (x86)\ButterscotchToolbar\IEToolbar.dll" [2011-07-18 2376824]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files (x86)\AllGamesHome Toolbar\tbcore3.dll" [2011-09-02 2659968]
"{c34bfb11-eff0-4123-a7a5-79051ef24cf5}"= "c:\program files (x86)\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{af3d7884-b142-414e-943d-75d8d54e1fff}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Facebook Update"="c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-20 137536]
"Steam"="d:\fotball menager 2009\Steam.exe" [2011-10-17 1242448]
"MCShieldTray"="c:\program files (x86)\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RemoteControl"="c:\program files (x86)\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-11-01 32768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-09-14 2076512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-12 273528]
.
c:\users\Deki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\Deki\AppData\Local\vghd\bin\vghd.exe [2011-10-7 846848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\RALINK\Common\RaUI.exe [2011-8-27 1294336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\users\Deki\AppData\Local\6c36d5e4\X"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R3 ALSysIO;ALSysIO;c:\users\Deki\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-29 361984]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2011-09-14 308136]
S2 HWiNFO32;HWiNFO32 Kernel Driver;d:\cane\Programi za windows\alati\hw32_230\HWiNFO64A.SYS [2008-07-22 26728]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000Core.job
- c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 17:29]
.
2011-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000UA.job
- c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 17:29]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 15:59]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 15:59]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000Core.job
- c:\users\Deki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 16:04]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000UA.job
- c:\users\Deki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 16:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files (x86)\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 10.5.60.1 212.200.190.166 212.200.191.166
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - c:\program files (x86)\ButterscotchToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Deki\AppData\Roaming\Mozilla\Firefox\Profiles\6eohzadl.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Bandoo for Firefox: [Link mogu videti samo ulogovani korisnici] - c:\users\Deki\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Bandoo for Firefox: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\ffox@bandoo.com
FF - Ext: AllGamesHome Toolbar: {C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} - %profile%\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ChatVibes.com Community Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - %profile%\extensions\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{AF3D7884-B142-414E-943D-75D8D54E1FFF} - (no file)
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Bandoo\Bandoo.exe
.
**************************************************************************
.
Completion time: 2011-10-18 23:28:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 21:28
.
Pre-Run: 90.849.820.672 bytes free
Post-Run: 90.768.039.936 bytes free
.
- - End Of File - - 8A33347E481839F34F56DACF081E62E1

Mnogo vam hvala sada je sve u najboljem redu sa mojim računarom! Pozdrav!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nažalost, izgleda da sam se prerano obradovao odjutros se pojavio isti problem pa sam ponovo pokrenuo ComboFix ali ovog puta nije uspeo da ukloni backdoor šaljem vam i taj izveštaj.
ComboFix 11-10-19.01 - Deki 19.10.2011 11:04:11.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.896 [GMT 2:00]
Running from: d:\cane\Programi za windows\alati\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 09:13 . 2011-10-19 09:13 0 ---ha-w- c:\users\Deki\AppData\Local\BIT340A.tmp
2011-10-19 09:11 . 2011-10-19 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 08:36 . 2011-10-18 08:42 -------- d-----w- c:\users\Deki\AppData\Roaming\MCShield
2011-10-18 08:36 . 2011-10-18 08:42 -------- d-----w- c:\program files (x86)\MCShield
2011-10-17 18:17 . 2011-10-18 06:16 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-10-17 18:16 . 2011-10-17 18:17 -------- d--h--w- c:\program files (x86)\Zero G Registry
2011-10-17 18:16 . 2011-10-17 18:16 -------- d-----w- c:\program files (x86)\Sports Interactive
2011-10-17 18:15 . 2011-10-17 18:15 -------- d--h--w- c:\users\Deki\InstallAnywhere
2011-10-17 06:39 . 2011-10-17 06:39 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-16 19:07 . 2011-10-17 19:35 -------- d-----w- c:\programdata\NFS Underground
2011-10-16 17:41 . 2011-10-16 17:41 -------- d-sh--w- c:\windows\ftpcache
2011-10-16 10:19 . 2011-10-16 10:19 -------- d-----w- c:\program files (x86)\ChatVibes.com
2011-10-15 19:25 . 2011-10-15 19:25 -------- d-----w- c:\users\Deki\AppData\Roaming\Malwarebytes
2011-10-15 19:25 . 2011-10-15 19:25 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 19:25 . 2011-10-18 06:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-15 19:25 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 08:36 . 2011-10-15 08:36 -------- d-----w- c:\users\Deki\AppData\Roaming\PC Cleaners
2011-10-15 08:36 . 2011-10-15 08:33 5356304 ----a-w- c:\windows\uninst.exe
2011-10-15 08:36 . 2011-10-15 08:36 -------- d-----w- c:\programdata\PC1Data
2011-10-12 09:17 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 08:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 08:54 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 08:54 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 08:54 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 08:52 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 08:52 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 08:52 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 08:52 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 07:04 . 2011-10-12 07:04 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-10-12 06:52 . 2011-10-12 06:52 -------- d-----w- C:\My Music
2011-10-12 06:31 . 2011-10-12 06:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-12 05:59 . 2011-10-12 05:59 -------- d-----w- c:\users\Deki\AppData\Local\Real
2011-10-12 04:45 . 2011-10-12 04:45 -------- d-----w- c:\users\Deki\AppData\Local\Wicked_Interactive_LTD
2011-10-11 21:35 . 2011-10-11 21:35 -------- d-----w- c:\programdata\PMB Files
2011-10-11 21:12 . 2011-10-11 21:12 -------- d-----w- c:\program files (x86)\Pando Networks
2011-10-11 20:59 . 2011-10-11 20:59 -------- d-----w- c:\program files (x86)\Raptr
2011-10-11 09:42 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-10-11 09:42 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-10-11 09:42 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-10-11 09:41 . 2011-10-11 09:42 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-10-10 19:07 . 2011-10-10 19:07 -------- d-----w- c:\windows\system32\Macromed
2011-10-10 18:55 . 2011-10-10 18:55 -------- d-----w- c:\programdata\McAfee
2011-10-10 10:51 . 2011-10-10 10:51 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-08 00:29 . 2011-10-08 00:29 -------- d-----w- c:\program files (x86)\MSECache
2011-10-06 22:21 . 2011-10-06 22:21 -------- d-----w- c:\users\Deki\AppData\Local\vghd
2011-10-06 21:45 . 2011-10-06 21:45 -------- d-----w- c:\programdata\WidgetServer
2011-10-06 21:45 . 2011-10-06 21:45 -------- d-----w- c:\program files (x86)\AllGamesHome Toolbar
2011-10-06 15:58 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{124DE0F6-F641-4789-ABA3-761E2FD67083}\mpengine.dll
2011-10-06 07:56 . 2005-08-16 23:01 97792 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxcgpp6c.dll
2011-10-06 07:42 . 2011-10-06 07:42 -------- d-----w- c:\program files\Lexmark 2300 Series
2011-10-05 21:32 . 2011-10-05 21:32 -------- d-sh--w- c:\users\Deki\AppData\Local\6c36d5e4
2011-10-02 17:20 . 2011-10-02 17:59 -------- d-----w- c:\program files (x86)\4PLAY60
2011-09-29 16:26 . 2011-09-29 16:26 -------- d-----w- C:\cpdtoolbar@easydategroup.com
2011-09-29 16:26 . 2011-10-05 19:33 -------- d-----w- c:\users\Deki\AppData\Roaming\CupidChat
2011-09-28 08:22 . 2011-09-28 08:22 -------- d-----w- c:\programdata\AutoKMS
2011-09-27 22:28 . 2011-09-27 22:28 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-09-27 22:27 . 2011-09-27 22:27 -------- d-----w- c:\windows\PCHEALTH
2011-09-27 22:27 . 2011-09-27 22:27 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-09-27 22:24 . 2011-09-27 22:24 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-27 22:23 . 2011-09-27 22:23 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-09-27 22:21 . 2011-09-27 22:21 -------- d-----r- C:\MSOCache
2011-09-27 09:40 . 2011-09-27 21:30 -------- d-----w- c:\users\Deki\AppData\Roaming\QuickStoresToolbar
2011-09-26 17:11 . 2008-05-30 12:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-09-26 06:37 . 2011-09-26 06:37 -------- d-----w- c:\programdata\boost_interprocess
2011-09-25 19:52 . 2011-09-25 19:52 -------- d-----w- c:\users\Deki\AppData\Roaming\vlc
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\users\Deki\AppData\Local\Ilivid Player
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\users\Deki\AppData\Roaming\Bandoo
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\programdata\Bandoo
2011-09-25 19:49 . 2011-09-25 19:50 -------- d-----w- c:\program files (x86)\Bandoo
2011-09-25 19:41 . 2011-09-25 19:41 -------- d-----w- c:\program files (x86)\Windows iLivid Toolbar
2011-09-25 19:41 . 2011-09-25 19:41 -------- d-----w- c:\program files (x86)\SearchCore for Browsers
2011-09-25 11:42 . 2011-09-25 11:42 -------- d-----w- c:\programdata\NCH Swift Sound
2011-09-25 11:41 . 2011-09-25 11:41 -------- d-----w- c:\program files (x86)\NCH Software
2011-09-25 11:41 . 2011-09-25 11:41 -------- d-----w- c:\users\Deki\AppData\Roaming\NCH Swift Sound
2011-09-25 11:23 . 2011-09-25 11:28 -------- d-----w- c:\programdata\RegTask
2011-09-25 07:33 . 2011-09-25 10:46 -------- d-----w- c:\users\Deki\AppData\Roaming\Raptr
2011-09-25 07:27 . 2011-09-25 07:27 -------- d-----w- c:\users\Deki\.swt
2011-09-25 07:26 . 2011-09-25 07:26 -------- d-----w- c:\program files (x86)\Conduit
2011-09-25 07:26 . 2011-10-16 10:19 -------- d-----w- c:\users\Deki\AppData\Local\Conduit
2011-09-25 07:26 . 2011-09-25 07:26 -------- d-----w- c:\program files (x86)\Vuze_Remote
2011-09-24 12:35 . 2011-09-24 12:36 -------- d-----w- c:\users\Deki\AppData\Local\Windows Live Writer
2011-09-24 12:35 . 2011-09-24 12:35 -------- d-----w- c:\users\Deki\AppData\Roaming\Windows Live Writer
2011-09-22 11:07 . 2011-09-22 11:07 -------- d-----w- c:\users\Deki\AppData\Local\PackageAware
2011-09-20 17:29 . 2011-10-12 20:36 -------- d-----w- c:\users\Deki\AppData\Local\Facebook
2011-09-19 18:53 . 2011-09-19 18:53 -------- d-----w- c:\users\Deki\AppData\Roaming\Babylon
2011-09-19 18:53 . 2011-09-19 18:53 -------- d-----w- c:\users\Deki\AppData\Local\Babylon
2011-09-19 18:53 . 2011-09-19 18:53 -------- d-----w- c:\programdata\Babylon
2011-09-19 18:51 . 2011-09-19 18:55 -------- d-----w- c:\users\Deki\AppData\Local\MediaGet2
2011-09-19 12:19 . 2010-04-27 02:25 18944 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2011-09-19 12:19 . 2010-04-27 02:25 161280 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2011-09-19 12:19 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2011-09-19 12:19 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2011-09-19 12:19 . 2010-04-27 02:25 15360 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2011-09-19 12:19 . 2010-04-27 02:25 15360 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2011-09-19 12:19 . 2010-04-27 02:25 127488 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2011-09-19 12:18 . 2010-04-27 02:25 18944 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2011-09-19 12:18 . 2010-04-27 02:25 161280 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2011-09-19 12:18 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2011-09-19 12:18 . 2010-04-27 02:25 15872 ----a-w- c:\windows\system32\drivers\ss_wh.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 06:38 . 2011-09-12 15:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-17 06:38 . 2011-09-10 02:37 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-17 06:37 . 2011-09-10 02:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-12 06:31 . 2011-08-27 15:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-10 19:14 . 2011-08-28 08:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-10 13:39 . 2011-09-10 02:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-10 13:38 . 2011-09-12 15:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-10 13:35 . 2011-09-12 15:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-09 15:27 . 2011-09-10 02:35 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 13:27 . 2011-09-12 15:07 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-09-14 17:00 . 2011-09-14 02:23 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-09-14 02:23 . 2011-09-14 02:23 13048 ----a-w- c:\windows\system32\avgrssta.dll
2011-09-14 02:23 . 2011-09-14 02:23 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-09-14 02:23 . 2011-09-14 02:23 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-09-06 20:45 . 2011-09-13 02:27 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-31 21:29 . 2011-08-31 21:29 4023808 ----a-w- c:\windows\SysWow64\x264vfw.dll
2011-08-31 21:00 . 2011-08-31 21:00 756736 ----a-w- c:\windows\SysWow64\lameACM.acm
2011-08-29 08:00 . 2011-08-29 08:00 1282560 ----a-w- c:\windows\SysWow64\VSFilter.dll
2011-08-28 22:45 . 2011-08-28 22:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-28 22:45 . 2011-08-28 22:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-28 22:45 . 2011-08-28 22:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-28 22:45 . 2011-08-28 22:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-28 22:45 . 2011-08-28 22:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-28 22:45 . 2011-08-28 22:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-28 22:45 . 2011-08-28 22:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-28 22:45 . 2011-08-28 22:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-28 22:45 . 2011-08-28 22:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-28 22:45 . 2011-08-28 22:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-28 22:45 . 2011-08-28 22:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-28 22:45 . 2011-08-28 22:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-28 22:45 . 2011-08-28 22:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-28 22:45 . 2011-08-28 22:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-28 22:45 . 2011-08-28 22:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-28 22:45 . 2011-08-28 22:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-28 22:45 . 2011-08-28 22:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-28 22:45 . 2011-08-28 22:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-28 22:45 . 2011-08-28 22:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-28 22:45 . 2011-08-28 22:45 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-28 22:45 . 2011-08-28 22:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-28 22:45 . 2011-08-28 22:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-28 22:45 . 2011-08-28 22:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-28 22:45 . 2011-08-28 22:45 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-28 22:45 . 2011-08-28 22:45 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-28 22:45 . 2011-08-28 22:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-28 22:45 . 2011-08-28 22:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-28 22:45 . 2011-08-28 22:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-28 22:45 . 2011-08-28 22:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-28 22:45 . 2011-08-28 22:45 448512 ----a-w- c:\windows\system32\html.iec
2011-08-28 22:45 . 2011-08-28 22:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-28 22:45 . 2011-08-28 22:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-28 22:45 . 2011-08-28 22:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-28 22:45 . 2011-08-28 22:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-28 22:45 . 2011-08-28 22:45 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-28 22:45 . 2011-08-28 22:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-28 19:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-28 19:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-28 01:03 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-29 00:49 . 2011-07-29 00:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-29 00:48 . 2011-07-29 00:48 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-29 00:48 . 2011-07-29 00:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-28 22:23 . 2011-07-28 22:23 9980416 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 22:09 . 2011-07-28 22:09 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:40 . 2011-07-28 21:40 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-07-28 21:39 . 2011-07-28 21:39 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:36 . 2011-07-28 21:36 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-07-28 21:34 . 2011-07-28 21:34 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-07-28 21:30 . 2011-07-28 21:30 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-07-28 21:20 . 2009-07-13 21:59 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-07-28 21:12 . 2011-07-28 21:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2011-07-28 21:11 . 2011-07-28 21:11 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-07-28 21:10 . 2011-07-28 21:10 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2011-07-28 21:09 . 2011-07-28 21:09 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-07-28 21:03 . 2011-07-28 21:03 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-07-28 21:02 . 2011-07-28 21:02 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-07-28 21:01 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:54 . 2011-07-28 20:54 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-07-28 20:54 . 2011-07-28 20:54 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 309248 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:53 . 2011-07-28 20:53 40960 ----a-w- c:\windows\system32\atiuxp64.dll
.
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-27 16:39 . 2011-10-19 09:14 43748 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-18 21:07 39732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-19 09:15 39732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-27 15:26 . 2011-10-19 09:15 13150 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1171118334-2335831151-4289824985-1000_UserData.bin
+ 2011-10-19 09:13 . 2011-10-19 09:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-18 21:05 . 2011-10-18 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-18 21:05 . 2011-10-18 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-19 09:13 . 2011-10-19 09:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-10-18 21:04 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-19 09:11 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-18 00:04 . 2011-10-19 09:12 3408384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-18 00:04 . 2011-10-18 21:04 3408384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-28 03:30 . 2011-10-19 09:12 22893944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1171118334-2335831151-4289824985-1000-8192.dat
- 2011-08-28 03:30 . 2011-10-18 21:04 22893944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1171118334-2335831151-4289824985-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c34bfb11-eff0-4123-a7a5-79051ef24cf5}"= "c:\program files (x86)\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 17:15 2532680 ----a-w- c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1}]
2011-07-18 11:43 2376824 ----a-w- c:\program files (x86)\ButterscotchToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\ChatVibes.com\prxtbChat.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
"{AF3D7884-B142-414E-943D-75D8D54E1FFF}"= "c:\program files (x86)\ButterscotchToolbar\IEToolbar.dll" [2011-07-18 2376824]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files (x86)\AllGamesHome Toolbar\tbcore3.dll" [2011-09-02 2659968]
"{c34bfb11-eff0-4123-a7a5-79051ef24cf5}"= "c:\program files (x86)\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{af3d7884-b142-414e-943d-75d8d54e1fff}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Facebook Update"="c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-20 137536]
"Steam"="d:\fotball menager 2009\Steam.exe" [2011-10-17 1242448]
"MCShieldTray"="c:\program files (x86)\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RemoteControl"="c:\program files (x86)\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-11-01 32768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-09-14 2076512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-12 273528]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Deki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\Deki\AppData\Local\vghd\bin\vghd.exe [2011-10-7 846848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\RALINK\Common\RaUI.exe [2011-8-27 1294336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\users\Deki\AppData\Local\6c36d5e4\X"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R3 ALSysIO;ALSysIO;c:\users\Deki\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-29 361984]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2011-09-14 308136]
S2 HWiNFO32;HWiNFO32 Kernel Driver;d:\cane\Programi za windows\alati\hw32_230\HWiNFO64A.SYS [2008-07-22 26728]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000Core.job
- c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 17:29]
.
2011-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000UA.job
- c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 17:29]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 15:59]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 15:59]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000Core.job
- c:\users\Deki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 16:04]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000UA.job
- c:\users\Deki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 16:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files (x86)\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 10.5.60.1 212.200.190.166 212.200.191.166
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - c:\program files (x86)\ButterscotchToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Deki\AppData\Roaming\Mozilla\Firefox\Profiles\6eohzadl.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Bandoo for Firefox: [Link mogu videti samo ulogovani korisnici] - c:\users\Deki\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Bandoo for Firefox: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\ffox@bandoo.com
FF - Ext: AllGamesHome Toolbar: {C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} - %profile%\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ChatVibes.com Community Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - %profile%\extensions\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{AF3D7884-B142-414E-943D-75D8D54E1FFF} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Bandoo\Bandoo.exe
.
**************************************************************************
.
Completion time: 2011-10-19 11:19:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 09:19
ComboFix2.txt 2011-10-18 21:28
.
Pre-Run: 92.250.456.064 bytes free
Post-Run: 92.111.470.592 bytes free
.
- - End Of File - - 74B55322E956EE9C97E1537CBE6EF8F7

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1:

Potrebno je da deinstaliraš AVG Anti-Virus jer će ometati rad ComboFix-a. Reći ću ti kad ga možeš opet instalirati, ako to budeš htio.

Start -> Control Panel -> Programs nad Features

i odatle ga deinstaliraj.
Zatim preuzmi AVG Remover, pkreni ga i ukloni ostatke AVG-a.




Korak 2:

Start -> Control Panel -> Add or Remove Programs - deinstaliraj sve aplikacije koje su višak, tj. koje ti ne trebaju. Takođe deinstaliraj sledeće programe:
AllGamesHome Toolbar
Babylon
Bandoo Toolbar
Butterscotch Toolbar
ChatVibes.com
Conduit
CupidChat
iLivid Toolbar
QuickStores Toolbar
SearchCore for Browsers
Virtual Girl
Vuze_Remote




Korak 3

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno , ne pokretati program nego uraditi sledece:

Otvoriti Notepad i iskopirati sledeći tekst:


Folder::
c:\users\Deki\AppData\Local\6c36d5e4

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3080215
mStart Page = hxxp://home.allgameshome.com

Firefox::
FF - ProfilePath - c:\users\Deki\AppData\Roaming\Mozilla\Firefox\Profiles\6eohzadl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://home.allgameshome.com/
FF - prefs.js: keyword.URL - hxxp://home.allgameshome.com/results.php?category=web&s=

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.




Korak 4:

Spakuj u ZIP ili RAR arhivu sledeći folder:

C:\Qoobox\Quarantine

i pošalji ga preko sledećeg linka:

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poslao sam u WINRAR-u folder Quarantine.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zašto nisi ispratio upustvo. Pročitaj ih i uradi ono što je traženo. Ako ssi ih ispratio, kopiraj CF izvještaj u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Oprosti mi teško se snalazim u ovim uputstvima evo sad šaljem i CF izveštaj.
ComboFix 11-10-19.06 - Deki 19.10.2011 23:12:52.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.844 [GMT 2:00]
Running from: c:\users\Deki\Desktop\ComboFix.exe
Command switches used :: c:\users\Deki\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Deki\AppData\Local\6c36d5e4
c:\users\Deki\AppData\Local\6c36d5e4\@
c:\users\Deki\AppData\Local\6c36d5e4\U\80000000.@
c:\users\Deki\AppData\Local\6c36d5e4\U\800000cb.@
c:\users\Deki\AppData\Local\6c36d5e4\X
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 21:20 . 2011-10-19 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-19 13:52 . 2011-10-19 13:54 -------- d-----w- c:\users\Deki\AppData\Roaming\MP42MP3
2011-10-19 12:34 . 2011-10-19 12:36 -------- d-----w- c:\program files\YouTube to Mp3 Converter
2011-10-19 12:29 . 2011-10-19 13:40 -------- d-----w- c:\users\Deki\AppData\Roaming\M4A2MP3
2011-10-19 12:28 . 2011-10-19 12:28 -------- d-----w- c:\programdata\Uniblue
2011-10-19 11:38 . 2011-10-19 20:37 -------- d-----w- c:\users\Deki\AppData\Local\OpenCandy
2011-10-19 11:38 . 2011-10-19 11:38 -------- d-----w- c:\users\Deki\AppData\Roaming\OpenCandy
2011-10-18 08:36 . 2011-10-18 08:42 -------- d-----w- c:\users\Deki\AppData\Roaming\MCShield
2011-10-17 18:17 . 2011-10-18 06:16 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-10-17 18:16 . 2011-10-17 18:17 -------- d--h--w- c:\program files (x86)\Zero G Registry
2011-10-17 18:16 . 2011-10-17 18:16 -------- d-----w- c:\program files (x86)\Sports Interactive
2011-10-17 18:15 . 2011-10-17 18:15 -------- d--h--w- c:\users\Deki\InstallAnywhere
2011-10-17 06:39 . 2011-10-17 06:39 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-16 19:07 . 2011-10-17 19:35 -------- d-----w- c:\programdata\NFS Underground
2011-10-16 17:41 . 2011-10-16 17:41 -------- d-sh--w- c:\windows\ftpcache
2011-10-15 19:25 . 2011-10-15 19:25 -------- d-----w- c:\users\Deki\AppData\Roaming\Malwarebytes
2011-10-15 19:25 . 2011-10-15 19:25 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 19:25 . 2011-10-18 06:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-15 19:25 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 08:36 . 2011-10-15 08:36 -------- d-----w- c:\users\Deki\AppData\Roaming\PC Cleaners
2011-10-15 08:36 . 2011-10-15 08:33 5356304 ----a-w- c:\windows\uninst.exe
2011-10-15 08:36 . 2011-10-15 08:36 -------- d-----w- c:\programdata\PC1Data
2011-10-12 09:17 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 08:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 08:54 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 08:54 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 08:54 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 08:52 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 08:52 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 08:52 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 08:52 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 07:04 . 2011-10-12 07:04 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-10-12 06:52 . 2011-10-12 06:52 -------- d-----w- C:\My Music
2011-10-12 06:31 . 2011-10-12 06:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-12 05:59 . 2011-10-12 05:59 -------- d-----w- c:\users\Deki\AppData\Local\Real
2011-10-12 04:45 . 2011-10-12 04:45 -------- d-----w- c:\users\Deki\AppData\Local\Wicked_Interactive_LTD
2011-10-11 21:35 . 2011-10-11 21:35 -------- d-----w- c:\programdata\PMB Files
2011-10-11 21:12 . 2011-10-11 21:12 -------- d-----w- c:\program files (x86)\Pando Networks
2011-10-11 20:59 . 2011-10-11 20:59 -------- d-----w- c:\program files (x86)\Raptr
2011-10-11 09:42 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-10-11 09:42 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-10-11 09:42 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-10-11 09:41 . 2011-10-11 09:42 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-10-10 19:07 . 2011-10-10 19:07 -------- d-----w- c:\windows\system32\Macromed
2011-10-10 18:55 . 2011-10-10 18:55 -------- d-----w- c:\programdata\McAfee
2011-10-10 10:51 . 2011-10-10 10:51 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-08 00:29 . 2011-10-08 00:29 -------- d-----w- c:\program files (x86)\MSECache
2011-10-06 21:45 . 2011-10-06 21:45 -------- d-----w- c:\programdata\WidgetServer
2011-10-06 15:58 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{124DE0F6-F641-4789-ABA3-761E2FD67083}\mpengine.dll
2011-10-06 07:56 . 2005-08-16 23:01 97792 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxcgpp6c.dll
2011-10-06 07:42 . 2011-10-06 07:42 -------- d-----w- c:\program files\Lexmark 2300 Series
2011-10-02 17:20 . 2011-10-19 20:51 -------- d-----w- c:\program files (x86)\4PLAY60
2011-09-29 16:26 . 2011-09-29 16:26 -------- d-----w- C:\cpdtoolbar@easydategroup.com
2011-09-29 16:26 . 2011-10-05 19:33 -------- d-----w- c:\users\Deki\AppData\Roaming\CupidChat
2011-09-28 08:22 . 2011-09-28 08:22 -------- d-----w- c:\programdata\AutoKMS
2011-09-27 22:28 . 2011-09-27 22:28 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-09-27 22:27 . 2011-09-27 22:27 -------- d-----w- c:\windows\PCHEALTH
2011-09-27 22:27 . 2011-09-27 22:27 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-09-27 22:24 . 2011-09-27 22:24 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-27 22:23 . 2011-09-27 22:23 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-09-27 22:21 . 2011-09-27 22:21 -------- d-----r- C:\MSOCache
2011-09-26 17:11 . 2008-05-30 12:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-09-26 06:37 . 2011-09-26 06:37 -------- d-----w- c:\programdata\boost_interprocess
2011-09-25 19:52 . 2011-09-25 19:52 -------- d-----w- c:\users\Deki\AppData\Roaming\vlc
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\users\Deki\AppData\Local\Ilivid Player
2011-09-25 19:50 . 2011-09-25 19:50 -------- d-----w- c:\users\Deki\AppData\Roaming\Bandoo
2011-09-25 19:49 . 2011-10-19 21:21 -------- d-----w- c:\program files (x86)\Bandoo
2011-09-25 19:41 . 2011-09-25 19:41 -------- d-----w- c:\program files (x86)\Windows iLivid Toolbar
2011-09-25 11:42 . 2011-09-25 11:42 -------- d-----w- c:\programdata\NCH Swift Sound
2011-09-25 11:41 . 2011-09-25 11:41 -------- d-----w- c:\program files (x86)\NCH Software
2011-09-25 11:41 . 2011-09-25 11:41 -------- d-----w- c:\users\Deki\AppData\Roaming\NCH Swift Sound
2011-09-25 11:23 . 2011-09-25 11:28 -------- d-----w- c:\programdata\RegTask
2011-09-25 07:33 . 2011-09-25 10:46 -------- d-----w- c:\users\Deki\AppData\Roaming\Raptr
2011-09-25 07:27 . 2011-09-25 07:27 -------- d-----w- c:\users\Deki\.swt
2011-09-25 07:26 . 2011-10-19 20:59 -------- d-----w- c:\users\Deki\AppData\Local\Conduit
2011-09-24 12:35 . 2011-09-24 12:36 -------- d-----w- c:\users\Deki\AppData\Local\Windows Live Writer
2011-09-24 12:35 . 2011-09-24 12:35 -------- d-----w- c:\users\Deki\AppData\Roaming\Windows Live Writer
2011-09-22 11:07 . 2011-09-22 11:07 -------- d-----w- c:\users\Deki\AppData\Local\PackageAware
2011-09-20 17:29 . 2011-10-12 20:36 -------- d-----w- c:\users\Deki\AppData\Local\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 06:38 . 2011-09-12 15:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-17 06:38 . 2011-09-10 02:37 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-17 06:37 . 2011-09-10 02:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-12 06:31 . 2011-08-27 15:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-10 19:14 . 2011-08-28 08:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-10 13:39 . 2011-09-10 02:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-10 13:38 . 2011-09-12 15:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-10 13:35 . 2011-09-12 15:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-09 15:27 . 2011-09-10 02:35 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 13:27 . 2011-09-12 15:07 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-09-06 20:45 . 2011-09-13 02:27 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-31 21:29 . 2011-08-31 21:29 4023808 ----a-w- c:\windows\SysWow64\x264vfw.dll
2011-08-31 21:00 . 2011-08-31 21:00 756736 ----a-w- c:\windows\SysWow64\lameACM.acm
2011-08-29 08:00 . 2011-08-29 08:00 1282560 ----a-w- c:\windows\SysWow64\VSFilter.dll
2011-08-28 22:45 . 2011-08-28 22:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-28 22:45 . 2011-08-28 22:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-28 22:45 . 2011-08-28 22:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-28 22:45 . 2011-08-28 22:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-28 22:45 . 2011-08-28 22:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-28 22:45 . 2011-08-28 22:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-28 22:45 . 2011-08-28 22:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-28 22:45 . 2011-08-28 22:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-28 22:45 . 2011-08-28 22:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-28 22:45 . 2011-08-28 22:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-28 22:45 . 2011-08-28 22:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-28 22:45 . 2011-08-28 22:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-28 22:45 . 2011-08-28 22:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-28 22:45 . 2011-08-28 22:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-28 22:45 . 2011-08-28 22:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-28 22:45 . 2011-08-28 22:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-28 22:45 . 2011-08-28 22:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-28 22:45 . 2011-08-28 22:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-28 22:45 . 2011-08-28 22:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-28 22:45 . 2011-08-28 22:45 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-28 22:45 . 2011-08-28 22:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-28 22:45 . 2011-08-28 22:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-28 22:45 . 2011-08-28 22:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-28 22:45 . 2011-08-28 22:45 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-28 22:45 . 2011-08-28 22:45 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-28 22:45 . 2011-08-28 22:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-28 22:45 . 2011-08-28 22:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-28 22:45 . 2011-08-28 22:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-28 22:45 . 2011-08-28 22:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-28 22:45 . 2011-08-28 22:45 448512 ----a-w- c:\windows\system32\html.iec
2011-08-28 22:45 . 2011-08-28 22:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-28 22:45 . 2011-08-28 22:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-28 22:45 . 2011-08-28 22:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-28 22:45 . 2011-08-28 22:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-28 22:45 . 2011-08-28 22:45 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-28 22:45 . 2011-08-28 22:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-28 19:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-28 19:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-28 01:03 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-29 00:49 . 2011-07-29 00:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-29 00:48 . 2011-07-29 00:48 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-29 00:48 . 2011-07-29 00:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-28 22:23 . 2011-07-28 22:23 9980416 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 22:09 . 2011-07-28 22:09 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:40 . 2011-07-28 21:40 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-07-28 21:39 . 2011-07-28 21:39 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:36 . 2011-07-28 21:36 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-07-28 21:34 . 2011-07-28 21:34 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-07-28 21:30 . 2011-07-28 21:30 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-07-28 21:20 . 2009-07-13 21:59 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-07-28 21:12 . 2011-07-28 21:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2011-07-28 21:11 . 2011-07-28 21:11 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-07-28 21:10 . 2011-07-28 21:10 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2011-07-28 21:09 . 2011-07-28 21:09 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-07-28 21:03 . 2011-07-28 21:03 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-07-28 21:02 . 2011-07-28 21:02 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-07-28 21:01 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:54 . 2011-07-28 20:54 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-07-28 20:54 . 2011-07-28 20:54 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 309248 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:53 . 2011-07-28 20:53 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-07-28 20:53 . 2011-07-28 20:53 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-07-28 20:53 . 2011-07-28 20:53 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-07-28 20:53 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-27 16:39 . 2011-10-19 21:23 44466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-19 21:23 39732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-18 21:07 39732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-27 15:26 . 2011-10-19 21:23 13198 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1171118334-2335831151-4289824985-1000_UserData.bin
+ 2011-08-28 03:30 . 2011-10-19 09:22 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-19 21:21 . 2011-10-19 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-18 21:05 . 2011-10-18 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-18 21:05 . 2011-10-18 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-19 21:21 . 2011-10-19 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-10-18 21:04 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-19 21:20 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-18 00:04 . 2011-10-19 21:20 3408384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-18 00:04 . 2011-10-18 21:04 3408384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-29 08:57 . 2011-10-19 21:20 5097322 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1171118334-2335831151-4289824985-1000-12288.dat
+ 2011-08-28 03:30 . 2011-10-19 21:20 23126160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1171118334-2335831151-4289824985-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Facebook Update"="c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-20 137536]
"Steam"="d:\fotball menager 2009\Steam.exe" [2011-10-17 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-29 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RemoteControl"="c:\program files (x86)\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-11-01 32768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-12 273528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [Link mogu videti samo ulogovani korisnici] [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\RALINK\Common\RaUI.exe [2011-8-27 1294336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R3 ALSysIO;ALSysIO;c:\users\Deki\AppData\Local\Temp\ALSysIO64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-29 361984]
S2 HWiNFO32;HWiNFO32 Kernel Driver;d:\cane\Programi za windows\alati\hw32_230\HWiNFO64A.SYS [2008-07-22 26728]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000Core.job
- c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 17:29]
.
2011-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000UA.job
- c:\users\Deki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-20 17:29]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 15:59]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 15:59]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000Core.job
- c:\users\Deki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 16:04]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171118334-2335831151-4289824985-1000UA.job
- c:\users\Deki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 16:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.5.60.1 212.200.190.166 212.200.191.166
FF - ProfilePath - c:\users\Deki\AppData\Roaming\Mozilla\Firefox\Profiles\6eohzadl.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Bandoo for Firefox: [Link mogu videti samo ulogovani korisnici] - c:\users\Deki\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: AllGamesHome Toolbar: {C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} - %profile%\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ChatVibes.com Community Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - %profile%\extensions\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)
Toolbar-{AF3D7884-B142-414E-943D-75D8D54E1FFF} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-MCShieldTray - c:\program files (x86)\MCShield\MCShieldTray.exe
WebBrowser-{AF3D7884-B142-414E-943D-75D8D54E1FFF} - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2011-10-19 23:27:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 21:27
ComboFix2.txt 2011-10-19 09:19
ComboFix3.txt 2011-10-18 21:28
.
Pre-Run: 91.978.588.160 bytes free
Post-Run: 91.859.349.504 bytes free
.
- - End Of File - - 624CD598CAEDB741E79DE5C188903EB6