Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

1

Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

offline
  • sake86 
  • Novi MyCity građanin
  • Pridružio: 14 Sep 2012
  • Poruke: 13

Pozdrav!
Evo imam nekih problema sa računalom, a tražeći rješenje online naletio sam na ove stranice.
Vidim po nekim analizama da ste stvarno stručni pa vam se iz tog razloga i obraćam.
Dakle radi se o sljedećem;

Prije nekoliko dana sam bio u kopiraonici, nosio neke dokumente na printanje (USB stick). GUZ - Glavom U Zid
Tek par dana kasnije (btw. u tom vremenu sam koristio USB stick više puta) primjetio sam da su mi svi folderi na sticku "postali" aplikacije, tj. dobili su ekstenziju ".exe" i "težinu" 332kb. Mad
Mogu normalno ući u te "foldere" i koristiti sve što je u njima, ali se primijeti da malo sporije ulazi u njih. Na nesreću na ovom računalu nemam instaliran antivirus (ima samo Norton Security Scan, koliko sam uspio vidjeti), pa sam ubacio stick u drugo (XP-SP2) računalo gdje mi se vrti NOD32, i on mi je javio da su mi folderi zaraženi sranjem kojeg je on prepoznao kao "Win32/Spy.KeyLogger.NHI trojan". NOD32 nije ništa obrisao, samo je skenirao USB stick i javio log.
Dakle, kao što sad već vjerojatno i pretpostavljate (jer vidim da je bilo sličnih upita na forumu) original folderi su sakriveni i ne prikazuju se (premda je opcija "show hidden files and folders" uključena), a prikazan je samo "[ime foldera].exe".
Kreiranjem shortcut-a (na računalu) uspio sam ući u svaki od sakrivenih foldera i podatke koji su mi trebali prebaciti u nove foldere na sticku, a ove zaražene i nevidljive sam obrisao. NOD32 sken nakon toga pokazuje da nema zaraženih fajlova. Prebacim stick nazad u prvo računalo (Win7) i opet vidim isti problem, zatim ga vratim u XP računalo (sa AV-om) i vidim da se sve vratilo na staro stanje, isti folderi zaraženi itd. Shocked Tad sam shvatio da je cijelo Win7 računalo zaraženo tim sranjem. Exclamation

Vidim da su i drugi imali problema sa tim pa se spominju sljedeće lokacije kao kritične (zaražene), pa evo samo da kažem da je isti slučaj i kod mene:
C:\OptionalComponents\lsass.exe
C:\Users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk = C:\configuration\configuration.exe

Veličina istih je također 332kb.

Dakle, riječ je o:
OS = 32-bit WIN7
veza = 4Mbit ADSL

Slijedio sam upute za postavljanje LOG-ova, pa evo da ih i okačim;

BITNA NAPOMENA: DDS log sam kreirao 14.9.2012., a nakon njega sam pokušao kreirati i GMER logove gdje su se javile neke greške (detaljnije ispod DDS loga). Dakle evo prvo DDS log i Attach:

Arrow DDS report Arrow
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Matei at 11:27:20 on 2012-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.385.1033.18.2039.273 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Matei\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\BlazeVideo_zadnji\BlazeDTV 6.0\MediaDetector.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Matei\AppData\Local\Temp\DAT95D5.tmp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\OptionalComponents\lsass.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = google.hr/
uDefault_Page_URL = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
uURLSearchHooks: ChatVibes.com Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - c:\program files\chatvibes.com\prxtbChat.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\video download toolbar db toolbar\tbhelper.dll
uURLSearchHooks: MRwinforlife Toolbar: {366ba2cd-bd9a-441f-8d60-e825281514c4} - c:\program files\mrwinforlife\tbMRwi.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: ChatVibes.com Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - c:\program files\chatvibes.com\prxtbChat.dll
mURLSearchHooks: MRwinforlife Toolbar: {366ba2cd-bd9a-441f-8d60-e825281514c4} - c:\program files\mrwinforlife\tbMRwi.dll
BHO: bflix Class: {0c9f4179-6ce2-4c6a-a3e5-67ff3592a12e} - c:\program files\bflix\BFlix.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: MRwinforlife Toolbar: {366ba2cd-bd9a-441f-8d60-e825281514c4} - c:\program files\mrwinforlife\tbMRwi.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - c:\progra~1\funmoods\1.5.23.22\bh\escort.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ChatVibes.com Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - c:\program files\chatvibes.com\prxtbChat.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\video download toolbar db toolbar\tbcore3.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: ChatVibes.com Toolbar: {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - c:\program files\chatvibes.com\prxtbChat.dll
TB: Video Download Toolbar DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\video download toolbar db toolbar\tbcore3.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: MRwinforlife Toolbar: {366ba2cd-bd9a-441f-8d60-e825281514c4} - c:\program files\mrwinforlife\tbMRwi.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - c:\progra~1\funmoods\1.5.23.22\escorTlbr.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [googletalk] c:\users\matei\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\matei\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Magic Tree] c:\users\matei\appdata\local\temp\rar$ex04.311\MagicTree.exe
uRun: [BlazeServoTool] "c:\program files\blazevideo_zadnji\blazedtv 6.0\MediaDetector.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAT95D5.tmp.exe] c:\users\matei\appdata\local\temp\DAT95D5.tmp.exe
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iWearMonitor] "c:\program files\vuzix corporation\iwear vr920\iWearTaskBar.exe" -Startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [syshost32] c:\windows\installer\{651f552b-24e2-9513-a789-6b24873745a3}\syshost.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\matei\appdata\roaming\micros~1\windows\startm~1\programs\startup\config~1.lnk - c:\configuration\configuration.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\matei\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EA85F30-BA75-4389-908A-DF85D20C2607} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\148656C6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\4586F6D637F6E6645314548314 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\D41657E61602E4564777F627B60294E636E2 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8264EC75-C4F2-47BC-A1D0-BC2C5203734D}\E4F667F6762716469637B6165373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F86E513A-5496-4C24-B2FD-CB8A0CE3738E} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matei\appdata\roaming\mozilla\firefox\profiles\sz37guy9.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OypnqRJNq&&i=26&search=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\matei\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\matei\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.BabylonToolbar_i.hardId - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:12:22
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypnqRJNq&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.incredibar_i.hardId - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.incredibar_i.instlDay - 15349
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:43:29
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypnqRJNq
FF - user.js: extensions.incredibar_i.upn2n - 92260700927374084
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337&q=
FF - user.js: extensions.funmoods.id - D8D38515D6C7D71B
FF - user.js: extensions.funmoods.instlDay - 15543
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:39:56
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-29 218688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-7-12 81920]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-14 635416]
R2 Realtek87B;Realtek87B;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2012-1-11 40960]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-19 2984832]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-12 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-1-14 228408]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-7-12 862208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-20 313856]
S1 hpipppqh;hpipppqh;c:\windows\system32\drivers\hpipppqh.sys [2012-9-5 43600]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-14 214024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-12-4 23456]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-12-6 201168]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-16 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-12-6 101120]
S3 IT9135BDA;WinFast DTV Dongle Dual Devices;c:\windows\system32\drivers\IT9135BDA.sys [2010-12-19 123008]
S3 iwrstreo;WDF Driver for Vuzix VR920;c:\windows\system32\drivers\iwrstreo.sys [2012-1-12 9728]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-14 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-14 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-14 34248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 114144]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2012-1-11 375808]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-17 1343400]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-7-23 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-7-23 105088]
.
=============== Created Last 30 ================
.
2012-09-05 09:38:51 43600 ----a-w- c:\windows\system32\drivers\hpipppqh.sys
2012-09-05 09:24:28 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84729da0-9cf8-4767-afbb-23d006d75d79}\offreg.dll
2012-09-05 09:22:48 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84729da0-9cf8-4767-afbb-23d006d75d79}\mpengine.dll
2012-09-04 07:37:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 07:35:49 -------- d-----w- c:\users\matei\appdata\roaming\SpeedyPC Software
2012-09-04 07:35:49 -------- d-----w- c:\users\matei\appdata\roaming\DriverCure
2012-09-04 07:35:18 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-01 08:31:40 -------- d-----w- C:\games
2012-08-31 07:42:59 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-08-28 13:25:54 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-08-28 13:25:54 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-08-28 13:25:54 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-08-28 13:22:54 -------- d-----w- C:\Riot Games
2012-08-28 09:14:55 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-08-28 09:14:55 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-08-28 08:55:22 -------- d-----w- c:\users\matei\appdata\local\PMB Files
2012-08-28 08:55:18 -------- d-----w- c:\programdata\PMB Files
2012-08-28 08:54:47 -------- d-----w- c:\program files\Pando Networks
2012-08-23 18:19:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-17 01:11:29 927504 ----a-w- c:\users\matei\appdata\roaming\mfc40u.dll
2012-08-17 01:11:29 499712 ----a-w- c:\users\matei\appdata\roaming\msvcp71.dll
2012-08-17 01:11:29 401462 ----a-w- c:\users\matei\appdata\roaming\msvcp60.dll
2012-08-17 01:11:29 348160 ----a-w- c:\users\matei\appdata\roaming\msvcr71.dll
2012-08-17 01:11:29 151552 ----a-w- c:\users\matei\appdata\roaming\XMessageBox.dll
2012-08-17 01:11:29 1060864 ----a-w- c:\users\matei\appdata\roaming\mfc71.dll
2012-08-17 01:11:29 1047552 ----a-w- c:\users\matei\appdata\roaming\MFC71u.dll
2012-08-17 01:11:29 1007616 ----a-w- c:\users\matei\appdata\roaming\LiveUpdate.exe
2012-08-17 01:11:29 -------- d-----w- c:\users\matei\appdata\roaming\log
2012-08-16 16:19:47 -------- d-----w- c:\users\matei\appdata\local\Unity
.
==================== Find3M ====================
.
2012-09-04 07:37:45 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 00:05:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 00:05:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 11:29:06,77 ===============

Arrow ATTACH.txt Arrow
mycity.rs/must-login.png

Kao što rekoh, kad sam pokrenuo GMER, bacio je jednu od onih grešaka (0x000nešto) ali normalno se pokrenuo. Dobio sam Gmer1 log, i evo ga ovdje:
mycity.rs/must-login.png
Nakon toga sam kreirao i Gmer2 log, i evo ga ovdje:
mycity.rs/must-login.png
Kad sam pokušao kreirati Gmer3 log jednostavno opcija SCAN nije radila, tj. ništa se nije događalo. Upute kažu da, ako GMER ne radi, treba koristiti RootRepeal, pa sam tako i napravio.
Međutim pokretanjem njega opet se javilo nekoliko tih istih(ili sličnih) errora (0x000nešto), i nisam mogao dobiti logove.
Odlučio sam napraviti restart laptopa, pa krenuti sve ispočetka. Pri bootanju windowsa pojavila se greška "Windows failed to load because a critical system driver is missing or corrupt." Radi se o fajlu: "\windows\system32\Drivers\73fea73ece5f671b.sys" (status: 0xc0000098).
Pokušao sam odraditi repair windows-a no neuspješno, nakon toga system restore to an earlier time, ali ni to nije uspjelo jer je navodno omogućen anitivirus pa ga ometa.
Bio mi je sumnjiv taj fajl "73fea73ece5f671b.sys", proguglao sam ga, nisam ništa pronašao pa sam pogledao na još dva različita računala u njihove windows\system32\drivers" foldere i vidio da kod njih nema takvog fajla uopće u tim folderima (ostali su više manje slični). Zatim sam kreirao bootabilni winXP (na drugi USB stick) te pomoću njega taj fajl "73fea73ece5f671b.sys" maknuo u drugi folder, te se windows nakon toga normalno bootao (fajl nisam brisao, ako bude trebao kasnije).
Ulogirao sam se u windows te odmah pokrenuo GMER, nije javljao nikakve greške ovaj put ali mi pri pokušaju da dobijem friški Gmer1 log laptop totalno zamrzne u pola posla. Pokušao dvaput i opet isto. Laptop inače sve druge stvari radi sasvim normalno. Također ne radi ni RootRepeal, opet baca one iste greške kao i prije.
Zato sam odlučio kreirati Gmer2 log, stavio sam mu ime "Gmer2drugi" i evo ga ovdje:
mycity.rs/must-login.png
Nakon toga normalno sam dobio i Gmer3 log, on je ovdje:
mycity.rs/must-login.png

Evo, mislim da nisam nikad duži post na forumu ostavio Laughing
Eto, pomagajte ako ikako možete Exclamation

Unaprijed HVALA Exclamation

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav i dobrodosao u Ambulantu.

Molicu te da striktno pratis moja uputstva i da ne prikljucujes USB stick dok ti ja ne kazem.
Kad zavrsimo ciscenje instaliraces Antivirus.





Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • sake86 
  • Novi MyCity građanin
  • Pridružio: 14 Sep 2012
  • Poruke: 13

Pozdrav još jednom i hvala na odgovoru!

Stanje je ovakvo - nakon skeniranja Combofix je izbacio ovo:
mycity.rs/must-login.png

Neznam da li je ovo način na koji radi ComboFix i dio dijagnostike ( Question Question ), ali sam primjetio da sada ne mogu pokrenuti niti jednu aplikaciju na računalu - npr. pri pokretanju browsera kaže mi:

C:\Program Files\Internet Explorer\iexplore.exe
Illegal operation attempted on a registry key that has been marked for deletion.


Trenutno ne mogu pokrenuti niti jednu aplikaciju, dakle čak ni notepad, winrar ni bilo što drugo Exclamation
Što da radim Question Question






ComboFix 12-09-15.02 - Matei 5.09.2012. 23:13:29.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.385.1033.18.2039.900 [GMT 2:00]
Running from: c:\users\Matei\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BFlix\BFLIx.dll
c:\program files\HBLite
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll
c:\program files\ShoppingReport2
c:\program files\ShoppingReport2\Uninst.exe
c:\program files\Video Download Toolbar DB Toolbar\tbHElper.dll
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAAbout.mht
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\programdata\HBLiteSA\HBLiteSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk
c:\users\Matei\AppData\Local\Minibar
c:\users\Matei\AppData\Local\Minibar\chrome\background.html
c:\users\Matei\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Matei\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Matei\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Matei\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Matei\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Matei\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Matei\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Matei\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Matei\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Matei\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Matei\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Matei\AppData\Local\Minibar\chrome\main.js
c:\users\Matei\AppData\Local\Minibar\chrome\manifest.json
c:\users\Matei\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Matei\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Matei\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Matei\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Matei\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Matei\AppData\Local\Minibar\chrome\popup.html
c:\users\Matei\AppData\Local\Minibar\chrome\popup.js
c:\users\Matei\AppData\Local\Minibar\chrome\tab.html
c:\users\Matei\AppData\Local\Minibar\chrome\tab.js
c:\users\Matei\AppData\Local\Minibar\chrome_installer.js
c:\users\Matei\AppData\Local\Minibar\common.js
c:\users\Matei\AppData\Local\Minibar\install.json
c:\users\Matei\AppData\Local\Minibar\minibar.crx
c:\users\Matei\AppData\Local\Minibar\sqlite3.exe
c:\users\Matei\AppData\Local\Minibar\Uninstall.exe
c:\users\Matei\AppData\Local\Temp\DAT95D5.tmp.exe
c:\users\Matei\AppData\Roaming\addDefaultValueForDevicePathKey.reg
c:\users\Matei\AppData\Roaming\HBLite
c:\users\Matei\AppData\Roaming\mfc40u.dll
c:\users\Matei\AppData\Roaming\mfc71.dll
c:\users\Matei\AppData\Roaming\MFC71u.dll
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\users\Matei\AppData\Roaming\msvcp60.dll
c:\users\Matei\AppData\Roaming\msvcp71.dll
c:\users\Matei\AppData\Roaming\msvcr71.dll
c:\users\Matei\AppData\Roaming\XMessageBox.dll
c:\windows\Installer\{651F552B-24E2-9513-A789-6B24873745A3}\syshost.exe
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 21:22 . 2012-09-15 21:22 -------- d-----w- c:\users\luckystar894\AppData\Local\temp
2012-09-15 21:22 . 2012-09-15 21:22 -------- d-----w- c:\users\ferrosaly\AppData\Local\temp
2012-09-15 21:22 . 2012-09-15 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 18:05 . 2012-09-15 18:10 -------- d-----w- C:\file iz windows foldera
2012-09-15 17:03 . 2012-09-15 17:03 -------- dc----w- c:\users\Matei\AppData\Local\MigWiz
2012-09-05 09:38 . 2012-09-05 09:38 43600 ----a-w- c:\windows\system32\drivers\hpipppqh.sys
2012-09-05 09:24 . 2012-09-15 17:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\offreg.dll
2012-09-05 09:22 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\mpengine.dll
2012-09-04 07:37 . 2012-09-04 07:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\SpeedyPC Software
2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\DriverCure
2012-09-04 07:35 . 2012-09-14 06:38 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-01 08:31 . 2012-09-01 08:31 -------- d-----w- C:\games
2012-08-31 07:42 . 2012-08-31 07:42 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 13:25 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-08-28 13:25 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-08-28 13:25 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-08-28 13:22 . 2012-08-28 13:33 -------- d-----w- C:\Riot Games
2012-08-28 09:14 . 2012-08-28 09:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-28 09:14 . 2012-08-28 09:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-28 08:55 . 2012-08-28 09:26 -------- d-----w- c:\users\Matei\AppData\Local\PMB Files
2012-08-28 08:55 . 2012-08-28 08:55 -------- d-----w- c:\programdata\PMB Files
2012-08-28 08:54 . 2012-08-28 08:54 -------- d-----w- c:\program files\Pando Networks
2012-08-23 18:19 . 2012-08-23 18:19 -------- d-----w- c:\program files\Common Files\Java
2012-08-23 18:19 . 2012-09-04 07:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-17 01:11 . 2012-08-17 01:11 -------- d-----w- c:\users\Matei\AppData\Roaming\log
2012-08-17 01:11 . 2009-12-31 13:12 1007616 ----a-w- c:\users\Matei\AppData\Roaming\LiveUpdate.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 07:37 . 2010-07-12 21:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 00:05 . 2012-03-30 14:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 00:05 . 2012-01-03 09:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 07:42 . 2011-11-25 22:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{c34bfb11-eff0-4123-a7a5-79051ef24cf5}"= "c:\program files\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936]
"{366ba2cd-bd9a-441f-8d60-e825281514c4}"= "c:\program files\MRwinforlife\tbMRwi.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
.
[HKEY_CLASSES_ROOT\clsid\{366ba2cd-bd9a-441f-8d60-e825281514c4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{366ba2cd-bd9a-441f-8d60-e825281514c4}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\MRwinforlife\tbMRwi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\ChatVibes.com\prxtbChat.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{c34bfb11-eff0-4123-a7a5-79051ef24cf5}"= "c:\program files\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936]
"{366ba2cd-bd9a-441f-8d60-e825281514c4}"= "c:\program files\MRwinforlife\tbMRwi.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
.
[HKEY_CLASSES_ROOT\clsid\{366ba2cd-bd9a-441f-8d60-e825281514c4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{C34BFB11-EFF0-4123-A7A5-79051EF24CF5}"= "c:\program files\ChatVibes.com\prxtbChat.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"googletalk"="c:\users\Matei\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BlazeServoTool"="c:\program files\BlazeVideo_zadnji\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-27 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"iWearMonitor"="c:\program files\Vuzix Corporation\iWear VR920\iWearTaskBar.exe" [2008-11-24 591144]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-23 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\bluetrainstreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bluetrainstreet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\ferrosaly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
configuration.lnk - c:\configuration\configuration.exe [2012-7-6 340339]
Dropbox.lnk - c:\users\ferrosaly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
.
c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
configuration.lnk - c:\configuration\configuration.exe [2012-7-6 340339]
Dropbox.lnk - c:\users\luckystar894\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
configuration.lnk - c:\configuration\configuration.exe [2012-7-6 340339]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Connect Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk
backup=c:\windows\pss\Connect Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3_ Wild Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 20:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-02 10:34 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IT9135BDA;WinFast DTV Dongle Dual Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
R3 iwrstreo;WDF Driver for Vuzix VR920;c:\windows\system32\Drivers\iwrstreo.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 Realtek87B;Realtek87B;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:05]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001Core1cd08588542983b.job
- c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001UA1cd0858863008f5.job
- c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007Core.job
- c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007UA.job
- c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008Core.job
- c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008UA.job
- c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009Core.job
- c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009UA.job
- c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16]
.
2012-08-21 c:\windows\Tasks\HPCeeScheduleForMatei.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Matei.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-20 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = google.hr/
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Matei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OypnqRJNq&&i=26&search=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.BabylonToolbar_i.hardId - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypnqRJNq&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.incredibar_i.hardId - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.incredibar_i.instlDay - 15349
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:43
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypnqRJNq
FF - user.js: extensions.incredibar_i.upn2n - 92260700927374084
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337&q=
FF - user.js: extensions.funmoods.id - D8D38515D6C7D71B
FF - user.js: extensions.funmoods.instlDay - 15543
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-NortonOnlineBackupReminder - c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
HKLM-Run-syshost32 - c:\windows\Installer\{651F552B-24E2-9513-A789-6B24873745A3}\syshost.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MSConfigStartUp-HW_OPENEYE_OUC_ - c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-FrostWire - c:\program files\FrostWire\Uninstall.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{B3942F58-363E-4475-92E8-EB660BE25526}_is1 - c:\program files\StuntMANIA\unins000.exe
AddRemove-2085422930.desktoptv.spb.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1368)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-15 23:29:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 21:29
.
Pre-Run: 28.548.698.112 bytes free
Post-Run: 30.341.251.072 bytes free
.
- - End Of File - - B882F1AF6D8D7B5AD91F1C9E2C58CFB1

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Samo restartuj racunar i sve ce biti u redu.

U medjuvrtemenu deinstaliraj sledece:

1ClickDownloader
Babylon toolbar on IE
BFlix
BitTorrentBar Toolbar
ChatVibes.com Toolbar
Conduit Engine
DAEMON Tools Toolbar
Driver Detective
DriverAgent by eSupport.com
DVDVideoSoftTB Toolbar
Error Repair Tool 3.00
McAfee Security Scan Plus
MRwinforlife Toolbar
Norton Online Backup
Norton Security Scan

offline
  • sake86 
  • Novi MyCity građanin
  • Pridružio: 14 Sep 2012
  • Poruke: 13

Ok, komp sam resetirao i sad je sve u redu, kako si i rekao Smile
Što dalje?

Čekam upute...

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Ukoliko nisi već deinstalirao programe sa spiska koji ti je argus dao, uradi sljedeće.
Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe ako ti ne trebaju:

1ClickDownloader
Babylon toolbar on IE
BFlix
BitTorrentBar Toolbar
ChatVibes.com Toolbar
Conduit Engine
DAEMON Tools Toolbar
Driver Detective
DriverAgent by eSupport.com
DVDVideoSoftTB Toolbar
Error Repair Tool 3.00
McAfee Security Scan Plus
MRwinforlife Toolbar
Norton Online Backup
Norton Security Scan




Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst:

Driver::
hpipppqh

File::
c:\windows\system32\drivers\hpipppqh.sys
c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk
c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk

Folder::
c:\configuration
c:\windows\Installer\{651F552B-24E2-9513-A789-6B24873745A3}

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sljedećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.



Arrow Korak 3

Spakuj u ZIP, RAR ili 7Z arhivu sljedeće foldere:

C:\Qoobox
C:\file iz windows foldera


i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • sake86 
  • Novi MyCity građanin
  • Pridružio: 14 Sep 2012
  • Poruke: 13

Evo, deinstalirao sve osim "Norton Online Backup", kaže "There si a problem with this Windows Installer package. A program run as a part of the setup did not finish as expected. Contact your support personnel or package vendor."

Bilo kako bilo, nastavio sam dalje i evo traženih rezultata:

Arrow KORAK 2
log nakon čišćenja/skeniranja:
mycity.rs/must-login.png

ComboFix 12-09-15.02 - Matei 6.09.2012. 1:14.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.385.1033.18.2039.1059 [GMT 2:00]
Running from: c:\users\Matei\Desktop\ComboFix.exe
Command switches used :: c:\users\Matei\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk"
"c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk"
"c:\windows\system32\drivers\hpipppqh.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\configuration
c:\configuration\configuration.exe
c:\windows\Installer\{651F552B-24E2-9513-A789-6B24873745A3}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 23:24 . 2012-09-15 23:24 -------- d-----w- c:\users\luckystar894\AppData\Local\temp
2012-09-15 23:24 . 2012-09-15 23:24 -------- d-----w- c:\users\ferrosaly\AppData\Local\temp
2012-09-15 23:24 . 2012-09-15 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 23:24 . 2012-09-15 23:24 -------- d-----w- c:\users\bluetrainstreet\AppData\Local\temp
2012-09-15 18:05 . 2012-09-15 18:10 -------- d-----w- C:\file iz windows foldera
2012-09-15 17:03 . 2012-09-15 17:03 -------- dc----w- c:\users\Matei\AppData\Local\MigWiz
2012-09-05 09:38 . 2012-09-05 09:38 43600 ----a-w- c:\windows\system32\drivers\hpipppqh.sys
2012-09-05 09:24 . 2012-09-15 17:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\offreg.dll
2012-09-05 09:22 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\mpengine.dll
2012-09-04 07:37 . 2012-09-04 07:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\SpeedyPC Software
2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\DriverCure
2012-09-04 07:35 . 2012-09-14 06:38 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-01 08:31 . 2012-09-01 08:31 -------- d-----w- C:\games
2012-08-31 07:42 . 2012-08-31 07:42 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 13:25 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-08-28 13:25 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-08-28 13:25 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-08-28 13:22 . 2012-08-28 13:33 -------- d-----w- C:\Riot Games
2012-08-28 09:14 . 2012-08-28 09:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-28 09:14 . 2012-08-28 09:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-28 08:55 . 2012-08-28 09:26 -------- d-----w- c:\users\Matei\AppData\Local\PMB Files
2012-08-28 08:55 . 2012-08-28 08:55 -------- d-----w- c:\programdata\PMB Files
2012-08-28 08:54 . 2012-08-28 08:54 -------- d-----w- c:\program files\Pando Networks
2012-08-23 18:19 . 2012-08-23 18:19 -------- d-----w- c:\program files\Common Files\Java
2012-08-23 18:19 . 2012-09-04 07:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-17 01:11 . 2012-08-17 01:11 -------- d-----w- c:\users\Matei\AppData\Roaming\log
2012-08-17 01:11 . 2009-12-31 13:12 1007616 ----a-w- c:\users\Matei\AppData\Roaming\LiveUpdate.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 07:37 . 2010-07-12 21:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 00:05 . 2012-03-30 14:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 00:05 . 2012-01-03 09:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 07:42 . 2011-11-25 22:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"googletalk"="c:\users\Matei\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BlazeServoTool"="c:\program files\BlazeVideo_zadnji\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-27 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"iWearMonitor"="c:\program files\Vuzix Corporation\iWear VR920\iWearTaskBar.exe" [2008-11-24 591144]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-23 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\bluetrainstreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bluetrainstreet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\ferrosaly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
configuration.lnk - c:\configuration\configuration.exe [N/A]
Dropbox.lnk - c:\users\ferrosaly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
.
c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
configuration.lnk - c:\configuration\configuration.exe [N/A]
Dropbox.lnk - c:\users\luckystar894\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
configuration.lnk - c:\configuration\configuration.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Connect Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk
backup=c:\windows\pss\Connect Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3_ Wild Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 20:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-02 10:34 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:05]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001Core1cd08588542983b.job
- c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001UA1cd0858863008f5.job
- c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007Core.job
- c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007UA.job
- c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008Core.job
- c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008UA.job
- c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009Core.job
- c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009UA.job
- c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16]
.
2012-08-21 c:\windows\Tasks\HPCeeScheduleForMatei.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
------- Supplementary Scan -------
.
uStart Page = google.hr/
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Matei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OypnqRJNq&&i=26&search=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.BabylonToolbar_i.hardId - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypnqRJNq&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.incredibar_i.hardId - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.incredibar_i.instlDay - 15349
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:43
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypnqRJNq
FF - user.js: extensions.incredibar_i.upn2n - 92260700927374084
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337&q=
FF - user.js: extensions.funmoods.id - D8D38515D6C7D71B
FF - user.js: extensions.funmoods.instlDay - 15543
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{C34BFB11-EFF0-4123-A7A5-79051EF24CF5} - (no file)
AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe
AddRemove-BFlix - c:\program files\BFlix\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-16 01:26:35
ComboFix-quarantined-files.txt 2012-09-15 23:26
ComboFix2.txt 2012-09-15 21:29
.
Pre-Run: 30.553.473.024 bytes free
Post-Run: 30.369.181.696 bytes free
.
- - End Of File - - 203977CED664BDE993D6D18B0EE3AA3B


Arrow KORAK 3
zaRARani fajlovi su uspješno uploadani pod nazivom "Korak3.rar"

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Drivers to delete:
hpipppqh

Files to delete:
c:\windows\system32\drivers\hpipppqh.sys
c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk
c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.



Arrow Korak 2

Ponovo pokreni ComboFix i postavi njegov izvještaj.



Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Search.
Kada program završi analizu otvoriće se Notepad sa izvještajem.
Kopiraj sadržaj tog izvještaja u temu.

Napomena: Izvještaj ce takođe biti sačuvan na C:\AdwCleaner[R1].txt

offline
  • sake86 
  • Novi MyCity građanin
  • Pridružio: 14 Sep 2012
  • Poruke: 13

Arrow KORAK 1 - avenger log

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\hpipppqh" not found!
Deletion of driver "hpipppqh" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\drivers\hpipppqh.sys" deleted successfully.
File "c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" deleted successfully.
File "c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Arrow KORAK 2 - ComboFix log

ComboFix 12-09-15.02 - Matei 6.09.2012. 15:31:54.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.385.1033.18.2039.990 [GMT 2:00]
Running from: c:\users\Matei\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 13:42 . 2012-09-16 13:42 -------- d-----w- c:\users\luckystar894\AppData\Local\temp
2012-09-16 13:42 . 2012-09-16 13:42 -------- d-----w- c:\users\ferrosaly\AppData\Local\temp
2012-09-16 13:42 . 2012-09-16 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 13:42 . 2012-09-16 13:42 -------- d-----w- c:\users\bluetrainstreet\AppData\Local\temp
2012-09-15 18:05 . 2012-09-15 18:10 -------- d-----w- C:\file iz windows foldera
2012-09-15 17:03 . 2012-09-15 17:03 -------- dc----w- c:\users\Matei\AppData\Local\MigWiz
2012-09-05 09:24 . 2012-09-15 17:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\offreg.dll
2012-09-05 09:22 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84729DA0-9CF8-4767-AFBB-23D006D75D79}\mpengine.dll
2012-09-04 07:37 . 2012-09-04 07:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\SpeedyPC Software
2012-09-04 07:35 . 2012-09-04 07:35 -------- d-----w- c:\users\Matei\AppData\Roaming\DriverCure
2012-09-04 07:35 . 2012-09-14 06:38 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-01 08:31 . 2012-09-01 08:31 -------- d-----w- C:\games
2012-08-31 07:42 . 2012-08-31 07:42 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 13:25 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-08-28 13:25 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-08-28 13:25 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-08-28 13:22 . 2012-08-28 13:33 -------- d-----w- C:\Riot Games
2012-08-28 09:14 . 2012-08-28 09:14 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-28 09:14 . 2012-08-28 09:14 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-28 08:55 . 2012-08-28 09:26 -------- d-----w- c:\users\Matei\AppData\Local\PMB Files
2012-08-28 08:55 . 2012-08-28 08:55 -------- d-----w- c:\programdata\PMB Files
2012-08-28 08:54 . 2012-08-28 08:54 -------- d-----w- c:\program files\Pando Networks
2012-08-23 18:19 . 2012-08-23 18:19 -------- d-----w- c:\program files\Common Files\Java
2012-08-23 18:19 . 2012-09-04 07:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 07:37 . 2010-07-12 21:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 00:05 . 2012-03-30 14:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 00:05 . 2012-01-03 09:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 07:42 . 2011-11-25 22:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"googletalk"="c:\users\Matei\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BlazeServoTool"="c:\program files\BlazeVideo_zadnji\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-27 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"iWearMonitor"="c:\program files\Vuzix Corporation\iWear VR920\iWearTaskBar.exe" [2008-11-24 591144]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-23 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\bluetrainstreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bluetrainstreet\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\ferrosaly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
configuration.lnk - c:\configuration\configuration.exe [N/A]
Dropbox.lnk - c:\users\ferrosaly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
.
c:\users\luckystar894\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\luckystar894\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Connect Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk
backup=c:\windows\pss\Connect Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Matei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=c:\users\Matei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3_ Wild Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 20:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-02 10:34 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IT9135BDA;WinFast DTV Dongle Dual Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
R3 iwrstreo;WDF Driver for Vuzix VR920;c:\windows\system32\Drivers\iwrstreo.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 Realtek87B;Realtek87B;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:05]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 18:36]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001Core1cd08588542983b.job
- c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1001UA1cd0858863008f5.job
- c:\users\Matei\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 16:08]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007Core.job
- c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1007UA.job
- c:\users\bluetrainstreet\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 14:55]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008Core.job
- c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1008UA.job
- c:\users\luckystar894\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 15:56]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009Core.job
- c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3642603568-148322541-961638693-1009UA.job
- c:\users\ferrosaly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-20 23:16]
.
2012-08-21 c:\windows\Tasks\HPCeeScheduleForMatei.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
------- Supplementary Scan -------
.
uStart Page = google.hr/
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Matei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OypnqRJNq&&i=26&search=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.BabylonToolbar_i.hardId - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypnqRJNq&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.incredibar_i.hardId - 9e16d71b000000000000701a04fa5b25
FF - user.js: extensions.incredibar_i.instlDay - 15349
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2715:43
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OypnqRJNq
FF - user.js: extensions.incredibar_i.upn2n - 92260700927374084
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337&q=
FF - user.js: extensions.funmoods.id - D8D38515D6C7D71B
FF - user.js: extensions.funmoods.instlDay - 15543
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5604)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-09-16 15:44:05
ComboFix-quarantined-files.txt 2012-09-16 13:44
ComboFix2.txt 2012-09-15 21:29
.
Pre-Run: 29.994.635.264 bytes free
Post-Run: 29.978.710.016 bytes free
.
- - End Of File - - D1E5C33DB5D05FD8BD4B212C6DC4197E



Arrow KORAK 3 - AdwCleaner log

# AdwCleaner v2.001 - Logfile created 09/16/2012 at 15:51:24
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Matei - MATEI-HP
# Boot Mode : Normal
# Running from : C:\Users\Matei\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Matei\AppData\Local\funmoods.crx
File Found : C:\Users\Matei\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\searchplugins\MyStart Search.xml
File Found : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\searchplugins\search.xml
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\Conduit
Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\PriceGong
Folder Found : C:\Users\bluetrainstreet\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\ferrosaly\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\ferrosaly\AppData\LocalLow\Conduit
Folder Found : C:\Users\ferrosaly\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\ferrosaly\AppData\LocalLow\PriceGong
Folder Found : C:\Users\ferrosaly\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\luckystar894\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\luckystar894\AppData\LocalLow\Conduit
Folder Found : C:\Users\luckystar894\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\luckystar894\AppData\LocalLow\PriceGong
Folder Found : C:\Users\luckystar894\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Matei\AppData\Local\Babylon
Folder Found : C:\Users\Matei\AppData\Local\bearshare
Folder Found : C:\Users\Matei\AppData\Local\Conduit
Folder Found : C:\Users\Matei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Found : C:\Users\Matei\AppData\LocalLow\Conduit
Folder Found : C:\Users\Matei\AppData\LocalLow\ShoppingReport2
Folder Found : C:\Users\Matei\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Matei\AppData\Roaming\Babylon
Folder Found : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\SMTTB2009
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Somoto Toolbar
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand.1
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl.1
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2455325
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3080215
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\Software\Minibar
Key Found : HKLM\Software\QuestScan
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\Software\SweetIm
Key Found : HKU\S-1-5-21-3642603568-148322541-961638693-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3642603568-148322541-961638693-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKU\S-1-5-21-3642603568-148322541-961638693-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-3642603568-148322541-961638693-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [hblite@hblite.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\prefs.js

Found : user_pref("backup.old.browser.search.defaultenginename", "MyStart Search");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100995");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "9e16d71b000000000000701a04fa5b25");
Found : user_pref("extensions.BabylonToolbar_i.id", "9e16d71b000000000000701a04fa5b25");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15344");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100995&babsrc=NT_s[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:12:22");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,info@thebflix.com:1.1,{972ce4c6-7e[...]
Found : user_pref("extensions.funmoods.aflt", "nv1");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.cntry", "HR");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "6BA5E4D09944FAA0FD6079536E0D7FC4");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Found : user_pref("extensions.funmoods.id", "D8D38515D6C7D71B");
Found : user_pref("extensions.funmoods.instlDay", "15543");
Found : user_pref("extensions.funmoods.instlRef", "nv1");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:39:56");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:39:56");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:39:56");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10606");
Found : user_pref("extensions.incredibar_i.excTlbr", "false");
Found : user_pref("extensions.incredibar_i.hardId", "9e16d71b000000000000701a04fa5b25");
Found : user_pref("extensions.incredibar_i.id", "9e16d71b000000000000701a04fa5b25");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15349");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OypnqRJNq&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OypnqRJNq");
Found : user_pref("extensions.incredibar_i.upn2n", "92260700927374084");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2715:43:29");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OypnqRJNq&&i=26&search="[...]

Profile name : default
File : C:\Users\bluetrainstreet\AppData\Roaming\Mozilla\Firefox\Profiles\k4s2rgp3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Matei\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\bluetrainstreet\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\luckystar894\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\ferrosaly\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.60.1185.0

File : C:\Users\Matei\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : Home URL=hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0D[...]

File : C:\Users\bluetrainstreet\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19299 octets] - [16/09/2012 15:51:24]

########## EOF - C:\AdwCleaner[R1].txt - [19360 octets] ##########

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i kopiraj sljedeći tekst:

del /F /Q "c:\users\ferrosaly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\configuration.lnk" >> log.txt 2>&1
notepad log.txt


Snimi ga na Desktop pod imenom shellscript.bat
Obrati pažnju na ekstenziju .bat

Klikni desnim tasterom miša na shellscript.bat i klikni na Run as Administrator.

Klikni na Yes u prozoru koji će ti iskočiti.

Kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u. Ako se u Notepad-u ne pojavi nikakav tekst to znači da je sve prošlo kako treba i potrebno je samo da to napomeneš u poruci.

Ukoliko ti se Notepad ne otvori, otvori ručno fajl log.txt i postavi njegov sadržaj na forum.




Arrow Korak 2

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\Avenger

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php



Arrow Korak 3

Ponovo pokreni AdwCleaner.
Klikni na dugme Delete i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni na Ok kao potvrdu.
Na sledeća dva prozora koja se otvore (Informations i Restart required) klikni Ok
.
Računar će se restartovati.
Otvoriće se Notepad sa izvještajem.
Kopiraj sadržaj tog izvještaja u temu.


Napomena: Izvještaj ce takođe biti sačuvan na C:\AdwCleaner[S1].txt



Question

Kakvo je stanje sistema?

Ko je trenutno na forumu
 

Ukupno su 636 korisnika na forumu :: 12 registrovanih, 2 sakrivenih i 622 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Battlehammer, Bobrock1, cikadeda, DPera, HrcAk47, Kenanjoz, Krvava Devetka, Lord Nem, nemkea71, slonic_tonic, zlaya011