Blokiran desktop,pomoc.

2

Blokiran desktop,pomoc.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 110

Nema problema,cujemo se kad dodjes.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora.

C:\Users\Aloha\AppData\Local\N7rOonLyK
C:\Users\Aloha\AppData\Roaming\svhost*


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sacuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sacekaj dok program ne završi

Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi.

Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takode, na Desktop-u ce se nalaziti fixlog.txt.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 110

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Aloha at 2013-10-15 18:41:31 Run:2
Running from C:\Users\Aloha\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Aloha\AppData\Local\N7rOonLyK
C:\Users\Aloha\AppData\Roaming\svhost*
*****************


"C:\Users\Aloha\AppData\Local\N7rOonLyK " directory move:

Could not move "C:\Users\Aloha\AppData\Local\N7rOonLyK " directory. => Scheduled to move on reboot.

C:\Users\Aloha\AppData\Roaming\svhost* => Moved successfully.

=========== Result of Scheduled Files to move ===========

"C:\Users\Aloha\AppData\Local\N7rOonLyK " => Directory could not move.

==== End of Fixlog ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Folders to delete:
C:\Users\Aloha\AppData\Local\N7rOonLyK


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.




Arrow Nakon toga, ponovo pokreni FRST i dostavi mi svez izvestaj.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 110

Skinuo Avanger,raspakovao arhivu u folder,pokrenuo Avanger,u polje ubacio skriptu,isao na izvrsenje,dobijam poruku da ce se restartovati racunar i da ce pokrenuti scan posle boot-a. Ovo se ne desava,sistem se podigne normalno,pokusao sam dva puta. Na pomenutoj lokaciji nema avanger.txt





Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Aloha (administrator) on ALOHA-PC on 15-10-2013 19:32:30
Running from C:\Users\Aloha\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\DVBViewer\Remotes\starter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DVBViewer\Remotes\ts_winlirc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [DVBViewer Starter] - C:\Program Files (x86)\DVBViewer\Remotes\starter.exe [175104 2005-10-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B773ABAD95CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: javascript - No CLSID Value -
Handler-x32: javascript - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Aloha\AppData\Roaming\Mozilla\Firefox\Profiles\84hfvcsk.default
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb - C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @verimatrix.com/ViewRightWeb - C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: xnotifier.lite - C:\Users\Aloha\AppData\Roaming\Mozilla\Firefox\Profiles\84hfvcsk.default\Extensions\xnotifier.lite@tobwithu.org.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR HomePage: hxxp://www.elitesecurity.org/f101
CHR RestoreOnStartup: "hxxp://www.elitesecurity.org/f101-PC-DVB-kartice"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\Aloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.2.4_0
CHR Extension: (Google Drive) - C:\Users\Aloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Aloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (X-notifier (for Gmail\u2122,Hotmail,Yahoo,AOL...)) - C:\Users\Aloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco\3.3.6_0
CHR Extension: (Google Search) - C:\Users\Aloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Aloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Aloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Aloha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-04] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
S3 AR9271; C:\Windows\System32\DRIVERS\athuwx.sys [2224160 2011-07-29] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 MTSBDA; C:\Windows\System32\Drivers\MtsBda.sys [344592 2009-07-13] (TechniSat Provide)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 MtsHID; C:\Windows\System32\drivers\MtsHID.sys [27664 2009-07-13] (TechniSat Provide)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-18] (Duplex Secure Ltd.)
U3 ae9acrx6; C:\Windows\System32\Drivers\ae9acrx6.sys [0 ] (Advanced Micro Devices)
S0 dgvncx; system32\drivers\uslhk.sys [x]
S0 lkkrjrni; system32\drivers\apgxuyk.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 19:29 - 2013-10-15 19:29 - 00061440 _____ C:\Windows\SysWOW64\Drivers\uslhk.sys
2013-10-15 19:29 - 2013-10-15 19:29 - 00000120 _____ C:\Windows\SysWOW64\szlfuwa.txt
2013-10-15 19:23 - 2013-10-15 19:23 - 00061440 _____ C:\Windows\SysWOW64\Drivers\apgxuyk.sys
2013-10-15 19:23 - 2013-10-15 19:23 - 00000120 _____ C:\Program Files (x86)\npodi.txt
2013-10-15 19:23 - 2013-10-15 19:23 - 00000000 ____D C:\Users\Aloha\Desktop\avenger
2013-10-15 19:22 - 2013-10-15 19:22 - 00724952 _____ C:\Users\Aloha\Desktop\avenger.zip
2013-10-15 18:59 - 2013-10-15 18:59 - 00000000 ____D C:\download
2013-10-15 18:55 - 2013-10-15 19:15 - 00000000 ____D C:\Users\Aloha\Desktop\Jdownloader2
2013-10-15 18:49 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-15 18:49 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-15 18:49 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-15 18:49 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-15 18:49 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-15 18:49 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-15 18:49 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-15 18:49 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-15 18:49 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-15 18:49 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-15 18:49 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-15 18:49 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-15 18:49 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-15 18:49 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-15 18:49 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-15 18:49 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-15 18:49 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-15 18:49 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-15 18:49 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-15 18:49 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-15 18:49 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-15 18:49 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-15 18:49 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-15 18:49 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-15 18:49 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-15 18:42 - 2013-10-15 18:42 - 00000336 _____ C:\Windows\PFRO.log
2013-10-15 14:20 - 2013-10-15 14:20 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\Mozilla
2013-10-15 14:20 - 2013-10-15 14:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-15 14:20 - 2013-10-15 14:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-15 14:16 - 2013-10-15 19:31 - 00007840 _____ C:\Windows\setupact.log
2013-10-15 14:16 - 2013-10-15 14:16 - 00000000 _____ C:\Windows\setuperr.log
2013-10-15 14:02 - 2013-10-15 14:02 - 00016132 _____ C:\Users\Aloha\Desktop\jdownloader dlc.dlc
2013-10-15 14:00 - 2013-10-15 14:02 - 03433837 _____ C:\Users\Aloha\Desktop\jd 15-10-2013.rar
2013-10-15 13:58 - 2013-10-15 14:34 - 107651823 _____ C:\Users\Aloha\Desktop\jd2 fully loaded 15-10-2013.rar
2013-10-15 13:54 - 2013-10-15 13:54 - 00000000 ____D C:\Users\Aloha\.appwork
2013-10-15 10:07 - 2013-10-15 18:43 - 00000000 ____D C:\FRST
2013-10-15 10:07 - 2013-10-15 10:07 - 01954124 _____ (Farbar) C:\Users\Aloha\Desktop\FRST64.exe
2013-10-15 10:00 - 2013-10-15 10:00 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\Malwarebytes
2013-10-15 10:00 - 2013-10-15 10:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-15 10:00 - 2013-10-15 10:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-15 10:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-15 09:39 - 2013-10-15 09:39 - 00000000 ____D C:\Users\Aloha\AppData\Local\N7rOonLyK
2013-10-09 22:24 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 22:24 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 22:24 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 22:24 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 22:24 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 22:24 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 22:24 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 22:24 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 22:24 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 22:24 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 22:24 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 22:24 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 22:24 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 22:24 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 22:24 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 22:24 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 22:24 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 22:24 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 22:24 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 22:24 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 22:24 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 22:23 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 22:23 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 22:23 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 22:23 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 22:23 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 22:23 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 22:23 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 22:23 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 22:23 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 22:23 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 17:32 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:32 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:32 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:32 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:32 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:32 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:32 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:32 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:32 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:32 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:32 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:32 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:32 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:32 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:32 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:32 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:32 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:32 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:32 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:32 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:32 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:32 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:31 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:31 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:31 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:31 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:31 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 17:53 - 2013-10-08 17:54 - 00000000 ____D C:\Users\Aloha\Documents\Battlefield 4 Beta
2013-10-07 22:47 - 2013-10-07 22:47 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-07 22:47 - 2013-10-07 22:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-06 18:47 - 2013-10-06 18:47 - 00001281 _____ C:\Users\Public\Desktop\PESEdit 2014 Selector.lnk
2013-10-04 18:40 - 2013-10-04 18:40 - 00000000 ____D C:\Users\Aloha\AppData\Local\PunkBuster
2013-10-04 18:39 - 2013-10-04 18:39 - 00000000 ____D C:\Users\Aloha\Documents\Battlefield 4
2013-10-04 18:38 - 2013-10-04 18:38 - 00001205 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-04 18:38 - 2013-10-04 18:38 - 00000000 ____D C:\Users\Aloha\AppData\Local\ESN
2013-10-04 18:38 - 2013-10-04 18:38 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-04 18:37 - 2013-10-15 11:10 - 00215416 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-04 18:37 - 2013-10-15 11:10 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-04 18:37 - 2013-10-04 18:37 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-04 18:36 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-10-04 18:36 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-10-04 18:36 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-10-04 18:36 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-10-04 18:36 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-10-03 19:26 - 2013-10-03 23:17 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-02 18:28 - 2013-10-03 19:26 - 00000000 ____D C:\Users\Aloha\AppData\Local\Origin
2013-10-02 18:27 - 2013-10-15 11:08 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-02 18:27 - 2013-10-04 18:39 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-10-02 18:27 - 2013-10-03 19:19 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-09-27 17:44 - 2013-10-15 18:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-27 17:44 - 2013-10-08 21:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-25 18:46 - 2013-09-25 18:46 - 00000000 ____D C:\Program Files\CPUID
2013-09-23 17:35 - 2013-10-05 21:40 - 00000000 ____D C:\Users\Aloha\Desktop\The Bridge
2013-09-22 20:21 - 2013-09-22 20:21 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\Ashampoo
2013-09-22 20:20 - 2013-09-22 20:20 - 00000000 ____D C:\Users\Aloha\AppData\Local\ashampoo
2013-09-22 20:20 - 2013-09-22 20:20 - 00000000 ____D C:\ProgramData\Ashampoo
2013-09-22 20:20 - 2013-09-22 20:20 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-09-21 22:38 - 2013-09-21 23:10 - 00000000 ____D C:\Users\Aloha\Desktop\greece
2013-09-21 21:32 - 2013-09-21 21:32 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-09-21 21:32 - 2013-09-21 21:32 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-09-21 21:32 - 2013-09-21 21:32 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-09-21 14:49 - 2013-09-21 14:49 - 00000000 ____D C:\ProgramData\ATI
2013-09-21 14:49 - 2013-09-21 14:49 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-09-21 14:48 - 2013-09-21 14:48 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201309211448476992.log
2013-09-21 14:41 - 2013-10-04 18:37 - 00000000 ____D C:\ProgramData\Package Cache
2013-09-18 22:46 - 2013-09-18 22:46 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-18 22:45 - 2013-10-04 23:29 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\DAEMON Tools Pro
2013-09-18 22:45 - 2013-09-18 22:57 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2013-09-18 22:45 - 2013-09-18 22:50 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2013-09-18 14:20 - 2013-09-18 14:20 - 00040446 _____ (Beepa Pty Ltd) C:\Program Files (x86)\uninstall.exe
2013-09-18 14:20 - 2013-09-18 14:20 - 00000857 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-09-18 14:20 - 2013-09-18 14:20 - 00000000 ____D C:\Program Files (x86)\HELP

==================== One Month Modified Files and Folders =======

2013-10-15 19:31 - 2013-10-15 14:16 - 00007840 _____ C:\Windows\setupact.log
2013-10-15 19:30 - 2013-08-29 23:14 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-10-15 19:30 - 2013-08-10 11:41 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-15 19:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 19:29 - 2013-10-15 19:29 - 00061440 _____ C:\Windows\SysWOW64\Drivers\uslhk.sys
2013-10-15 19:29 - 2013-10-15 19:29 - 00000120 _____ C:\Windows\SysWOW64\szlfuwa.txt
2013-10-15 19:29 - 2013-08-09 18:07 - 01886354 _____ C:\Windows\WindowsUpdate.log
2013-10-15 19:29 - 2009-07-14 07:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-15 19:29 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-15 19:29 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-15 19:23 - 2013-10-15 19:23 - 00061440 _____ C:\Windows\SysWOW64\Drivers\apgxuyk.sys
2013-10-15 19:23 - 2013-10-15 19:23 - 00000120 _____ C:\Program Files (x86)\npodi.txt
2013-10-15 19:23 - 2013-10-15 19:23 - 00000000 ____D C:\Users\Aloha\Desktop\avenger
2013-10-15 19:22 - 2013-10-15 19:22 - 00724952 _____ C:\Users\Aloha\Desktop\avenger.zip
2013-10-15 19:20 - 2013-08-10 12:16 - 00000000 ____D C:\Users\Aloha\AppData\Local\Mozilla
2013-10-15 19:15 - 2013-10-15 18:55 - 00000000 ____D C:\Users\Aloha\Desktop\Jdownloader2
2013-10-15 18:59 - 2013-10-15 18:59 - 00000000 ____D C:\download
2013-10-15 18:53 - 2013-09-27 17:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 18:51 - 2013-08-10 11:41 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 18:50 - 2013-08-10 12:10 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-15 18:50 - 2013-08-10 12:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-15 18:50 - 2013-08-10 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-15 18:43 - 2013-10-15 10:07 - 00000000 ____D C:\FRST
2013-10-15 18:42 - 2013-10-15 18:42 - 00000336 _____ C:\Windows\PFRO.log
2013-10-15 17:34 - 2013-08-10 19:37 - 00000000 ____D C:\Program Files (x86)\DVBViewer
2013-10-15 14:34 - 2013-10-15 13:58 - 107651823 _____ C:\Users\Aloha\Desktop\jd2 fully loaded 15-10-2013.rar
2013-10-15 14:20 - 2013-10-15 14:20 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\Mozilla
2013-10-15 14:20 - 2013-10-15 14:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-15 14:20 - 2013-10-15 14:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-15 14:16 - 2013-10-15 14:16 - 00000000 _____ C:\Windows\setuperr.log
2013-10-15 14:10 - 2013-08-10 03:56 - 00000000 ____D C:\Windows\Panther
2013-10-15 14:09 - 2013-08-10 17:05 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-10-15 14:02 - 2013-10-15 14:02 - 00016132 _____ C:\Users\Aloha\Desktop\jdownloader dlc.dlc
2013-10-15 14:02 - 2013-10-15 14:00 - 03433837 _____ C:\Users\Aloha\Desktop\jd 15-10-2013.rar
2013-10-15 13:54 - 2013-10-15 13:54 - 00000000 ____D C:\Users\Aloha\.appwork
2013-10-15 13:54 - 2013-08-09 18:10 - 00000000 ____D C:\Users\Aloha
2013-10-15 11:10 - 2013-10-04 18:37 - 00215416 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-15 11:10 - 2013-10-04 18:37 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-15 11:08 - 2013-10-02 18:27 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-15 10:07 - 2013-10-15 10:07 - 01954124 _____ (Farbar) C:\Users\Aloha\Desktop\FRST64.exe
2013-10-15 10:00 - 2013-10-15 10:00 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\Malwarebytes
2013-10-15 10:00 - 2013-10-15 10:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-15 10:00 - 2013-10-15 10:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-15 09:45 - 2013-08-25 14:22 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-10-15 09:39 - 2013-10-15 09:39 - 00000000 ____D C:\Users\Aloha\AppData\Local\N7rOonLyK
2013-10-14 13:31 - 2013-08-09 18:23 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\Skype
2013-10-11 18:46 - 2013-08-10 11:41 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 18:46 - 2013-08-10 11:41 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 19:17 - 2009-07-14 06:45 - 00422152 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 22:25 - 2013-08-10 12:36 - 00778680 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 22:23 - 2013-08-10 16:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 22:23 - 2013-08-10 16:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 22:22 - 2013-08-10 18:28 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 22:20 - 2013-08-10 18:20 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 22:20 - 2013-08-10 11:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-08 21:53 - 2013-09-27 17:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 21:53 - 2013-08-11 22:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 21:53 - 2013-08-11 22:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 17:54 - 2013-10-08 17:53 - 00000000 ____D C:\Users\Aloha\Documents\Battlefield 4 Beta
2013-10-07 22:47 - 2013-10-07 22:47 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-07 22:47 - 2013-10-07 22:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-06 18:47 - 2013-10-06 18:47 - 00001281 _____ C:\Users\Public\Desktop\PESEdit 2014 Selector.lnk
2013-10-06 18:40 - 2013-08-10 16:59 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\uTorrent
2013-10-05 21:40 - 2013-09-23 17:35 - 00000000 ____D C:\Users\Aloha\Desktop\The Bridge
2013-10-04 23:29 - 2013-09-18 22:45 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\DAEMON Tools Pro
2013-10-04 18:40 - 2013-10-04 18:40 - 00000000 ____D C:\Users\Aloha\AppData\Local\PunkBuster
2013-10-04 18:39 - 2013-10-04 18:39 - 00000000 ____D C:\Users\Aloha\Documents\Battlefield 4
2013-10-04 18:39 - 2013-10-02 18:27 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-10-04 18:39 - 2013-08-13 20:49 - 00000000 ____D C:\ProgramData\Origin
2013-10-04 18:38 - 2013-10-04 18:38 - 00001205 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-04 18:38 - 2013-10-04 18:38 - 00000000 ____D C:\Users\Aloha\AppData\Local\ESN
2013-10-04 18:38 - 2013-10-04 18:38 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-04 18:37 - 2013-10-04 18:37 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-04 18:37 - 2013-09-21 14:41 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-03 23:17 - 2013-10-03 19:26 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-03 19:26 - 2013-10-02 18:28 - 00000000 ____D C:\Users\Aloha\AppData\Local\Origin
2013-10-03 19:26 - 2013-08-13 20:50 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\Origin
2013-10-03 19:19 - 2013-10-02 18:27 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-09-25 18:46 - 2013-09-25 18:46 - 00000000 ____D C:\Program Files\CPUID
2013-09-25 18:43 - 2013-08-09 18:21 - 00000000 ____D C:\Program Files\WinRAR
2013-09-23 01:28 - 2013-10-09 22:23 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 22:23 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 22:24 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 22:24 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 22:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 22:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 22:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 22:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 22:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 22:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-09 22:23 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 22:23 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 22:23 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:55 - 2013-10-09 22:24 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:55 - 2013-10-09 22:23 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 22:23 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:54 - 2013-10-09 22:24 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 22:24 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 22:24 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 22:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 22:24 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 22:24 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 22:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 22:24 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:54 - 2013-10-09 22:23 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 22:23 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 22:23 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 20:21 - 2013-09-22 20:21 - 00000000 ____D C:\Users\Aloha\AppData\Roaming\Ashampoo
2013-09-22 20:20 - 2013-09-22 20:20 - 00000000 ____D C:\Users\Aloha\AppData\Local\ashampoo
2013-09-22 20:20 - 2013-09-22 20:20 - 00000000 ____D C:\ProgramData\Ashampoo
2013-09-22 20:20 - 2013-09-22 20:20 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2013-09-21 23:10 - 2013-09-21 22:38 - 00000000 ____D C:\Users\Aloha\Desktop\greece
2013-09-21 21:32 - 2013-09-21 21:32 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2013-09-21 21:32 - 2013-09-21 21:32 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-09-21 21:32 - 2013-09-21 21:32 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-09-21 14:49 - 2013-09-21 14:49 - 00000000 ____D C:\ProgramData\ATI
2013-09-21 14:49 - 2013-09-21 14:49 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-09-21 14:49 - 2013-08-10 12:11 - 00000000 ____D C:\ProgramData\AMD
2013-09-21 14:48 - 2013-09-21 14:48 - 00060777 _____ C:\Windows\SysWOW64\CCCInstall_201309211448476992.log
2013-09-21 14:48 - 2013-08-09 18:13 - 00000000 ____D C:\Program Files\ATI Technologies
2013-09-21 10:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-21 05:38 - 2013-10-09 22:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-09 22:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-09 22:24 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-09 22:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 02:45 - 2013-08-10 21:47 - 00000000 ____D C:\Program Files (x86)\KONAMI
2013-09-18 23:11 - 2013-08-10 22:13 - 00000000 ____D C:\Users\Aloha\Documents\KONAMI
2013-09-18 23:05 - 2013-08-11 09:54 - 00000000 ____D C:\ProgramData\KONAMI
2013-09-18 22:57 - 2013-09-18 22:45 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2013-09-18 22:50 - 2013-09-18 22:45 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2013-09-18 22:46 - 2013-09-18 22:46 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-18 14:20 - 2013-09-18 14:20 - 00040446 _____ (Beepa Pty Ltd) C:\Program Files (x86)\uninstall.exe
2013-09-18 14:20 - 2013-09-18 14:20 - 00000857 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-09-18 14:20 - 2013-09-18 14:20 - 00000000 ____D C:\Program Files (x86)\HELP
2013-09-16 09:17 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries

Some content of TEMP:
====================
C:\Users\Aloha\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Aloha\AppData\Local\Temp\i4jdel0.exe
C:\Users\Aloha\AppData\Local\Temp\proxy_vole6964995729109446211.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 10:08

==================== End Of Log ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 110

Napisano: 15 Okt 2013 20:49

Evo u prilogu je postavljeno

Dopuna: 15 Okt 2013 20:50

ComboFix 13-10-15.02 - Aloha 10/15/2013 20:38:23.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2701 [GMT 2:00]
Running from: c:\users\Aloha\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\fraps.exe
c:\program files (x86)\fraps32.dll
c:\program files (x86)\fraps64.dat
c:\program files (x86)\fraps64.dll
c:\program files (x86)\frapslcd.dll
c:\program files (x86)\Uninstall.exe
c:\users\Aloha\AppData\Local\Temp\_MEI30562\_ctypes.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\_elementtree.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\_hashlib.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\_multiprocessing.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\_socket.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\_ssl.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\msvcp100.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\msvcr100.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\pyexpat.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\pysqlite2._sqlite.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\python27.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\pythoncom27.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\PyWinTypes27.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\select.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\unicodedata.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32api.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32com.shell.shell.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32crypt.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32event.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32file.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32inet.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32pdh.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32process.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32profile.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32security.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\win32ts.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\windows._cacheinvalidation.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wx._controls_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wx._core_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wx._gdi_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wx._html2.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wx._misc_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wx._windows_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wx._wizard.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wxbase294u_net_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wxbase294u_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wxmsw294u_adv_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wxmsw294u_core_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wxmsw294u_html_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI30562\wxmsw294u_webview_vc90.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-09-15 to 2013-10-15 )))))))))))))))))))))))))))))))
.
.
2013-10-15 17:29 . 2013-10-15 17:29 61440 ----a-w- c:\windows\SysWow64\drivers\uslhk.sys
2013-10-15 17:23 . 2013-10-15 17:23 61440 ----a-w- c:\windows\SysWow64\drivers\apgxuyk.sys
2013-10-15 16:59 . 2013-10-15 16:59 -------- d-----w- C:\download
2013-10-15 12:20 . 2013-10-15 12:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-10-15 11:54 . 2013-10-15 11:54 -------- d-----w- c:\users\Aloha\.appwork
2013-10-15 08:33 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EEFF409-7054-4804-8A77-7A02CA157CD3}\mpengine.dll
2013-10-15 08:07 . 2013-10-15 16:43 -------- d-----w- C:\FRST
2013-10-15 08:00 . 2013-10-15 08:00 -------- d-----w- c:\users\Aloha\AppData\Roaming\Malwarebytes
2013-10-15 08:00 . 2013-10-15 08:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-15 08:00 . 2013-10-15 08:00 -------- d-----w- c:\programdata\Malwarebytes
2013-10-15 08:00 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-15 07:39 . 2013-10-15 07:39 -------- d-----w- c:\users\Aloha\AppData\Local\N7rOonLyK
2013-10-14 07:50 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-09 20:23 . 2013-09-22 23:28 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-09 20:23 . 2013-09-22 23:27 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-10-09 20:23 . 2013-09-22 22:55 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-10-09 20:23 . 2013-09-22 23:28 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-09 20:23 . 2013-09-22 22:55 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-09 20:23 . 2013-09-22 22:54 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-10-09 20:23 . 2013-09-22 22:55 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-10-09 20:23 . 2013-09-22 22:54 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-10-09 20:23 . 2013-09-22 22:54 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-10-09 15:31 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 15:31 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 15:31 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-09 15:31 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-09 15:31 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-07 20:47 . 2013-10-07 20:47 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-10-04 16:40 . 2013-10-04 16:40 -------- d-----w- c:\users\Aloha\AppData\Local\PunkBuster
2013-10-04 16:38 . 2013-10-04 16:38 -------- d-----w- c:\users\Aloha\AppData\Local\ESN
2013-10-04 16:38 . 2013-10-04 16:38 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-10-04 16:37 . 2013-10-15 09:10 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-04 16:37 . 2013-10-15 09:10 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-04 16:37 . 2013-10-04 16:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-04 16:36 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-10-04 16:36 . 2008-10-15 04:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2013-10-04 16:36 . 2008-10-15 04:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-10-04 16:36 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-10-04 16:36 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2013-10-02 16:28 . 2013-10-03 17:26 -------- d-----w- c:\users\Aloha\AppData\Local\Origin
2013-10-02 16:27 . 2013-10-15 17:56 -------- d-----w- c:\programdata\Electronic Arts
2013-10-02 16:27 . 2013-10-15 17:55 -------- d-----w- c:\program files (x86)\Origin
2013-09-25 16:46 . 2013-09-25 16:46 -------- d-----w- c:\program files\CPUID
2013-09-22 18:21 . 2013-09-22 18:21 -------- d-----w- c:\users\Aloha\AppData\Roaming\Ashampoo
2013-09-22 18:20 . 2013-09-22 18:20 -------- d-----w- c:\users\Aloha\AppData\Local\ashampoo
2013-09-22 18:20 . 2013-09-22 18:20 -------- d-----w- c:\programdata\Ashampoo
2013-09-22 18:20 . 2013-09-22 18:20 -------- d-----w- c:\program files (x86)\Ashampoo
2013-09-21 19:32 . 2013-09-21 19:32 -------- d-----w- c:\programdata\YTD Video Downloader
2013-09-21 19:32 . 2013-09-21 19:32 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-09-21 12:49 . 2013-09-21 12:49 -------- d-----w- c:\programdata\ATI
2013-09-21 12:49 . 2013-09-21 12:49 -------- d-----w- c:\program files (x86)\AMD AVT
2013-09-21 12:41 . 2013-10-04 16:37 -------- d-----w- c:\programdata\Package Cache
2013-09-18 20:46 . 2013-09-18 20:46 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-18 20:45 . 2013-10-04 21:29 -------- d-----w- c:\users\Aloha\AppData\Roaming\DAEMON Tools Pro
2013-09-18 20:45 . 2013-09-18 20:50 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2013-09-18 20:45 . 2013-09-18 20:57 -------- d-----w- c:\programdata\DAEMON Tools Pro
2013-09-18 12:20 . 2013-09-18 12:20 -------- d-----w- c:\program files (x86)\HELP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 20:20 . 2013-08-10 16:20 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 19:53 . 2013-08-11 20:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 19:53 . 2013-08-11 20:08 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-05 20:58 . 2013-09-05 20:58 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{130DBB1C-FE82-45C1-A38F-E99456B46141}\gapaengine.dll
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-08-31 00:14 . 2013-08-31 00:14 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-08-31 00:14 . 2013-03-29 02:37 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-08-31 00:13 . 2013-03-29 02:37 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-08-31 00:13 . 2013-03-29 02:37 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-08-31 00:13 . 2013-03-29 02:37 1233080 ----a-w- c:\windows\system32\aticfx64.dll
2013-08-31 00:13 . 2013-03-29 02:37 1027544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-08-31 00:13 . 2013-03-29 02:36 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-08-31 00:13 . 2013-08-31 00:13 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-08-31 00:13 . 2013-03-29 02:36 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-08-31 00:13 . 2013-03-29 02:36 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-08-31 00:13 . 2013-08-31 00:13 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-08-31 00:13 . 2013-08-31 00:13 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-08-31 00:11 . 2013-08-31 00:11 12528640 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-08-30 23:48 . 2013-08-30 23:48 127488 ----a-w- c:\windows\system32\coinst_13.152.dll
2013-08-30 23:48 . 2013-08-30 23:48 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-08-30 23:47 . 2013-08-30 23:47 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-08-30 23:47 . 2013-08-30 23:47 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-08-30 23:47 . 2013-08-30 23:47 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-08-30 23:47 . 2013-08-30 23:47 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-08-30 23:47 . 2013-08-30 23:47 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-08-30 23:45 . 2013-08-30 23:45 23760896 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-08-30 23:43 . 2013-08-30 23:43 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-08-30 23:43 . 2013-08-30 23:43 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-08-30 23:35 . 2013-08-30 23:35 25387520 ----a-w- c:\windows\system32\atio6axx.dll
2013-08-30 23:18 . 2013-08-30 23:18 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-08-30 23:18 . 2013-08-30 23:18 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-08-30 23:18 . 2013-08-30 23:18 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-08-30 23:18 . 2013-08-30 23:18 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-08-30 23:18 . 2013-08-30 23:18 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-08-30 23:17 . 2013-08-30 23:17 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-08-30 23:14 . 2013-08-30 23:14 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-08-30 23:13 . 2013-08-30 23:13 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-08-30 22:59 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-08-30 22:58 . 2013-08-30 22:58 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-08-30 22:58 . 2013-08-30 22:58 571904 ----a-w- c:\windows\system32\atieclxx.exe
2013-08-30 22:57 . 2013-08-30 22:57 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-08-30 22:56 . 2013-08-30 22:56 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-08-30 22:33 . 2013-03-29 01:10 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-08-30 22:33 . 2013-08-30 22:33 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-08-30 22:33 . 2013-08-30 22:33 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-08-30 22:32 . 2013-08-30 22:32 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-08-30 22:32 . 2013-08-30 22:32 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 618496 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-08-30 17:58 . 2013-08-30 17:58 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-08-30 17:53 . 2013-08-30 17:53 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-08-29 01:48 . 2013-10-15 16:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-23 17:38 . 2013-08-23 17:38 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-14 14:29 . 2013-08-14 14:29 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-14 14:29 . 2013-08-10 21:15 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-14 14:29 . 2013-08-10 21:15 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-13 14:12 . 2013-08-13 14:12 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-13 14:12 . 2013-08-13 14:12 310688 ----a-w- c:\windows\system32\javaws.exe
2013-08-13 14:12 . 2013-08-13 14:12 188832 ----a-w- c:\windows\system32\javaw.exe
2013-08-13 14:12 . 2013-08-13 14:12 188320 ----a-w- c:\windows\system32\java.exe
2013-08-12 12:32 . 2013-08-10 13:26 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-08-11 18:25 . 2013-08-10 21:21 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-11 18:25 . 2013-08-10 21:21 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-11 13:58 . 2013-08-11 13:58 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-08-11 13:58 . 2013-08-11 13:58 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-08-11 13:58 . 2013-08-11 13:58 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-11 13:58 . 2013-08-11 13:58 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-08-11 13:58 . 2013-08-11 13:58 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-11 13:58 . 2013-08-11 13:58 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-08-11 13:58 . 2013-08-11 13:58 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-08-11 13:58 . 2013-08-11 13:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-08-11 13:58 . 2013-08-11 13:58 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-08-11 13:58 . 2013-08-11 13:58 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-11 13:58 . 2013-08-11 13:58 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-08-11 13:58 . 2013-08-11 13:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-08-11 13:58 . 2013-08-11 13:58 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-11 13:58 . 2013-08-11 13:58 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-08-11 13:58 . 2013-08-11 13:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-08-11 13:58 . 2013-08-11 13:58 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-08-11 13:58 . 2013-08-11 13:58 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-08-11 13:58 . 2013-08-11 13:58 216064 ----a-w- c:\windows\system32\msls31.dll
2013-08-11 13:58 . 2013-08-11 13:58 197120 ----a-w- c:\windows\system32\msrating.dll
2013-08-11 13:58 . 2013-08-11 13:58 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-11 13:58 . 2013-08-11 13:58 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-11 13:58 . 2013-08-11 13:58 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-11 13:58 . 2013-08-11 13:58 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-08-11 13:58 . 2013-08-11 13:58 81408 ----a-w- c:\windows\system32\icardie.dll
2013-08-11 13:58 . 2013-08-11 13:58 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-08-11 13:58 . 2013-08-11 13:58 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-08-11 13:58 . 2013-08-11 13:58 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-08-11 13:58 . 2013-08-11 13:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-08-11 13:58 . 2013-08-11 13:58 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-08-11 13:58 . 2013-08-11 13:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-11 13:58 . 2013-08-11 13:58 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-08-11 13:58 . 2013-08-11 13:58 441856 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-10 20:46 222832 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-10 20:46 222832 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-10 20:46 222832 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DVBViewer Starter"="c:\program files (x86)\DVBViewer\Remotes\starter.exe" [2005-10-11 175104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 dgvncx;dgvncx;c:\windows\system32\drivers\uslhk.sys;c:\windows\SYSNATIVE\drivers\uslhk.sys [x]
R0 lkkrjrni;lkkrjrni;c:\windows\system32\drivers\apgxuyk.sys;c:\windows\SYSNATIVE\drivers\apgxuyk.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuwx.sys;c:\windows\SYSNATIVE\DRIVERS\athuwx.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MTSBDA;TechniSat SkyStar HD2;c:\windows\system32\Drivers\MtsBda.sys;c:\windows\SYSNATIVE\Drivers\MtsBda.sys [x]
S3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys;c:\windows\SYSNATIVE\drivers\MtsHID.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 04:46 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-11 19:53]
.
2013-10-15 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Aloha\AppData\Local\SwvUpdater\Updater.exe [2013-08-29 21:13]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 09:41]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 09:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-10 20:46 261744 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-10 20:46 261744 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-10 20:46 261744 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Aloha\AppData\Roaming\Mozilla\Firefox\Profiles\84hfvcsk.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/profile.php?id=100006864753189
FF - ExtSQL: 2013-10-15 14:22; xnotifier.lite@tobwithu.org; c:\users\Aloha\AppData\Roaming\Mozilla\Firefox\Profiles\84hfvcsk.default\extensions\xnotifier.lite@tobwithu.org.xpi
.
.
------- File Associations -------
.
.txt=Text File
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 4 Beta\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\DVBViewer\Remotes\ts_winlirc.exe
.
**************************************************************************
.
Completion time: 2013-10-15 20:46:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-15 18:46
.
Pre-Run: 83,166,687,232 bytes free
Post-Run: 82,647,166,976 bytes free
.
- - End Of File - - 9238AFE4B438BE2BB297B5D22E8CD86C
A36C5E4F47E84449FF07ED3517B43A31

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Users\Aloha\AppData\Local\N7rOonLyK


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 15 Feb 2011
  • Poruke: 110

ComboFix 13-10-15.02 - Aloha 10/16/2013 0:48.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.3020 [GMT 2:00]
Running from: c:\users\Aloha\Desktop\ComboFix.exe
Command switches used :: c:\users\Aloha\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aloha\AppData\Local\N7rOonLyK
c:\users\Aloha\AppData\Local\N7rOonLyK\27c7LEaWx.exe
c:\users\Aloha\AppData\Local\Temp\_MEI27322\_ctypes.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\_elementtree.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\_hashlib.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\_multiprocessing.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\_socket.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\_ssl.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\msvcp100.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\msvcr100.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\pyexpat.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\pysqlite2._sqlite.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\python27.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\pythoncom27.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\PyWinTypes27.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\select.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\unicodedata.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32api.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32com.shell.shell.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32crypt.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32event.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32file.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32inet.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32pdh.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32process.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32profile.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32security.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\win32ts.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\windows._cacheinvalidation.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wx._controls_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wx._core_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wx._gdi_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wx._html2.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wx._misc_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wx._windows_.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wx._wizard.pyd
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wxbase294u_net_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wxbase294u_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wxmsw294u_adv_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wxmsw294u_core_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wxmsw294u_html_vc90.dll
c:\users\Aloha\AppData\Local\Temp\_MEI27322\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-09-15 to 2013-10-15 )))))))))))))))))))))))))))))))
.
.
2013-10-15 22:52 . 2013-10-15 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-15 17:29 . 2013-10-15 17:29 61440 ----a-w- c:\windows\SysWow64\drivers\uslhk.sys
2013-10-15 17:23 . 2013-10-15 17:23 61440 ----a-w- c:\windows\SysWow64\drivers\apgxuyk.sys
2013-10-15 16:59 . 2013-10-15 16:59 -------- d-----w- C:\download
2013-10-15 12:20 . 2013-10-15 12:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-10-15 11:54 . 2013-10-15 11:54 -------- d-----w- c:\users\Aloha\.appwork
2013-10-15 08:33 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EEFF409-7054-4804-8A77-7A02CA157CD3}\mpengine.dll
2013-10-15 08:07 . 2013-10-15 16:43 -------- d-----w- C:\FRST
2013-10-15 08:00 . 2013-10-15 08:00 -------- d-----w- c:\users\Aloha\AppData\Roaming\Malwarebytes
2013-10-15 08:00 . 2013-10-15 08:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-15 08:00 . 2013-10-15 08:00 -------- d-----w- c:\programdata\Malwarebytes
2013-10-15 08:00 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-14 07:50 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-09 20:23 . 2013-09-22 23:28 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-09 20:23 . 2013-09-22 23:27 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-10-09 20:23 . 2013-09-22 22:55 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-10-09 20:23 . 2013-09-22 23:28 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-09 20:23 . 2013-09-22 22:55 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-09 20:23 . 2013-09-22 22:54 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-10-09 20:23 . 2013-09-22 22:55 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-10-09 20:23 . 2013-09-22 22:54 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-10-09 20:23 . 2013-09-22 22:54 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-10-09 15:31 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 15:31 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 15:31 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-09 15:31 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-09 15:31 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-07 20:47 . 2013-10-07 20:47 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-10-04 16:40 . 2013-10-04 16:40 -------- d-----w- c:\users\Aloha\AppData\Local\PunkBuster
2013-10-04 16:38 . 2013-10-04 16:38 -------- d-----w- c:\users\Aloha\AppData\Local\ESN
2013-10-04 16:38 . 2013-10-04 16:38 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-10-04 16:37 . 2013-10-15 09:10 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-10-04 16:37 . 2013-10-15 09:10 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-04 16:37 . 2013-10-04 16:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-04 16:36 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-10-04 16:36 . 2008-10-15 04:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2013-10-04 16:36 . 2008-10-15 04:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-10-04 16:36 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-10-04 16:36 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2013-10-02 16:28 . 2013-10-03 17:26 -------- d-----w- c:\users\Aloha\AppData\Local\Origin
2013-10-02 16:27 . 2013-10-15 17:56 -------- d-----w- c:\programdata\Electronic Arts
2013-10-02 16:27 . 2013-10-15 17:55 -------- d-----w- c:\program files (x86)\Origin
2013-09-25 16:46 . 2013-09-25 16:46 -------- d-----w- c:\program files\CPUID
2013-09-22 18:21 . 2013-09-22 18:21 -------- d-----w- c:\users\Aloha\AppData\Roaming\Ashampoo
2013-09-22 18:20 . 2013-09-22 18:20 -------- d-----w- c:\users\Aloha\AppData\Local\ashampoo
2013-09-22 18:20 . 2013-09-22 18:20 -------- d-----w- c:\programdata\Ashampoo
2013-09-22 18:20 . 2013-09-22 18:20 -------- d-----w- c:\program files (x86)\Ashampoo
2013-09-21 19:32 . 2013-09-21 19:32 -------- d-----w- c:\programdata\YTD Video Downloader
2013-09-21 19:32 . 2013-09-21 19:32 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-09-21 12:49 . 2013-09-21 12:49 -------- d-----w- c:\programdata\ATI
2013-09-21 12:49 . 2013-09-21 12:49 -------- d-----w- c:\program files (x86)\AMD AVT
2013-09-21 12:41 . 2013-10-04 16:37 -------- d-----w- c:\programdata\Package Cache
2013-09-18 20:46 . 2013-09-18 20:46 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-09-18 20:45 . 2013-10-04 21:29 -------- d-----w- c:\users\Aloha\AppData\Roaming\DAEMON Tools Pro
2013-09-18 20:45 . 2013-09-18 20:50 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2013-09-18 20:45 . 2013-09-18 20:57 -------- d-----w- c:\programdata\DAEMON Tools Pro
2013-09-18 12:20 . 2013-09-18 12:20 -------- d-----w- c:\program files (x86)\HELP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 20:20 . 2013-08-10 16:20 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 19:53 . 2013-08-11 20:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 19:53 . 2013-08-11 20:08 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-05 20:58 . 2013-09-05 20:58 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{130DBB1C-FE82-45C1-A38F-E99456B46141}\gapaengine.dll
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-08-31 00:14 . 2013-08-31 00:14 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-08-31 00:14 . 2013-03-29 02:37 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-08-31 00:13 . 2013-03-29 02:37 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-08-31 00:13 . 2013-03-29 02:37 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-08-31 00:13 . 2013-03-29 02:37 1233080 ----a-w- c:\windows\system32\aticfx64.dll
2013-08-31 00:13 . 2013-03-29 02:37 1027544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-08-31 00:13 . 2013-03-29 02:36 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-08-31 00:13 . 2013-08-31 00:13 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-08-31 00:13 . 2013-03-29 02:36 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-08-31 00:13 . 2013-03-29 02:36 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-08-31 00:13 . 2013-08-31 00:13 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-08-31 00:13 . 2013-08-31 00:13 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-08-31 00:11 . 2013-08-31 00:11 12528640 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-08-30 23:48 . 2013-08-30 23:48 127488 ----a-w- c:\windows\system32\coinst_13.152.dll
2013-08-30 23:48 . 2013-08-30 23:48 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-08-30 23:47 . 2013-08-30 23:47 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-08-30 23:47 . 2013-08-30 23:47 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-08-30 23:47 . 2013-08-30 23:47 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-08-30 23:47 . 2013-08-30 23:47 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-08-30 23:47 . 2013-08-30 23:47 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-08-30 23:45 . 2013-08-30 23:45 23760896 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-08-30 23:43 . 2013-08-30 23:43 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-08-30 23:43 . 2013-08-30 23:43 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-08-30 23:35 . 2013-08-30 23:35 25387520 ----a-w- c:\windows\system32\atio6axx.dll
2013-08-30 23:18 . 2013-08-30 23:18 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-08-30 23:18 . 2013-08-30 23:18 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-08-30 23:18 . 2013-08-30 23:18 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-08-30 23:18 . 2013-08-30 23:18 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-08-30 23:18 . 2013-08-30 23:18 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-08-30 23:17 . 2013-08-30 23:17 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-08-30 23:14 . 2013-08-30 23:14 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-08-30 23:13 . 2013-08-30 23:13 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-08-30 22:59 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-08-30 22:58 . 2013-08-30 22:58 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-08-30 22:58 . 2013-08-30 22:58 571904 ----a-w- c:\windows\system32\atieclxx.exe
2013-08-30 22:57 . 2013-08-30 22:57 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-08-30 22:56 . 2013-08-30 22:56 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-08-30 22:33 . 2013-03-29 01:10 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-08-30 22:33 . 2013-08-30 22:33 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-08-30 22:33 . 2013-08-30 22:33 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-08-30 22:32 . 2013-08-30 22:32 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-08-30 22:32 . 2013-08-30 22:32 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 618496 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-08-30 17:58 . 2013-08-30 17:58 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-08-30 17:53 . 2013-08-30 17:53 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-08-29 01:48 . 2013-10-15 16:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-23 17:38 . 2013-08-23 17:38 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-14 14:29 . 2013-08-14 14:29 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-14 14:29 . 2013-08-10 21:15 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-14 14:29 . 2013-08-10 21:15 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-13 14:12 . 2013-08-13 14:12 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-13 14:12 . 2013-08-13 14:12 310688 ----a-w- c:\windows\system32\javaws.exe
2013-08-13 14:12 . 2013-08-13 14:12 188832 ----a-w- c:\windows\system32\javaw.exe
2013-08-13 14:12 . 2013-08-13 14:12 188320 ----a-w- c:\windows\system32\java.exe
2013-08-12 12:32 . 2013-08-10 13:26 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-08-11 18:25 . 2013-08-10 21:21 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-11 18:25 . 2013-08-10 21:21 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-11 13:58 . 2013-08-11 13:58 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-08-11 13:58 . 2013-08-11 13:58 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-08-11 13:58 . 2013-08-11 13:58 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-11 13:58 . 2013-08-11 13:58 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-08-11 13:58 . 2013-08-11 13:58 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-11 13:58 . 2013-08-11 13:58 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-08-11 13:58 . 2013-08-11 13:58 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-08-11 13:58 . 2013-08-11 13:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-08-11 13:58 . 2013-08-11 13:58 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-08-11 13:58 . 2013-08-11 13:58 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-11 13:58 . 2013-08-11 13:58 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-08-11 13:58 . 2013-08-11 13:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-08-11 13:58 . 2013-08-11 13:58 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-11 13:58 . 2013-08-11 13:58 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-08-11 13:58 . 2013-08-11 13:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-08-11 13:58 . 2013-08-11 13:58 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-08-11 13:58 . 2013-08-11 13:58 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-08-11 13:58 . 2013-08-11 13:58 216064 ----a-w- c:\windows\system32\msls31.dll
2013-08-11 13:58 . 2013-08-11 13:58 197120 ----a-w- c:\windows\system32\msrating.dll
2013-08-11 13:58 . 2013-08-11 13:58 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-11 13:58 . 2013-08-11 13:58 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-11 13:58 . 2013-08-11 13:58 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-08-11 13:58 . 2013-08-11 13:58 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-08-11 13:58 . 2013-08-11 13:58 81408 ----a-w- c:\windows\system32\icardie.dll
2013-08-11 13:58 . 2013-08-11 13:58 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-08-11 13:58 . 2013-08-11 13:58 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-08-11 13:58 . 2013-08-11 13:58 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-08-11 13:58 . 2013-08-11 13:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-08-11 13:58 . 2013-08-11 13:58 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-08-11 13:58 . 2013-08-11 13:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-08-11 13:58 . 2013-08-11 13:58 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-08-11 13:58 . 2013-08-11 13:58 441856 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-10 20:46 222832 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-10 20:46 222832 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-10 20:46 222832 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DVBViewer Starter"="c:\program files (x86)\DVBViewer\Remotes\starter.exe" [2005-10-11 175104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 dgvncx;dgvncx;c:\windows\system32\drivers\uslhk.sys;c:\windows\SYSNATIVE\drivers\uslhk.sys [x]
R0 lkkrjrni;lkkrjrni;c:\windows\system32\drivers\apgxuyk.sys;c:\windows\SYSNATIVE\drivers\apgxuyk.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuwx.sys;c:\windows\SYSNATIVE\DRIVERS\athuwx.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MTSBDA;TechniSat SkyStar HD2;c:\windows\system32\Drivers\MtsBda.sys;c:\windows\SYSNATIVE\Drivers\MtsBda.sys [x]
S3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys;c:\windows\SYSNATIVE\drivers\MtsHID.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 04:46 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-11 19:53]
.
2013-10-15 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Aloha\AppData\Local\SwvUpdater\Updater.exe [2013-08-29 21:13]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 09:41]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 09:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-10 20:46 261744 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-10 20:46 261744 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-10 20:46 261744 ----a-w- c:\users\Aloha\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Aloha\AppData\Roaming\Mozilla\Firefox\Profiles\84hfvcsk.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/profile.php?id=100006864753189
FF - ExtSQL: 2013-10-15 14:22; xnotifier.lite@tobwithu.org; c:\users\Aloha\AppData\Roaming\Mozilla\Firefox\Profiles\84hfvcsk.default\extensions\xnotifier.lite@tobwithu.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 4 Beta\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
.
**************************************************************************
.
Completion time: 2013-10-16 00:56:27 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-15 22:56
ComboFix2.txt 2013-10-15 18:46
.
Pre-Run: 82,850,160,640 bytes free
Post-Run: 82,749,661,184 bytes free
.
- - End Of File - - 2D38B4B5B1B411DD189E2E0BDDD5C242
A36C5E4F47E84449FF07ED3517B43A31

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, to bi bilo to, malware je u potpunosti uklonjen Smile



Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.




Arrow Obrisi Javu i Adobe Reader iz Control Panel-a, jer koristis zastarele verzije, a najnovije skini sa sledecih linkova:

Java --> http://www.java.com/en/
Adobe Reader --> http://get.adobe.com/reader/




Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html




TwinHeadedEagle (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 833 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 788 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, _commandos_, _Sale, A.R.Chafee.Jr., amaterSRB, cenejac111, cezar 35, cikadeda, cvrle312, Dimitrise93, dragisa dragisa, Drug pukovnik, Faki-Valjevo, Fog of War, Gama, ILGromovnik, ivica976, kovinacc, krkalon, Libertas, madza, Marko Marković, mercedesamg, mikrimaus, Milan A. Nikolic, milekNS, milijarder, mocnijogurt, Oluj2.1, ostoja, Regrut Boskica, royst33, rsk, sabros, Sale.S, Sirius, Toni, Trpe Grozni, vlvl