MyCity » Ambulanta -> Arhiva Ambulante » DSN not responding,IPv6 no access,router or resource broken signal ?!

DSN not responding,IPv6 no access,router or resource broken signal ?!

Napisano na dan: 21.10.2012

Strana:
1
2

DSN not responding,IPv6 no access,router or resource broken signal ?!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

chick1 TeO Poslao: 21 Okt 2012 17:47 Idi na vrh
offline chick1 TeO Novi MyCity građanin Pridružio: 14 Okt 2012 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav,uputio me je gorance ovde,imam bas veliki problem (svakome je svoj problem najveci ) Koristim svedski internet Com hem,i kupio sam laptop pre mesec dana,bilo je sve u redu,imao sam protokol oko 22mb i malo po malo dolazilo je do nekog crusha u signalu,pojavilo bi se zuti prozorcic gde pise no acess za obe ip adrese.Inace,imam LAN internet je mi je za modem prikacen i kucni racunar.Mozda je do toga i problem.. Ja znam da IPv6 nema veze sa signalom jer vecina ne koristi to,jer je novo,ali od kada meni pise no access IPv6,imam problem sa ovim.IPv4 je korektan i ima signala.Signal imam ali je previse slab,22x je manji,imam oko 1mbs sada.Kada udjem u My Computer,Device Menager,i pogledam za Network adapter,imam par zutih adaptera tamo : Microsoft 6 to 4 Adapter,Microsoft Conncetivity Platform Adapter,Microsof ISATAP,Microsoft Taredo Unneling Adapter. Kada radim diagnose,posto imam Win 7 64 bita,izlazi mi kako kad razliciti tipovi dijagnostike. Ili pise modem or router signal are broken,ili pise DSN server not responding,u have permission but not responding Kada sam hteo da radim System recovery,nesto ne mogu,kao da ima neki error,takodje isto kad sam hteo da zatvorim Firewall jer sam mislio da je do toga.Pisu neki erori,a kada sam otvorao Adaptere pise da code 10 ne radi kao. Bio bih vam veoma zahvalan ako biste mogli da mi pomognete u resavanju ovog problema,jer i sto bih zvao na lice meste neke profesionalce ne znam jezik.Hvala jos jednom u napred ! mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 21 Okt 2012 17:49 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Postavio si Extras.txt, potreban je jos OTL.txt izvestaj...

Profil

chick1 TeO Poslao: 21 Okt 2012 17:51 Idi na vrh
offline chick1 TeO Novi MyCity građanin Pridružio: 14 Okt 2012 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OTL logfile created on: 2012-10-21 17:10:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pop\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000041D \| Country: Sweden \| Language: SVE \| Date Format: yyyy-MM-dd 1,60 Gb Total Physical Memory \| 0,58 Gb Available Physical Memory \| 36,45% Memory free 3,21 Gb Paging File \| 1,50 Gb Available in Paging File \| 46,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 270,53 Gb Total Space \| 141,21 Gb Free Space \| 52,20% Space Free \| Partition Type: NTFS Drive D: \| 23,40 Gb Total Space \| 2,44 Gb Free Space \| 10,44% Space Free \| Partition Type: NTFS Drive E: \| 3,96 Gb Total Space \| 1,08 Gb Free Space \| 27,28% Space Free \| Partition Type: FAT32 Computer Name: MARKO \| User Name: pop \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-10-21 17:09:37 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\pop\Downloads\OTL.exe PRC - [2012-10-14 11:55:30 \| 000,917,984 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-10-10 13:24:19 \| 002,309,656 \| ---- \| M] () -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012-09-28 17:51:11 \| 000,896,912 \| ---- \| M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2012-09-12 22:50:29 \| 002,329,496 \| ---- \| M] (DSNR Media Innovations) -- C:\Users\pop\AppData\Roaming\eType\eTypeUpdate.exe PRC - [2012-09-02 21:07:08 \| 001,807,560 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012-08-26 13:24:46 \| 002,917,784 \| ---- \| M] (DSNR Media Innovations) -- C:\Users\pop\AppData\Roaming\eType\eType.exe PRC - [2012-07-29 11:23:14 \| 000,188,760 \| ---- \| M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012-07-27 13:51:26 \| 000,063,960 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-05-31 06:10:58 \| 000,336,992 \| ---- \| M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE PRC - [2011-10-07 04:19:16 \| 000,136,488 \| ---- \| M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011-09-29 21:33:42 \| 000,169,528 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011-09-13 02:55:46 \| 000,227,896 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011-08-19 23:48:44 \| 000,379,960 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011-08-10 14:52:54 \| 000,138,760 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe PRC - [2011-07-20 20:16:56 \| 000,249,648 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011-07-11 23:04:44 \| 000,574,008 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011-07-11 23:04:44 \| 000,026,680 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010-12-28 01:30:22 \| 001,817,088 \| ---- \| M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe PRC - [2010-11-21 05:23:51 \| 000,179,712 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2010-04-23 21:00:00 \| 000,514,232 \| ---- \| M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe ========== Modules (No Company Name) ========== MOD - [2012-10-14 11:55:29 \| 002,294,240 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-10-11 17:02:41 \| 000,430,616 \| ---- \| M] () -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\browsemngr-16.0.dll MOD - [2012-10-10 13:24:19 \| 002,309,656 \| ---- \| M] () -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012-10-10 13:23:16 \| 002,068,504 \| ---- \| M] () -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012-09-02 21:07:08 \| 009,813,704 \| ---- \| M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012-08-19 21:59:06 \| 001,051,136 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012-08-19 21:52:35 \| 007,967,232 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012-08-19 21:52:17 \| 011,492,864 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011-10-18 11:03:56 \| 000,877,624 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2010-11-21 05:24:09 \| 000,232,448 \| ---- \| M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010-04-13 18:45:44 \| 000,109,464 \| ---- \| M] () -- C:\Users\pop\AppData\Roaming\eType\MyZip.dll ========== Services (SafeList) ========== SRV:64bit: - [2012-07-29 11:23:14 \| 000,188,760 \| ---- \| M] () [Auto \| Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2011-07-06 09:08:26 \| 000,204,288 \| ---- \| M] (AMD) [Auto \| Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011-07-05 20:27:04 \| 000,365,568 \| ---- \| M] (Advanced Micro Devices, Inc.) [Auto \| Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011-02-17 07:47:28 \| 000,682,040 \| ---- \| M] (Hewlett-Packard) [Auto \| Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:64bit: - [2010-10-11 11:48:14 \| 000,346,168 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010-09-23 03:10:10 \| 000,057,184 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009-11-18 04:14:26 \| 000,098,208 \| ---- \| M] (Andrea Electronics Corporation) [Auto \| Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2012-10-14 11:55:30 \| 000,115,168 \| ---- \| M] (Mozilla Foundation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-10-10 13:24:19 \| 002,309,656 \| ---- \| M] () [Auto \| Running] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012-09-02 21:07:08 \| 000,250,568 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-07-27 13:51:26 \| 000,063,960 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-09-13 02:55:46 \| 000,227,896 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011-09-10 02:10:28 \| 000,086,072 \| ---- \| M] (Hewlett-Packard Company) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011-08-10 14:52:54 \| 000,138,760 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS) SRV - [2011-08-01 23:43:36 \| 000,195,320 \| ---- \| M] (Microsoft Corporation.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-07-20 20:16:56 \| 000,249,648 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011-07-11 23:04:44 \| 000,026,680 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Auto \| Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010-12-28 01:30:22 \| 001,817,088 \| ---- \| M] (Realsil Microelectronics Inc.) [Auto \| Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010-10-12 19:59:12 \| 000,206,072 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010-03-18 13:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-05-31 06:10:48 \| 000,126,944 \| ---- \| M] (Power Software Ltd) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2012-05-06 00:01:31 \| 000,174,200 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012-03-01 08:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011-11-14 23:53:02 \| 001,813,056 \| ---- \| M] (Ralink Technology, Corp.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2011-10-18 09:31:19 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011-10-18 09:31:19 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011-08-19 21:29:32 \| 000,391,728 \| ---- \| M] (Synaptics Incorporated) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011-08-08 17:38:06 \| 000,167,048 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2011-08-02 20:22:10 \| 000,729,720 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011-08-02 20:22:10 \| 000,037,496 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011-07-28 21:20:02 \| 001,084,536 \| R--- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2011-07-25 20:18:40 \| 000,401,016 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\symnets.sys -- (SymNetS) DRV:64bit: - [2011-07-25 20:18:36 \| 000,451,192 \| R--- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymDS64.sys -- (SymDS) DRV:64bit: - [2011-07-25 20:15:52 \| 000,189,560 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Ironx64.sys -- (SymIRON) DRV:64bit: - [2011-07-06 09:50:28 \| 009,359,872 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011-07-06 08:32:20 \| 000,309,760 \| ---- \| M] (Advanced Micro Devices, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011-04-16 12:37:50 \| 000,079,488 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011-04-16 12:37:50 \| 000,040,064 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011-03-05 09:16:20 \| 000,436,840 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011-02-15 20:37:10 \| 000,335,464 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010-12-16 21:06:46 \| 000,047,232 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010-11-21 05:24:33 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 05:24:15 \| 000,146,432 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010-11-21 05:23:47 \| 000,109,056 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010-11-21 05:23:47 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 05:23:47 \| 000,031,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010-07-28 18:13:50 \| 000,031,088 \| ---- \| M] (CyberLink Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010-02-18 18:18:24 \| 000,046,136 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009-07-14 03:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 23:01:11 \| 001,485,312 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009-06-10 23:01:11 \| 000,740,864 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009-06-10 23:01:11 \| 000,292,864 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009-06-10 22:35:35 \| 000,408,960 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009-06-10 22:34:38 \| 001,311,232 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009-06-10 22:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012-10-14 23:08:12 \| 000,030,592 \| ---- \| M] (REALiX(tm)) [Kernel \| System \| Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32) DRV - [2011-08-19 10:00:00 \| 001,151,096 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys -- (BHDrvx64) DRV - [2011-08-10 03:00:00 \| 002,048,632 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS -- (NAVEX15) DRV - [2011-08-10 03:00:00 \| 000,117,880 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS -- (NAVENG) DRV - [2011-07-20 19:43:24 \| 000,488,568 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys -- (IDSVia64) DRV - [2009-07-14 03:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = bing.com?pc=CPNTDF IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bing.com?pc=CPNTDF IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF IE:64bit: - HKLM\..\SearchScopes\{4D49F414-B628-4084-B5B2-1B1E305BAFEA}: "URL" = amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF.....-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = bing.com?pc=CPNTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bing.com?pc=CPNTDF IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF IE - HKLM\..\SearchScopes\{4D49F414-B628-4084-B5B2-1B1E305BAFEA}: "URL" = amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF.....-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = bing.com?pc=CPNTDF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = bing.com?pc=CPNTDF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bing.com?pc=CPNTDF IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = search.babylon.com/?q={searchTerms}&affID=112542&tt=120912_nocpc_3712_1&babsrc=SP_ss&mntrId=a6bb1495000000000000a0b3ccc1fc6a IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF IE - HKCU\..\SearchScopes\{4D49F414-B628-4084-B5B2-1B1E305BAFEA}: "URL" = amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF.....-keywords={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.3.787.43 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012-08-21 07:57:25 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012-08-14 23:15:31 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012-08-14 23:15:30 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012-08-21 07:57:25 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-14 11:55:31 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-14 16:58:18 \| 000,000,000 \| ---D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012-10-11 17:02:27 \| 000,000,000 \| ---D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-14 11:55:31 \| 000,000,000 \| ---D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-14 16:58:18 \| 000,000,000 \| ---D \| M] [2012-09-12 22:52:01 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\pop\AppData\Roaming\Mozilla\Extensions [2012-09-12 22:56:15 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\pop\AppData\Roaming\Mozilla\Firefox\Profiles\x6uzdug2.default\extensions [2012-08-15 21:54:40 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012-08-15 21:54:40 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2012-10-11 17:02:27 \| 000,000,000 \| ---D \| M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.787.43\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012-10-14 11:55:30 \| 000,261,600 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-09-12 22:50:08 \| 000,002,362 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012-09-15 15:19:42 \| 000,002,465 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-10-14 11:55:28 \| 000,002,058 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011-02-11 19:13:24 \| 000,000,107 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 91.203.4.126 pes6gate-ec.winning-eleven.net O1 - Hosts: 94.79.54.208 we9stun.winning-eleven.net O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe (Probit Software) O4 - HKCU..\Run: [eType] C:\Users\pop\AppData\Roaming\eType\eType.exe (DSNR Media Innovations) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{276D46A3-BA2E-4308-8734-370EF4AEC070}: DhcpNameServer = 193.150.193.150 83.255.245.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F15AA5D-EE1B-4AB2-BAD7-CC021BD3A827}: DhcpNameServer = 193.150.193.150 83.255.245.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F15AA5D-EE1B-4AB2-BAD7-CC021BD3A827}: NameServer = 208.67.222.222,208.67.220.220 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit: - HKLM\..comfile [open] -- "%1" % O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-10-14 23:08:12 \| 000,030,592 \| ---- \| C] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS [2012-10-14 23:07:51 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32 [2012-10-14 23:07:50 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\HWiNFO32 [2012-10-14 16:56:17 \| 000,000,000 \| -HSD \| C] -- C:\Config.Msi [2012-10-04 16:42:32 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Roaming\Hewlett-Packard [2012-10-01 17:19:49 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Cisco [2012-10-01 17:19:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Ralink [2012-10-01 17:18:01 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Roaming\InstallShield [2012-10-01 16:56:37 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Probit Software [2012-10-01 16:56:37 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Probit Software [2012-10-01 16:36:21 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer [2012-10-01 16:36:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files\SmartPCFixer [2012-09-29 13:19:27 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Local\ElevatedDiagnostics [2012-09-28 18:07:16 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Roaming\BSplayer Pro [2012-09-28 18:07:16 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Roaming\BSplayer [2012-09-28 17:50:26 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Roaming\uTorrent [2012-09-28 17:40:59 \| 000,246,760 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012-09-28 17:40:28 \| 000,174,056 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012-09-28 17:40:28 \| 000,174,056 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012-09-28 17:40:28 \| 000,095,208 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012-09-28 17:40:11 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Java [2012-09-28 14:49:52 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Roaming\2K Sports [2012-09-28 14:49:22 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Local\CrashDumps [2012-09-28 14:49:01 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Local\Chromium [2012-09-28 14:45:42 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Local\SKIDROW [2012-09-28 14:45:26 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\Documents\Sports Interactive [2012-09-28 14:45:25 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Roaming\Sports Interactive [2012-09-28 14:45:25 \| 000,000,000 \| ---D \| C] -- C:\Users\pop\AppData\Local\Sports Interactive ========== Files - Modified Within 30 Days ========== [2012-10-21 15:43:31 \| 000,032,064 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-10-21 15:43:31 \| 000,032,064 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-10-21 14:21:05 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012-10-21 13:57:04 \| 1292,034,048 \| -HS- \| M] () -- C:\hiberfil.sys [2012-10-14 23:08:12 \| 000,030,592 \| ---- \| M] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS [2012-10-14 16:58:19 \| 000,002,019 \| ---- \| M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012-10-09 17:54:02 \| 000,042,527 \| ---- \| M] () -- C:\Users\pop\Desktop\Opportunities-of-Life.jpg [2012-10-04 19:38:59 \| 000,000,324 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForpop.job [2012-10-01 16:56:37 \| 000,001,032 \| ---- \| M] () -- C:\Users\pop\Desktop\Easy Driver Pro.lnk [2012-10-01 16:36:24 \| 000,000,860 \| ---- \| M] () -- C:\Users\Public\Desktop\SmartPCFixer.lnk [2012-09-30 14:46:23 \| 000,726,142 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-09-30 14:46:23 \| 000,616,008 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012-09-30 14:46:23 \| 000,106,388 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012-09-28 22:47:25 \| 000,128,871 \| ---- \| M] () -- C:\Users\pop\Desktop\11.jpg [2012-09-28 18:07:36 \| 000,001,146 \| ---- \| M] () -- C:\Users\pop\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk [2012-09-28 18:07:36 \| 000,001,122 \| ---- \| M] () -- C:\Users\Public\Desktop\BS.Player FREE.lnk [2012-09-28 17:51:11 \| 000,000,967 \| ---- \| M] () -- C:\Users\pop\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012-09-28 17:51:11 \| 000,000,943 \| ---- \| M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012-09-28 17:40:15 \| 000,246,760 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012-09-28 17:40:15 \| 000,174,056 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012-09-28 17:40:15 \| 000,174,056 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012-09-28 17:40:15 \| 000,095,208 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012-09-28 17:40:14 \| 000,746,984 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll ========== Files Created - No Company Name ========== [2012-10-14 16:58:19 \| 000,002,019 \| ---- \| C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012-10-09 17:54:02 \| 000,042,527 \| ---- \| C] () -- C:\Users\pop\Desktop\Opportunities-of-Life.jpg [2012-10-07 18:54:37 \| 000,014,119 \| ---- \| C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012-10-07 18:54:37 \| 000,014,119 \| ---- \| C] () -- C:\Windows\SysNative\RaCoInst.dat [2012-10-04 16:42:45 \| 000,000,324 \| ---- \| C] () -- C:\Windows\tasks\HPCeeScheduleForpop.job [2012-10-01 16:56:37 \| 000,001,032 \| ---- \| C] () -- C:\Users\pop\Desktop\Easy Driver Pro.lnk [2012-10-01 16:36:24 \| 000,000,860 \| ---- \| C] () -- C:\Users\Public\Desktop\SmartPCFixer.lnk [2012-10-01 12:28:26 \| 000,449,528 \| ---- \| C] () -- C:\Users\pop\Desktop\Windows6.1-KB980486-x64.msu [2012-09-28 22:47:22 \| 000,128,871 \| ---- \| C] () -- C:\Users\pop\Desktop\11.jpg [2012-09-28 21:57:30 \| 000,002,095 \| ---- \| C] () -- C:\Users\pop\Desktop\Skype.lnk [2012-09-28 21:57:30 \| 000,000,828 \| ---- \| C] () -- C:\Users\pop\Desktop\eType - Copy.lnk [2012-09-28 18:07:36 \| 000,001,146 \| ---- \| C] () -- C:\Users\pop\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk [2012-09-28 17:51:11 \| 000,000,967 \| ---- \| C] () -- C:\Users\pop\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012-09-12 18:45:05 \| 083,023,306 \| ---- \| C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012-05-05 23:49:53 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm.bin [2012-05-05 23:36:21 \| 000,000,056 \| -H-- \| C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011-10-18 11:01:32 \| 000,000,068 \| ---- \| C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011-09-06 21:34:28 \| 000,007,736 \| ---- \| C] () -- C:\Windows\hpDSTRES.DLL [2011-08-19 21:26:18 \| 000,066,856 \| ---- \| C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011-07-05 20:47:06 \| 000,059,904 \| ---- \| C] () -- C:\Windows\SysWow64\OVDecode.dll [2011-03-18 11:51:44 \| 000,003,929 \| ---- \| C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2011-11-17 08:41:18 \| 000,002,048 \| -HS- \| M] () -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\@ [2012-09-30 12:19:58 \| 000,000,000 \| -HSD \| M] -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\L [2012-10-16 15:53:31 \| 000,000,000 \| -HSD \| M] -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U [2012-10-21 13:57:12 \| 000,000,804 \| ---- \| M] () -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\L\00000004.@ [2012-08-30 12:42:59 \| 000,002,048 \| ---- \| M] () -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\00000004.@ [2012-08-30 12:43:00 \| 000,232,960 \| ---- \| M] () -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\00000008.@ [2012-08-30 12:42:59 \| 000,001,632 \| ---- \| M] () -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\000000cb.@ [2012-08-30 12:42:59 \| 000,016,896 \| ---- \| M] () -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\80000000.@ [2012-10-16 15:53:31 \| 000,087,040 \| ---- \| M] () -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\80000032.@ [2012-10-16 15:53:12 \| 000,073,216 \| ---- \| M] () -- C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\80000064.@ [2009-07-14 06:55:00 \| 000,000,227 \| RHS- \| M] () -- C:\Windows\assembly\Desktop.ini [2012-10-21 13:57:11 \| 000,004,608 \| -HS- \| M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2012-10-21 13:57:11 \| 000,006,144 \| -HS- \| M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 \| 014,172,672 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 \| 012,873,728 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 \| 000,909,312 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 \| 000,606,208 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 \| 000,505,856 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Ovo sam razumeo da ovako treba,ako nesto nisam odradio kako treba,imajte razumevanja.

Profil

TwinHeadedEagle Poslao: 21 Okt 2012 20:15 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, U toku rešavanja slučaja, molio bih te da se pridržavas sledećeg: Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamenjivati) i raditi isključivo po njima; Ne tražiti istovremeno pomoć na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo; Obavezno prijavi ukoliko neka od predloženih procedura nije protekla kako je navedeno.; U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio; Uvek kopiraj ceo izveštaj u poruku, bez da ga attach-uješ, ukoliko nije tako zatraženo; Ukoliko ne odgovorim u roku od 24h, osveži temu novim post-om; Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK Korak 1. Ponovo pokreni program OTL dvoklikom na ikonu. U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst: :files C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\@ C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\L C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\L\00000004.@ C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\00000004.@ C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\00000008.@ C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\000000cb.@ C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\80000000.@ C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\80000032.@ C:\Windows\Installer\{a875f0d2-d884-c9e6-0a45-114c1a7c5972}\U\80000064.@ C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini ipconfig /flushdns /c netsh int ip reset c:\resetlog.txt /c ipconfig /release /c ipconfig /renew /c :commands [CREATERESTOREPOINT] [emptytemp] Klikni taster Run Fix; Izvještaj koji dobiješ iskopiraj ovde u poruci. Korak 2. Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:provjeriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obilježeni tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Profil

chick1 TeO Poslao: 21 Okt 2012 22:29 Idi na vrh
offline chick1 TeO Novi MyCity građanin Pridružio: 14 Okt 2012 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 21 Okt 2012 22:10 ComboFix 12-10-21.02 - pop 2012-10-21 21:29:30.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.1643.642 [GMT 2:00] Körs från: c:\users\pop\Desktop\ComboFix.exe AV: Norton Internet Security Enabled/Updated {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security Enabled {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security Enabled/Updated {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Incredibar.com c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\programdata\0C1D228200009D2600088B6AF875F002 c:\programdata\0C1D228200009D2600088B6AF875F002\0C1D228200009D2600088B6AF875F002 c:\programdata\0C1D228200009D2600088B6AF875F002\0C1D228200009D2600088B6AF875F002.exe c:\programdata\0C1D228200009D2600088B6AF875F002\0C1D228200009D2600088B6AF875F002.ico c:\programdata\dsgsdgdsgdsgw.pad c:\users\Marko\AppData\Roaming\mtdlbr.dll c:\users\Marko\AppData\Roaming\xsecva c:\users\Marko\AppData\Roaming\xsecva\xseacc.xse c:\users\Marko\AppData\Roaming\xsecva\xsecva.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . En infekterad kopia av c:\windows\system32\Services.exe hittades och desinficerades. Återställd kopia från - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . (((((((((((((((((((((((( Filer skapade från 2012-09-21 till 2012-10-21 )))))))))))))))))))))))))))))) . . 2012-10-21 19:46 . 2012-10-21 19:46 -------- d-----w- c:\users\Marko\AppData\Local\temp 2012-10-21 19:46 . 2012-10-21 19:46 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-10-21 19:46 . 2012-10-21 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-21 19:07 . 2012-10-21 19:07 -------- d-----w- C:\_OTL 2012-10-14 21:08 . 2012-10-14 21:08 30592 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS 2012-10-14 21:07 . 2012-10-14 21:07 -------- d-----w- c:\program files (x86)\HWiNFO32 2012-10-14 15:06 . 2012-10-14 15:07 -------- d-----w- c:\users\123 2012-10-14 09:55 . 2012-10-14 09:55 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-10-14 09:55 . 2012-10-14 09:55 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-10-07 16:55 . 2012-10-07 16:55 -------- d-----w- c:\users\Malisa 2012-10-04 14:42 . 2012-10-04 14:42 -------- d-----w- c:\users\pop\AppData\Roaming\Hewlett-Packard 2012-10-01 15:19 . 2012-10-01 15:20 -------- d-----w- c:\program files (x86)\Cisco 2012-10-01 15:19 . 2012-10-01 15:19 -------- d-----w- c:\program files (x86)\Ralink 2012-10-01 15:18 . 2012-10-01 15:18 -------- d-----w- c:\users\pop\AppData\Roaming\InstallShield 2012-10-01 14:56 . 2012-10-01 14:56 -------- d-----w- c:\program files (x86)\Probit Software 2012-10-01 14:36 . 2012-10-01 14:36 -------- d-----w- c:\program files\SmartPCFixer 2012-09-29 11:19 . 2012-10-07 15:22 -------- d-----w- c:\users\pop\AppData\Local\ElevatedDiagnostics 2012-09-28 16:07 . 2012-09-28 17:41 -------- d-----w- c:\users\pop\AppData\Roaming\BSplayer 2012-09-28 16:07 . 2012-09-28 16:07 -------- d-----w- c:\users\pop\AppData\Roaming\BSplayer Pro 2012-09-28 15:50 . 2012-10-21 19:17 -------- d-----w- c:\users\pop\AppData\Roaming\uTorrent 2012-09-28 15:40 . 2012-09-28 15:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-28 15:40 . 2012-09-28 15:40 -------- d-----w- c:\program files (x86)\Java 2012-09-28 12:49 . 2012-09-28 12:49 -------- d-----w- c:\users\pop\AppData\Roaming\2K Sports 2012-09-28 12:49 . 2012-10-21 17:57 -------- d-----w- c:\users\pop\AppData\Local\CrashDumps 2012-09-28 12:49 . 2012-09-28 12:49 -------- d-----w- c:\users\pop\AppData\Local\Chromium 2012-09-28 12:45 . 2012-09-28 12:45 -------- d-----w- c:\users\pop\AppData\Local\SKIDROW 2012-09-28 12:45 . 2012-09-28 12:45 -------- d-----w- c:\users\pop\AppData\Roaming\Sports Interactive 2012-09-28 12:45 . 2012-09-28 12:45 -------- d-----w- c:\users\pop\AppData\Local\Sports Interactive . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-28 15:40 . 2012-08-20 00:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-02 19:12 . 2012-09-02 19:13 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-02 19:12 . 2012-09-02 19:13 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-02 19:12 . 2012-09-02 19:13 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-02 19:12 . 2012-09-02 19:13 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-02 19:12 . 2012-09-02 19:13 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-02 19:12 . 2012-09-02 19:13 188904 ----a-w- c:\windows\system32\java.exe 2012-09-02 19:07 . 2012-08-14 23:30 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-02 19:07 . 2011-10-18 08:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-26 18:10 . 2012-08-20 00:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-08-22 20:22 . 2012-08-22 20:22 209269 ----a-w- C:\torrent.exe 2012-08-14 21:18 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-08-03 02:27 . 2012-08-26 00:33 62134624 ----a-w- c:\windows\system32\MRT.exe . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . Not tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2012-07-29 09:23 165720 ----a-w- c:\program files\Web Assistant\Extension32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eType"="c:\users\pop\AppData\Roaming\eType\eType.exe" [2012-08-26 2917784] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-28 896912] "Easy Driver Pro"="c:\program files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe" [2012-09-23 147312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-09-29 169528] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568] . c:\users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ FIFA 11 Registration.lnk - c:\program files (x86)\EA Sports\FIFA 11\Support\EAregister.exe [2010-9-10 4407808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23787~1.43\{16cdf~1\browsemngr.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [2011-08-19 1151096] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-14 115168] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-14 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [2011-07-25 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [2011-07-28 1084536] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [2011-08-08 167048] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [2012-10-14 30592] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [2011-07-20 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [2011-07-25 189560] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [2011-07-25 401016] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-06 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-10 2309656] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-07-29 188760] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-11-14 1813056] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] . . --- Övriga tjänster/drivrutiner i minnet --- . NewlyCreated - WS2IFSL . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 19:07] . 2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2446771695-3468041622-60487144-1001Core.job - c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 13:43] . 2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2446771695-3468041622-60487144-1001UA.job - c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 13:43] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2446771695-3468041622-60487144-1001Core1cd7a70ed49b2cc.job - c:\users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 22:47] . 2012-10-04 c:\windows\Tasks\HPCeeScheduleForpop.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-15 7466600] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320] . ------- Extra genomsökning ------- . uStart Page = hxxp://www.bing.com?pc=CPNTDF uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.bing.com?pc=CPNTDF mStart Page = hxxp://www.bing.com?pc=CPNTDF mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 193.150.193.150 83.255.245.11 TCP: Interfaces\{4F15AA5D-EE1B-4AB2-BAD7-CC021BD3A827}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\pop\AppData\Roaming\Mozilla\Firefox\Profiles\x6uzdug2.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - ExtSQL: 2012-09-04 13:01; avg@toolbar; c:\programdata\AVG Secure Search\12.2.5.32 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file) Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1" . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\Files\Homepage] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\List\Item1] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\List\Item2] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\List\Item3] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\Toolbar] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr_Toolbar] @Denied: (2) (LocalSystem) . [HKEY_USERS\S-1-5-21-2446771695-3468041622-60487144-1005\Software\Microsoft\Internet Explorer\Approved Extensions] @DACL=(02 0000) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f3,f3,fd, 62,28,3f,21,0f,82,d0,b8,f0,9e,0c,0a,de "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,84,9e, 85,1c,10,b5,05,83,d5,9b,c6,68,af,3e,a8 "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,3b,1b,8c,69,a1, 88,4e,d8,99,07,ab,61,34,28,49,d4,71,27 "{F9639E4A-801B-4843-AEE3-03D9DA199E77}"=hex:51,66,7a,6c,4c,1d,3b,1b,5a,82,75, e4,2a,d4,2b,04,b4,e1,44,99,d9,5e,dd,63 "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,3b,1b,58,a2,ad, 13,e5,ee,24,07,94,58,16,2a,bd,8d,a3,70 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c9, 05,9c,bc,eb,0e,bf,94,bd,17,8f,69,fe,d7 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,cb,fa, 33,75,0c,f1,06,ae,b4,53,2b,fb,45,22,2f "{336D0C35-8A85-403A-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,10,7b, 2e,b4,de,52,0c,a3,d0,22,82,91,84,d3,93 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,3b,1b,1e,c7,3c, 7d,ce,1e,7f,0e,90,a3,d2,9a,c7,98,e7,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,3b,1b,94,f0,45, 70,9f,3e,ef,0b,b4,ec,b3,22,8c,46,42,18 "{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,c1,05, 73,5f,7f,a6,0a,91,64,9b,cb,f0,28,28,8d "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,02, 6b,c1,82,44,0a,ac,e9,93,9a,f2,9e,6e,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,26, 8d,33,18,d7,06,94,ce,16,24,75,4f,20,d2 "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,39,f5,72, ac,87,f5,6e,06,ab,06,6b,90,ea,4d,cb,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,de, c6,74,f0,33,0f,a6,76,db,65,c2,82,cb,bd "{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,3b, 50,8f,3d,12,0b,8a,f7,ba,9b,06,72,3a,61 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item1] @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1005) @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1001) "Flag"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2] @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1005) @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1001) "Flag"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item3] @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1005) @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1001) "Flag"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andra processer som körs ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Sluttid: 2012-10-21 21:57:55 - datorn startades om. ComboFix-quarantined-files.txt 2012-10-21 19:57 . Före genomsökningen: 161 890 234 368 bytes free Efter genomsökningen: 161 078 374 400 bytes free . - - End Of File - - F4F1FB63ED8CD07A29EDD3CC4D01FE70 Sad ce i drugi odnosno prvi izvestaj,par minuta samo,jer mi se restartovao racunar i izgubio prvi izvestaj. Dopuna: 21 Okt 2012 22:29 Prvi izvestaj ne mogu opet da odradim,verovatno jer sam ga odradio vec jednom. Ali secam se da je pisalo da je uspesno obrisano nesto. I sto se tice gasenja zastite,nemam ni jedan antivirus jer sam ranije sve pobrisao jer sam sumnjao da je zbog antivirusa taj problem.Tako da nema potrebe da gasim bilo koju zastitu.

Profil

TwinHeadedEagle Poslao: 22 Okt 2012 16:50 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1. Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sledece programe: Norton Internet Security --> zbog mogucih problema prilikom ciscenja malware-a, instaliraces ga kad zavrsimo opet Incredibar Toolbar on IE BabylonObjectInstaller Nakon toga preuzmi Norton Removal Tool kako bi uklonili moguce ostatke. Restartuj racunar. Korak 2. Otvoriti Notepad i iskopirati sledeci tekst: Registry:: [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "LoadAppInit_DLLs"=dword:00000000 Driver:: Browser Manager Folder:: c:\programdata\Browser Manager RegLock:: [HKEY_USERS\S-1-5-21-2446771695-3468041622-60487144-1005\Software\Microsoft\Internet Explorer\Approved Extensions] RegLockDel:: [HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\Files\Homepage] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\List\Item1] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\List\Item2] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\List\Item3] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr\Toolbar] @Denied: (2) (LocalSystem) "Flag"=dword:00000000 . [HKEY_USERS\.Default\Software\DataMngr_Toolbar] @Denied: (2) (LocalSystem) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item1] @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1005) @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1001) "Flag"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2] @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1005) @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1001) "Flag"=dword:00000000 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item3] @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1005) @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2446771695-3468041622-60487144-1001) "Flag"=dword:00000000 Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 3. Kazi mi kako se sada ponasa sistem, imas li nekih problema?

Profil

chick1 TeO Poslao: 22 Okt 2012 22:03 Idi na vrh
offline chick1 TeO Novi MyCity građanin Pridružio: 14 Okt 2012 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 12-10-21.02 - pop 2012-10-22 21:33:21.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.1643.695 [GMT 2:00] Körs från: c:\users\pop\Desktop\ComboFix.exe Kommandoväxlar som använts :: c:\users\pop\Desktop\CFScript.txt SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Browser Manager c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\00 c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\01 c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\02 c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\10 c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\11 c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\12 c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\20 c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\21 c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\22 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\chrome.manifest c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\browsemngr-15.0.dll c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\browsemngr-16.0.dll c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\browsemngr-3.6.xpt c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\browsemngr.js c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\overlay.xul c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\install.rdf c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\00 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\01 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\02 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\10 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\11 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\12 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\20 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\21 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\22 c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe . . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Browser Manager . . (((((((((((((((((((((((( Filer skapade från 2012-09-22 till 2012-10-22 )))))))))))))))))))))))))))))) . . 2012-10-22 19:49 . 2012-10-22 19:49 -------- d-----w- c:\users\Marko\AppData\Local\temp 2012-10-22 19:49 . 2012-10-22 19:49 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-10-22 19:49 . 2012-10-22 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-21 20:21 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-21 20:21 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-21 20:19 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-21 20:19 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-10-21 20:19 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-10-21 20:19 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-21 20:18 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-21 20:18 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-21 20:18 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-21 20:18 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-10-21 20:18 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-10-21 20:18 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-21 20:18 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-21 20:18 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-10-21 20:18 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-10-21 20:09 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-10-21 20:09 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-21 20:09 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-21 20:09 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-21 20:09 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-21 20:09 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-21 20:09 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-21 20:09 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-21 20:09 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-21 19:07 . 2012-10-21 19:07 -------- d-----w- C:\_OTL 2012-10-14 21:08 . 2012-10-14 21:08 30592 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS 2012-10-14 21:07 . 2012-10-14 21:07 -------- d-----w- c:\program files (x86)\HWiNFO32 2012-10-14 15:06 . 2012-10-14 15:07 -------- d-----w- c:\users\123 2012-10-14 09:55 . 2012-10-14 09:55 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-10-14 09:55 . 2012-10-14 09:55 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-10-07 16:55 . 2012-10-21 19:58 -------- d-----w- c:\users\Malisa 2012-10-04 14:42 . 2012-10-04 14:42 -------- d-----w- c:\users\pop\AppData\Roaming\Hewlett-Packard 2012-10-01 15:19 . 2012-10-01 15:20 -------- d-----w- c:\program files (x86)\Cisco 2012-10-01 15:19 . 2012-10-01 15:19 -------- d-----w- c:\program files (x86)\Ralink 2012-10-01 15:18 . 2012-10-01 15:18 -------- d-----w- c:\users\pop\AppData\Roaming\InstallShield 2012-10-01 14:56 . 2012-10-01 14:56 -------- d-----w- c:\program files (x86)\Probit Software 2012-10-01 14:36 . 2012-10-01 14:36 -------- d-----w- c:\program files\SmartPCFixer 2012-09-29 11:19 . 2012-10-07 15:22 -------- d-----w- c:\users\pop\AppData\Local\ElevatedDiagnostics 2012-09-28 16:07 . 2012-09-28 17:41 -------- d-----w- c:\users\pop\AppData\Roaming\BSplayer 2012-09-28 16:07 . 2012-09-28 16:07 -------- d-----w- c:\users\pop\AppData\Roaming\BSplayer Pro 2012-09-28 15:50 . 2012-10-21 22:51 -------- d-----w- c:\users\pop\AppData\Roaming\uTorrent 2012-09-28 15:40 . 2012-09-28 15:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-28 15:40 . 2012-09-28 15:40 -------- d-----w- c:\program files (x86)\Java 2012-09-28 12:49 . 2012-09-28 12:49 -------- d-----w- c:\users\pop\AppData\Roaming\2K Sports 2012-09-28 12:49 . 2012-10-21 17:57 -------- d-----w- c:\users\pop\AppData\Local\CrashDumps 2012-09-28 12:49 . 2012-09-28 12:49 -------- d-----w- c:\users\pop\AppData\Local\Chromium 2012-09-28 12:45 . 2012-09-28 12:45 -------- d-----w- c:\users\pop\AppData\Local\SKIDROW 2012-09-28 12:45 . 2012-09-28 12:45 -------- d-----w- c:\users\pop\AppData\Roaming\Sports Interactive 2012-09-28 12:45 . 2012-09-28 12:45 -------- d-----w- c:\users\pop\AppData\Local\Sports Interactive . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-28 15:40 . 2012-08-20 00:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-02 19:12 . 2012-09-02 19:13 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-02 19:12 . 2012-09-02 19:13 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-02 19:12 . 2012-09-02 19:13 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-02 19:12 . 2012-09-02 19:13 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-02 19:12 . 2012-09-02 19:13 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-02 19:12 . 2012-09-02 19:13 188904 ----a-w- c:\windows\system32\java.exe 2012-09-02 19:07 . 2012-08-14 23:30 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-02 19:07 . 2011-10-18 08:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-26 18:10 . 2012-08-20 00:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-08-22 20:22 . 2012-08-22 20:22 209269 ----a-w- C:\torrent.exe 2012-08-20 17:38 . 2012-10-21 20:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-14 21:18 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-08-03 02:27 . 2012-08-26 00:33 62134624 ----a-w- c:\windows\system32\MRT.exe . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . Not tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2012-07-29 09:23 165720 ----a-w- c:\program files\Web Assistant\Extension32.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{F9639E4A-801B-4843-AEE3-03D9DA199E77}"= "c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll" [BU] . [HKEY_CLASSES_ROOT\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}] [HKEY_CLASSES_ROOT\Incredibar.dskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\Incredibar.dskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eType"="c:\users\pop\AppData\Roaming\eType\eType.exe" [2012-08-26 2917784] "Easy Driver Pro"="c:\program files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe" [2012-09-23 147312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-09-29 169528] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568] . c:\users\Marko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ FIFA 11 Registration.lnk - c:\program files (x86)\EA Sports\FIFA 11\Support\EAregister.exe [2010-9-10 4407808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-14 115168] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-14 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [2012-10-14 30592] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-06 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-07-29 188760] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-11-14 1813056] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] . . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 19:07] . 2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2446771695-3468041622-60487144-1001Core.job - c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 13:43] . 2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2446771695-3468041622-60487144-1001UA.job - c:\users\Marko\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 13:43] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2446771695-3468041622-60487144-1001Core1cd7a70ed49b2cc.job - c:\users\Marko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-14 22:47] . 2012-10-04 c:\windows\Tasks\HPCeeScheduleForpop.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-15 7466600] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320] . ------- Extra genomsökning ------- . uStart Page = hxxp://www.bing.com?pc=CPNTDF uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.bing.com?pc=CPNTDF mStart Page = hxxp://www.bing.com?pc=CPNTDF mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 193.150.193.150 83.255.245.11 TCP: Interfaces\{4F15AA5D-EE1B-4AB2-BAD7-CC021BD3A827}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\pop\AppData\Roaming\Mozilla\Firefox\Profiles\x6uzdug2.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - ExtSQL: 2012-09-04 13:01; avg@toolbar; c:\programdata\AVG Secure Search\12.2.5.32 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andra processer som körs ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Sluttid: 2012-10-22 21:58:22 - datorn startades om. ComboFix-quarantined-files.txt 2012-10-22 19:58 ComboFix2.txt 2012-10-21 19:58 . Före genomsökningen: 162 838 679 552 bytes free Efter genomsökningen: 162 033 004 544 bytes free . - - End Of File - - 749FB35E0032C1FE04585117AEF505A8 Korak 3:Nemam nikakvih problema sa sistemom.Kao sto je bilo ranije,internet zeza,komp radi nomalno.

Profil

TwinHeadedEagle Poslao: 23 Okt 2012 11:45 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1. Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop Dvoklikom pokreni program i klikni na dugme [Search] . Kada program zavrsi analizu otvorice notepad (AdwCleaner[R1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[R1].txt Korak 2. Preuzmi Farbar Service Scaner na Desktop http://download.bleepingcomputer.com/farbar/FSS.exe Dvoklikom pokreni FSS.exe, stikliraj sve opcije i klikni na Scan Nedugo zatim, otvorice se log programa u Notepad-u, koji ce biti sacuvan na radnoj povrsini kao FSS.txt Kopiraj njegov sadrzaj u temu na forumu.

Profil

chick1 TeO Poslao: 23 Okt 2012 14:28 Idi na vrh
offline chick1 TeO Novi MyCity građanin Pridružio: 14 Okt 2012 Poruke: 24	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Korak 2 : Farbar Service Scanner Version: 19-10-2012 Ran by pop (administrator) on 23-10-2012 at 14:26:40 Running from "C:\Users\pop\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal ************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit End of log ** Korak 1 : mycity.rs/must-login.png

Profil

TwinHeadedEagle Poslao: 23 Okt 2012 14:30 Idi na vrh
offline TwinHeadedEagle Anti Malware Fighter Rank 2 Pridružio: 09 Avg 2011 Poruke: 15879 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo pokreni AdwCleaner Klikni na dugme [Delete] i pricekaj da program zavrsi. Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu. Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

Profil

MyCity » Ambulanta -> Arhiva Ambulante » DSN not responding,IPv6 no access,router or resource broken signal ?!

Ko je trenutno na forumu

Ukupno su 741 korisnika na forumu :: 40 registrovanih, 5 sakrivenih i 696 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., atmel, Bobrock1, bojank, bojcistv, botta, Brana01, cifra, crnitrn, darkangel, Denaya, djboj, DragoslavS, FileFinder, FOX, Frunze, Georgius, Griffon vulture, hyla, Još malo pa deda, kalens021, Koridor, Kriglord, Krvava Devetka, Kubovac, Marko Marković, nikoladim, NoOneEver Dreams, Panter, samsung, Sirius, slonic_tonic, SR-3m, Srky Boy, t84dar, trutcina, Velizar, voja64, Zoca

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by