Isto Virus sa Fejsa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.
Moj problem je virus sa fejsa, kada sam kliknuo na link, pc mi se restart , prvih 40-tak sekunda se zaglavljivao na crnom ekranu koji ocitava drajvere, zatim mi narednih 10tak minuta nista nije radilo, svako pokretanje antivirusa bi restartovalo PC , da bi najzad pokrenu antivirus (Malwarebytes antimalvare) i par puta na skenu (Full Scan) bi se pc restartovao. Scan je otkrio 30-tak Genetic Trojan
i jos neke (PUM. nesto) (kacim logove ako nadjem) . Od tada svaki put kada probam uci na facebook izbaci mi poruku "Problem Loading page".
Osim toga (nzm dal je povezano sa virusom) Sve aplikacije tipa torrent Teamwiever etc sve mi je na RUSKOM , stvar je da ja nisam ni dirao nista u Control pannelu , a mislim da niko drugi takodje nije .
Hvala
PS : Kacim logove svega sto smatram korisnim (ako gresim izvinite unapred)

• 2Ovo se svidja korisnicima: mcrule, FatalBlaDE
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav Malicious!















Potrebno je da detaljno procitas Uputstvo sa ovog linka i postavis potrebne dijagnosticke izvestaje da pogledamo: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html











goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo i izvjestaja



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by PC at 22:40:43 on 2011-02-24
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1174 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ba/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Comrade.exe] c:\program files\gamespy\comrade\Comrade.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [DAEMON Tools Pro Agent] c:\program files\daemon tools pro\DTAgent.exe -autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] d:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [tray_ico]
mRun: [tray_ico1]
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{29BF9F7E-5E5D-4030-9929-74323ED754CA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7A90B3D2-504B-40A1-A001-8E9C542A0FCD} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{96266138-D11F-4385-BBE0-654D68CDFDC8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C9F2BF2B-E176-4684-BC84-4072A46CA2FC} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\1hgsqo3b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\gamespy\comrade\npcomrade.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\pc\appdata\local\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-1-20 15424]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-6-24 393112]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-5 2271608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S2 NOD32krn;NOD32 Kernel Service;"c:\program files\eset\nod32krn.exe" --> c:\program files\eset\nod32krn.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GarenaPEngine;GarenaPEngine;c:\users\pc\appdata\local\temp\CGFDF27.tmp [2010-8-26 25616]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2010-1-22 53921]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-9 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-05 06:13:52 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{943259e8-13dc-41d1-a022-1fd23ef87c4c}\mpengine.dll
2011-08-01 19:36:48 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-01 19:35:44 -------- d-----w- C:\COD 4
2011-07-30 16:23:48 -------- d-----w- C:\SAN AANDREAS SD
2011-07-28 00:08:39 -------- d-----w- c:\users\pc\riotsGamesLogs
2011-07-27 23:21:52 -------- d-----w- c:\users\pc\appdata\roaming\LolClient
2011-07-27 21:40:33 -------- d-----w- C:\Riot Games
2011-07-27 19:00:39 -------- d-----w- c:\users\pc\appdata\local\PMB Files
2011-07-27 19:00:38 -------- d-----w- c:\programdata\PMB Files
2011-07-27 18:59:35 -------- d-----w- c:\program files\Pando Networks
2011-07-27 08:02:03 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2011-07-27 08:02:03 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2011-07-27 08:02:03 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-07-27 08:02:03 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-07-27 08:02:03 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2011-07-27 08:02:03 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2011-07-27 08:02:02 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2011-07-27 08:02:02 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2011-07-26 15:53:10 -------- d-----w- c:\program files\common files\Symantec Shared
2011-07-25 15:38:36 -------- d-----w- c:\windows\ufa
2011-07-25 15:38:36 -------- d-----w- c:\windows\phoenix
2011-07-25 15:37:13 -------- d--h--w- c:\windows\update.5.0
2011-07-25 15:24:36 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 15:23:42 -------- d--h--w- c:\windows\update.2
2011-07-25 15:19:10 -------- d-----w- c:\users\pc\appdata\local\{6E889100-0BC5-47A6-BAB9-E9DFD872ECBC}
2011-07-25 15:18:05 -------- d-----w- c:\windows\av_ico
2011-07-25 15:16:20 -------- d--h--w- c:\windows\update.1
2011-07-25 15:16:19 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-25 15:16:19 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-25 11:27:36 -------- d-----w- c:\users\pc\appdata\local\{FFB72508-F3FD-46B2-8968-7D6D42B43BDE}
2011-07-24 16:56:35 -------- d-----w- c:\users\pc\appdata\local\{BE020825-BA34-49F0-85A3-B0F10035D098}
2011-07-23 17:11:17 -------- d-----w- c:\program files\Rockstar Games
2011-07-23 16:44:53 -------- d-----w- c:\users\pc\appdata\local\{438D51A5-EB27-4464-833F-1403FFB98436}
2011-07-22 13:45:50 -------- d-----w- c:\users\pc\appdata\local\{4C1890F0-2567-4938-B0D5-A6B79870C8E1}
2011-07-22 07:21:42 -------- d-----w- c:\users\pc\appdata\local\{0A5463A7-377E-4AFB-B1C7-CD22A163DE70}
2011-07-21 08:31:24 -------- d-----w- c:\users\pc\appdata\local\{748D9AE3-AF32-4CD6-8507-70DD8B34006E}
2011-07-20 12:25:47 -------- d-----w- c:\users\pc\appdata\local\{5375B235-EE09-4DDA-B758-BAFBE053D39D}
2011-07-19 08:38:23 -------- d-----w- c:\users\pc\appdata\local\{3A51EB52-59DE-47ED-85BA-CD839A6AC12B}
2011-07-18 17:07:06 -------- d-----w- c:\users\pc\appdata\local\{98DEB1C0-F8AC-48D8-A062-FBB5E99FE287}
2011-07-17 16:21:19 -------- d-----w- c:\users\pc\appdata\local\{DE43C9E1-69B2-43E8-9B07-0DB956E6A863}
2011-07-17 07:51:49 -------- d-----w- c:\users\pc\appdata\local\{DB698D63-EB90-4BC4-A7CB-2E3B7AF093C2}
2011-07-16 07:29:51 -------- d-----w- c:\users\pc\appdata\local\{87F9D2AA-D1A9-49D2-885D-D9842EF5B18A}
2011-07-15 07:34:48 -------- d-----w- c:\users\pc\appdata\local\{5405D41E-B3B3-41B7-ADC2-C7E2C75F7C7A}
2011-07-14 07:04:15 -------- d-----w- c:\users\pc\appdata\local\{D61A040B-1EF0-4230-8AB5-F5F2E2FC9B54}
2011-07-13 05:34:20 -------- d-----w- c:\users\pc\appdata\local\{66BF9785-4E86-4FE2-AC2A-C64FF9D30BB5}
2011-07-12 09:17:56 -------- d-----w- c:\users\pc\appdata\local\SKIDROW
2011-07-12 07:58:23 -------- d-----w- c:\program files\Steam
2011-07-12 06:21:19 -------- d-----w- c:\users\pc\appdata\local\{7CFA38F4-F4EC-4ED3-B95B-08F2572D8694}
2011-07-11 05:58:32 -------- d-----w- c:\users\pc\appdata\local\{57BDA878-882A-4D61-8559-1E822B044EDC}
2011-07-10 07:38:36 -------- d-----w- c:\users\pc\appdata\local\{856DC577-0687-4904-A86A-6DF316B038C9}
2011-07-09 06:47:58 -------- d-----w- c:\users\pc\appdata\local\{07938524-8B40-4636-896C-8B40BED2D53D}
2011-07-08 06:08:53 -------- d-----w- c:\users\pc\appdata\local\{CE5E6F11-9807-434E-ADB1-A1F45F915F7E}
2011-07-07 11:38:13 -------- d-----w- c:\users\pc\appdata\local\{3561E78A-5652-4EE4-9872-A72AA98F2530}
2011-07-06 11:31:34 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-07-06 11:31:34 -------- d-----w- c:\program files\Application Updater
2011-07-04 20:31:23 -------- d-----w- c:\users\pc\appdata\local\{18D46C8C-D4F1-40E4-94CF-B584495DDB8F}
2011-07-04 07:25:25 -------- d-----w- c:\users\pc\appdata\local\{A13246CE-1FE3-456A-9835-3771E2510593}
2011-07-03 07:28:26 -------- d-----w- c:\users\pc\appdata\local\{0F513333-D8E3-4512-ADAB-0C11A22DD2D2}
2011-07-02 07:50:54 -------- d-----w- c:\users\pc\appdata\local\{EDA14B1B-58C0-4270-9F84-5EA070DEF6B1}
2011-07-01 07:38:32 -------- d-----w- c:\users\pc\appdata\local\{46F06C70-4DF2-4FB2-93BF-B1602AC12F4A}
2011-06-30 01:17:13 -------- d-----w- c:\users\pc\appdata\local\{8F47C662-D20F-43D9-9102-3492C3F6D1C7}
2011-06-30 01:07:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-30 01:07:43 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-30 01:07:43 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-29 07:21:12 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 07:21:06 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 07:21:06 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 07:21:04 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 07:21:04 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 07:21:04 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 07:21:03 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 07:21:03 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 07:21:03 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 07:21:03 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-28 22:30:35 -------- d-----w- c:\users\pc\appdata\local\{37A4319A-E996-4C3C-813B-75D474421EB9}
2011-06-28 09:16:21 -------- d-----w- c:\users\pc\appdata\local\{DA713FED-9219-411C-9800-9CCEA404D79B}
2011-06-27 19:37:22 -------- d-----w- c:\users\pc\appdata\local\{F8184BFB-57FC-40C0-B54C-5A2108B8BD17}
2011-06-27 07:13:21 -------- d-----w- c:\users\pc\appdata\local\{486DCCC4-3B37-4795-88EC-13B021E42886}
2011-06-26 06:27:35 -------- d-----w- c:\users\pc\appdata\local\{74BDD1B6-A982-44B0-9895-0205C5F627E5}
2011-06-25 09:23:56 -------- d-----w- c:\users\pc\appdata\local\{6DAA0E0A-8108-4F5C-B400-C540952D14C1}
2011-06-24 17:26:11 -------- d-----w- c:\programdata\YouTube Downloader
2011-06-24 07:25:54 -------- d-----w- c:\users\pc\appdata\local\{AFB6EE43-674D-4499-A6AA-DDFF2EB6FD25}
2011-06-23 19:10:59 -------- d-----w- c:\users\pc\appdata\local\{4D239BE3-DEF9-4964-A758-2DB9E09ACBA5}
2011-06-22 06:45:30 -------- d-----w- c:\users\pc\appdata\local\{44A79CE5-BF9F-4AA1-ACE6-8A7E7B88E4A5}
2011-06-21 07:15:07 -------- d-----w- c:\users\pc\appdata\local\{12097FC6-09C1-4C45-97CF-5A2AD7750358}
2011-06-20 08:22:55 -------- d-----w- c:\users\pc\appdata\local\{95FD68A0-6C6A-43B6-B4AC-719531A94A29}
2011-06-19 20:22:26 -------- d-----w- c:\users\pc\appdata\local\{1813D00B-00C1-4A67-98FE-CA5B1F972C13}
2011-06-19 06:42:26 -------- d-----w- c:\users\pc\appdata\local\{680B0736-9E91-4CC4-8788-64BE15CF0474}
2011-06-18 18:13:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-18 05:37:57 -------- d-----w- c:\users\pc\appdata\local\{ED3E4A1D-E4D2-42E5-839E-C56AFD954888}
2011-06-17 13:24:39 -------- d-----w- c:\users\pc\appdata\local\{08F3AF3E-6525-44C5-8D34-6E67FD8A7C24}
2011-06-17 09:50:33 -------- d-----w- c:\program files\StarCraft II
2011-06-17 01:24:04 -------- d-----w- c:\users\pc\appdata\local\{069E81BE-8D33-42AB-A5A8-2A837B0E18FF}
2011-06-16 22:06:41 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-06-16 10:25:50 -------- d-----w- c:\users\pc\appdata\local\{694A2CFD-3AE9-4565-86EA-BF21797364E3}
2011-06-15 18:31:47 -------- d-----w- c:\users\pc\appdata\local\{DAEE75FE-EA0F-4EFD-AF19-BB69E2C681D7}
2011-06-14 11:51:56 -------- d-----w- c:\users\pc\appdata\local\{AF397192-D63D-46C2-8C7F-100E6C2E9BB2}
2011-06-13 10:52:20 -------- d-----w- c:\users\pc\appdata\local\{595D94AA-1832-4765-AD6F-9EF74BFD8293}
2011-06-12 07:20:24 -------- d-----w- c:\users\pc\appdata\local\{FFD171E9-5F2E-412B-A421-E6D92166ED49}
2011-06-11 06:23:33 -------- d-----w- c:\users\pc\appdata\local\{D8C92BDF-91E6-4243-8861-E2834CFA6CF8}
2011-06-10 13:05:44 -------- d-----w- c:\users\pc\appdata\local\{38EA4C31-5092-46D7-AE49-14FABAC25DA0}
2011-06-10 05:59:08 -------- d-----w- c:\users\pc\appdata\local\{25845FAC-4334-45DB-A946-17AF080E0C41}
2011-06-09 12:19:48 -------- d-----w- c:\users\pc\appdata\local\{CAAF8B3D-B8E0-44D3-84EF-C4EDF3D17623}
2011-06-08 10:39:48 -------- d-----w- c:\users\pc\appdata\local\{0D745483-8ADF-4B92-8027-9E38F4840343}
2011-06-08 08:55:00 -------- d-----w- c:\users\pc\appdata\roaming\Windows Live Writer
2011-06-08 08:55:00 -------- d-----w- c:\users\pc\appdata\local\Windows Live Writer
2011-06-08 06:47:57 -------- d-----w- c:\users\pc\appdata\local\{62DB59FB-4B5C-4201-A739-D6DA2F828C93}
2011-06-07 09:43:06 -------- d-----w- c:\users\pc\appdata\local\{B5BD88F9-CCD5-4980-8157-05A074EFFBEC}
2011-06-07 05:55:05 -------- d-----w- c:\users\pc\appdata\local\{FBE33823-285B-4428-B05C-AC384DA527B9}
2011-06-06 16:32:03 -------- d-----w- c:\users\pc\appdata\local\{8FEACF90-8D20-45E4-9193-4AF6DAA4040C}
2011-06-06 05:41:58 -------- d-----w- c:\users\pc\appdata\local\{CB447181-6D5D-4D08-ACBA-8913E06D1237}
2011-06-05 14:44:00 -------- d-----w- c:\users\pc\appdata\local\{AD8B0A1A-0441-483E-B241-12E485157346}
2011-06-04 06:40:14 -------- d-----w- c:\users\pc\appdata\local\{7AF51881-06F8-4577-AB6B-F131E58DFB5A}
2011-06-03 11:43:46 -------- d-----w- c:\users\pc\appdata\local\{F5F4F29E-B5E2-4395-83A9-07EF999CB19E}
2011-06-02 11:13:16 -------- d-----w- c:\users\pc\appdata\local\{7A88AA61-557A-4F88-A75D-BA5DF539F614}
2011-06-01 10:55:48 -------- d-----w- c:\users\pc\appdata\local\{A354C132-1056-4009-860A-87C2850D5FDF}
2011-05-31 11:55:09 -------- d-----w- c:\users\pc\appdata\roaming\Mount&Blade
2011-05-31 11:14:17 -------- d-----w- c:\users\pc\appdata\local\{892C1AED-8B8D-4C1D-8126-17D3933D7709}
2011-05-30 10:53:15 -------- d-----w- c:\users\pc\appdata\local\{9DACF24E-3E46-423F-8E59-E6963EF8BD10}
2011-05-29 12:19:02 -------- d-----w- c:\users\pc\appdata\local\{E8FD9649-AB60-44B3-9976-FCE321868887}
2011-05-29 11:28:22 -------- d-----w- c:\users\pc\appdata\local\{68A2A5FF-38CA-42DC-BCB1-C22F93D28262}
2011-05-29 10:04:04 -------- d-----w- c:\users\pc\appdata\roaming\go
2011-05-29 10:04:01 -------- d-----w- c:\programdata\Easybits GO
2011-05-29 08:12:52 -------- d-----w- c:\users\pc\appdata\local\{0B5C4929-8DA7-4ABC-9DE4-5F145D743E76}
2011-05-27 21:41:25 -------- d-----w- c:\users\pc\appdata\local\{85FCC111-8605-45AF-88AA-933423661976}
2011-05-27 06:04:54 -------- d-----w- c:\users\pc\appdata\local\{25B3EF62-4FF5-446F-A073-F579C2F97027}
2011-05-26 16:50:37 -------- d-----w- c:\users\pc\appdata\local\{22566A0F-C7D9-4379-942A-C425E44CD515}
2011-05-26 06:40:15 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2011-05-26 06:13:33 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-05-26 06:12:07 -------- d-----w- c:\users\pc\appdata\local\Downloaded Installations
2011-05-25 17:46:22 -------- d-----w- c:\users\pc\appdata\local\{8A9CB163-63A1-49AB-BC01-60DC03095AFE}
2011-05-25 06:28:11 -------- d-----w- c:\users\pc\appdata\roaming\Mount&Blade With Fire and Sword
2011-05-25 06:10:31 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 06:04:39 -------- d-----w- c:\users\pc\appdata\local\{A32359E5-6BCE-4923-8CFC-4508AC34D00E}
2011-05-24 05:20:32 -------- d-----w- c:\users\pc\appdata\local\{11FBA002-4717-4C4B-826F-BA5AB7729C8E}
2011-05-23 17:10:13 -------- d-----w- c:\users\pc\appdata\local\{0F9E2C3E-A15B-4F1B-8661-F5E6B2BFDECC}
2011-05-22 13:35:51 -------- d-----w- c:\users\pc\appdata\local\{DE4386FE-64B9-4096-8FE4-77E4F2241FD2}
2011-05-21 22:44:45 -------- d-----w- c:\users\pc\appdata\local\{4EEBF27E-78D3-4874-A329-85DE34B3E880}
2011-05-21 05:44:25 -------- d-----w- c:\users\pc\appdata\local\{1D6513DB-1410-4A4C-BBF0-E99F4E82BE96}
2011-05-20 12:25:25 -------- d-----w- c:\users\pc\appdata\local\{2BA921F3-C021-4F0D-B191-A603FEE5E092}
2011-05-20 11:18:55 -------- d-----w- c:\users\pc\appdata\local\{EA95D4FC-DCAF-4B0D-BA35-FDBE0805400C}
2011-05-20 11:14:12 -------- d-----w- c:\users\pc\appdata\local\{96626339-7CFB-40A3-A201-A1BD51A2B4DC}
2011-05-20 11:11:42 -------- d-----w- c:\users\pc\appdata\local\{7C1233E5-BB03-4786-8492-ACCE7D155B9B}
2011-05-20 10:58:25 -------- d-----w- c:\users\pc\appdata\local\{3DC88CDA-31E6-4FA4-BB2E-B36A7242421D}
2011-05-20 10:56:26 -------- d-----w- c:\users\pc\appdata\local\{B4F01215-EC89-44F3-B435-0085967BBC85}
2011-05-20 10:56:23 0 ---ha-w- c:\users\pc\appdata\local\BITD7AA.tmp
2011-05-20 10:52:37 0 ---ha-w- c:\users\pc\appdata\local\BIT6FD2.tmp
2011-05-20 08:39:54 -------- d-----w- c:\users\pc\appdata\local\{C801D71D-0FE6-49B4-B3AF-E2326513F36B}
2011-05-19 10:52:40 -------- d-----w- c:\users\pc\appdata\local\{6CB84E5E-9C1C-4D86-93C3-86CA8D2A5047}
2011-05-18 10:44:40 -------- d-----w- c:\users\pc\appdata\local\{11134B58-CD9C-4C60-8E6E-8D9E55566561}
2011-05-17 11:30:21 -------- d-----w- c:\users\pc\appdata\local\{DBB754FE-5089-4AA1-BCBF-F6400B4131CA}
2011-05-16 10:38:00 -------- d-----w- c:\users\pc\appdata\local\{805FABF0-CF22-4BD2-8F25-FE1B2817239C}
2011-05-15 18:45:51 -------- d-----w- c:\users\pc\appdata\local\{AFADC804-B430-40F6-8C49-78F9864DF872}
2011-05-15 05:24:16 -------- d-----w- c:\users\pc\appdata\local\{13E37D6C-A86D-4DE5-B529-1FFCDF00256F}
2011-05-14 06:15:34 -------- d-----w- c:\users\pc\appdata\local\NFS Underground 2
2011-05-13 19:11:54 641536 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
2011-05-13 18:48:17 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-13 18:48:17 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-13 18:48:17 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-13 18:48:17 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-13 18:48:17 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-13 17:51:25 -------- d-----w- c:\users\pc\appdata\local\{8D644D48-8617-4908-8CA0-502D464178CA}
2011-05-13 05:19:56 -------- d-----w- c:\users\pc\appdata\local\{427741C5-5A5C-43A9-B9A5-71A794258735}
2011-05-12 05:33:15 -------- d-----w- c:\users\pc\appdata\local\{D0FCD7B5-5D56-4C12-88EA-AD31BFAC5F61}
2011-05-11 17:12:53 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 17:12:53 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 17:12:52 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 17:12:51 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 17:12:50 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 17:12:50 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 17:12:50 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 17:12:42 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 17:12:41 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 17:12:39 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 05:27:50 -------- d-----w- c:\users\pc\appdata\local\{53548590-F4A4-48B7-9A28-76930831896A}
2011-05-10 17:13:17 -------- d-----w- c:\users\pc\appdata\local\{3B1719A5-F822-40BC-A93B-4A54AE39540F}
2011-05-10 05:06:16 -------- d-----w- c:\users\pc\appdata\local\{BCD08C18-4D9A-44D7-8E57-321472DE3C06}
2011-05-08 23:59:08 -------- d-----w- c:\users\pc\appdata\local\{289505F9-0970-4D72-B4DE-6AEF6865429C}
2011-05-08 05:35:47 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-05-08 05:09:12 -------- d-----w- c:\users\pc\appdata\local\{B111C906-54E5-4749-94FD-C4F868B9D685}
2011-05-07 05:41:36 -------- d-----w- c:\users\pc\appdata\local\{C01B11E7-1A71-43D5-89FF-20128821997E}
2011-05-06 09:14:37 -------- d-----w- c:\users\pc\appdata\local\{7D533E3C-8854-4849-AAAE-68818D1490F0}
2011-05-05 23:08:18 -------- d-----w- c:\users\pc\appdata\local\GamePlayLabs Plugin
2011-05-05 10:56:58 -------- d-----w- c:\users\pc\appdata\local\{9AE0F9C9-F841-49D6-9B67-E0FC480945B5}
2011-05-04 10:43:33 -------- d-----w- c:\users\pc\appdata\local\{1C7646FA-E80C-4C04-8CDE-159C5B4CF573}
2011-05-03 10:38:44 -------- d-----w- c:\users\pc\appdata\local\{8AFF873F-1728-4715-BFAA-D1109CD240DB}
2011-05-01 21:51:21 -------- d-----w- c:\program files\Ventrilo
2011-05-01 06:34:28 -------- d-----w- c:\users\pc\appdata\local\{871E5592-0231-44F2-973C-C9469497470B}
2011-04-30 10:37:09 -------- d-----w- c:\program files\Microsoft XNA
2011-04-30 06:46:03 -------- d-----w- c:\users\pc\appdata\local\{591A4E54-5A91-4ADA-B68E-55495CEBA992}
2011-04-29 17:23:07 -------- d-----w- c:\programdata\Skype Extras
2011-04-29 17:21:10 -------- d-----r- c:\program files\Skype
2011-04-29 07:10:55 -------- d-----w- c:\users\pc\appdata\local\{780372BC-0F35-42C7-8ADC-86DBE851316F}
2011-04-28 14:05:21 -------- d-----w- c:\users\pc\appdata\local\{72B8A72F-080B-43F9-85DF-AF2E0C7F75D6}
2011-04-28 07:49:40 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 07:49:09 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-28 07:49:08 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-28 07:49:08 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-28 07:49:07 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-28 07:49:07 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-28 07:49:06 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-28 07:49:06 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-28 07:49:05 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-28 07:49:04 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-28 07:46:47 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 07:46:00 2614784 ----a-w- c:\windows\explorer.exe
2011-04-28 07:45:18 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-04-28 07:45:18 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-28 07:45:18 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-28 07:34:28 -------- d-----w- c:\users\pc\appdata\local\{EBFEDFA9-1463-4B1F-B7E1-B5BD07018B9C}
2011-04-27 07:14:32 -------- d-----w- c:\users\pc\appdata\local\{E3452CB8-948F-4C80-ABF0-4D7EEE64CBF7}
2011-04-26 06:22:22 -------- d-----w- c:\users\pc\appdata\local\{CB80184B-83E5-4F5E-9B91-C53A385D9EB0}
2011-04-25 07:13:56 -------- d-----w- c:\users\pc\appdata\local\{92C8A79D-8B27-4466-A93F-EA868B8EC335}
2011-04-24 16:35:44 -------- d-----w- c:\users\pc\appdata\local\{C273FFE9-4B60-47F0-8E66-517B0B8AEA81}
2011-04-24 10:17:09 -------- d-----w- c:\users\pc\appdata\local\{590A1778-DC2A-4B3D-A6A0-D7AD343F03FA}
2011-04-23 06:46:00 -------- d-----w- c:\users\pc\appdata\local\{C5B83226-1ED1-4AB9-B0C4-4F978ACE496C}
2011-04-22 07:28:08 -------- d-----w- c:\users\pc\appdata\local\{83BF149F-7C84-4C48-951F-A0795EA91697}
2011-04-21 13:23:41 -------- d-----w- c:\users\pc\appdata\local\{66BCB513-CDF0-464F-ACCA-2B96522EE66D}
2011-04-20 07:53:32 -------- d-----w- c:\users\pc\appdata\local\{D96CDCF9-5583-4E21-B270-36202A80EEDB}
2011-04-19 07:21:13 -------- d-----w- c:\users\pc\appdata\local\{9E811409-7E5D-4552-B649-6531D0629FF3}
2011-04-18 07:12:38 -------- d-----w- c:\users\pc\appdata\local\{DFA537DF-A60E-4A21-8BC5-A9B2C73E2F98}
2011-04-17 14:26:29 -------- d-----w- c:\users\pc\appdata\local\{1162A41A-091D-4742-8588-DC554BC1EA64}
2011-04-17 06:34:06 -------- d-----w- c:\users\pc\appdata\local\{73BD8667-70C4-46BA-B41F-BE992F34ECFC}
2011-04-16 05:42:10 -------- d-----w- c:\users\pc\appdata\local\{19CAFE16-5A89-4608-976F-1F0F8A431730}
2011-04-15 16:00:14 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 16:00:05 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 16:00:03 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 16:00:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 16:00:00 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 15:58:15 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 15:58:12 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 15:58:03 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 15:58:02 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 15:57:48 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 14:39:20 1090952 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-04-15 07:02:30 -------- d-----w- c:\users\pc\appdata\local\{2F90AEC8-B986-4C0B-B889-237A2C798ACC}
2011-04-14 19:05:52 -------- d-----w- c:\users\pc\appdata\local\{9F383735-84E1-4079-9450-93E0FDA29696}
2011-04-14 06:25:17 -------- d-----w- c:\users\pc\appdata\local\{83D63EDB-5903-4AAB-B5C5-D555B68B98C8}
2011-04-13 07:05:13 -------- d-----w- c:\users\pc\appdata\local\{E8D7800A-227F-4B73-8380-8218AC9277CE}
2011-04-12 17:22:12 -------- d-----w- c:\users\pc\appdata\local\{7F5EC8EB-AC7F-4ABF-954F-E29ED5415F0B}
2011-04-11 06:35:53 -------- d-----w- c:\users\pc\appdata\local\{38E37FF1-DE77-4CAE-A6EE-7F7C0E8AA096}
2011-04-10 14:54:30 -------- d-----w- c:\users\pc\appdata\local\{96158E79-47D1-477F-A4E4-87E413FA8711}
2011-04-10 07:21:25 -------- d-----w- c:\users\pc\appdata\local\{2981C73B-8AC6-47C5-9655-6258343B7CBF}
2011-04-09 16:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-09 16:45:43 -------- d-----w- c:\users\pc\appdata\local\{9D49BCA4-4AD8-4086-B9C3-F130EB55E56B}
2011-04-09 05:43:54 -------- d-----w- c:\users\pc\appdata\local\{A2636CFD-83C9-4CC0-A4D5-BFEF75438E4D}
2011-04-08 15:30:18 -------- d-----w- c:\users\pc\appdata\local\{81AC32C4-1CC1-471E-B404-1DE735D35773}
2011-04-08 11:00:44 -------- d-----w- c:\users\pc\appdata\local\{2DCDE916-2285-4EEC-9EB1-794083001DBB}
2011-04-07 22:56:28 -------- d-----w- c:\users\pc\appdata\local\{ADB9921E-3612-4EA4-8140-6FDB9F661809}
2011-04-07 10:50:14 -------- d-----w- c:\users\pc\appdata\local\{D81A4F38-A8D2-49C0-9CEF-4F1D044420AA}
2011-04-06 14:56:49 -------- d-----w- c:\users\pc\appdata\local\{E2263B94-0F00-4B17-8230-40B23F0655BC}
2011-04-06 04:07:24 -------- d-----w- c:\users\pc\appdata\local\{211AC594-D247-4077-AC1F-0FDF0DC1B4FD}
2011-04-05 19:38:38 -------- d-----w- c:\users\pc\appdata\roaming\TeamViewer
2011-04-05 19:37:36 -------- d-----w- c:\program files\TeamViewer
2011-04-05 19:23:56 -------- d-----w- c:\program files\VideoLAN
2011-04-05 10:53:35 -------- d-----w- c:\users\pc\appdata\local\{25520EA5-744A-4272-9860-4F0C3195AB4E}
2011-04-04 13:44:44 -------- d-----w- c:\users\pc\appdata\local\{623C41FB-54BC-4A54-9812-55CEEE385570}
2011-04-02 05:58:23 -------- d-----w- c:\users\pc\appdata\local\{96DE4EA3-D19E-4050-9874-208341F7005E}
2011-04-01 07:11:56 -------- d-----w- c:\users\pc\appdata\local\{6F418CC2-083F-48BB-A3EF-B1E9CB78EFE5}
2011-03-31 17:07:15 -------- d-----w- c:\users\pc\appdata\local\{E67B6EB4-A048-47E4-9085-62DE542E43F7}
2011-03-30 15:54:59 -------- d-----w- c:\users\pc\appdata\local\{C311F3B6-7749-4658-9141-DA34D85B8807}
2011-03-30 06:57:33 -------- d-----w- c:\users\pc\appdata\local\{EBD5E07B-507F-423D-AF31-3458CAEC2933}
2011-03-29 06:51:30 -------- d-----w- c:\users\pc\appdata\local\{3AC86FC3-C1CE-4304-92D1-BDD3CE63C2BB}
2011-03-28 07:13:53 -------- d-----w- c:\users\pc\appdata\local\{CCF27D04-32DB-4E72-950B-53B9C26E4A2C}
2011-03-27 06:40:20 -------- d-----w- c:\users\pc\appdata\local\{7EE0C3B9-0D96-464D-99BB-99FB5BD7216C}
2011-03-26 06:38:28 -------- d-----w- c:\users\pc\appdata\local\{953DC85F-5FDF-4B8E-86A3-620233EEC21B}
2011-03-25 12:18:55 -------- d-----w- C:\31920b88f7e245475550
2011-03-25 05:18:24 -------- d-----w- c:\users\pc\appdata\local\{F32581DC-8F4E-4474-82FF-834BACA009B3}
2011-03-24 17:13:22 -------- d-----w- c:\users\pc\appdata\roaming\uTorrent
2011-03-24 17:01:57 -------- d-----w- c:\users\pc\appdata\roaming\FinalTorrent
2011-03-24 16:58:43 -------- d-----w- c:\program files\File Type Assistant
2011-03-24 16:58:16 -------- d-----w- c:\program files\FinalTorrent
2011-03-24 16:56:12 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-03-24 16:56:09 -------- d-----w- c:\users\pc\appdata\local\PackageAware
2011-03-24 16:53:14 -------- d-----w- c:\program files\KwiClick LLC
2011-03-24 10:59:59 -------- d-----w- c:\users\pc\appdata\local\{59E50410-4D64-41B2-8918-C16E81967971}
2011-03-23 17:06:56 -------- d-----w- c:\users\pc\appdata\local\{2ED6D5DD-BC01-44FF-AB72-9DD9813B797A}
2011-03-22 17:05:55 -------- d-----w- c:\users\pc\appdata\local\{FB378F9B-66C3-4AA9-979C-A91DA883BD48}
2011-03-22 12:15:22 -------- d-----w- c:\program files\id Software
2011-03-22 12:10:58 -------- d-----w- c:\users\pc\appdata\local\{203A07FC-CC44-4A7A-98B4-CCF240A2583E}
2011-03-21 16:20:45 -------- d-----w- c:\users\pc\appdata\local\{6F6E99D1-BC7E-4E96-A054-EEF2BEDEEA3A}
2011-03-20 08:49:59 -------- d-----w- c:\users\pc\appdata\local\{4DE70457-B00B-41EA-ABAB-C5A76FB84A5E}
2011-03-20 03:40:44 1079144 ----a-w- c:\program files\common files\microsoft shared\office12\RICHED20.DLL
2011-03-19 22:59:02 -------- d-----w- c:\program files\WMV9_VCM
2011-03-19 18:11:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-19 18:11:27 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-19 18:11:27 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-19 18:11:27 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-19 18:11:25 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-19 18:11:25 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-19 18:06:20 -------- d-----w- c:\users\pc\appdata\local\{414E629C-5385-4435-80B5-7583C7B274E5}
2011-03-19 18:05:40 -------- d-----w- c:\users\pc\appdata\local\{E354885E-A4A4-424F-B51F-241633C612FE}
2011-03-19 18:03:50 -------- d-----w- c:\users\pc\appdata\local\{0F9F2A3B-F7A6-4EBE-BD30-64D79F8FB3C1}
2011-03-19 18:01:34 -------- d-----w- c:\users\pc\appdata\local\{6C7DE19E-4270-4202-B776-A1656D3F7EDA}
2011-02-28 07:03:38 -------- d-----w- c:\users\pc\appdata\local\{13BFF5E8-CE52-4AEA-BB95-0B25406B80E1}
2011-02-27 07:36:01 -------- d-----w- c:\users\pc\appdata\local\{B5D5E1A7-ED06-4437-BFC2-D99A04770847}
2011-02-26 07:58:12 -------- d-----w- c:\users\pc\appdata\local\{064C2CEE-AA9D-4F20-84F6-9D56E4F5E096}
2011-02-25 16:29:05 -------- d-----w- c:\users\pc\appdata\local\{12D55875-9735-46EC-9872-AB9EFB7728FD}
2011-02-24 14:38:20 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 12:26:43 -------- d-----w- C:\EXTREME GTA
2011-02-24 12:10:56 -------- d-----w- c:\users\pc\appdata\local\{1958B3DB-4FD9-443E-9247-AF8D2E7E1BEB}
2011-02-24 12:03:38 -------- d-----w- c:\users\pc\appdata\local\{64A3B602-DAE4-4F61-9D1C-C7291DE3327D}
2011-02-23 12:13:20 -------- d-----w- c:\users\pc\appdata\roaming\My Battle for Middle-earth(tm) II Files
2011-02-22 16:40:02 -------- d-----w- c:\users\pc\appdata\local\{848CE6EC-4AED-45DB-86A6-30979411A89E}
2011-02-17 14:34:22 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-17 14:33:50 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-17 14:33:21 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-17 14:33:21 1389568 ----a-w- c:\windows\system32\msxml6.dll
2011-02-17 14:33:21 1236992 ----a-w- c:\windows\system32\msxml3.dll
2011-02-17 14:33:20 80384 ----a-w- c:\windows\system32\davclnt.dll
2011-02-17 14:33:20 73728 ----a-w- c:\windows\system32\wscsvc.dll
2011-02-17 14:33:20 51200 ----a-w- c:\windows\system32\wscapi.dll
2011-02-17 14:33:20 350720 ----a-w- c:\windows\system32\winhttp.dll
2011-02-17 14:33:20 204800 ----a-w- c:\windows\system32\WebClnt.dll
2011-02-17 14:33:20 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-17 14:33:10 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-17 14:24:00 -------- d-----w- c:\users\pc\appdata\local\{9EB11562-B0A0-4D33-A682-79894A1CCD9F}
2011-02-16 17:00:38 17370496 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
2011-02-12 16:01:13 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-02-12 16:01:13 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-02-12 16:01:13 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-02-12 16:01:13 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-02-11 20:56:08 -------- d-----w- c:\program files\DAEMON Tools Pro
2011-02-11 20:55:54 -------- d-----w- c:\users\pc\appdata\roaming\DAEMON Tools Pro
2011-02-11 20:55:54 -------- d-----w- c:\programdata\DAEMON Tools Pro
.
==================== Find3M ====================
.
2011-07-23 17:21:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 05:59:55 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 05:55:31 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-01-17 05:38:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-12-18 05:31:23 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-06 08:23:24 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-06 08:23:24 22328 ----a-w- c:\users\pc\appdata\roaming\PnkBstrK.sys
2010-12-06 08:23:05 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-06 08:22:56 669184 ----a-w- c:\windows\system32\pbsvc.exe
.
============= FINISH: 22:41:36,12 ===============

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U Uputstvu odradi Korak #3:.
Postavi GMER (ili RR) izvestaje.




Takodje ...





Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter





Postavi mi izvestaje MBAM-a da pogledam.









goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo u winzip verziji, (izvjestaja malvera)



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png



A evo treceg djela


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

eto

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Molim te, nemoj da zipujes izvestaje (jedino ako ti to zatrazim) vec ih okaci u onom obliku u kom su snimljeni.



Gmer1 izvestaj je prazan.







U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------








Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.








goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo i izvjestaj
ComboFix 11-08-18.03 - PC 25.02.2011 0:32.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1232 [GMT 1:00]
Running from: c:\users\PC\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\7Loader.TAG
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\Wav
c:\windows\system32\Wav\Joy1.wav
c:\windows\system32\Wav\Joy2.wav
c:\windows\system32\Wav\Joy3.wav
c:\windows\system32\Wav\Joy4.wav
c:\windows\system32\Wav\Joy5.wav
c:\windows\system32\Wav\Joy6.wav
c:\windows\system32\Wav\Joy7.wav
c:\windows\system32\Wav\Joy8.wav
c:\windows\system32\Wav\Joy9.wav
c:\windows\system32\Wav\Joya.wav
c:\windows\system32\Wav\Joyb.wav
c:\windows\system32\Wav\Joyc.wav
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.
.
2011-08-05 06:13 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{943259E8-13DC-41D1-A022-1FD23EF87C4C}\mpengine.dll
2011-08-01 19:36 . 2011-08-01 19:36 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-01 19:35 . 2011-08-01 19:35 -------- d-----w- C:\COD 4
2011-07-30 16:23 . 2011-07-30 16:23 -------- d-----w- C:\SAN AANDREAS SD
2011-07-28 00:08 . 2011-08-05 17:14 -------- d-----w- c:\users\PC\riotsGamesLogs
2011-07-27 23:21 . 2011-07-27 23:21 -------- d-----w- c:\users\PC\AppData\Roaming\LolClient
2011-07-27 21:45 . 2011-07-27 21:46 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-27 21:40 . 2011-07-27 21:40 -------- d-----w- C:\Riot Games
2011-07-27 19:00 . 2011-02-24 23:40 -------- d-----w- c:\users\PC\AppData\Local\PMB Files
2011-07-27 19:00 . 2011-08-05 18:03 -------- d-----w- c:\programdata\PMB Files
2011-07-27 18:59 . 2011-07-27 18:59 -------- d-----w- c:\program files\Pando Networks
2011-07-27 08:02 . 2011-02-12 16:01 -------- d-----w- c:\program files\Common Files\InstallShield
2011-07-26 15:53 . 2011-08-04 15:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-25 15:38 . 2011-07-25 15:38 -------- d-----w- c:\windows\ufa
2011-07-25 15:24 . 2011-07-25 15:38 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 15:18 . 2011-07-25 15:18 -------- d-----w- c:\windows\av_ico
2011-07-25 15:16 . 2011-07-25 16:15 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-25 15:16 . 2011-07-25 16:15 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-23 17:11 . 2011-07-23 17:11 -------- d-----w- c:\program files\Rockstar Games
2011-07-12 09:17 . 2011-07-12 09:17 -------- d-----w- c:\users\PC\AppData\Local\SKIDROW
2011-07-12 07:58 . 2011-02-24 21:32 -------- d-----w- c:\program files\Steam
2011-07-06 11:31 . 2011-07-06 11:31 -------- d-----w- c:\program files\Application Updater
2011-07-06 11:31 . 2011-07-06 11:31 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-06-30 01:07 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-30 01:07 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-30 01:07 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 07:21 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 07:21 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 07:21 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 07:21 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 07:21 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 07:21 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 07:21 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 07:21 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 07:21 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 07:21 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-24 17:26 . 2011-07-13 15:27 -------- d-----w- c:\programdata\YouTube Downloader
2011-06-18 18:13 . 2011-06-30 01:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 09:50 . 2011-02-22 20:15 -------- d-----w- c:\program files\StarCraft II
2011-06-16 22:06 . 2011-06-17 10:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-06-08 08:55 . 2011-06-09 12:24 -------- d-----w- c:\users\PC\AppData\Local\Windows Live Writer
2011-06-08 08:55 . 2011-06-08 08:55 -------- d-----w- c:\users\PC\AppData\Roaming\Windows Live Writer
2011-05-31 11:55 . 2011-05-31 11:55 -------- d-----w- c:\users\PC\AppData\Roaming\Mount&Blade
2011-05-29 10:04 . 2011-02-24 20:37 -------- d-----w- c:\users\PC\AppData\Roaming\go
2011-05-29 10:04 . 2011-02-24 21:32 -------- d-----w- c:\programdata\Easybits GO
2011-05-26 06:40 . 2011-05-26 06:40 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2011-05-26 06:13 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-05-26 06:12 . 2011-05-26 06:12 -------- d-----w- c:\users\PC\AppData\Local\Downloaded Installations
2011-05-25 06:28 . 2011-05-25 06:29 -------- d-----w- c:\users\PC\AppData\Roaming\Mount&Blade With Fire and Sword
2011-05-25 06:10 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-20 10:56 . 2011-05-20 10:56 0 ---ha-w- c:\users\PC\AppData\Local\BITD7AA.tmp
2011-05-20 10:52 . 2011-05-20 10:52 0 ---ha-w- c:\users\PC\AppData\Local\BIT6FD2.tmp
2011-05-14 06:15 . 2011-05-21 08:16 -------- d-----w- c:\users\PC\AppData\Local\NFS Underground 2
2011-05-13 19:11 . 2011-05-13 19:11 641536 ----a-w- c:\program files\Common Files\Microsoft Shared\VC\msdia80.dll
2011-05-13 18:48 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-13 18:48 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-13 18:48 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-13 18:48 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-13 18:48 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 17:12 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 17:12 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 17:12 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 17:12 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 17:12 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 17:12 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 17:12 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 17:12 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 17:12 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 17:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-08 05:35 . 2011-05-08 05:35 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-05-05 23:08 . 2011-05-05 23:08 -------- d-----w- c:\users\PC\AppData\Local\GamePlayLabs Plugin
2011-05-01 21:51 . 2011-05-01 21:51 -------- d-----w- c:\program files\Ventrilo
2011-04-30 10:37 . 2011-04-30 10:37 -------- d-----w- c:\program files\Microsoft XNA
2011-04-29 17:23 . 2011-05-29 08:12 -------- d-----w- c:\users\PC\AppData\Roaming\skypePM
2011-04-29 17:23 . 2011-02-21 07:26 -------- d-----w- c:\programdata\Skype Extras
2011-04-29 17:21 . 2011-02-24 21:33 -------- d-----w- c:\users\PC\AppData\Roaming\Skype
2011-04-29 17:21 . 2011-06-10 21:48 -------- d-----r- c:\program files\Skype
2011-04-29 17:21 . 2011-06-10 21:48 -------- d-----w- c:\programdata\Skype
2011-04-28 07:49 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 07:49 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-28 07:49 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-28 07:49 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-28 07:49 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-28 07:49 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-28 07:49 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-28 07:49 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-28 07:49 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-28 07:49 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-28 07:46 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 07:46 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-28 07:45 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-04-28 07:45 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-28 07:45 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-15 16:00 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 16:00 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 16:00 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 16:00 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 16:00 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 15:58 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 15:58 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 15:58 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 15:58 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 15:57 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 14:39 . 2011-04-15 14:39 1090952 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-05 19:38 . 2011-04-05 19:38 -------- d-----w- c:\users\PC\AppData\Roaming\TeamViewer
2011-04-05 19:37 . 2011-04-05 19:37 -------- d-----w- c:\program files\TeamViewer
2011-04-05 19:24 . 2011-04-05 19:27 -------- d-----w- c:\users\PC\AppData\Roaming\vlc
2011-04-05 19:23 . 2011-04-05 19:23 -------- d-----w- c:\program files\VideoLAN
2011-03-25 12:18 . 2011-03-25 12:19 -------- d-----w- C:\31920b88f7e245475550
2011-03-24 17:13 . 2011-06-16 21:08 -------- d-----w- c:\users\PC\AppData\Roaming\uTorrent
2011-03-24 17:01 . 2011-03-24 17:28 -------- d-----w- c:\users\PC\AppData\Roaming\FinalTorrent
2011-03-24 16:58 . 2011-03-24 16:58 -------- d-----w- c:\program files\File Type Assistant
2011-03-24 16:58 . 2011-03-24 16:58 -------- d-----w- c:\program files\FinalTorrent
2011-03-24 16:56 . 2011-03-24 16:56 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-03-24 16:56 . 2011-03-24 16:56 -------- d-----w- c:\users\PC\AppData\Local\PackageAware
2011-03-24 16:53 . 2011-03-24 16:53 -------- d-----w- c:\program files\KwiClick LLC
2011-03-22 12:15 . 2011-03-22 12:15 -------- d-----w- c:\program files\id Software
2011-03-20 03:40 . 2011-03-20 03:40 1079144 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\RICHED20.DLL
2011-03-19 22:59 . 2011-03-19 22:59 -------- d-----w- c:\program files\WMV9_VCM
2011-03-19 22:11 . 2011-03-19 22:11 -------- d-----w- c:\programdata\McAfee
2011-03-19 18:11 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-19 18:11 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-19 18:11 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 17:21 . 2010-01-21 18:56 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-07-06 17:52 . 2010-01-20 15:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-01-20 15:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 17:14 . 2010-01-20 14:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-12 21:10 . 2010-08-21 21:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-12 21:09 . 2010-08-21 21:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-19 18:01 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-10 21:27 . 2010-08-21 21:44 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-06 08:23 . 2010-01-21 19:38 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-06 08:23 . 2010-01-21 19:38 22328 ----a-w- c:\users\PC\AppData\Roaming\PnkBstrK.sys
2010-12-06 08:23 . 2010-01-21 19:38 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-06 08:22 . 2010-01-21 19:38 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-06-16 04:17 . 2011-06-30 01:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2010-04-22 1221024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-27 3077528]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-8-7 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-01 685816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GarenaPEngine;GarenaPEngine;c:\users\PC\AppData\Local\Temp\CGFDF27.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2006-07-04 53921]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-01-20 15424]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXLDAPOC
*Deregistered* - pxldapoc
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-24 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-03-24 15:50]
.
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 10:00]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 10:00]
.
2011-08-04 c:\windows\Tasks\Norton Security Scan for PC.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-01-19 02:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\1hgsqo3b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM-Run-nod32kui - c:\program files\Eset\nod32kui.exe
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-NOD32 - c:\program files\Eset\Setup\setup.exe
AddRemove-StarCraft II - c:\program files\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
AddRemove-{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 - c:\program files\Eset\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\PC\AppData\Local\Temp\CGFDF27.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:28,95,cd,3d,19,d5,3c,4f,7e,75,8b,13,7c,dd,ad,b3,96,7b,61,b8,93,ca,54,
55,3b,c3,73,fa,a9,8b,db,da,89,c5,8b,d9,d3,f5,2d,37,a2,60,14,c5,b6,d8,f9,c9,\
"??"=hex:2c,af,14,88,f5,44,be,89,2f,1b,f2,08,a7,16,17,9c
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\SecuROM\License information*]
"datasecu"=hex:0e,a8,a1,6b,6e,7a,6d,b0,9a,f1,fe,bd,15,49,57,56,55,9f,61,6d,a1,
1a,aa,79,3b,38,79,dc,b2,18,37,76,36,e7,ae,eb,04,b1,1b,15,66,e5,73,51,d0,a6,\
"rkeysecu"=hex:2e,40,7e,56,43,8a,3e,7b,e3,c0,9e,91,3c,21,73,6c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-25 00:43:07
ComboFix-quarantined-files.txt 2011-02-24 23:43
.
Pre-Run: 1 341 095 936 bytes free
Post-Run: 4 361 310 208 bytes free
.
- - End Of File - - 7A8F570B17C2A4A3155A55CFEB23B51C

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Gde je Gmer1 izvestaj?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo i Gmer 1 hvala na strpljenju.

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Start -> Control Panel -> Programs -> Programs and Features

Pronadji sledece aplikacije i deinstaliraj (naravno misljenja sam da ne koristis ove toolbar-ove i da su oni tu dosli tvojom nesmotrenom instalacijom aplikacija; NOD32 uklanjas jer je krekovana verzija i kasnije ces dobiti link-ove za skidanje AV-a):

Bing Bar
NOD32 antivirus system
NOD32 FiX
Norton Security Scan
Skype Toolbars
Yahoo! Toolbar
YouTube Downloader Toolbar v4.5


Nakon toga predji na sledeci korak.



Korak 2


Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
c:\program files\Application Updater
c:\users\PC\AppData\Local\GamePlayLabs Plugin
c:\program files\common files\spigot

File::
c:\windows\unrar.exe

Driver::
Application Updater

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
 @Denied: (Full) (Everyone)

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.









goran9888 (AMF Tim)