Isto Virus sa Fejsa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok uninstalirao sam sve sem noda jer ga nisam uspio naci , evo log od combofixa

ComboFix 11-08-19.01 - PC 25.02.2011 21:21:44.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.667 [GMT 1:00]
Running from: c:\users\PC\Downloads\ComboFix.exe
Command switches used :: c:\users\PC\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\AppData\Local\GamePlayLabs Plugin
c:\users\PC\AppData\Local\GamePlayLabs Plugin\BHO.dll
c:\users\PC\AppData\Local\GamePlayLabs Plugin\setup.ini
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
.
.
((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.
.
2011-08-05 06:13 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{943259E8-13DC-41D1-A022-1FD23EF87C4C}\mpengine.dll
2011-08-01 19:36 . 2011-08-01 19:36 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-01 19:35 . 2011-08-01 19:35 -------- d-----w- C:\COD 4
2011-07-30 16:23 . 2011-07-30 16:23 -------- d-----w- C:\SAN AANDREAS SD
2011-07-28 00:08 . 2011-08-05 17:14 -------- d-----w- c:\users\PC\riotsGamesLogs
2011-07-27 23:21 . 2011-07-27 23:21 -------- d-----w- c:\users\PC\AppData\Roaming\LolClient
2011-07-27 21:45 . 2011-07-27 21:46 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-27 21:40 . 2011-07-27 21:40 -------- d-----w- C:\Riot Games
2011-07-27 19:00 . 2011-02-25 16:18 -------- d-----w- c:\users\PC\AppData\Local\PMB Files
2011-07-27 19:00 . 2011-08-05 18:03 -------- d-----w- c:\programdata\PMB Files
2011-07-27 18:59 . 2011-07-27 18:59 -------- d-----w- c:\program files\Pando Networks
2011-07-27 08:02 . 2011-02-12 16:01 -------- d-----w- c:\program files\Common Files\InstallShield
2011-07-26 15:53 . 2011-08-04 15:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-23 17:11 . 2011-07-23 17:11 -------- d-----w- c:\program files\Rockstar Games
2011-07-12 09:17 . 2011-07-12 09:17 -------- d-----w- c:\users\PC\AppData\Local\SKIDROW
2011-07-12 07:58 . 2011-02-24 21:32 -------- d-----w- c:\program files\Steam
2011-06-30 01:07 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-30 01:07 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-30 01:07 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 07:21 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 07:21 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 07:21 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 07:21 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 07:21 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 07:21 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 07:21 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 07:21 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 07:21 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 07:21 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-24 17:26 . 2011-07-13 15:27 -------- d-----w- c:\programdata\YouTube Downloader
2011-06-18 18:13 . 2011-06-30 01:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 09:50 . 2011-02-22 20:15 -------- d-----w- c:\program files\StarCraft II
2011-06-16 22:06 . 2011-06-17 10:03 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-06-08 08:55 . 2011-06-09 12:24 -------- d-----w- c:\users\PC\AppData\Local\Windows Live Writer
2011-06-08 08:55 . 2011-06-08 08:55 -------- d-----w- c:\users\PC\AppData\Roaming\Windows Live Writer
2011-05-31 11:55 . 2011-05-31 11:55 -------- d-----w- c:\users\PC\AppData\Roaming\Mount&Blade
2011-05-29 10:04 . 2011-02-24 20:37 -------- d-----w- c:\users\PC\AppData\Roaming\go
2011-05-29 10:04 . 2011-02-24 21:32 -------- d-----w- c:\programdata\Easybits GO
2011-05-26 06:40 . 2011-05-26 06:40 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2011-05-26 06:13 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-05-26 06:12 . 2011-05-26 06:12 -------- d-----w- c:\users\PC\AppData\Local\Downloaded Installations
2011-05-25 06:28 . 2011-05-25 06:29 -------- d-----w- c:\users\PC\AppData\Roaming\Mount&Blade With Fire and Sword
2011-05-25 06:10 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-20 10:56 . 2011-05-20 10:56 0 ---ha-w- c:\users\PC\AppData\Local\BITD7AA.tmp
2011-05-20 10:52 . 2011-05-20 10:52 0 ---ha-w- c:\users\PC\AppData\Local\BIT6FD2.tmp
2011-05-14 06:15 . 2011-05-21 08:16 -------- d-----w- c:\users\PC\AppData\Local\NFS Underground 2
2011-05-13 19:11 . 2011-05-13 19:11 641536 ----a-w- c:\program files\Common Files\Microsoft Shared\VC\msdia80.dll
2011-05-13 18:48 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-13 18:48 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-13 18:48 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-13 18:48 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-13 18:48 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 17:12 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 17:12 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 17:12 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 17:12 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 17:12 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 17:12 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 17:12 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 17:12 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 17:12 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 17:12 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-08 05:35 . 2011-05-08 05:35 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-05-01 21:51 . 2011-05-01 21:51 -------- d-----w- c:\program files\Ventrilo
2011-04-30 10:37 . 2011-04-30 10:37 -------- d-----w- c:\program files\Microsoft XNA
2011-04-29 17:23 . 2011-05-29 08:12 -------- d-----w- c:\users\PC\AppData\Roaming\skypePM
2011-04-29 17:23 . 2011-02-21 07:26 -------- d-----w- c:\programdata\Skype Extras
2011-04-29 17:21 . 2011-02-24 21:33 -------- d-----w- c:\users\PC\AppData\Roaming\Skype
2011-04-29 17:21 . 2011-02-25 20:14 -------- d-----r- c:\program files\Skype
2011-04-29 17:21 . 2011-06-10 21:48 -------- d-----w- c:\programdata\Skype
2011-04-28 07:49 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 07:49 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-28 07:49 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-28 07:49 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-28 07:49 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-28 07:49 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-28 07:49 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-28 07:49 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-28 07:49 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-28 07:49 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-28 07:46 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 07:46 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-28 07:45 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-04-28 07:45 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-28 07:45 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-15 16:00 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 16:00 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 16:00 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 16:00 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 16:00 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 15:58 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 15:58 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 15:58 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 15:58 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 15:57 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-05 19:38 . 2011-04-05 19:38 -------- d-----w- c:\users\PC\AppData\Roaming\TeamViewer
2011-04-05 19:37 . 2011-04-05 19:37 -------- d-----w- c:\program files\TeamViewer
2011-04-05 19:24 . 2011-04-05 19:27 -------- d-----w- c:\users\PC\AppData\Roaming\vlc
2011-04-05 19:23 . 2011-04-05 19:23 -------- d-----w- c:\program files\VideoLAN
2011-03-25 12:18 . 2011-03-25 12:19 -------- d-----w- C:\31920b88f7e245475550
2011-03-24 17:13 . 2011-06-16 21:08 -------- d-----w- c:\users\PC\AppData\Roaming\uTorrent
2011-03-24 17:01 . 2011-03-24 17:28 -------- d-----w- c:\users\PC\AppData\Roaming\FinalTorrent
2011-03-24 16:58 . 2011-03-24 16:58 -------- d-----w- c:\program files\File Type Assistant
2011-03-24 16:58 . 2011-03-24 16:58 -------- d-----w- c:\program files\FinalTorrent
2011-03-24 16:56 . 2011-03-24 16:56 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-03-24 16:56 . 2011-03-24 16:56 -------- d-----w- c:\users\PC\AppData\Local\PackageAware
2011-03-24 16:53 . 2011-03-24 16:53 -------- d-----w- c:\program files\KwiClick LLC
2011-03-22 12:15 . 2011-03-22 12:15 -------- d-----w- c:\program files\id Software
2011-03-20 03:40 . 2011-03-20 03:40 1079144 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\RICHED20.DLL
2011-03-19 22:59 . 2011-03-19 22:59 -------- d-----w- c:\program files\WMV9_VCM
2011-03-19 22:11 . 2011-03-19 22:11 -------- d-----w- c:\programdata\McAfee
2011-03-19 18:11 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-19 18:11 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-19 18:11 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-19 18:11 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-19 18:11 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-19 18:11 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-02-25 20:29 . 2011-02-25 20:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-25 20:29 . 2011-02-25 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-24 14:38 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-24 12:26 . 2011-02-24 12:43 -------- d-----w- C:\EXTREME GTA
2011-02-23 12:13 . 2011-02-23 12:36 -------- d-----w- c:\users\PC\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2011-02-17 14:34 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 17:21 . 2010-01-21 18:56 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-07-06 17:52 . 2010-01-20 15:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-01-20 15:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 17:14 . 2010-01-20 14:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-12 21:10 . 2010-08-21 21:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-12 21:09 . 2010-08-21 21:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-19 18:01 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-10 21:27 . 2010-08-21 21:44 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-06 08:23 . 2010-01-21 19:38 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-06 08:23 . 2010-01-21 19:38 22328 ----a-w- c:\users\PC\AppData\Roaming\PnkBstrK.sys
2010-12-06 08:23 . 2010-01-21 19:38 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-06 08:22 . 2010-01-21 19:38 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-06-16 04:17 . 2011-06-30 01:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2010-04-22 1221024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-27 3077528]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-8-7 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-01 685816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 GarenaPEngine;GarenaPEngine;c:\users\PC\AppData\Local\Temp\CGFDF27.tmp [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2006-07-04 53921]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2010-01-20 15424]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXLDAPOC
*Deregistered* - pxldapoc
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-24 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-03-24 15:50]
.
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 10:00]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 10:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\1hgsqo3b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\PC\AppData\Local\Temp\CGFDF27.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:28,95,cd,3d,19,d5,3c,4f,7e,75,8b,13,7c,dd,ad,b3,96,7b,61,b8,93,ca,54,
55,3b,c3,73,fa,a9,8b,db,da,89,c5,8b,d9,d3,f5,2d,37,a2,60,14,c5,b6,d8,f9,c9,\
"??"=hex:2c,af,14,88,f5,44,be,89,2f,1b,f2,08,a7,16,17,9c
.
[HKEY_USERS\S-1-5-21-1932136851-1967423538-2013956227-1000\Software\SecuROM\License information*]
"datasecu"=hex:0e,a8,a1,6b,6e,7a,6d,b0,9a,f1,fe,bd,15,49,57,56,55,9f,61,6d,a1,
1a,aa,79,3b,38,79,dc,b2,18,37,76,36,e7,ae,eb,04,b1,1b,15,66,e5,73,51,d0,a6,\
"rkeysecu"=hex:2e,40,7e,56,43,8a,3e,7b,e3,c0,9e,91,3c,21,73,6c
.
Completion time: 2011-02-25 21:31:27
ComboFix-quarantined-files.txt 2011-02-25 20:31
ComboFix2.txt 2011-02-24 23:43
.
Pre-Run: 4 506 062 848 bytes free
Post-Run: 4 444 684 288 bytes free
.
- - End Of File - - EFCD7EAC0CA8E642A91D6051458DFD8D

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1


Detaljno isprati postupak za uklanjanje ostatak NOD32 Anti-Virusa sa sistema: http://kb.eset.com/esetkb/index?page=content&id=SOLN2289

Potrebno je da skines ESET Uninstaller, restartujes sistem u Safe mode i odatle pokrenes alat.



Nakon toga je potrebno da instaliras Anti-Virus na sistemu. Moj predlog ti je da koristis besplatan Anti-Virus ukoliko nemas licencu za komercijalnu verziju AV-a. Besplatni Anti-Virusi su: Avast, Avira, AVG, Panda Cloud, MSE, itd ... Odluci se za jedan.

Tema koja ti moze biti od pomoci je: Izbor besplatnog antivirusa



Korak 2


Upload-uj mi putem ovog LINK-a sledeci fajl:

C:\WINDOWS\system32\drivers\sywwvf.sys




Korak 3


Pokreni Malwarebytes AntiMalware koji imas instaliran, update-uj ga i izvrsi Brzo skeniranje (Quick Scan). Ukloni sve stavke koje bude pronasao. Dobijeni izvestaj okaci u sledecoj poruci da pogledam.











goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu da uradim korak 2, jer taj fajl ne postoji u databazi, korak 3 nisam ni radio. Sta sad ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

- Postavi mi svez GMER1 i GMER2 izvestaj da pogledam;

- Uradi Korak 3 iz moje prethodne poruke i postavi mi MBAM izvestaj.







Kakvo je sada stanje sistema?









goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo gmer
mycity.rs/must-login.png

mycity.rs/must-login.png

kako da dobijem mbam (koji korak u mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html je ??? ) dal je to DDS i attach ?


i primetio sam da mi avast primetno usporava rad pc-ja , moze li se to promeniti ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Malicious ::kako da dobijem mbam (koji korak u http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html je ??? ) dal je to DDS i attach ?


Mislio sam da pokrenes program Malwarebytes Anti Malware (MBAM), update-ujes ga i izvrsis skeniranje. Ti taj program imas instaliran na sistemu (ako ga nisi u medjuvremenu obrisao).


U svakom slucaju, isprati ovo uputstvo ...


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).




Citat:i primetio sam da mi avast primetno usporava rad pc-ja , moze li se to promeniti ?


Moze. Ali to cemo morati da resavamo u drugom potforumu. Npr ovde: http://www.mycity.rs/Antivirus-programi/
Konkretno, ne znam do cega moze biti problem; verovatno iskljucivanjem jednog po jednog modula mozes videti koji pravi problem, no u svakom slucaju ja bih, da sam na tvom mestu, deinstalirao doticni AV i presao na drugi. U svakom slucaju, na tebi je da odlucis sta ces.









goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 21 Avg 2011 20:44

evo i log


Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org

Database version: 7528

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.08.2011 20:04:25
mbam-log-2011-08-21 (20-04-25).txt

Scan type: Quick scan
Objects scanned: 166925
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dopuna: 21 Avg 2011 20:45

Samo ako mogu dobiti link za temu o zastiti najboljoj anti spyware i av , hvala

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Malicious ::Samo ako mogu dobiti link za temu o zastiti najboljoj anti spyware i av , hvala


Ne postoji najbolji AS ili AV ili FW. Svaki update-ovan AV je dobar. Bilo koju zastitu da instaliras na sistem, postoji mogucnost da se zarazis. No, tu je onda problem do tebe i tvojih navika na internetu i uopste koriscenju racunara. U svakom slucaju, nemoj da klikces na sve sto ti izadje na nekoj stranici, posecuj proverene/poznate sajtove, nemoj juriti po svaku cenu krekove, patcheve, keygen-ove na warezz i torrent sajtovima itd itd i neces imati problema sa malware-om.
Takodje, nema potrebe nagomilavati zastitu. Jedan AV, jedan FW (mada i Windows-ov je dovoljan) i MCShield (dobices objasnjenje u nastavku ove poruke o ovom programu) su solidna zastita.


Ako imas problem sa Avast-om, predji na Aviru (ili AVG, Panda Cloud, MSE, itd).
Ukoliko ne mozes da se odlucis koji ces zastitu staviti na sistem onda otvori temu i pitaj ovde: http://www.mycity.rs/Zastita/







S'obzirom da mi nisi napisao kako ti sistem sada radi, pretpostavljam da je sve u redu. Izvestaje koje si postavio izgledaju cisto tj. ne pokazuju znakove aktivnog malware-a na sistemu.



Isprati sledece uputstva ...






Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.








Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.
Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.







---------------------------------------------



- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html

- Koristis Adobe Reader 9.4.1 koji je stara a ujedno i kriticna verzija ovog PDF citaca zbog propusta u sigurnosti. Svakako ti je moj predlog da instaliras najnoviju verziju (Reader X(10.1.0)) ili predjes na alternativu tipa Foxit Reader, Nitro PDF Reader, itd ...;

- Poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. U svakom slucaju, bilo koji dodatak da je stare verzije, bilo bi pozeljno nadograditi ga na najnoviju. Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html







To bi bilo to.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve uradjeno sve radi , hvala vam . Skidam Kaspersky, jer mi avast non stop izbacuje upozrenja bez znacajnijeg razloga itd itd . Ima tema na ovome sajtu da provjerim koliko su mi Aplikacije (Msm da se to tako kaze) up to date (ono java adobe flash i to) ali meni firefox blokira fajl koji treba da skinem , da li da to odblokiram ? Hvala mnogo i izv sto je malo off topic

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Avast izbacuje upozorenje bez znacajnog razloga? Na sta konkretno mislis?

Kaspersky nije besplatan AV. Mozes ga koristiti 30 dana u probnom periodu. Nakon toga moras kupiti licencu. Koriscenje nelegalnih licenci koje moras traziti na raznoraznim sumnjivim sajtovima nije resenje.


Citat:Ima tema na ovome sajtu da provjerim koliko su mi Aplikacije (Msm da se to tako kaze) up to date (ono java adobe flash i to) ali meni firefox blokira fajl koji treba da skinem , da li da to odblokiram ?


Naravno.
Napisah vec da sve plugins-e trebas update-ovati.







goran9888 (AMF Tim)