Provera

1

Provera

offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1585
  • Gde živiš: Bogatić

Samo da proverim u kakvom je stanju


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by admin at 2:47:33 on 2013-02-04
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\admin\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uWindows: Load = c:\users\admin\locals~1\temp\msexcvvm.scr
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [F.lux] "c:\users\admin\local settings\apps\f.lux\flux.exe" /noshow
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoSecurityTab = dword:1
uPolicies-System: DisableChangePassword = dword:-1
uPolicies-System: DisableLockWorkStation = dword:-1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: novastor.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A336B012-CB35-48FA-A52C-C0A5F96D7BB1} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A336B012-CB35-48FA-A52C-C0A5F96D7BB1} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? CodeMeter.exe;CodeMeter Runtime Server
R? dmvsc;dmvsc
R? epmntdrv;epmntdrv
R? EuGdiDrv;EuGdiDrv
R? HTCAND32;HTC Device Driver
R? HTCMonitorService;HTCMonitorService
R? htcnprot;HTC NDIS Protocol Driver
R? PanService;PandoraService
R? PassThru Service;Internet Pass-Through Service
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter
R? s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver
R? s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface
R? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
R? SuperMounter;SuperMounter
R? SwitchBoard;SwitchBoard
R? Synth3dVsc;Synth3dVsc
R? terminpt;Microsoft Remote Desktop Input Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? tsusbhub;tsusbhub
R? Uim_Vim;UIM Virtual Image Plugin
R? VGPU;VGPU
R? VMUSBArbService;VMware USB Arbitration Service
S? !SASCORE;SAS Core Service
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Real-Time Protection
S? avgntflt;avgntflt
S? avkmgr;avkmgr
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? eusk2par;Aladdin SmartKey Parallel Driver
S? gzflt;gzflt
S? HssDRV6;Hotspot Shield Routing Driver 6
S? HWiNFO32;HWiNFO32/64 Kernel Driver
S? RTL8167;Realtek 8167 NT Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0
S? VIAHdAudAddService;VIA High Definition Audio Driver Service
S? vsock;vSockets Driver
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-02-04 01:40:35 -------- d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com
2013-02-04 01:40:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-04 01:40:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-04 01:39:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-04 01:39:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-04 01:18:52 -------- d-----w- c:\users\admin\appdata\roaming\Avira
2013-02-04 01:16:56 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-04 01:16:56 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-04 01:16:55 -------- d-----w- c:\program files\Avira
2013-02-04 00:59:27 -------- d-sh--w- C:\DrWeb Quarantine
2013-02-03 21:21:28 -------- d-----w- c:\program files\common files\Doctor Web
2013-02-03 21:21:04 -------- d-----w- c:\program files\DrWeb
2013-02-03 21:18:43 -------- d-----w- c:\programdata\Doctor Web
2013-02-02 22:31:36 -------- d-----w- c:\users\admin\appdata\roaming\Systweak
2013-02-02 22:31:32 18360 ----a-w- c:\windows\system32\roboot.exe
2013-02-02 21:40:03 -------- d-----w- c:\users\admin\appdata\local\SCE
2013-02-02 20:23:03 -------- d-----w- c:\users\admin\appdata\local\Deployment
2013-02-02 20:17:45 -------- d-----w- c:\programdata\APN
2013-02-02 20:07:51 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-28 00:24:39 -------- d-----w- c:\program files\PANDORA.TV
2013-01-27 23:32:56 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-27 23:32:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-01-27 12:08:59 -------- d-----w- c:\program files\FileHippo.com
2013-01-24 23:06:34 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X6
2013-01-22 20:33:23 -------- d-----w- C:\Temp
2013-01-22 19:14:57 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X5
2013-01-16 12:07:01 -------- d-----w- c:\users\admin\appdata\local\Mozilla
2013-01-16 11:30:31 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-15 19:42:35 -------- d-----w- c:\windows\system32\wbem\Logs
2013-01-11 17:59:39 55296 ----a-w- c:\windows\system32\cero.rs
2013-01-08 16:57:19 -------- d-----w- c:\programdata\Freemake
2013-01-08 00:06:01 22064 ----a-w- c:\windows\DCEBoot.exe
2013-01-07 23:10:51 -------- d-----w- c:\programdata\RealNetworks
.
==================== Find3M ====================
.
2013-02-02 23:43:57 181808 ----a-w- c:\windows\RegBootClean.exe
2013-02-02 20:07:33 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-02 20:07:33 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 16:30:59 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-16 16:30:59 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 22:32:40 0 ----a-w- c:\windows\system32\pbsvc.exe
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-17 00:22:42 21624 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-11 23:06:04 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 2:48:02.73 ===============



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10459
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata.
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata.
Ako nakon restarta dobijaš grešku prilikom startovanja nekih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to će riješiti problem.

offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1585
  • Gde živiš: Bogatić

Napisano: 04 Feb 2013 21:39

ComboFix 13-02-03.03 - admin 04-Feb-13 21:12:56.1.4 - x86
Running from: e:\downloads\ComboFix.exe
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1327697780.bdinstall.bin
c:\programdata\1328283219.bdinstall.bin
c:\programdata\1337356109.bdinstall.bin
c:\programdata\1338992049.4300.bin
c:\programdata\1338992049.4844.bin
c:\programdata\1338992049.5784.bin
c:\programdata\1338992049.6040.bin
c:\programdata\1339066710.bdinstall.bin
c:\programdata\1349733297.bdinstall.bin
c:\programdata\ntuser.dat
c:\users\admin\AppData\Roaming\UpdateDrv.exe
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
c:\windows\system32\command.pif
c:\windows\system32\flash_player.exe
c:\windows\system32\pbsvc.exe
c:\windows\system32\roboot.exe
c:\windows\system32\tmpC23C.tmp
c:\windows\system32\tmpC26C.tmp
c:\windows\system32\tmpC62C.tmp
c:\windows\system32\tmpC65C.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 )))))))))))))))))))))))))))))))
.
.
2013-02-04 20:19 . 2013-02-04 20:22 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-02-04 12:43 . 2013-02-04 12:43 -------- d-----w- c:\users\admin\AppData\Roaming\PDAppFlex
2013-02-04 01:40 . 2013-02-04 01:40 -------- d-----w- c:\users\admin\AppData\Roaming\SUPERAntiSpyware.com
2013-02-04 01:40 . 2013-02-04 01:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-04 01:40 . 2013-02-04 01:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-02-04 01:39 . 2013-02-04 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-04 01:39 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-04 01:18 . 2013-02-04 01:18 -------- d-----w- c:\users\admin\AppData\Roaming\Avira
2013-02-04 01:16 . 2013-02-04 01:15 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-04 01:16 . 2013-02-04 01:15 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-04 01:16 . 2013-02-04 01:15 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-04 01:16 . 2013-02-04 01:16 -------- d-----w- c:\program files\Avira
2013-02-04 00:59 . 2013-02-04 00:59 -------- d-sh--w- C:\DrWeb Quarantine
2013-02-03 21:21 . 2013-02-03 21:21 -------- d-----w- c:\program files\Common Files\Doctor Web
2013-02-03 21:21 . 2013-02-04 01:05 -------- d-----w- c:\program files\DrWeb
2013-02-03 21:18 . 2013-02-04 01:05 -------- d-----w- c:\programdata\Doctor Web
2013-02-02 22:31 . 2013-02-02 22:33 -------- d-----w- c:\users\admin\AppData\Roaming\Systweak
2013-02-02 21:40 . 2013-02-02 21:40 -------- d-----w- c:\users\admin\AppData\Local\SCE
2013-02-02 20:23 . 2013-02-02 20:23 -------- d-----w- c:\users\admin\AppData\Local\Deployment
2013-02-02 20:17 . 2013-02-02 20:17 -------- d-----w- c:\programdata\APN
2013-02-02 20:07 . 2013-02-02 20:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-28 00:24 . 2013-01-28 00:24 -------- d-----w- c:\program files\PANDORA.TV
2013-01-27 23:32 . 2013-01-27 23:32 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-27 23:32 . 2013-01-27 23:32 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-01-27 12:08 . 2013-01-27 12:09 -------- d-----w- c:\program files\FileHippo.com
2013-01-24 23:06 . 2013-02-03 23:41 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X6
2013-01-22 20:52 . 2013-01-22 20:52 -------- d-----w- c:\programdata\Local Settings
2013-01-22 20:33 . 2013-01-28 11:32 -------- d-----w- C:\Temp
2013-01-22 19:14 . 2013-01-22 19:16 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X5
2013-01-16 12:07 . 2013-01-16 12:13 -------- d-----w- c:\users\admin\AppData\Local\Mozilla
2013-01-15 19:42 . 2013-01-15 19:42 -------- d-----w- c:\windows\system32\wbem\Logs
2013-01-11 17:59 . 2012-12-07 12:26 308736 ----a-w- c:\windows\system32\Wpc.dll
2013-01-08 16:57 . 2013-01-08 16:57 -------- d-----w- c:\programdata\Freemake
2013-01-08 00:06 . 2013-01-08 00:09 22064 ----a-w- c:\windows\DCEBoot.exe
2013-01-07 23:10 . 2013-01-07 23:10 -------- d-----w- c:\programdata\RealNetworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 23:43 . 2012-11-02 22:24 181808 ----a-w- c:\windows\RegBootClean.exe
2013-02-02 20:07 . 2012-06-07 18:35 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-02 20:07 . 2011-08-21 17:27 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 16:30 . 2011-12-16 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-16 16:30 . 2011-12-16 19:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 14:13 . 2012-12-21 23:09 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 23:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-17 00:22 . 2012-11-17 00:22 21624 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2012-11-14 02:09 . 2012-12-12 20:18 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:18 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-11 23:06 . 2012-06-22 21:27 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-11-09 04:42 . 2012-12-12 13:08 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-06-29 09:18 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-06-29 09:18 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-06-29 09:18 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-06-29 09:18 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\admin\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-04 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= -1 (0xffffffff)
"DisableLockWorkStation"= -1 (0xffffffff)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]
backup=c:\windows\pss\NovaBACKUP Tray Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk]
backup=c:\windows\pss\fliptoast.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adguard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks App Player
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Lock
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fdgpaed
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileServe Manager Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDD Monitor 2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inBoss
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inParent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShield
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShieldTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_NT
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServeZip
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-09-20 05:27 444904 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-06-25 08:16 1073352 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-21 14:24 136176 ----atw- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-17 06:18 1417216 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShield Monitor]
2012-12-16 09:38 605184 ----a-w- c:\program files\MCShield\MCShieldRTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-10-02 19:28 3965288 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-10-02 19:29 108392 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-01 19:45 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-02-02 20:07 1075024 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-28 15:40 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 SuperMounter;SuperMounter; [x]
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [x]
R4 HTCMonitorService;HTCMonitorService;d:\programi\HTC\HSMServiceEntry.exe [x]
R4 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
BullGuard_Backup REG_MULTI_SZ BsBackup
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-07-01 12:10]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 14:24]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 14:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote
Trusted Zone: cleverreach.com\novastor
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A336B012-CB35-48FA-A52C-C0A5F96D7BB1}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-BsScanner
SafeBoot-DrWebEngine
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-Facebook Update - c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-PWRISOVM - (no file)
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
MSConfigStartUp-TrueImageMonitor - (no file)
MSConfigStartUp-UpdateMyDrivers - c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe
MSConfigStartUp-Xvid - c:\program files\Xvid\CheckUpdate.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d6,68,
77,82,e9,a5,3c,9d,e9,17,af,ad,b0,e5,ab
.
[HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:27,1f,5f,dd,6e,17,5d,0b,af,29,04,f4,50,1c,5d,b6,5a,31,dc,2a,90,44,64,
8e,73,d9,b3,de,a3,11,7a,ac,51,76,16,f3,b7,ee,ac,a2,d1,33,ed,9d,da,a6,4b,b0,\
"??"=hex:be,be,14,86,7f,95,87,82,c8,40,29,eb,e0,43,83,f5
.
[HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\SecuROM\License information*]
"datasecu"=hex:bc,c3,8a,6b,42,06,d1,98,fa,97,55,db,43,07,8a,1a,a7,cc,be,7c,b1,
66,e4,d6,b7,ac,90,73,d4,17,91,39,25,36,ec,23,ec,93,f0,1e,27,0e,5a,2c,dd,8f,\
"rkeysecu"=hex:ff,b3,4e,ca,1d,b9,59,8f,58,a9,e2,24,49,0a,69,da
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-02-04 21:25:21 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-04 20:25
.
Pre-Run: 169,761,435,648 bytes free
Post-Run: 169,333,284,864 bytes free
.
- - End Of File - - 1AE838F60DF7383D5C57A48C945CCD6B

Dopuna: 04 Feb 2013 21:40

Jel neka opasna infekcija?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10459
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Exclamation

Nisi ispravno ispratio uputstvo koje sam ti dao. ComboFix nije pokrenut sa Desktopa.




Arrow Korak 1

Imaš ostatke BitDefender programa. Preuzmi BitDefender Uninstall Tool sa sljedećeg linka:

http://www.bitdefender.com/files/KnowledgeBase/file/BD2013_Uninstall_Tool.exe

pokreni ga i klikni na Uninstall. Restartuj sistem ako ti on sam to ne zatraži.



Arrow Korak 2

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\Qoobox

i pošalji ga preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php


Javi kada to uradiš i sačekaj dalja uputstva.

offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1585
  • Gde živiš: Bogatić

Jel treba ponovo da pokrecem combofix?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10459
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ne.

offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1585
  • Gde živiš: Bogatić

Upload-ovo sam fajl koji si trazio.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10459
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pokušaj da pošalješ ovaj fajl preko linka kojeg sam ti dao u prethodnoj poruci:

C:\WINDOWS\System32\Drivers\acafh62p.SYS

offline
  • Pridružio: 24 Dec 2011
  • Poruke: 1585
  • Gde živiš: Bogatić

Nema tog fajla

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10459
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

ComboFix izvještaj ne pokazuje tragove aktivnog malware-a, ali taj izvještaj je malkice osakaćen.

Postavi mi svježe GMER izvještaje.

Ko je trenutno na forumu
 

Ukupno su 767 korisnika na forumu :: 41 registrovanih, 9 sakrivenih i 717 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Adalbert Meranich, antonic.igor2050, aramis s, Boris902, darionis, darkangel, darkstar101, djboj, Gama, ikan, ivica976, jovicanja, kaptain, Kožedub, Kubovac, matorigile, MB120mm, milijarder, moonshine, mrmr, panonski mornar2, pavle_pzs, pedja63, piston79, renoje2, Revolucion, rkekoke, Shomy, Sibin2, Skijavoneska, Srna, stringer bell, suton2, Toni, Trpe Grozni, Van, vlvl, voja64, Warhawk, |_MeD_|