MyCity » Ambulanta -> Arhiva Ambulante » Provera

Provera

Napisano na dan: 4.2.2013

Strana:
1
2

Provera

Sledeća strana

Pagination

Odgovori

Strana:
1
2

djolew Poslao: 04 Feb 2013 03:06 Idi na vrh
offline djolew Elitni građanin Pridružio: 24 Dec 2011 Poruke: 1628 Gde živiš: Novi Banovci	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Samo da proverim u kakvom je stanju DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2 Run by admin at 2:47:33 on 2013-02-04 . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\uTorrent\uTorrent.exe C:\Users\admin\Local Settings\Apps\F.lux\flux.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uWindows: Load = c:\users\admin\locals~1\temp\msexcvvm.scr BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [F.lux] "c:\users\admin\local settings\apps\f.lux\flux.exe" /noshow mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 uPolicies-Explorer: NoSecurityTab = dword:1 uPolicies-System: DisableChangePassword = dword:-1 uPolicies-System: DisableLockWorkStation = dword:-1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Se&nd to OneNote - <no file> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned> IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: %windir%\system32\vsocklib.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: google-analytics.com Trusted Zone: novastor.com Trusted Zone: novastor.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{A336B012-CB35-48FA-A52C-C0A5F96D7BB1} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{A336B012-CB35-48FA-A52C-C0A5F96D7BB1} : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? CodeMeter.exe;CodeMeter Runtime Server R? dmvsc;dmvsc R? epmntdrv;epmntdrv R? EuGdiDrv;EuGdiDrv R? HTCAND32;HTC Device Driver R? HTCMonitorService;HTCMonitorService R? htcnprot;HTC NDIS Protocol Driver R? PanService;PandoraService R? PassThru Service;Internet Pass-Through Service R? RdpVideoMiniport;Remote Desktop Video Miniport Driver R? s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter R? s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver R? s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface R? Stereo Service;NVIDIA Stereoscopic 3D Driver Service R? SuperMounter;SuperMounter R? SwitchBoard;SwitchBoard R? Synth3dVsc;Synth3dVsc R? terminpt;Microsoft Remote Desktop Input Driver R? TsUsbFlt;TsUsbFlt R? TsUsbGD;Remote Desktop Generic USB Device R? tsusbhub;tsusbhub R? Uim_Vim;UIM Virtual Image Plugin R? VGPU;VGPU R? VMUSBArbService;VMware USB Arbitration Service S? !SASCORE;SAS Core Service S? AntiVirSchedulerService;Avira Scheduler S? AntiVirService;Avira Real-Time Protection S? avgntflt;avgntflt S? avkmgr;avkmgr S? dtsoftbus01;DAEMON Tools Virtual Bus Driver S? eusk2par;Aladdin SmartKey Parallel Driver S? gzflt;gzflt S? HssDRV6;Hotspot Shield Routing Driver 6 S? HWiNFO32;HWiNFO32/64 Kernel Driver S? RTL8167;Realtek 8167 NT Driver S? SASDIFSV;SASDIFSV S? SASKUTIL;SASKUTIL S? stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0 S? VIAHdAudAddService;VIA High Definition Audio Driver Service S? vsock;vSockets Driver . =============== File Associations =============== . FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs6\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-02-04 01:40:35 -------- d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com 2013-02-04 01:40:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-02-04 01:40:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-02-04 01:39:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-04 01:39:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-04 01:18:52 -------- d-----w- c:\users\admin\appdata\roaming\Avira 2013-02-04 01:16:56 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-02-04 01:16:56 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-02-04 01:16:55 -------- d-----w- c:\program files\Avira 2013-02-04 00:59:27 -------- d-sh--w- C:\DrWeb Quarantine 2013-02-03 21:21:28 -------- d-----w- c:\program files\common files\Doctor Web 2013-02-03 21:21:04 -------- d-----w- c:\program files\DrWeb 2013-02-03 21:18:43 -------- d-----w- c:\programdata\Doctor Web 2013-02-02 22:31:36 -------- d-----w- c:\users\admin\appdata\roaming\Systweak 2013-02-02 22:31:32 18360 ----a-w- c:\windows\system32\roboot.exe 2013-02-02 21:40:03 -------- d-----w- c:\users\admin\appdata\local\SCE 2013-02-02 20:23:03 -------- d-----w- c:\users\admin\appdata\local\Deployment 2013-02-02 20:17:45 -------- d-----w- c:\programdata\APN 2013-02-02 20:07:51 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-28 00:24:39 -------- d-----w- c:\program files\PANDORA.TV 2013-01-27 23:32:56 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-01-27 23:32:33 -------- d-----w- c:\program files\DAEMON Tools Lite 2013-01-27 12:08:59 -------- d-----w- c:\program files\FileHippo.com 2013-01-24 23:06:34 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X6 2013-01-22 20:33:23 -------- d-----w- C:\Temp 2013-01-22 19:14:57 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X5 2013-01-16 12:07:01 -------- d-----w- c:\users\admin\appdata\local\Mozilla 2013-01-16 11:30:31 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-15 19:42:35 -------- d-----w- c:\windows\system32\wbem\Logs 2013-01-11 17:59:39 55296 ----a-w- c:\windows\system32\cero.rs 2013-01-08 16:57:19 -------- d-----w- c:\programdata\Freemake 2013-01-08 00:06:01 22064 ----a-w- c:\windows\DCEBoot.exe 2013-01-07 23:10:51 -------- d-----w- c:\programdata\RealNetworks . ==================== Find3M ==================== . 2013-02-02 23:43:57 181808 ----a-w- c:\windows\RegBootClean.exe 2013-02-02 20:07:33 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-02 20:07:33 780192 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-16 16:30:59 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-12-16 16:30:59 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe 2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll 2012-11-20 22:32:40 0 ----a-w- c:\windows\system32\pbsvc.exe 2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-17 00:22:42 21624 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-11 23:06:04 466008 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 2:48:02.73 =============== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 04 Feb 2013 20:59 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix; u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:provjeriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obilježeni tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku. Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata. Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata. Ako nakon restarta dobijaš grešku prilikom startovanja nekih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to će riješiti problem.

Profil

djolew Poslao: 04 Feb 2013 21:40 Idi na vrh
offline djolew Elitni građanin Pridružio: 24 Dec 2011 Poruke: 1628 Gde živiš: Novi Banovci	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 04 Feb 2013 21:39 ComboFix 13-02-03.03 - admin 04-Feb-13 21:12:56.1.4 - x86 Running from: e:\downloads\ComboFix.exe . ADS - system32: deleted 12 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1327697780.bdinstall.bin c:\programdata\1328283219.bdinstall.bin c:\programdata\1337356109.bdinstall.bin c:\programdata\1338992049.4300.bin c:\programdata\1338992049.4844.bin c:\programdata\1338992049.5784.bin c:\programdata\1338992049.6040.bin c:\programdata\1339066710.bdinstall.bin c:\programdata\1349733297.bdinstall.bin c:\programdata\ntuser.dat c:\users\admin\AppData\Roaming\UpdateDrv.exe c:\windows\RazorDOX c:\windows\RazorDOX\RazorDOX.dll c:\windows\RazorDOX\RazorDOX.ini c:\windows\system32\command.pif c:\windows\system32\flash_player.exe c:\windows\system32\pbsvc.exe c:\windows\system32\roboot.exe c:\windows\system32\tmpC23C.tmp c:\windows\system32\tmpC26C.tmp c:\windows\system32\tmpC62C.tmp c:\windows\system32\tmpC65C.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NEWDRIVER . . ((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 ))))))))))))))))))))))))))))))) . . 2013-02-04 20:19 . 2013-02-04 20:22 -------- d-----w- c:\users\admin\AppData\Local\temp 2013-02-04 12:43 . 2013-02-04 12:43 -------- d-----w- c:\users\admin\AppData\Roaming\PDAppFlex 2013-02-04 01:40 . 2013-02-04 01:40 -------- d-----w- c:\users\admin\AppData\Roaming\SUPERAntiSpyware.com 2013-02-04 01:40 . 2013-02-04 01:40 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-02-04 01:40 . 2013-02-04 01:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-02-04 01:39 . 2013-02-04 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-04 01:39 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-04 01:18 . 2013-02-04 01:18 -------- d-----w- c:\users\admin\AppData\Roaming\Avira 2013-02-04 01:16 . 2013-02-04 01:15 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-02-04 01:16 . 2013-02-04 01:15 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-02-04 01:16 . 2013-02-04 01:15 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-02-04 01:16 . 2013-02-04 01:16 -------- d-----w- c:\program files\Avira 2013-02-04 00:59 . 2013-02-04 00:59 -------- d-sh--w- C:\DrWeb Quarantine 2013-02-03 21:21 . 2013-02-03 21:21 -------- d-----w- c:\program files\Common Files\Doctor Web 2013-02-03 21:21 . 2013-02-04 01:05 -------- d-----w- c:\program files\DrWeb 2013-02-03 21:18 . 2013-02-04 01:05 -------- d-----w- c:\programdata\Doctor Web 2013-02-02 22:31 . 2013-02-02 22:33 -------- d-----w- c:\users\admin\AppData\Roaming\Systweak 2013-02-02 21:40 . 2013-02-02 21:40 -------- d-----w- c:\users\admin\AppData\Local\SCE 2013-02-02 20:23 . 2013-02-02 20:23 -------- d-----w- c:\users\admin\AppData\Local\Deployment 2013-02-02 20:17 . 2013-02-02 20:17 -------- d-----w- c:\programdata\APN 2013-02-02 20:07 . 2013-02-02 20:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-28 00:24 . 2013-01-28 00:24 -------- d-----w- c:\program files\PANDORA.TV 2013-01-27 23:32 . 2013-01-27 23:32 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-01-27 23:32 . 2013-01-27 23:32 -------- d-----w- c:\program files\DAEMON Tools Lite 2013-01-27 12:08 . 2013-01-27 12:09 -------- d-----w- c:\program files\FileHippo.com 2013-01-24 23:06 . 2013-02-03 23:41 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X6 2013-01-22 20:52 . 2013-01-22 20:52 -------- d-----w- c:\programdata\Local Settings 2013-01-22 20:33 . 2013-01-28 11:32 -------- d-----w- C:\Temp 2013-01-22 19:14 . 2013-01-22 19:16 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X5 2013-01-16 12:07 . 2013-01-16 12:13 -------- d-----w- c:\users\admin\AppData\Local\Mozilla 2013-01-15 19:42 . 2013-01-15 19:42 -------- d-----w- c:\windows\system32\wbem\Logs 2013-01-11 17:59 . 2012-12-07 12:26 308736 ----a-w- c:\windows\system32\Wpc.dll 2013-01-08 16:57 . 2013-01-08 16:57 -------- d-----w- c:\programdata\Freemake 2013-01-08 00:06 . 2013-01-08 00:09 22064 ----a-w- c:\windows\DCEBoot.exe 2013-01-07 23:10 . 2013-01-07 23:10 -------- d-----w- c:\programdata\RealNetworks . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-02 23:43 . 2012-11-02 22:24 181808 ----a-w- c:\windows\RegBootClean.exe 2013-02-02 20:07 . 2012-06-07 18:35 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-02 20:07 . 2011-08-21 17:27 780192 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-16 16:30 . 2011-12-16 19:21 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-12-16 16:30 . 2011-12-16 19:21 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-16 14:13 . 2012-12-21 23:09 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 23:09 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-11-17 00:22 . 2012-11-17 00:22 21624 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS 2012-11-14 02:09 . 2012-12-12 20:18 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58 . 2012-12-12 20:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 20:18 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49 . 2012-12-12 20:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 20:18 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44 . 2012-12-12 20:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-11 23:06 . 2012-06-22 21:27 466008 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-11-09 04:42 . 2012-12-12 13:08 2048 ----a-w- c:\windows\system32\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1] @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}" [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}] 2012-06-29 09:18 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2] @="{342DAA0B-D796-460D-8566-901E08A1CCAD}" [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}] 2012-06-29 09:18 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3] @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}" [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}] 2012-06-29 09:18 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4] @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}" [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}] 2012-06-29 09:18 240920 ------w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F.lux"="c:\users\admin\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-04 384800] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= -1 (0xffffffff) "DisableLockWorkStation"= -1 (0xffffffff) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSecurityTab"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk] backup=c:\windows\pss\NovaBACKUP Tray Control.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk] backup=c:\windows\pss\Facebook Messenger.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk] backup=c:\windows\pss\fliptoast.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adguard HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks App Player HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Lock HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fdgpaed HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileServe Manager Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDD Monitor 2 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inBoss HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inParent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShield HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShieldTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_NT HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServeZip HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-09-20 05:27 444904 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager] 2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2012-06-25 08:16 1073352 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com] 2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-08-21 14:24 136176 ----atw- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] 2009-06-17 06:18 1417216 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2010-06-09 18:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShield Monitor] 2012-12-16 09:38 605184 ----a-w- c:\program files\MCShield\MCShieldRTM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2012-10-02 19:28 3965288 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-10-02 19:29 108392 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-11-01 19:45 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2013-02-02 20:07 1075024 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2012-06-28 15:40 74752 ----a-w- c:\program files\Winamp\winampa.exe . R1 SuperMounter;SuperMounter; [x] R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [x] R4 HTCMonitorService;HTCMonitorService;d:\programi\HTC\HSMServiceEntry.exe [x] R4 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x] R4 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x] S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x] S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc BullGuard_Backup REG_MULTI_SZ BsBackup GPSvcGroup REG_MULTI_SZ GPSvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2013-02-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2012-07-01 12:10] . 2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000Core.job - c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 14:24] . 2013-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232926109-2270386077-2592286719-1000UA.job - c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 14:24] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Se&nd to OneNote Trusted Zone: cleverreach.com\novastor Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: google-analytics.com Trusted Zone: novastor.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A336B012-CB35-48FA-A52C-C0A5F96D7BB1}: NameServer = 8.26.56.26,156.154.70.22 . - - - - ORPHANS REMOVED - - - - . SafeBoot-BsScanner SafeBoot-DrWebEngine MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe MSConfigStartUp-Facebook Update - c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe MSConfigStartUp-PWRISOVM - (no file) MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe MSConfigStartUp-TrueImageMonitor - (no file) MSConfigStartUp-UpdateMyDrivers - c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe MSConfigStartUp-Xvid - c:\program files\Xvid\CheckUpdate.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42 "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d6,68, 77,82,e9,a5,3c,9d,e9,17,af,ad,b0,e5,ab . [HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:27,1f,5f,dd,6e,17,5d,0b,af,29,04,f4,50,1c,5d,b6,5a,31,dc,2a,90,44,64, 8e,73,d9,b3,de,a3,11,7a,ac,51,76,16,f3,b7,ee,ac,a2,d1,33,ed,9d,da,a6,4b,b0,\ "??"=hex:be,be,14,86,7f,95,87,82,c8,40,29,eb,e0,43,83,f5 . [HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\SecuROM\License information] "datasecu"=hex:bc,c3,8a,6b,42,06,d1,98,fa,97,55,db,43,07,8a,1a,a7,cc,be,7c,b1, 66,e4,d6,b7,ac,90,73,d4,17,91,39,25,36,ec,23,ec,93,f0,1e,27,0e,5a,2c,dd,8f,\ "rkeysecu"=hex:ff,b3,4e,ca,1d,b9,59,8f,58,a9,e2,24,49,0a,69,da . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\AUDIODG.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\taskhost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2013-02-04 21:25:21 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-04 20:25 . Pre-Run: 169,761,435,648 bytes free Post-Run: 169,333,284,864 bytes free . - - End Of File - - 1AE838F60DF7383D5C57A48C945CCD6B Dopuna: 04 Feb 2013 21:40 Jel neka opasna infekcija?

Profil

Sass Drake Poslao: 04 Feb 2013 22:56 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisi ispravno ispratio uputstvo koje sam ti dao. ComboFix nije pokrenut sa Desktopa. Korak 1 Imaš ostatke BitDefender programa. Preuzmi BitDefender Uninstall Tool sa sljedećeg linka: http://www.bitdefender.com/files/KnowledgeBase/file/BD2013_Uninstall_Tool.exe pokreni ga i klikni na Uninstall. Restartuj sistem ako ti on sam to ne zatraži. Korak 2 Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder: C:\Qoobox i pošalji ga preko sljedećeg linka: http://www.mycity.rs/ambulanta-upload.php Javi kada to uradiš i sačekaj dalja uputstva.

Profil

djolew Poslao: 04 Feb 2013 23:07 Idi na vrh
offline djolew Elitni građanin Pridružio: 24 Dec 2011 Poruke: 1628 Gde živiš: Novi Banovci	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel treba ponovo da pokrecem combofix?

Profil

Sass Drake Poslao: 04 Feb 2013 23:09 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne.

Profil

djolew Poslao: 04 Feb 2013 23:27 Idi na vrh
offline djolew Elitni građanin Pridružio: 24 Dec 2011 Poruke: 1628 Gde živiš: Novi Banovci	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-ovo sam fajl koji si trazio.

Profil

Sass Drake Poslao: 04 Feb 2013 23:55 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokušaj da pošalješ ovaj fajl preko linka kojeg sam ti dao u prethodnoj poruci: C:\WINDOWS\System32\Drivers\acafh62p.SYS

Profil

djolew Poslao: 05 Feb 2013 00:18 Idi na vrh
offline djolew Elitni građanin Pridružio: 24 Dec 2011 Poruke: 1628 Gde živiš: Novi Banovci	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema tog fajla

Profil

Sass Drake Poslao: 05 Feb 2013 00:51 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix izvještaj ne pokazuje tragove aktivnog malware-a, ali taj izvještaj je malkice osakaćen. Postavi mi svježe GMER izvještaje.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera

Ko je trenutno na forumu

Ukupno su 1213 korisnika na forumu :: 37 registrovanih, 11 sakrivenih i 1165 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, aramis s, Buzdovan, Denaya, Dimitrise93, DonRumataEstorski, dragoljub11987, Dukelander, FOX, Georgius, Istman, ivica976, Karla, kunktator, kybonacci, ladro, Milometer, Mixelotti, nemkea71, Pakito93, Petarvu, RJ, royst33, sasa76, Shinobi, Sirius, slonic_tonic, solic, Srle993, stegonosa, Tvrtko I, vathra, vukovi, wolverined4, zziko, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by