SIREFEF - računar se restartuje za minut

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li treba da isključim anti-virus programe?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kubeti ::Da li treba da isključim anti-virus programe?

Naravno, iskljuci ih. Izvini ako nisam bio jasan.
http://www.mycity.rs/MyCity-Laboratorija/Iskljucivanje-zastitnog-softvera.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 15 Avg 2012 15:48

Fajl je upload-ovan, pokrećem ComboFix.

Dopuna: 15 Avg 2012 15:56

ComboFix 12-08-14.05 - Sale 15.08.2012 15:50:09.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.4009.2454 [GMT 2:00]
Running from: c:\users\Sale\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 13:54 . 2012-08-15 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 11:49 . 2012-08-15 11:49 328704 ----a-w- c:\windows\system32\services.exe.85E45BF507E0BFA2
2012-08-15 11:31 . 2012-08-15 11:31 328704 ----a-w- c:\windows\system32\services.exe.C6F9167C8A289B5C
2012-08-15 11:22 . 2012-08-15 11:22 -------- d-----w- C:\_OTL
2012-08-15 10:26 . 2012-08-15 10:26 328704 ----a-w- c:\windows\system32\services.exe.016EA209B265727E
2012-08-15 00:01 . 2012-08-15 00:01 328704 ----a-w- c:\windows\system32\services.exe.A2B6C0DF908EF9F8
2012-08-14 23:09 . 2012-08-14 23:09 328704 ----a-w- c:\windows\system32\services.exe.6D27E6CDC187AD49
2012-08-14 23:01 . 2012-08-14 23:01 -------- d-----w- c:\users\Sale\AppData\Roaming\Malwarebytes
2012-08-14 23:01 . 2012-08-14 23:01 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 23:01 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 22:44 . 2012-08-14 22:44 328704 ----a-w- c:\windows\system32\services.exe.E2A63AC8E386D97F
2012-08-14 22:41 . 2012-08-14 22:41 328704 ----a-w- c:\windows\system32\services.exe.DCDD1248E5EF89EE
2012-08-14 22:37 . 2012-08-14 22:37 328704 ----a-w- c:\windows\system32\services.exe.7FA6A324391CC8AC
2012-08-14 22:34 . 2012-08-14 22:34 328704 ----a-w- c:\windows\system32\services.exe.FA9D80F22C939C2C
2012-08-14 22:32 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7E4696E-5C2A-477E-B8E6-1FC9EC86C981}\gapaengine.dll
2012-08-14 22:27 . 2012-08-14 22:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-14 22:27 . 2012-08-14 22:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-11 11:06 . 2012-08-11 11:07 -------- d-----w- c:\users\Sale\AppData\Roaming\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 13:47 . 2012-08-15 13:47 22 ----a-w- C:\quarantine.zip
2012-08-14 22:03 . 2012-04-05 10:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 22:03 . 2011-11-09 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 21:33 . 2011-11-06 20:41 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-01 14:15 . 2012-07-01 14:15 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-01 14:15 . 2011-11-10 19:18 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-17 22:21 . 2011-11-07 22:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-17 22:21 . 2011-11-07 21:30 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-17 22:21 . 2011-11-07 21:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-12 03:08 . 2012-07-10 21:36 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-04-06 02:10 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-04-06 02:21 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-03-10 02:53 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-04-06 02:13 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-03-10 02:38 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-04-06 01:11 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-04-06 01:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-03-10 02:14 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-04-06 01:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-04-06 01:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-09 05:43 . 2012-07-10 21:32 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:32 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:32 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:32 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:32 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-09 01:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-09 01:32 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-09 01:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 21:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 21:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-10 21:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-10 21:32 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 21:32 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 21:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 21:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 21:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 21:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_12.02.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 13:45 . 2012-08-15 13:45 13312 c:\windows\SysWOW64\drivers\vdmwntk1.sys
- 2009-07-14 04:54 . 2012-08-15 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-15 13:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-15 12:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 13:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 13:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-15 13:47 48724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-15 13:47 40090 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-05 22:46 . 2012-08-15 13:47 13332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2877674167-2366145874-1932723845-1000_UserData.bin
- 2011-11-06 14:21 . 2012-08-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-06 14:21 . 2012-08-15 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-15 12:05 . 2012-08-15 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-06 19:24 . 2012-08-15 13:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-06 19:24 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-06 19:24 . 2012-08-15 11:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-06 19:24 . 2012-08-15 13:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-06 19:24 . 2012-08-15 13:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-06 19:24 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-06 19:03 . 2012-08-15 13:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-06 19:03 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-06 19:03 . 2012-08-15 13:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-06 19:03 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-09 16:05 . 2012-08-15 12:11 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-08-15 13:45 . 2012-08-15 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 12:01 . 2012-08-15 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 12:01 . 2012-08-15 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 13:45 . 2012-08-15 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-08-14 23:14 621064 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-15 13:50 621064 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-14 23:14 108284 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-15 13:50 108284 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-14 22:14 385492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-15 13:45 385492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-06 09:54 . 2012-08-14 22:14 1232744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-06 09:54 . 2012-08-15 13:45 1232744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Akamai NetSession Interface"="c:\users\Sale\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-11-18 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="z:\programi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-05 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-05 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-11-06 31808]
R3 GGSAFERDriver;GGSAFER Driver;z:\programi\Garena Classic\safedrv.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-04 129976]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-11-05 79360]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-11 270912]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-11-05 15936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 GS In-Game Service;GS In-Game Service;z:\programi\GameTracker\GSInGameService.exe [2011-11-09 1677072]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;z:\igre\Hi-Rez Studios\HiPatchService.exe [2012-08-14 8704]
S2 hshld;Hotspot Shield Service;z:\programi\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
S2 HssWd;Hotspot Shield Monitoring Service;z:\programi\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
S2 MBAMService;MBAMService;z:\programi\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-01-22 124832]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-10-15 11576]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:03]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000Core.job
- c:\users\Sale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 19:26]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000UA.job
- c:\users\Sale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 19:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- z:\programi\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-11-26 437248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://smart-homepage.blogspot.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
IE: Download all links with IDM - z:\programi\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - z:\programi\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: bancaintesabeograd.com\online
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
FF - ProfilePath - c:\users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\4de730iu.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
Completion time: 2012-08-15 15:55:38
ComboFix-quarantined-files.txt 2012-08-15 13:55
ComboFix2.txt 2012-08-15 13:08
ComboFix3.txt 2012-08-15 12:05
.
Pre-Run: 451.707.195.392 bytes free
Post-Run: 451.400.798.208 bytes free
.
- - End Of File - - F3D43560F8FBABE5060EC7C63AB0C4BB

• 2Ovo se svidja korisnicima: ThePhilosopher, g[h]ost
  
  Registruj se da bi pohvalio/la poruku!

Opet nismo uspeli. Nemamo izbora nego da ovo resimo izvan Windows okruzenja. Imas li flesku ( flesh drive ility USB uredjaj?

Odradi ovo, vrlo je jednostavno.






Preuzmi FRST64 i sacuvaj ga na flash drive ( USB memorijski uredjaj )
Ubaci flash drive u inficiran racunar.

Potrebno je pokrenuti racunar iz recovery okruzenja ( System Recovery Options )



Restartuj racunar i pritiskaj dugme F8 dok se ne pojavi Advanced Options Menu ili Advanced Boot Options.

Izaberi Repair your computer.
Izaberi jezik (Language) a zatim klikni na Next
Unesi sifru (password) ukoliko je to potrebno i klikni na OK,
i trebao bi da se pojavi prozor kao na slici ...




Izaberi Command Prompt
Novi (crn) prozor ce se otvoriti.

Ukucaj notepad a potom pritisni Enter.
Otvorice se Notepad

Klikni File potom Open a zatimklikni na Computer.
Zapisi ili upamti slovo koje je dodeljeno tvom flash drive uredjaju.
Obicno je to slovo "e:" ali to nije uvek slucaj.
Zatvori Notepad.
Vrati se na Command Prompt (crn prozor)....

Upisi e:/frst64.exe i pritisni Enter (gde ces slovo e: zameniti sa onim slovom koje je dodeljeno tvom flash drive uredjaju.

Ukoliko je dodeljeno slovo "e" to bi izgledalo ovako:
e:\frst64.exe

FRST ce se pokrenuti.
Kada se alat pokrene, klikni Yes na pop-up prozor.
Pritisni Scan dugme.

Kada alat zavrsi skeniranje, napravice log FRST.txt i sacuvace ga na tvom flesh drive uredjaju..

Potom:

Ukucaj services.exe u polje Search: i potom klikni na Search File(s)
Kada FRST zavrsi, napravice na tvom flesh uredjaju novi log pod nazivom Search.txt
Zatvori Command Prompt ( crn prozor )
Podigni sistem u normal mode.

Okaci uz poruku FRST.txt i Search.txt koristeci opciju Prikaci fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Odrađeno.


Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 15-08-2012 16:45:49
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11660904 2010-11-29] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-03-19] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-03-19] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [439064 2012-03-19] (Intel Corporation)
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [5889816 2011-12-07] (Logitech Inc.)
HKLM\...\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [437248 2010-11-26] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-07-23] (Yuna Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "Z:\Programi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x]
HKU\Sale\...\Run: [Akamai NetSession Interface] "C:\Users\Sale\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKU\Sale\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Sale\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-11-18] (AMD)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-21] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation)
2 GS In-Game Service; C:\Programi\GameTracker\GSInGameService.exe [x]
2 HiPatchService; C:\Igre\Hi-Rez Studios\HiPatchService.exe [x]
2 hshld; C:\Programi\Hotspot Shield\bin\openvpnas.exe [x]
2 HssSrv; C:\Programi\Hotspot Shield\HssWPR\hsssrv.exe [x]
3 HssTrayService; C:\Programi\Hotspot Shield\bin\HssTrayService.EXE [x]
2 HssWd; C:\Programi\Hotspot Shield\bin\hsswd.exe -product HSS [x]
2 MBAMService; "C:\Programi\Malwarebytes' Anti-Malware\mbamservice.exe" [x]
2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]

========================== Drivers (Whitelisted) =============

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-11-11] (DT Soft Ltd)
3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [31808 2011-11-06] (FNet Co., Ltd.)
1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-11-05] (FNet Co., Ltd.)
3 LGSHidFilt; C:\Windows\System32\Drivers\LGSHidFilt.sys [66328 2011-10-24] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2011-08-18] (The OpenVPN Project)
1 vdmwntk1; C:\Windows\SysWow64\Drivers\vdmwntk1.sys [13312 2012-08-15] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 GGSAFERDriver; \??\Z:\Programi\Garena Classic\safedrv.sys [x]
3 massfilter; C:\Windows\System32\drivers\massfilter.sys [x]
3 MSICDSetup; \??\D:\CDriver64.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x]
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x]
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-15 05:55 - 2012-08-15 05:55 - 00027225 ____A C:\ComboFix.txt
2012-08-15 05:47 - 2012-08-15 05:47 - 00000022 ____A C:\quarantine.zip
2012-08-15 05:45 - 2012-08-15 05:45 - 00013312 ____A C:\Windows\SysWOW64\Drivers\vdmwntk1.sys
2012-08-15 05:40 - 2012-08-15 05:44 - 00000000 ____D C:\Users\Sale\Desktop\avz4
2012-08-15 04:13 - 2012-08-15 04:15 - 00003211 ____A C:\Users\Sale\Desktop\FSS.txt
2012-08-15 03:56 - 2012-08-15 05:55 - 00000000 ____D C:\Qoobox
2012-08-15 03:56 - 2012-08-15 04:04 - 00000000 ____D C:\Windows\erdnt
2012-08-15 03:56 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-15 03:56 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-15 03:56 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-15 03:56 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-15 03:56 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-15 03:56 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-15 03:56 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-15 03:56 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-15 03:49 - 2012-08-15 03:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E45BF507E0BFA2
2012-08-15 03:31 - 2012-08-15 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6F9167C8A289B5C
2012-08-15 03:22 - 2012-08-15 03:22 - 00693235 ____A (Farbar) C:\Users\Sale\Desktop\FSS.exe
2012-08-15 03:22 - 2012-08-15 03:22 - 00000000 ____D C:\_OTL
2012-08-15 03:21 - 2012-08-15 03:22 - 04731615 ____R (Swearware) C:\Users\Sale\Desktop\ComboFix.exe
2012-08-15 03:03 - 2012-08-15 03:03 - 00048698 ____A C:\Users\Sale\Desktop\Extras.Txt
2012-08-15 03:02 - 2012-08-15 03:02 - 00111352 ____A C:\Users\Sale\Desktop\OTL.Txt
2012-08-15 02:46 - 2012-08-15 02:46 - 00596992 ____A (OldTimer Tools) C:\Users\Sale\Desktop\OTL.exe
2012-08-15 02:26 - 2012-08-15 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.016EA209B265727E
2012-08-14 16:01 - 2012-08-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B6C0DF908EF9F8
2012-08-14 15:09 - 2012-08-14 15:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D27E6CDC187AD49
2012-08-14 15:01 - 2012-08-14 15:01 - 00000735 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-14 15:01 - 2012-08-14 15:01 - 00000000 ____D C:\Users\Sale\AppData\Roaming\Malwarebytes
2012-08-14 15:01 - 2012-08-14 15:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-14 15:01 - 2012-07-03 03:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-14 14:44 - 2012-08-14 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A63AC8E386D97F
2012-08-14 14:41 - 2012-08-14 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCDD1248E5EF89EE
2012-08-14 14:37 - 2012-08-14 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FA6A324391CC8AC
2012-08-14 14:34 - 2012-08-14 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA9D80F22C939C2C
2012-08-14 14:27 - 2012-08-14 14:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-14 14:27 - 2012-08-14 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-14 14:24 - 2012-08-14 14:24 - 00000449 ____A C:\Users\Sale\Desktop\Anki.lnk
2012-08-13 01:33 - 2012-08-13 01:33 - 00000000 ____D C:\Windows\pss
2012-08-13 01:22 - 2012-08-13 01:22 - 00000000 ____D C:\Users\Sale\AppData\Local\{C9191A28-8987-4A18-AEFE-BDB35DC51E0F}
2012-08-13 01:22 - 2012-08-13 01:22 - 00000000 ____D C:\Users\Sale\AppData\Local\{1400F531-80E1-4751-AEA6-E85543059ACE}
2012-08-12 04:53 - 2012-08-12 04:54 - 00000000 ____D C:\Users\Sale\AppData\Local\{BE3B26D3-40AD-46E6-AF17-01B7372C5579}
2012-08-12 04:53 - 2012-08-12 04:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{E99D94B6-622C-45C4-AEB6-7452EB8E3271}
2012-08-11 03:06 - 2012-08-11 03:07 - 00000000 ____D C:\Users\Sale\AppData\Roaming\Rovio
2012-08-11 00:50 - 2012-08-11 00:50 - 00000000 ____D C:\Users\Sale\AppData\Local\{BA7C3EE7-68D7-4339-8FAF-C5DD52DD320D}
2012-08-11 00:50 - 2012-08-11 00:50 - 00000000 ____D C:\Users\Sale\AppData\Local\{AD2122EB-33CE-4EBC-B04D-9131935C0B35}
2012-08-10 11:46 - 2012-08-10 11:46 - 00010248 ____A C:\Users\Sale\AppData\Roaming\fk1xxx.e2ts
2012-08-10 01:51 - 2012-08-10 01:52 - 00000000 ____D C:\Users\Sale\AppData\Local\{B113FA16-6E71-4FC9-A977-3A34BD80AF90}
2012-08-10 01:51 - 2012-08-10 01:51 - 00000000 ____D C:\Users\Sale\AppData\Local\{F5896851-2D41-47F4-B44B-69970F46A0BC}
2012-08-09 12:47 - 2012-08-09 12:48 - 00000000 ____D C:\Users\Sale\AppData\Local\{28517AF7-59FF-4B5B-977A-B8502C7151D9}
2012-08-09 12:47 - 2012-08-09 12:47 - 00000000 ____D C:\Users\Sale\AppData\Local\{06C754DC-B826-48CA-951C-897A2453106C}
2012-08-08 23:53 - 2012-08-08 23:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{61619334-180E-4A7B-95CF-9E8303F5C78B}
2012-08-08 23:52 - 2012-08-08 23:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{A2DDA684-6D1B-4472-B727-257B3A2F1568}
2012-08-08 08:12 - 2012-08-08 08:12 - 00000000 ____D C:\Users\Sale\AppData\Local\{FB3CDD3E-A28D-4B0D-968F-D04A7E778AE7}
2012-08-08 08:12 - 2012-08-08 08:12 - 00000000 ____D C:\Users\Sale\AppData\Local\{A1E3C9B3-1632-4310-9832-AE31D26EFCC1}
2012-08-07 03:35 - 2012-08-07 03:36 - 00000000 ____D C:\Users\Sale\AppData\Local\{D4BD4207-82AE-4E5B-9992-BEC07525E295}
2012-08-07 03:35 - 2012-08-07 03:35 - 00000000 ____D C:\Users\Sale\AppData\Local\{88742D9F-FCC8-4C4A-BAAE-72D896CBBC34}
2012-08-06 01:17 - 2012-08-06 01:17 - 00000000 ____D C:\Users\Sale\AppData\Local\{ED37C086-4BAC-423E-A438-0EA6BC354CB6}
2012-08-06 01:17 - 2012-08-06 01:17 - 00000000 ____D C:\Users\Sale\AppData\Local\{68F67403-EB54-4C60-A5CA-DA18F4A0D83C}
2012-08-05 02:59 - 2012-08-05 03:00 - 00000000 ____D C:\Users\Sale\AppData\Local\{E4D82356-AB90-4EDC-851B-381F5ECB699B}
2012-08-05 02:59 - 2012-08-05 02:59 - 00000000 ____D C:\Users\Sale\AppData\Local\{0794B8AE-04AF-4649-9EB2-660DFDCA6E3D}
2012-08-04 05:09 - 2012-08-04 05:09 - 00000000 ____D C:\Users\Sale\AppData\Local\{079BDBC7-2106-42F6-8300-5787686CB02B}
2012-08-04 05:08 - 2012-08-04 05:09 - 00000000 ____D C:\Users\Sale\AppData\Local\{7EE5DDAC-32A5-4ADF-9D73-6230273430E4}
2012-08-03 01:27 - 2012-08-03 01:27 - 00000000 ____D C:\Users\Sale\AppData\Local\{7EAC2451-9382-424F-B939-344F4DED8F58}
2012-08-01 13:25 - 2012-08-01 13:26 - 00000000 ____D C:\Users\Sale\AppData\Local\{37C2FD5C-FDEA-4A9A-A4E7-7032F79F358C}
2012-08-01 13:25 - 2012-08-01 13:25 - 00000000 ____D C:\Users\Sale\AppData\Local\{A58A19B0-39DF-481F-835E-1B4112FBDDC5}
2012-08-01 00:19 - 2012-08-01 00:19 - 00000000 ____D C:\Users\Sale\AppData\Local\{DFE3C234-B992-4929-80AC-A8D968E2D234}
2012-08-01 00:19 - 2012-08-01 00:19 - 00000000 ____D C:\Users\Sale\AppData\Local\{D7FCBCD1-6EBC-463F-9B2A-E9350FB771D5}
2012-07-31 05:11 - 2012-07-31 05:11 - 00000000 ____D C:\Users\Sale\AppData\Local\{B7F947AF-FAB6-4998-A07C-8FE9A580EFE5}
2012-07-31 05:11 - 2012-07-31 05:11 - 00000000 ____D C:\Users\Sale\AppData\Local\{5B96CAE0-E9F9-4C49-897E-4F10A007B842}
2012-07-30 07:14 - 2012-07-30 07:14 - 00000000 ____D C:\Users\Sale\AppData\Local\{F1318645-2F81-4462-95C8-F3309D78D5B1}
2012-07-30 07:14 - 2012-07-30 07:14 - 00000000 ____D C:\Users\Sale\AppData\Local\{036996E4-9C3E-4F57-B37D-3D906E6A3DEF}
2012-07-29 08:22 - 2012-07-29 08:23 - 00000000 ____D C:\Users\Sale\AppData\Local\{C244893A-AFC9-411D-B527-DA286D2AA5D7}
2012-07-29 08:22 - 2012-07-29 08:22 - 00000000 ____D C:\Users\Sale\AppData\Local\{A50FE037-2386-4D03-87E0-1551AB6B8E3F}
2012-07-29 00:38 - 2012-07-29 00:38 - 00000000 ____D C:\Users\Sale\AppData\Local\{BD577E8F-7EFE-410B-84BB-63E62F2C37E2}
2012-07-29 00:38 - 2012-07-29 00:38 - 00000000 ____D C:\Users\Sale\AppData\Local\{405FBE4E-53DB-439B-BB66-F0AD632C2A5D}
2012-07-28 02:45 - 2012-07-28 02:45 - 00000000 ____D C:\Users\Sale\AppData\Local\{E57894DB-1BAB-4B25-9B3A-2DBF672FDE52}
2012-07-28 02:44 - 2012-07-28 02:45 - 00000000 ____D C:\Users\Sale\AppData\Local\{DA677F56-AB0F-445F-B7F4-853B184F7542}
2012-07-27 01:15 - 2012-07-27 01:16 - 00000000 ____D C:\Users\Sale\AppData\Local\{1216EE95-8736-4E7C-AD8E-0CD4F9E8E9BF}
2012-07-27 01:15 - 2012-07-27 01:15 - 00000000 ____D C:\Users\Sale\AppData\Local\{253FD33E-A945-4D5C-B23D-7370AE12B753}
2012-07-26 11:05 - 2012-07-26 11:05 - 00000211 ____A C:\Users\Sale\Desktop\Orcs Must Die!.url
2012-07-26 01:04 - 2012-07-26 01:04 - 00000000 ____D C:\Users\Sale\AppData\Local\{6AC998B1-80FB-4D35-A46D-B29E92B27D35}
2012-07-26 01:04 - 2012-07-26 01:04 - 00000000 ____D C:\Users\Sale\AppData\Local\{55EF20E7-D719-4C75-98FD-9C9667A7CAAE}
2012-07-25 10:53 - 2012-07-25 10:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{2FC640AE-CF5E-45BA-A861-C2F4145DCEE4}
2012-07-25 10:53 - 2012-07-25 10:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{1897E543-4551-446E-8C96-B862A85A7DC2}
2012-07-25 08:33 - 2012-07-25 08:33 - 00000000 ____D C:\Users\Sale\AppData\Local\{20CDAC1D-BDA7-4877-B4F2-6EEF403900FB}
2012-07-24 11:28 - 2012-07-24 11:28 - 00000000 ____D C:\Users\Sale\AppData\Local\{DA70C41F-F6F4-435D-80C7-2231DDCA355B}
2012-07-24 11:28 - 2012-07-24 11:28 - 00000000 ____D C:\Users\Sale\AppData\Local\{C7485B8C-767D-45AB-BA49-B39342A17E56}
2012-07-23 21:54 - 2012-07-23 21:57 - 00401408 ____A C:\Users\Sale\Documents\Database1.accdb
2012-07-23 12:50 - 2012-07-23 12:50 - 00000000 ____D C:\Users\Sale\AppData\Local\{C4511C47-C7C2-4E94-A32D-22FB13E5A8FE}
2012-07-23 12:49 - 2012-07-23 12:50 - 00000000 ____D C:\Users\Sale\AppData\Local\{3ED83BA3-BDA0-4974-91E2-11B2CDE7278B}
2012-07-22 01:59 - 2012-07-22 01:59 - 00000000 ____D C:\Users\Sale\AppData\Local\{D2990F76-5C1E-4E38-8B85-CE02962F25EA}
2012-07-22 01:59 - 2012-07-22 01:59 - 00000000 ____D C:\Users\Sale\AppData\Local\{AECB2F73-911C-4787-90F9-439B6A9B17AE}
2012-07-20 22:37 - 2012-07-20 22:38 - 00000000 ____D C:\Users\Sale\AppData\Local\{90571F7D-D6CE-4C9F-A66F-8C2A3E09983C}
2012-07-20 22:37 - 2012-07-20 22:37 - 00000000 ____D C:\Users\Sale\AppData\Local\{A0F696E3-F4AE-4839-B63A-91518681649D}
2012-07-20 00:16 - 2012-07-20 00:16 - 00000000 ____D C:\Users\Sale\AppData\Local\{883DFC45-F66B-45DC-9730-148DDA1C9CEE}
2012-07-20 00:16 - 2012-07-20 00:16 - 00000000 ____D C:\Users\Sale\AppData\Local\{253C266E-E3DC-48D4-87AE-1707D0E4517E}
2012-07-19 09:01 - 2012-07-19 09:01 - 00000000 ____D C:\Users\Sale\AppData\Local\{E0C6DBD2-80E5-4DF9-9E15-4ECCAB57A440}
2012-07-19 09:01 - 2012-07-19 09:01 - 00000000 ____D C:\Users\Sale\AppData\Local\{6E69F925-57A6-405F-BA1E-11C3727BEDFD}
2012-07-18 03:53 - 2012-07-18 03:54 - 00000000 ____D C:\Users\Sale\AppData\Local\{DA8C2F10-6111-4F5E-A5FE-5BF9FD859C74}
2012-07-18 03:53 - 2012-07-18 03:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{084AFA08-EC9E-4A8A-A920-2E035E1968AC}
2012-07-17 01:23 - 2012-07-17 01:23 - 00000000 ____D C:\Users\Sale\AppData\Local\{B6BE086F-6566-4DBC-AE49-19D673D46E7E}
2012-07-17 01:23 - 2012-07-17 01:23 - 00000000 ____D C:\Users\Sale\AppData\Local\{319DE47D-1370-4780-BFF0-337E26B7F309}
2012-07-16 02:08 - 2012-07-16 02:08 - 00000000 ____D C:\Users\Sale\AppData\Local\{91FEC40B-782F-4170-B933-6305CB9E6285}
2012-07-16 02:08 - 2012-07-16 02:08 - 00000000 ____D C:\Users\Sale\AppData\Local\{100CDA82-F8E3-463E-BCCA-B1A83B8C8495}


============ 3 Months Modified Files ========================

2012-08-15 06:42 - 2010-11-20 19:47 - 00286858 ____A C:\Windows\PFRO.log
2012-08-15 06:41 - 2011-11-06 06:25 - 01069095 ____A C:\Windows\WindowsUpdate.log
2012-08-15 06:41 - 2009-07-13 21:13 - 00733710 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 06:39 - 2012-06-01 04:12 - 00000099 ____A C:\Users\Public\LMDebug.log
2012-08-15 06:03 - 2012-04-05 02:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-15 05:55 - 2012-08-15 05:55 - 00027225 ____A C:\ComboFix.txt
2012-08-15 05:54 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-15 05:53 - 2009-07-13 20:45 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 05:53 - 2009-07-13 20:45 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 05:50 - 2011-11-06 11:26 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000UA.job
2012-08-15 05:47 - 2012-08-15 05:47 - 00000022 ____A C:\quarantine.zip
2012-08-15 05:45 - 2012-08-15 05:45 - 00013312 ____A C:\Windows\SysWOW64\Drivers\vdmwntk1.sys
2012-08-15 05:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-15 05:45 - 2009-07-13 20:51 - 00115746 ____A C:\Windows\setupact.log
2012-08-15 04:15 - 2012-08-15 04:13 - 00003211 ____A C:\Users\Sale\Desktop\FSS.txt
2012-08-15 03:49 - 2012-08-15 03:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E45BF507E0BFA2
2012-08-15 03:31 - 2012-08-15 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6F9167C8A289B5C
2012-08-15 03:22 - 2012-08-15 03:22 - 00693235 ____A (Farbar) C:\Users\Sale\Desktop\FSS.exe
2012-08-15 03:22 - 2012-08-15 03:21 - 04731615 ____R (Swearware) C:\Users\Sale\Desktop\ComboFix.exe
2012-08-15 03:03 - 2012-08-15 03:03 - 00048698 ____A C:\Users\Sale\Desktop\Extras.Txt
2012-08-15 03:02 - 2012-08-15 03:02 - 00111352 ____A C:\Users\Sale\Desktop\OTL.Txt
2012-08-15 02:46 - 2012-08-15 02:46 - 00596992 ____A (OldTimer Tools) C:\Users\Sale\Desktop\OTL.exe
2012-08-15 02:26 - 2012-08-15 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.016EA209B265727E
2012-08-14 16:01 - 2012-08-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B6C0DF908EF9F8
2012-08-14 15:09 - 2012-08-14 15:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D27E6CDC187AD49
2012-08-14 15:01 - 2012-08-14 15:01 - 00000735 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-14 14:44 - 2012-08-14 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A63AC8E386D97F
2012-08-14 14:41 - 2012-08-14 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCDD1248E5EF89EE
2012-08-14 14:37 - 2012-08-14 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FA6A324391CC8AC
2012-08-14 14:34 - 2012-08-14 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA9D80F22C939C2C
2012-08-14 14:27 - 2011-11-10 10:23 - 00739112 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-14 14:27 - 2011-11-06 09:49 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-14 14:24 - 2012-08-14 14:24 - 00000449 ____A C:\Users\Sale\Desktop\Anki.lnk
2012-08-14 14:15 - 2012-02-07 15:59 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
2012-08-14 14:03 - 2012-04-05 02:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 14:03 - 2011-11-09 12:30 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-12 06:50 - 2011-11-06 11:26 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000Core.job
2012-08-10 11:46 - 2012-08-10 11:46 - 00010248 ____A C:\Users\Sale\AppData\Roaming\fk1xxx.e2ts
2012-07-26 11:05 - 2012-07-26 11:05 - 00000211 ____A C:\Users\Sale\Desktop\Orcs Must Die!.url
2012-07-23 21:57 - 2012-07-23 21:54 - 00401408 ____A C:\Users\Sale\Documents\Database1.accdb
2012-07-15 11:35 - 2011-11-30 09:18 - 00000565 ____A C:\Users\Sale\AppData\Roaming\myMPQ.ini
2012-07-14 05:33 - 2012-07-14 05:33 - 00000870 ____A C:\Users\Public\Desktop\End of Nations.lnk
2012-07-12 23:54 - 2012-07-12 23:54 - 00014848 __ASH C:\Users\Sale\Thumbs.db
2012-07-10 13:38 - 2009-07-13 20:45 - 00415992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 13:33 - 2011-11-06 12:41 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 02:27 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-03 03:46 - 2012-08-14 15:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 06:15 - 2012-07-01 06:15 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-07-01 06:15 - 2012-07-01 06:15 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-01 06:15 - 2012-07-01 06:15 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-01 06:15 - 2012-07-01 06:15 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-01 06:15 - 2011-11-10 11:18 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-27 09:15 - 2012-02-06 12:01 - 00000855 ____A C:\Users\Public\Desktop\Waterfox.lnk
2012-06-17 14:25 - 2012-06-17 14:25 - 00001895 ____A C:\Users\Sale\Desktop\MPC-HC.lnk
2012-06-17 14:21 - 2011-11-07 14:09 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-06-17 14:21 - 2011-11-07 13:30 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-06-17 14:21 - 2011-11-07 13:30 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-06-17 11:49 - 2012-06-17 11:49 - 00000210 ____A C:\Users\Sale\Desktop\Cogs.url
2012-06-11 19:08 - 2012-07-10 13:36 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-04-05 18:10 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2012-04-05 18:21 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2011-03-09 18:53 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-04-05 18:13 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2011-03-09 18:38 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-04-05 17:11 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:26 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-04-05 17:11 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2012-04-05 17:09 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:25 - 2011-03-09 18:14 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2012-04-05 17:09 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-11 03:50 - 2012-06-11 03:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-06-11 03:50 - 2012-06-11 03:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-06-11 03:50 - 2012-06-11 03:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-06-11 03:50 - 2012-06-11 03:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-06-11 03:50 - 2012-06-11 03:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-06-11 03:50 - 2012-06-11 03:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-06-11 03:49 - 2012-06-11 03:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-06-08 21:43 - 2012-07-10 13:32 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 13:32 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 13:32 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 13:32 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 13:32 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 13:32 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 13:32 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 13:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 12:22 - 2012-06-05 12:22 - 00002569 ____A C:\Users\Public\Desktop\Limundo Lister.lnk
2012-06-03 04:35 - 2012-06-03 04:35 - 00288518 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-06-03 04:35 - 2012-06-03 04:34 - 00291442 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-06-02 14:19 - 2012-06-08 17:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 17:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 17:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 17:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 17:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 17:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 17:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 07:08 - 2012-06-02 05:55 - 00000000 ____A C:\Users\All Users\LauncherAccess.dt
2012-06-02 07:04 - 2012-06-02 05:53 - 00012818 ____A C:\Windows\DPINST.LOG
2012-06-02 05:19 - 2012-06-08 17:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-08 17:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 02:37 - 2011-11-07 13:29 - 00170265 ____A C:\Windows\DirectX.log
2012-06-01 21:50 - 2012-07-10 13:32 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 13:32 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 13:32 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 13:32 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 13:32 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 13:32 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 13:32 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 13:32 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 13:32 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-27 16:43 - 2012-05-27 16:43 - 00000701 ____A C:\Users\Sale\Desktop\Format Factory.lnk


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4008.67 MB
Available physical RAM: 3375.52 MB
Total Pagefile: 4006.87 MB
Available Pagefile: 3364.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (System) (Fixed) (Total:472.29 GB) (Free:420.43 GB) NTFS
2 Drive e: (Data) (Fixed) (Total:459.12 GB) (Free:58.22 GB) NTFS
4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB
Disk 1 Online 1906 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 472 GB 101 MB
Partition 3 Primary 459 GB 472 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C System NTFS Partition 472 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Data NTFS Partition 459 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1906 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 1906 MB Healthy

==================================================================================

Last Boot: 2012-08-07 04:12

======================= End Of Log ==========================




mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dobro, idemo dalje.

Korak #1



Otvoriti Notepad i iskopirati sledeci tekst:



Start
2012-08-15 03:49 - 2012-08-15 03:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E45BF507E0BFA2
2012-08-15 03:31 - 2012-08-15 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6F9167C8A289B5C
2012-08-15 02:26 - 2012-08-15 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.016EA209B265727E
2012-08-14 16:01 - 2012-08-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B6C0DF908EF9F8
2012-08-14 15:09 - 2012-08-14 15:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D27E6CDC187AD49
2012-08-14 14:44 - 2012-08-14 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A63AC8E386D97F
2012-08-14 14:41 - 2012-08-14 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCDD1248E5EF89EE
2012-08-14 14:37 - 2012-08-14 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FA6A324391CC8AC
2012-08-14 14:34 - 2012-08-14 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA9D80F22C939C2C
2012-08-15 03:49 - 2012-08-15 03:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E45BF507E0BFA2
2012-08-15 03:31 - 2012-08-15 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6F9167C8A289B5C
2012-08-15 02:26 - 2012-08-15 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.016EA209B265727E
2012-08-14 16:01 - 2012-08-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B6C0DF908EF9F8
2012-08-14 15:09 - 2012-08-14 15:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D27E6CDC187AD49
2012-08-14 14:44 - 2012-08-14 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A63AC8E386D97F
2012-08-14 14:41 - 2012-08-14 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCDD1248E5EF89EE
2012-08-14 14:37 - 2012-08-14 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FA6A324391CC8AC
2012-08-14 14:34 - 2012-08-14 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA9D80F22C939C2C
end



Sacuvaj fajl (notepad) na flash drive kao fixlist.txt

Ponovo startuj System Recovery Options prateci isti postupak bas kao i prosli put.
Pokreni FRST i klikni na dugme Fix i pricekaj da program zavrsi.
Alat ce kreirati log na flash drive memorijskom uredjaju pod nazivom Fixlog.txt.
Restartuj racunar.
Kopiraj sadrzaj tog loga uz poruku.



-------------------------------------------

Korak #2


Ponovo pokreni Combofix i postavi mi svez Combofix.txt log

• 2Ovo se svidja korisnicima: magna86, TwinHeadedEagle
  
  Registruj se da bi pohvalio/la poruku!

Želim da ti zahvalim što odvajaš toliko vremena da mi pomogneš.


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 2012-08-15 17:15:59 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe.85E45BF507E0BFA2 moved successfully.
C:\Windows\System32\services.exe.C6F9167C8A289B5C moved successfully.
C:\Windows\System32\services.exe.016EA209B265727E moved successfully.
C:\Windows\System32\services.exe.A2B6C0DF908EF9F8 moved successfully.
C:\Windows\System32\services.exe.6D27E6CDC187AD49 moved successfully.
C:\Windows\System32\services.exe.E2A63AC8E386D97F moved successfully.
C:\Windows\System32\services.exe.DCDD1248E5EF89EE moved successfully.
C:\Windows\System32\services.exe.7FA6A324391CC8AC moved successfully.
C:\Windows\System32\services.exe.FA9D80F22C939C2C moved successfully.
C:\Windows\System32\services.exe.85E45BF507E0BFA2 not found.
C:\Windows\System32\services.exe.C6F9167C8A289B5C not found.
C:\Windows\System32\services.exe.016EA209B265727E not found.
C:\Windows\System32\services.exe.A2B6C0DF908EF9F8 not found.
C:\Windows\System32\services.exe.6D27E6CDC187AD49 not found.
C:\Windows\System32\services.exe.E2A63AC8E386D97F not found.
C:\Windows\System32\services.exe.DCDD1248E5EF89EE not found.
C:\Windows\System32\services.exe.7FA6A324391CC8AC not found.
C:\Windows\System32\services.exe.FA9D80F22C939C2C not found.

==== End of Fixlog ====



ComboFix 12-08-14.05 - Sale 15.08.2012 17:20:46.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.4009.2497 [GMT 2:00]
Running from: c:\users\Sale\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-16 00:45 . 2012-08-16 00:45 -------- d-----w- C:\FRST
2012-08-15 15:24 . 2012-08-15 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 11:22 . 2012-08-15 11:22 -------- d-----w- C:\_OTL
2012-08-14 23:01 . 2012-08-14 23:01 -------- d-----w- c:\users\Sale\AppData\Roaming\Malwarebytes
2012-08-14 23:01 . 2012-08-14 23:01 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 23:01 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 22:32 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7E4696E-5C2A-477E-B8E6-1FC9EC86C981}\gapaengine.dll
2012-08-14 22:27 . 2012-08-14 22:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-14 22:27 . 2012-08-14 22:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-11 11:06 . 2012-08-11 11:07 -------- d-----w- c:\users\Sale\AppData\Roaming\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 13:47 . 2012-08-15 13:47 22 ----a-w- C:\quarantine.zip
2012-08-14 22:03 . 2012-04-05 10:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 22:03 . 2011-11-09 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 21:33 . 2011-11-06 20:41 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-01 14:15 . 2012-07-01 14:15 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-01 14:15 . 2011-11-10 19:18 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-17 22:21 . 2011-11-07 22:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-17 22:21 . 2011-11-07 21:30 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-17 22:21 . 2011-11-07 21:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-12 03:08 . 2012-07-10 21:36 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-04-06 02:10 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-04-06 02:21 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-03-10 02:53 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-04-06 02:13 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-03-10 02:38 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-04-06 01:11 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-04-06 01:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-03-10 02:14 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-04-06 01:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-04-06 01:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-09 05:43 . 2012-07-10 21:32 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:32 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:32 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:32 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:32 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-09 01:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-09 01:32 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-09 01:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 21:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 21:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-10 21:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-10 21:32 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 21:32 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 21:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 21:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 21:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 21:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_12.02.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 13:45 . 2012-08-15 13:45 13312 c:\windows\SysWOW64\drivers\vdmwntk1.sys
- 2009-07-14 04:54 . 2012-08-15 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-15 15:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-15 12:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 15:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 15:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-15 15:19 48882 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-15 15:19 40138 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-05 22:46 . 2012-08-15 15:19 13332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2877674167-2366145874-1932723845-1000_UserData.bin
- 2011-11-06 14:21 . 2012-08-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-06 14:21 . 2012-08-15 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-15 12:05 . 2012-08-15 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-06 19:24 . 2012-08-15 15:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-06 19:24 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-06 19:24 . 2012-08-15 11:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-06 19:24 . 2012-08-15 15:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-06 19:24 . 2012-08-15 15:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-06 19:24 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-06 19:03 . 2012-08-15 15:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-06 19:03 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-06 19:03 . 2012-08-15 15:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-06 19:03 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-09 16:05 . 2012-08-15 12:11 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-08-15 15:16 . 2012-08-15 15:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 12:01 . 2012-08-15 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 12:01 . 2012-08-15 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 15:16 . 2012-08-15 15:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-08-14 23:14 621064 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-15 15:23 621064 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-14 23:14 108284 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-15 15:23 108284 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-14 22:14 385492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-15 15:14 385492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-06 09:54 . 2012-08-14 22:14 1232744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-06 09:54 . 2012-08-15 15:14 1232744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Akamai NetSession Interface"="c:\users\Sale\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-11-18 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="z:\programi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-05 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-05 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GGSAFERDriver;GGSAFER Driver;z:\programi\Garena Classic\safedrv.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-04 129976]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-11-05 79360]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-11 270912]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-11-05 15936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 GS In-Game Service;GS In-Game Service;z:\programi\GameTracker\GSInGameService.exe [2011-11-09 1677072]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;z:\igre\Hi-Rez Studios\HiPatchService.exe [2012-08-14 8704]
S2 hshld;Hotspot Shield Service;z:\programi\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
S2 HssWd;Hotspot Shield Monitoring Service;z:\programi\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
S2 MBAMService;MBAMService;z:\programi\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-01-22 124832]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-10-15 11576]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-11-06 31808]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:03]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000Core.job
- c:\users\Sale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 19:26]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000UA.job
- c:\users\Sale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 19:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- z:\programi\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-11-26 437248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://smart-homepage.blogspot.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
IE: Download all links with IDM - z:\programi\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - z:\programi\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: bancaintesabeograd.com\online
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
FF - ProfilePath - c:\users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\4de730iu.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
Completion time: 2012-08-15 17:26:14
ComboFix-quarantined-files.txt 2012-08-15 15:26
ComboFix2.txt 2012-08-15 13:55
ComboFix3.txt 2012-08-15 13:08
ComboFix4.txt 2012-08-15 12:05
.
Pre-Run: 451.372.224.512 bytes free
Post-Run: 451.301.515.264 bytes free
.
- - End Of File - - 360312072AF7B7663327250DD7CC4A5B

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U redu. Uklonili smo malware.
Logovi sada izgledaju cisto. Hajde sada da pokusamo popraviti ono sto je ZA poremetio.

U svojoj prvoj poruci dao sam ti link i uputstvo za koriscenje Farbar Service Scaner alata.
Pokreni ga ( iz normal windowsa ) i postavi mi svez FSS.txt log

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Farbar Service Scanner Version: 06-08-2012
Ran by Sale (administrator) on 15-08-2012 at 17:39:47
Running from "C:\Users\Sale\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Preuzmi ovaj file na Desktop. Pokreni ga dvoklikom i klikni na Yes/Ok. Restartuj racunar.
https://www.mycity.rs/must-login.png

Ponovo pokreni FSS i postavi mi svez FSS.txt log