Trojan horse virusi

1

Trojan horse virusi

offline
  • Pridružio: 19 Mar 2013
  • Poruke: 8

Skinula sam ovo: hxxps://www.facebook.com/l.php?u=http%3A%2F%2Ftiny.cc%2Ffacebook_camera&h=NAQHm3nrJ Imam AVG, juče sam skenirala ceo komp i izašlo mi je da imam "2 potenitally dangerous threats". Zovu se:
Trojan horse Downloader.Generic13.AKXG - C:\Winows\System32\msiexec.exe (3876)
Trojan horse Downloader.Generic13.AKXG - C:\Winows\System32\svchost.exe (4300)
Ispod "2 potenitally dangerous threats" piše "All were removed. You are now safe again." I kod ovih virusa piše da je rezultat "secured". Ali svaki put kad skeniram opet mi se sve to pojavljuje. Ja bih htela skroz da ih uklonim, ali ne može.
Juče i danas mi sporo radi internet.

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.17256 BrowserJavaVersion: 10.5.1
Run by User at 14:37:59 on 2013-03-19
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2047.407 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\Explorer.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uProxyServer = socks=
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.0\ytdToolbarIE.dll
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files\claro ltd\claro\1.8.3.10\bh\claro.dll
BHO: BFlix Class: {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - c:\program files\idm\quickfind\plugins\IEHelp.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.0\ytdToolbarIE.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - c:\program files\claro ltd\claro\1.8.3.10\claroTlbr.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\7.0\ytdToolbarIE.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [FocoLink] "c:\program files\youtubedownloader.org\youtubedownloader\Foco.exe"
uRun: [NTServiceManager] c:\program files\youtubedownloader.org\youtubedownloader\NTServiceManager.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe photoshop cs5\adobe photoshop cs5.1\adobe bridge cs5.1\Bridge.exe" -stealth
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe" /md I
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\user\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\user\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{1F487917-E325-4C45-9556-7E6FB23FB4FA} : DHCPNameServer = 89.216.1.40 89.216.1.50
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\bj0tvn5j.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=117452&tt=4712_8&babsrc=KW_ss&mntrId=ac23c2db000000000000001167ab0c26&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-31 15:45; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-02-05 16:38; captiondownloader@hiephm.com; c:\users\user\appdata\roaming\mozilla\firefox\profiles\bj0tvn5j.default\extensions\captiondownloader@hiephm.com.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 1dbaa1c8-a17e-4f44-beba-a635eff3e5d0
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - ac23c2db000000000000001167ab0c26
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15667
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1020:58:14
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - irhnew
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-29 33112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2012-2-16 43112]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-26 176128]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-2-23 805752]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\drivers\InputFilter_FlexDef2b.sys [2010-6-18 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\chrome.exe="c:\program files\google\chrome\application\chrome.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-18 21:36:35 -------- d-----w- c:\users\user\appdata\local\Programs
2013-03-18 21:07:57 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2013-03-18 21:07:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-03-18 21:07:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-03-17 14:59:04 -------- d-----w- c:\users\user\appdata\roaming\Update
2013-03-15 17:47:53 -------- d-----w- c:\users\user\appdata\local\{230187DD-60C8-4CF3-82B2-0A9E12F7D95B}
2013-03-13 19:28:17 -------- d-----w- c:\users\user\appdata\local\{84AEDACE-A656-4090-B823-D6A85E4EEBDC}
2013-03-10 19:45:38 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-03-10 18:43:19 -------- d-----w- c:\users\user\appdata\local\{85E88E61-3143-46D5-9E28-D5D38753C500}
2013-03-09 16:30:57 -------- d-----w- c:\users\user\appdata\local\{56110095-952E-4817-ACA6-07F01EE07023}
2013-03-08 20:22:22 -------- d-----w- c:\users\user\appdata\local\{BDE9E633-E019-4B38-8A53-59568CF28B40}
2013-03-07 16:45:09 -------- d-----w- c:\program files\YTD Toolbar
2013-03-07 16:45:09 -------- d-----w- c:\program files\Application Updater
2013-03-03 14:05:12 -------- d-----w- c:\users\user\appdata\local\{C4DC9550-0460-475B-BAB7-9557D05E572B}
2013-02-28 14:30:19 -------- d-----w- c:\users\user\appdata\local\{CC8399D8-734E-4660-9564-EFE7DD861140}
2013-02-21 15:46:28 -------- d-----w- c:\users\user\appdata\local\{C347F6B3-921F-4629-9D7D-2BE451AE1391}
2013-02-19 14:20:25 -------- d-----w- c:\users\user\appdata\local\Badger I.T
.
==================== Find3M ====================
.
2013-03-12 20:08:17 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 20:08:16 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-28 16:16:46 981504 ----a-w- c:\windows\system32\wininet.dll
2013-02-28 16:16:10 44544 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-28 14:51:56 386048 ----a-w- c:\windows\system32\html.iec
2013-02-28 13:26:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-18 20:26:30 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-07 14:11:03 751141 ----a-w- c:\windows\unins000.exe
2013-01-10 19:50:43 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-10 19:50:42 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-10 19:50:42 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 05:02:17 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:02:17 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 20:18:51 0 ----a-w- c:\windows\system32\REN6B9B.tmp
2013-01-04 20:18:51 0 ----a-w- c:\windows\system32\REN6B9A.tmp
2013-01-04 04:55:21 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 04:55:09 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 04:50:40 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:46:33 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 03:00:30 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:59:29 271360 ----a-w- c:\windows\system32\conhost.exe
2013-01-04 02:43:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-22 17:28:52 0 ----a-w- c:\windows\system32\RENFC11.tmp
2012-12-22 17:28:52 0 ----a-w- c:\windows\system32\RENFC10.tmp
.
============= FINISH: 14:39:01,66 ===============

mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png

Hvala unapred! Smile

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav


U toku rešavanja slučaja, molio bih te da se pridržavas sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
Obavezno prijavi ukoliko neka od predloženih procedura nije protekla kako je navedeno;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Uvek kopiraj ceo izveštaj u poruku, bez da ga attach-uješ, ukoliko nije tako zatraženo;
Ukoliko ne odgovorim u roku od 24h, osveži temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 19 Mar 2013
  • Poruke: 8

Pokrenula sam ComboFix, radio je, ali ništa se nije desilo na kraju, samo se isključio.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Da li je izbacio neko obavestenje ili se tek tako iskljucio? Da li si iskljucila antivirus pre nego sto si ga pokrenula?

offline
  • Pridružio: 19 Mar 2013
  • Poruke: 8

Jesam isključila, pratila sam sva uputstva, i nije ništa pisalo, samo se isključio.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Napisano: 19 Mar 2013 22:44

:arrow: Obriši staru ikonicu ComboFix-a i preuzmi novu sa sledece adrese na Desktop

ComboFix

Zatim klikni na Start --> Run , a zatim kopiraj pažljivo sledeci tekst

"%userprofile%\Desktop\ComboFix.exe" /KillAll /NoMBR

Pritisni OK i ComboFix ce zapoceti sa skeniranjem.

Dopuna: 19 Mar 2013 22:52

Pre pokretanja, iskljuci AVG...

offline
  • Pridružio: 19 Mar 2013
  • Poruke: 8

Skinula sam i sam je počeo da radi, nisam morala to da kopiram.


ComboFix 13-03-19.01 - User 19.03.2013 22:52:09.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2047.1351 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dxacao.exe
c:\programdata\dxikkkz.exe
c:\programdata\dxuhvch.exe
c:\programdata\dxxavhsdy.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\programdata\ScanQuery
c:\users\User\AppData\Roaming\ShopperReports3
c:\users\User\AppData\Roaming\Update\chp.exe
c:\users\User\AppData\Roaming\Update\scvhosts.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 21:58 . 2013-03-19 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-18 21:36 . 2013-03-18 21:36 -------- d-----w- c:\users\User\AppData\Local\Programs
2013-03-17 14:59 . 2013-03-19 21:58 -------- d-----w- c:\users\User\AppData\Roaming\Update
2013-03-07 16:45 . 2013-03-07 16:45 -------- d-----w- c:\program files\Application Updater
2013-03-07 16:45 . 2013-03-07 16:45 -------- d-----w- c:\program files\YTD Toolbar
2013-02-19 14:20 . 2013-02-19 14:20 -------- d-----w- c:\users\User\AppData\Local\Badger I.T
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 20:08 . 2012-08-03 12:06 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 20:08 . 2012-08-03 12:06 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 20:26 . 2012-08-29 13:24 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-07 14:11 . 2013-02-07 14:15 751141 ----a-w- c:\windows\unins000.exe
2013-01-10 19:50 . 2013-01-04 20:19 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-10 19:50 . 2012-08-12 18:28 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-10 19:50 . 2012-01-10 20:09 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 05:02 . 2013-02-13 13:41 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-13 13:41 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 20:18 . 2013-01-04 20:18 0 ----a-w- c:\windows\system32\REN6B9B.tmp
2013-01-04 20:18 . 2013-01-04 20:18 0 ----a-w- c:\windows\system32\REN6B9A.tmp
2013-01-04 04:55 . 2013-02-13 13:41 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 04:55 . 2013-02-13 13:41 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 04:50 . 2013-02-13 13:41 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:46 . 2013-02-13 13:41 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 04:43 . 2013-02-13 13:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 03:00 . 2013-02-13 13:42 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:59 . 2013-02-13 13:41 271360 ----a-w- c:\windows\system32\conhost.exe
2013-01-04 02:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-22 17:28 . 2012-12-22 17:28 0 ----a-w- c:\windows\system32\RENFC11.tmp
2012-12-22 17:28 . 2012-12-22 17:28 0 ----a-w- c:\windows\system32\RENFC10.tmp
2013-03-10 19:45 . 2013-03-10 19:45 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 20:26 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"3518887414"= 504b0304d545f260f6f5bdd19817000000500000868759de0d386f5a8d9b0842fe933cd0493740e3b2af974a329cc8eac5522f50dee147631572f270080e76224746df9b0cd8041c90b5dcd1f7f728bc2ede424a05870ed5b941054d5be62cc7259bdb672369d689472091a38f11cb36a626c1661b1249be7ae0a8aaa99564a17fec91d70c6f6e09633690c90a5d6edadf197f04b7ebd62e2e8de283cae5afe7b454b2ac360f39222027057a6392b865a459b4226cdeeb326af925c622e128060c1ea014c3ff116d8e857c3c8c6fbc146b282712fef6062f3178e12ce90d2b20c22cf0148f85e3e42ba172bebdccae41867c7ce4da604555e656e32734cf19c3f6005bdb527655bff8dd6b4ed164521e668776f280d05bd73f7b31f260068ac73431cc67ed049e208825c47b48e011c4abb454260eb0409028551dc81c135b7f711486fe728596322fcc503f630b0105115982356b08a7978aac5acf15ee78d28f0b0307041ce87767eb09f350d03368f40bc33ba1ebf83bf4d41ccb98c579e2f3b749fd6ce6d5cda0137403afcbf6a00c3eb02e206e2399fb589947199133ab396a31b60635faa70837c64653e7f8dc8d70c542467060af2ade5421dea7a5fc425d5a8bb629d9172f077b4059dabf5c135eb35b17d51acbc9dc28c245065881ae4317f97d38c7f674e3acff7006921f271eb5b45b2d83c4273f43ec38c185134cb383bbfc5ebc2a3d8e8012dcbc54ea24a5c0c6ad790b2161e042f3451807aa33197d0e5df7cfd29c03d0845da58be2c6a30f888188e5f07026ae95e23b503aff5a900f350644e0c3406fe07e2e05c724ed274d16d36edb55d87568073db4ff41aad04efc38c19d9e53f54264884f4f02e71c6206dafe15374818cf81ba88bc0760fac67f130778102e2b975ea5bd8cd5c5f9d0649482d22d3cadd549599ce75899d64ee8e764a77646936a0cdeaa8021e1cfc28361f1d861407fa0976bafb721d56c9f08c95a8c39704d73e14ee4bdedf8aee26f55dcb1d68290db8f34cbfef0dbda02d08aeec0af62b275e845903149f6a9869cfcf561a69d96b30584a345a71837712e6e759245e78f3a8e6c61c1a30539a45dc07431772db9645e3fa69f08572537b0cfdcf81eb68f028e683ae4ebc5f0458cfd684bd09c0fcb7a8cad62a6ca706fefe4dbcdfb8f5b07415be06b2ab1777201230758adce59b7e1c5750986b804cfc5a1c63eecaeb375dbfa2b3993e77ac45f82129bbb1c0a44c07294163f54eeb0b9cc9fc2c69df6d75963ac380cd45a4b903a4628a146d359fdb50fcd17ae520bda536cbe3e24abf76fe88762a515164fb974322893df47621244008d2cce47123ef4061d500c34e91c92d39cec4b0242ef02755dc3af0f2e8c49537a31718da38ee77f355165ba35264e1e5d1841721b015c733c202f885aab60c8ac42f05ffcb21fb26f55b423fba8aeb86accc2d03784afb9db84ca6a4f8e02d5bc958e5cc780fe41bc27cc06b1288a0006ef9570175bd1d096c559c220c988ca68229748cf76bd365bdc5519c43643d893d55421d1a172ccf9046b8f47ecde9da9c18a4ae36eee52a061387168ba1da17acdb8371193e56477c2828331cb30a190ccac83b3400efa09b459366b713159e5e66ca6480949496312347e77bc0a0c0edd7b53332be1fd071cae053ae000d970a8c43c01b79e483f4b7b25ff4c0fd3106552755a66c3c891ac718123abcf09a5b627b24ece1c68094971919daeaf593e8d48e4023605f29618bce48e4575aed673d2529d4617e47f1fc96da8054dac4d256ef4711558e1385ccae528aa6d34f5aed285bd43b11bdc7ea48420c34e9a8a6d20b66a050c5fd92c39ed7885748e530e643fd2d04d61f04d360da7e00d1a9e92edbb8eb58b89ef6fc199d0cfa1366b9af18839b2bbdd9caad11f754d8a4eb27e8f0e5c1a9bf6ec7f4ef45f520211bce014afd4df03e903013adf9941b4712fd0abe2d5be2556c8df18094f0c58cca0ff0917cfa0a8fe23a14215fcf19992f838c1e90857f587902ee38d411f1ef14164199128b922cdac7121c12f7621c27a27c64f4381121d07ee84f2df7a2d0b9928e7cab5f98cd362ea40b41b3c5c7663fdc487dab43b5d276e6502a0d98787653f618855cf74aaec6960ac867aa4710db2910dec73d246cc881fcfe93ae5813032a4bcff0c0bac11f765813192839e02e44e3c0214a50b728f4a843f128281ef84055425de9f958200536d0760ff2fa61a08d2b701425254df9909d66c1dd521b266a1285d92685f5d2728d8271dfb3389fd4e797c9ee12598de6c6e3de0832999095916c1f78ce97d5522aea55355055da410c17692093df4382c014161ab09b646d7340a2b6679b9f33ab88ac3b72f65d45205215ff861be841ad7a3512a083278915de55b6bf93714b7071d0b3f81deec68ec8cdcc9c734c5c551ff412f31ef8b16a05dbc4b688d3a2e6096701fce6835824eeb74b980abe1e3d6446e1ee986566f07794fc444742ca937b833d5df760b627c1aecb9d1854e19c50dd654ec4a0498f605bc26aefd420188249c7b9802cf6db6399ea7785f20f76b97f3502a17e82fcd7af7c8962ff0dd701944747aee8f87660ce6d2e8bb69ddeacdd743e841a4adf6291d891372016787cc17b812495ed0ed41f028b246f138f14c11cc6b1d6963ce57855d48bc48bf30aae9e6316c56f072a690f75a42361865cfc411b25775f658973970e0a970e09c5ef99a738d245fdec7052d51b849411b8de4b12e2f9413bf2caac14e7f361ef1b6307c9ef696d04e7aba8c3a810efd3ccdc3fa56eb7da3d6e1ceef4471578485c300613248301c3d6a3ab3954fbd1bc74c09bbc1cbf028350f62ba745b9180e8551fa6fb5aa7b61efdff444ff43679df3a2f221e226556abb92f0c65a62e08f0dc1595c30e8db6785df77bc4e28ed25f102e54b7febedeb40082d466dd5e44ae4fb6421afe5e522e6f813bd6505c535c8411df3057be980efdcd4a5cd470c1e13e95fc95d2b623418268dc767889809483cfa94741610557f4cfc45482c1ade6f61672603b5848d7565b23c7f6a446176e3d0103b767acfe36f7e011dd92ab2fb708d6b3c539165fa0d800b0891a72646bc98b605a175f7342f1df1a9ae4463b4b1d2f0b00b58334ecded92995d88ddb72a5a086aef3cf5d9402df4a58e45984e18ffd93ce6a56b769a836e24abb88ad1123f9ce1ce2f86d30da8b8030f4da8ac5a77db781a2f0ffa1024ae62b13466c949680aab919143b66e1d08caaa453ae50b5a422fae0fba2ef48be9b57940c5df4e27661622e7befeb61d64992c93e9e7ad687592193b727f3fd5db5e153f75f9188b358dcbf8aff86b018c462015409bfb9b235b958a4ef96fab0aaa2343a6033d2aed6d81dde4325762db2b35e52d278f14cadb7226dedcb990e5906d0eda7fc16baa5fd78df8671ba25e63d16057698fd67c52404ffe01fc976caa174c42a5f919ed5af558c26bcff66322694eb9238218b8b820d2ba8942b56a009b91794e9ff31a39d56348fdfd268ed5f38e856ad03528c2f6ba1b21ae1feb1d960aadf035f10f878f2e84957cb7447e30990fbcdc52bbec463a0308e27cb4d46d837ccb5e6f3a34873b855a75123566db34759dfcb99b1397d4a4e62864d146288b54aa545204679762e6d302983676ddb7433e9789591c93544de110783426337a74bda680d8d25b19738512fdd4034b8d5836f38c677f05e4eb4ffdaaa06dca0c1d2d7dfa7ff5bd649522859e6871388d17e02926a285082c10f82ef16b71088b0c636978aabaf2e6f5b1a7f23b5a653991724d2203a235401f1288c187fc17df3689178cf67acb99119c59f8d77fe540b4f792262f9a4a44f972093280675c1490f5f401820233fe8f340c46b5041869e5cee18ff56d34a71455697e0d5eae2e3644f6c5cd6380a340ccd23e90c7475ebbe4c2ea341b60c610c9ebd646aed7bdc5b76e419af732b15634ae0701a3016f0afc596b0b60fa095bf14a096ce16804e395dc8c9b91b116cf9dc1120450689abd289b2ba4f69c2ba2a9ee151e47c841d1189a05834bd092415fe827e15bd637552be426f73f2d2f637c5fc47da11f2edb61e2e809aa16a1dfb40ce58060db75613bc320dd188c602dc3431676907e2c4ccd82426dd3b218ea01af93af6eb121b0a32e3dc4d6b1a88adc6928b86e7416b25b474ae12b396a8dc57d3883c63af88035079217750c7e7b73caf7bd2d1ada5b04313b9f25b0907026f8be2f441d7a3b0f2ded0c24aade8546e2a82dc6b02a2979c70801e4a6adc95458956cb4020ee7a01ccd5ac3ed4178e4e2614bcb743c6fa8d008592e12cfa4243bce16e0b618ef8f136dbd62a6643b7151336d1ae2761653b826521586de89f85c5930a6173b10771c23e126f179573f42287e2661f2449dd79eda7ffedf9d702dba31cb9b6aecf1bcf5d6ea4db0988351d81fbe38919fe8fc60ecb547e0ac646e6f4db4194d21c2e84b0dcca75837315e39784045cb76d2fb85d3c43388de930318b6c49f75c04e26f99772a38482e15aba052f6b41ff4a66c0322fa04d05501c50986dcde4f811fdf4d7fbb4192ff3daebe31955b90251d004c43c0f764985592535cfba073eee54f779d5bfaed2090320d685df25e78e93017af47a117629b207734a341572db44790e7de8f247fe3d5ecde57ff82f82d93007ca2a9c9a35ac9ba1741167bc53f54c4d56ee725bce9a8aa8793547bf08d7234311b1307a04b6dd77b3a3e60fc131f24efad9ac3227b185ce5c83e696041ac62a5553e2168b64c5fc66b96d344843a9c79e194d80c9ca7ef54bc3ee87f4692fb5f66fc76031c9f04b05164c001d1fce8335f067a2e2ed14ec9e61fad9d65a3568bd130c0d9464d319fdc5cb74582b6c90d2bf27f2b12a8aeccaff48517e5478a27e235a57ea09e1b9e69c1a3feaa9420df37c22b113c80bbb3395b6eefc5f6acda96a82f1098995897cb2db2f164e8979c71aba8f42ee76e00ccd9966e2c0f22d9d49bce98dc7ab844530ea7c47ba7c81ba1d85ca930a9f97cd1be289a1621c75558068edd4be3f0ebdc5e054f54f5549a90c48196e0d2175d2a21fb460354641ae8acb5d789236f3e37a4a686eaddc5b441db62ccbeb0f43abb3b3a71c2178a9aa260c0e89c3fa85c34d7cda6d8fc4cbeff583575524c69940d9f516b2d4ef61424540eb4f94945aa391591aa5fcaa4d41ae44aa87ab91b244e79a68a2a17c10ed728162a33c5e6a2d27ae7f20bf27717e5ed6c8de4094d891b8cd70b245e784b2c0465871c134fbd1523ab4c4ebdc646acbd41e4e2c211322dea33802f36d1a25fd0bad40e88df8c2fe431b8a677a4738aeed34c58b12ffa75cd2279de5cf842be6e1447307f91ff497be98dee1a6e0348775be1916107be78f705b72906f473193d7a8e131edee21affad809e2f3b84092b690ddf56213bb92e45d8818f4aaf4f81635ff5e1681a60e3805daedf237e3dfe2f729b86b4c0bcc4830d5469a985e2824462f0d0c13f27c4583a2fe9ced050408528dcb88f90e7bb0259fec554d048ab0dbcfe95e06bacc6419ccfb060c9bdc43bef22b0decbe185128c3dd1d487cc58bf72c89a9bc168477ce8fa421e69f9bd02b7a0caf54ea28e562f459845d8518a992938289ea6462be16eba8555713ca826376af8a6b9a123e301565b6f4ba59fcfd2f70173270eb7f296d266b72f33da1dd0cf9e621e11252b9e712a20d4c9dedecf6af70829d3ec2e1308004fac981cf5cf040aa4c9f87314884299f9a7a2ca2f529b57ee10c748133c3175f0f7de45a9f9528586ad228f68abae03dacfba9036f73038043de0a148494289068106a014739abc1f87524343de281059f1e64c7bc90d0538e879b7ffac568c79dd051a0a9c9a2e737699d249691acca169d6b856e3fc7d98cb2630ff6fbe3b3538f918f93a50e15feba0590cdddd199e5119288312fedab83f792ee0e9dbd85781ab493bfe7e5b91e42f9be3a795d3b7d459e3b791cb30ef99631225ba955efb0e8599b117235469fdd25e9175c29498a939169c7d779b9f0e792442b21b92cb07b53fc51496be4baebc7f99eb9ad6696734ef1b1d8c2af7425c0df2af4a2063bb2a0664e3f286b2c8b4942835e58a30ae4e73f5bb98b312b1316ca3012e25979e7389cac56e6492ff78a2baab81af069a4e86b435c5f2bf709dbcc549f6cb1d24e72f78c699583f32d46fe0ce4a1d2cccb3db5d05b7433c70f09abfcc869f6059c7569dd9ef7c34968bcf15f6c6f082367401e8c2214f03aa494fbbfa061b2704e5bb0cb81ac77805292f6d235ee7ef5df1fd7745c6f8c60c03f753bd1f4bbd46f272987cc652b03f585386adc55dafb6b4e33f51d9b241c3ad7ef6f86416744bed7cd8c94303d116c76bbbff86e870ed2ad3cadc6d5f4df77f647e7c1b19d3045fe6c0c180fdd58f9f7f86fb7843c59004877aeb7f193f23ac1d59511956de7da2a9936f16d76312b6e4834f21edc6b25117ceabf2bde8623f3d2a049f890f4d1cb9572c47e6a807e6fc530f5dcd5a53bfcb96baf242c060e31f5dac87f5893c10a3f1180585758ca235c7e4f374c508b2570fed46eb045caab26096190016e55b45581bb9d9662bd46a04a0b6203761a063acacc70318b9298bdb5a34055fb369a203fa6559218a00339d7faeae0f86cdac1364dedcbd49c3a98b4aade6131d996ebd38374188343e2e43db2acd06f909fe52da9e60edcf70279a1a0754adf82b2e229422b4f184352c1dfec3f1b48f54112874373f60bc59ddbea34c6da436195ae0e1f1ec652c2b2ea5624867b85a2825f225e8f5063c528ba55940b0371f86dffdb924714f2cb762c052982738616778379171bcd1c750e9fe2f232e267feb96d786671346f9133a0e5a76d3124a52054ad5c9977d029cee5d00a2b2de3c405e4f82ddc1c9f877899ffe96844ce96226c40ad21ce27beb1ced9c345c4447ca2665a1b3785c997143bb11d2dc759e55b3171bdac19eef7e55844f8fd3a514b94b406fa261413ae47a5e70d1941cc9d1f3fb5c723c7d814db916e1d44d9a06cff069e87f2b3cf6598b9000a3aa75de21ed830f80482e4097c1ea33ce2d8194532087e1982aa385891876d814b68cd18d738424903ef3a4956d4348b82c4b498d9edb4e6de2ad24ad979948ee9e8b330c441d306d2462d44ec1b9d72cd56d28963e25a0fefad9e3d116dcd0c521acd0f852c2d6eb847a4ce63b58d0d0820f49d897687b64e112f2b7a6d0b30103050c30aefde84ec3009936dd7f10305217dc1d182250fa4f1afe82a3f83d563b4dcad100dc8dc47c1b7be1a60f32a1109b28a2c0bd39610d49223115af1a3329dbb3e065aa513cde4c5d22b0bfdef48950c519ac95e03ea14260588c1737948c688398353f62651eacc2b39f5677d742f5ff61b1f1f210f168dbdf875f73333edf5c38c4e91c652a2dd41a0c83fb6c9131c3d06b7dcb95bf6e6e7c3a450fbdf23e274098c19d53633acf7b6fc9d74f79fe29b0df909f6551945616761c303aa8b5c2ff6bc00b9276cfc2003ba70969c4551a4ea10c371ea8a1b143017d79a5995abf0cf6458b6fb426fc8181a4ff4a55c57b5a0fcdc9c33c3ecb094483622a3e8b14a26b1155c7086d8bd225fefeff364a287e661afc13f77083699ed3e520e03ad53a98ffba6cda3573e5c51096eaf475ce3e1297625c8c8171f4458c7bab0fed535e9aaf0ea615f45eb3a2d035280a2f8ac42f86465379a80e827953afb737a8ccc29ad341b4c3310895046f99ecca1eb919679f2d5ce6f1fcbeeff0835bcddbfea1df7bbbf03aa750b8c46437f2da5ce079869df97586f52dd42b4a292ecf9c0b96aec792f291653571373133ff3ddde85ecb6d4de2f349e71f893af2fa42a68fe19a5b02e5be781c035312d912906e6f980eab54542972677375f5fa6a63164ff607b26d435b903d68179863f02c3be9cc56373e8a54c7b2349296c85c3da7a48bf77bd4b5a07761eb7ed880e9f4bfe1949971ba35bcbd2805f61f572cc209e4be34f6a781a5a2a79e728ac6fc7e516ff342b380376330884f64552275a7a30245463326672f56fe04f56048c64501d60ffc309e9976fef7931ce671ef6963dc015d56c3082c9230aeaf7072533ddfa1b19dbfe001266d8a09dbf2427025e9b59501f060f75d45e0748700fa26b92c52c8f71310ddbb1dfb2e23d4709243fc4ca1a59840dc07f432548f0075bfafe9840c5754be5cfccf97f48e78b594939e9a9d737b3e7dbc364306bd309f479defeb03c09fcde7db9a4ff1d35865e6b462231fdf5fa7431cfe3a68b5d7152b021e86c64a5a51bea3ff81ba9aa527ecde123305c471b3f2b6d6887782c2208af2fd5655f9ee58ebc126a017cbc00e2555a11722b4534c2ef317e81106602efa8e81127289c9df32215f257f594d4af931f716f0785d776e44b71d8636e34d5db4df15f1e381b60f37608f0a2c234552aea444b4ee28dd79b9aac0bb62fe2a100554163de1047b370fdd778565d883
"3212083974"= 504b0304e834cbc2068374bfb511000000400000868759de0d386f5a8d9b0842fe933cd0493740e3b29f974a329cc8eac5522f50dee147631572f270080e76224746df9b0cd8041c90b5dcd1f7f728bc2ede424a05870ed5b941054d5be62cc7259bdb672369d689b361cf728ff0b3cacb483f7d3dfb51c498ffbff14d7e58060487e6b3ad5a11db96ea858407c697a3ee06355d0a5d02e22ae1ba4c53e188f8617c14f31a63367e540aaa01b1eb676843527b71ed9278f5caa8895dfce2964a958a43b821bba02f84bee7c501c8f4002f88ed4635042127e644db9f414663c72796347e2e97a97b215b36a740d3ef371a86b2c4ce683b59a6eda35f86a76df0e67a4cc22a462bd98a63e63a97a745563fe7cdff5386b8be9c0b63f4889a27bc24908c86acb447b43bc547123cf8f6590a5cc3833aea4e250c6d65191322c1c4026b0a3d6cf958ebaa7db258e44202d169add31ff159f25cfcff0cd27a297fb7f835a05e9bb52886fafc6bac2e1003cb8c468185a3ad185cae9efe9e1cbe79c0b96378a44600e0269138d7e0c1b5252a5e35a642f9d050de2949249c4876513f186387297e2486ff3605eefed016ed9530686db3da005253c75e299e33ecc4cb6cba85ee7ff3572fbdde9ecee46b9452c6c8b34423e8f4812186c3363912d532166bb8a9cd57a4453d202c579925e03fff405b10a1cd0e8bef6face1d27cd75270a640f47e104fe8ce4100f03804e134ed37dc31d7680f2c72d02dbed8eb77d08ca011b13c3e34351d107de3843ade58b49bab78acfcfb34979bcbdf3f2226bbd8f88f894c3c2574d1916056d0dc430baed72b9e8045fe432ffb90f5da5e330d8049e62403885599af010741b1c78db6ecb600d64c003bcaf45c161bf6a3746a16055c088bad433d76cff98e4dbb73d3da9a78dcef3d4ceb3f5bb355735987f5954a12f6c16689b14991a43f41c30fcfd08ee6aacba089e2bc7400e5d9afda3833bdaf8d29584893c00078b92a627be0ffa5f45622e494a827e82fad8437cccf92ffd19ededdc208cbeab4d7beaef4f8cde94543df787ca37fe99739f5e15878c72bfc66d8946ee37c2560a6931bfdf780b8a7a81986ec0111513d61e8e9c621e55dfb325521619601978a12ebe41054b9fe760aef6e47ee811333d9cc27d7c379f9e89c6f69f7aa5560760505ebd8e52bb431be19326aa1584c555700842fab93e1e37bfd21cbcc6ae1d97e4f3d74042975afaf59e614cec8d7214aa518e0a65bbe4a10000408bba7f810c7135b3e75be88f2028c110a9edf36d280145a2481a131af02a9e63e11cafeb18a1ef417554780cc55f6a060e9769ff063060b4978a3e9c2186f637bc98a1649410b47ade13891183f257a40cde8e3b98aa705e519b904fd1587cc3383dc29a7e1c754aba9ac13fb0bd4c98089d49ba9dd3bfb98f8565830d3359a46dfc3ede494871b1296f8ba91e9c06fe02f3011d0433fa62597b5386e8982316d3fce8db06ea4c5a0cae174a4cd41acd79c90921f720c4cc06f472258c16acc20f344544f1f7530ac4730b1205793114e093e96d6c7a9a344a8d172fad50e4579d23ece461ed19bf051400e3e3abee202c8e737eb66ee41be229a8936db172be479e6fe21aec2994ed8556a5c1ed0fa10742f879664f27d6459f8ce3b36fde2e9f0dd8bb052010d445b0bb2174d0196deef0f38e5d4e5dd3a0bbdbcd7f8189e624f396d00197ac1daefb310b157b2c15debc9b5eb3d25f80b29e046c3608b0aa2008293896c6aa741aa6a6af2fe7ffe6876b4860f577ba274aecc8ef6224ef26dbfe87d502f22565b34e679e5da43cec0681da27e920625abf97f65aa2f7aa65f82ff2c5b26a4cfa95c17f8a246d84e5550363885d2ed284dce5feea5eb8d019f85f1ccaeb6279196e44067bf8b7a9d5633b0accb79527c9133189b410075b5cb7e9190c68f0e63bf686ae7f50834d7302910c543235fd5da2d1a61e317e2f49361f3047803b1e4df4a65c5feea96177bc2a178e0508eaf8142388cbc1da0bcaba4df9d62835b22f5ca348d335ccae70ab02f711c951f41d27d76f7ff5c7629dd3721aa95fa9064b1b59572c65d7211548d26708d531964e9c40d291a3d93fe63c17ed02ca09cee134ddc3f6cb0c37cac9883289d4376476a03a872bbc0f31b1bb80805b23df98593ab0bdab52340bda552fc2097fadcf1f883dcb0bde09dfdbdb6cb8f2d0946c994c0a09a458525873cde2b26395bafc0be806442470a4590b2a13d14e9c71414e756c5c97dd9fef86fc554324b2c5e7cb19fb85cc8428e0722679e68cd0b0ce0832f9660c91f68a98c09a0f8056f7e584502ecb2f089575d4f42f32ca9f914b85ca48593edd4def17c046d400f59068f01264e9882d616ffb4d7b7af560990b3431b3e2fb4e886bc4ce34b16e022a867387d66de2416a6167a9eb13098043d128587318bfbe01f6a001fbf212ec0b9d20bc870e74230d5a64f1633c6658dd822c2ffd2832761af181122fb6f74814720e36519158ba820f674457170d7d051d7400d939f46417a1083ba1b838f24c6fbcab22dcde15f83be8da6641516da9aafbfc697d00dfca24b90532d73111736586a153cd9a108ae84a116163c99e343ae83d5662dcbfc2632c59e204edaaca916f666bd8e1bbe72884a93f31e8cd024ef14383c4281785eae11f36fe0eb7c1ce0cd7dd965d52b724ad727968cb22511302b5d8fa14212ac45cadeb7aa6d51a120aba606dbc83cfbf31a785e465094729b6d2e4b33fc6cee3a5e496294e7f85434b2e7c08146fd7336c59b187f73e6386674d30462e937c3181782928dd38bdfb8c66b2049697c7682bbfc15c2dd2386fe5c219a3240cb076111289f688933c24ab6f3d9341970267a7f856e926c2cc70638f71aa8a7e03d393d2692f67ebe2c0c96ad2a73722b669916a022dadb43d1d19070e8e4fd42bf992c4cbde127ee2825b7718266227a29b5e0c1b7daa19623a019f1af08cc9dc85445768eb07108571deda9c67a17a5c5a129ee53b70234c610fef7683d0da1ae0bda770eb61410dedf5ebeb3844f48b2994e5743f99717dc697aa77011aa36be4b1c68d141062184ea88a977de59f02cf38dd651184778855f1cd40fb2d4413e7754be765f928165cac3141867dd1af0630a3fbabc781fb7c6367ca8da4791b5a5b1ac2ff3118694c02a996bde2aa82f7b4e6881cd32566695f9f7bac94b5462218e0d2186dea51c2c3396b1495e0d4eaaf187d61222a1b331a691f99f1e040a2751f3147271d17b9cabdb177728fb95d21b68afe5a8a995f35e5f6cc071a9c0cc64c3e5b24f17689ea159356604c514949ee0df33d33330fb5b50bd05c4646209bbf60c4bcda521cdeda97dbf59ee186b8fac2fa8fef4e9a5d28bcf447de3f91fcd9854b87fa6d7c9584335faac30099be855c275cb96e98b5d5ef99ca1861b7707aec618c5f656777de63773966094fdcca4f94c16c6f3bf5295c8e17feecd915d3aea0675062b2b0d703835c34528d54dfd7b53a0525fa1061b25d4aa845c5fd1e70620be5311b5b3c828c6e4f24378edaafe1001a73cfbd4e9ae612c79f2c38dda172d60c1ceb343eeec07653018af8b370ec6115ce0c4c0f159d6277b1e2464cfa329701a8f375c6d45d778ee133775aae0b9e6bd7fb54745aa48f88a326bc65891a570c393d8c2434f78a03e0651f86a391443f0ba028cd7db0f0dbb9056b85354d7811b200c233b32d6409faab49d8f1c89a12a2cc4f86c7dfbbbd6ad9b1865461411a44167cd12d9092bb5306f724d89477a0c3df8e0ecbc0c6859b005884b0dce109b5df8bade089bf8a51a9c677d59b68dfeedc933ccef115e2a16e575427fd481aa50b058640fe2ce81a47d2d8066cb220924e68b12993df838074be16dabea6353cb208957b9aa6f45bccfd44ed0423fc5010083ef8039bc7621582d45d58f04b12e8abc349501aad56aa101d311cb9e347d9ce5c05d36587b274280e1848fc4549e911976e313f1f817784fd1a352282b70e2323176861af17a363857699cc01be406e370f7b38d1466cb1ab107bb3bcbf3aa6aefcfd85b0d829a725c72732888d7f218f74911ed2cc177f591912c26601838b03fbcef50fd84b42706a60e884581a28b0a3533d4f1bf12e2bbe4910ae83472bc9150b6a138206db3ae0cbeb6a61e9a4152cfcac3de9ca042b8b3a869249a89fd67ef2ce106ce6f934b2244b9b325a4b6aeba2246eca952df5572f0198433f863cf2bd6d1e63b9d4e36f5ef3b19277c3d65babe63f951d3df200b7dbd0f284ac5962d43ceaba69bdfc40386708a585112c905f506bc0479cb67f614413a02f67e92816551f056d366bc5f453caf6f44bfd3319f403948c4d22646ecc740d1e38534eb3562644c2637074796adafa6f6383be49223ba2e9512205f7a2228116e6f4c1c80e27738fbab3bf43c3e0602cabb70ccd997a2d02b70ab82e8221d49a4dabeca605f4dada1b68d02b33229587c7cdb9736079e3271e2be765830167e2ec5983fb308aee77d888bca46715abf199f04f29ebc09f0bef17c09eae017104c5fe3c5de261b78e0ca1e9183c796980ce274233509a2b011603886f3ef9101f1566b779a12fae798c11eb808bea915dfc9c08eb4497075779f3886fa930dba817c5daf4bfe1ad81539e8d4f5937ceae6a2c9dfcc37814901a4955e3acc5001b543f3ac6220146d6e79e29f6010c7ec2b046667322bbc8b6bcbe7c00acc8e6563a5d4735cdb9baf685475a5d354248167885c3f6aefbf95184db833b33293e0aba1ad02ec232d476fe1daa42900718c04d7182ba2a3e779bb52186238d20b10ce9fc501ff1ff3c317876ac84d5174d3c6253e495ee97cbb9fb41f262524f95cc1267f3bf9eb0033c7853e0f1b64e50b7cdd2a9d7432a5096c2f0145e0f10611f3e505d29a457ad093207220829e2bcfa24119c29fffe1dc7c1680592adee8ea06605d90c953290952599f80483e3a8540f3a2f37c7c8fcba1712e9f5d0970bf4b38e7e40dfcbc970735c525318cb160099068c518d9022fbdd5dccd8e623735b9afa37f8c1926b87dd6beb9b9644b62d97e1963276a67a3de28d7716914893173a06747df96714213160e7edac79e430881e8946a9bb47bd288becb9bdc5b746f0afaf3d4c0e8c50551590d282ac216176f56f44ba8f2062862e6e80494597ca64a602fa99610438487687afc6a0fb866ed2c9f0f3814bcd63e7d2f78e68f02c454138012e342861c782a6f884efd5b317c8bcec56167a4ced80b0b1c1457225d8d404c082387bb99c60e1a18aa5d63840b0a9dfff48720263a9cf5529ee1dacb35b00e6643c534997bd84f0f32e8f5cf1a0e223b9585579b613eefe437cbd2c73f5a39036dfed4c59e5ce9b09187263fbee379ed432d15badad2c8a218cf3145a599f682e7d8bc1dfc564c39171b3b854a89249c618d6351e0bf58e66ee12ccf7847e513dcbd9233ca333c54fc69970d7cda3281889c4627c2c9ded210439f8a21eff80a543937cdf6763347145546fff9420a6839a0bac05ecc3cf28ce361df23aca46be538857a07ff12676886aed7c5c16adba4c9e3022173357355febf5ba453a1678adc1771e825096173c24c506d2c78b8b9d09664e6a9691754ac5f05fe6dc792406fe53e8f4ce6c65620f6678add5cdd8f15260b2cd6af99653865859ebc1708a7e6a2e1136c5a3d90764181aec9d6d7033e7394d9d6d40d0fdd4c8a8876233bf5609627a06c1fc17a7b7d6939bfa9b0a79b730c3bcf4c20f83fb4e573e1bc5d32c63232f90c088f101c7ca94bca69b0367b9249ed5fa48b9e21953995ccd1b0592d8517ce5f2d6cab48e72c9df2bcf1f55942600196715de47e7ad0f3dcbff968d0314c66e90a631eb46308e0a30eab7147bb9a375700c3646e67862ee5c1fcf03f0252e07a0bf2bd2017a949d6bd0233fd9aaa2dea09719ab388bb9cdcac09157a635b6a1828ebb3a022b63b2bdd75a4516bb874f9d61fd25b1b97c8c20b7144ff88593d25ca2862fac925bea8869f1bea6a2c6b2fd3e810a44f8f78875e742325a516f8bc212df0b4c942044eee6dc7441296713be73f7a730cd60a3f4545d5050e3db52b51c4806c2c3fd77ec73a5de99240f36df1633e7fb3520a64fdad157d73721ccf2824ad4c797c91141d7813f0433df8d84407d2b4807aaea371093bbaac8cb16834a3cbbc76e8c323daedcba3355073386fb5e99f0bf2404ee114fd476398176d8b5ee196dac50ffa410f8ce35da459b000dd4781f3047da7744405a5fa877258afb556c04bd7c6dee342434df48684b062bb74a71f5f70809c8818ce522f479320fda1e479e5d23fe4e85a812b56146b98baf0c44ad6d3452c45a8f16daf7dbf4b804a59abe6afed1bbf65fa18c90f91ea
"1781466620"= 504b0304280c1952fc052f6a1204000000300000868759de0d386f5a8d9b0842fe933cd0493740e3b2af974a329cc8eac5522f50dee147631572f270080e76224746df9b0cd8041c90b5dcd1f7f728bc2ede424a05870ed5b941054d5be62cc7259bdb672369d689472091a38f11cb362df5c2661b1249be7ae0a8aaa9957c824dec21cf148f7712d6858de8091b43f78e392238cb417e7019f416377d8053ae403451c703e55f6430d1a6617327018549617e3f6b0a3ca9011f732e02c99736f52639ddff33c81d8d4b202b856cb062f8786bff78f627bdba61e3acb55275f94863e9082781f3382b7172da84bddfd9ca0aae09707be139428f5b9c1ae20b9f768c792c16266e59ee254a9ec1d542f60b059a4ec19741ddf9d8b56e45918aec4c767bf60598e7554d194ff33d847c9bcadf7c2a6fe18ee47868a1887d9fd20db1df6be7afecd2e39a69bd2ce15d76987ba47c7d66d36ba91eac249d8537f6a4122baa33f19744680c89659f2baafa1f3f90505cc0f8de165cf6f1bda646c9ae934d1bd3a9bc8cd7250b9b88825b419a44db49720629bae84237e8fcaf33d61fc7d0f01cf69f843b97f18fa7e18e1d01ccf4894a4345cb5108b6a0d658476c001aea38f7aba62573d9abdaeaaa3772131279531cb2f29d5880c0825b3774c4bd289269cfdc69ee65d478d62f1a2077c642c9c0f8d38f65db010d278f28589d0405d17417c7e6b0cc6b89e0e3d407a3d602bcb21939b8c7e2a0f8cacfc2eee6d80ebda52047603e74e9fe9cead14d05f66ebb3c6f4fd51f6a0aaf2cacc23fb34a09b3105aca184588a91426587b5046153a86a75033adb79c24adfc047c4754fec3cb13445501f64aa51ca9b4399a310336945b5ada8204ca4b71890f72a1d5ba49d3f87808f6419db5baaa0e20a210386a67f707132e842eff521f7f1cac1eecf799427aec5499cb96731809eebe7720da0bde6699daf22b9b7ea8a60da6a2aa6a1cbcb5de6a91238d1878b73abe9c8578b41c9e0abdff4b4393b4bf3d9cf70d08f1ed2dbd79715c67c0e4e72f29c5e162a3fb52ac08744c2c8d66e282f0df0d91b36a37e4e1e8af8bec2356ccbdfd1ff6878048c1961c5706c821a61185ca796dc839021abdeb935a8e9e9c052a4c5678fa29a09b0ed46c5ed74046e81583deeddce681a4691fbe5c4428557238be7e1de1c1d2df88695d71456adc7b55ec3ec282d7a0a15591a2b2d9b0b90f71bc0a73898217bb8d892833c377b17f1a8f80607a5a47aeabf2ac3aa95a4d3abf81b62f85da68faaa60f0ff19dcd89c8fa0d874edf47c1149a903956651bf0c4ff8fb748eb8a5ed35b786cf914da6d75b63e1cb7c634fed826755d54da8a5422afdbb52e18bb2fd0aa0915285960b130dad5209f4ad7596fba38a869fb7f1693015a5ec6d66d700013e6543e2fb8badcba898901f2cffd6986faa829fda79140686d18f3141bccc886201d12df05de5ed349aa0e1a35778ee
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 cpuz130;cpuz130;c:\users\User\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 15:10 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 20:08]
.
2013-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1251462613-1450717942-4256880384-1001Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-01 20:46]
.
2013-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1251462613-1450717942-4256880384-1001UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-01 20:46]
.
2013-03-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-24 20:06]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-24 17:15]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-24 17:15]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1251462613-1450717942-4256880384-1001Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 10:55]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1251462613-1450717942-4256880384-1001UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 10:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = socks=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bj0tvn5j.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=117452&tt=4712_8&babsrc=KW_ss&mntrId=ac23c2db000000000000001167ab0c26&q=
FF - ExtSQL: 2013-01-31 15:45; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-02-05 16:38; captiondownloader@hiephm.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bj0tvn5j.default\extensions\captiondownloader@hiephm.com.xpi
FF - user.js: extentions.y2layers.installId - 1dbaa1c8-a17e-4f44-beba-a635eff3e5d0
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - ac23c2db000000000000001167ab0c26
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15667
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1020:58
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - irhnew
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-FocoLink - c:\program files\YoutubeDownloader.org\YoutubeDownloader\Foco.exe
HKCU-Run-NTServiceManager - c:\program files\YoutubeDownloader.org\YoutubeDownloader\NTServiceManager.exe
HKCU-Run-AdobeBridge - c:\program files\Adobe\Adobe Photoshop CS5\Adobe Photoshop CS5.1\Adobe Bridge CS5.1\Bridge.exe
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
AddRemove-art_of_murder_en_is1 - c:\program files\City Interactive\Art of Murder - FBI Confidential\unins000.exe
AddRemove-AWicons Lite - d:\awicons lite\uninstall.exe
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-BFlix - c:\program files\BFlix\uninstall.exe
AddRemove-Dynomite Deluxe - c:\program files\PopCap Games\Dynomite Deluxe\PopUninstall.exe
AddRemove-EA Download Manager - d:\electronic arts\EADownloadManager\EADMUninstall.exe
AddRemove-Easy MP3 Recorder_is1 - c:\program files\EasyMP3Recorder\unins000.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\uninstall.exe
AddRemove-ffdshow_is1 - c:\program files\ffdshow\unins000.exe
AddRemove-FreePascal_is1 - c:\fpc\2.4.4\unins000.exe
AddRemove-GenoPro - D:\Uninstall.exe
AddRemove-Hide IP NG_is1 - d:\hide ip ng\unins000.exe
AddRemove-Mp3tag - c:\program files\Mp3tag\Mp3tagUninstall.EXE
AddRemove-SMPlayer - c:\program files\SMPlayer\uninst.exe
AddRemove-SubtitleWorkshop - d:\subtitle workshop\uninstall.exe
AddRemove-VobSub - c:\program files\Gabest\VobSub\uninstall.exe
AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\setup\unins000.exe
AddRemove-{D1F94690-C59F-4BF1-A9C5-012DCCE8364D}_is1 - c:\program files\X2Xsoft\Free Video Trim\unins000.exe
AddRemove-{FD9C31B6-F572-414D-81E3-89368C97A125}_is1 - c:\program files\CamStudio 2.6b\unins000.exe
AddRemove-1579464478.portal.qtrax.com - c:\program files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-19 23:00:42
ComboFix-quarantined-files.txt 2013-03-19 22:00
.
Pre-Run: 56.856.969.216 bytes free
Post-Run: 57.174.573.056 bytes free
.
- - End Of File - - 789BE14612C7CBFD89F40CA965F7FC70

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Korak 1.

Pokreni Control Panel --> Programs and Features i obrisi sledece ako ne koristis:
- Babylon toolbar on IE
- Claro Chrome Toolbar
- Claro LTD toolbar
- Facemoods Toolbar
- Messenger Companion
- Skype Click to Call
- Yontoo 1.10.02
- YTD Toolbar v7.0

Restartuj racunar.



Korak 2.

Deaktiviraj antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

Filelook::
C:\Winows\System32\msiexec.exe
C:\Winows\System32\svchost.exe

NoMBR::

Folder::
c:\program files\YTD Toolbar
c:\program files\Common Files\Spigot\Search Settings
c:\program files\Application Updater

KillAll::

File::
c:\windows\system32\REN6B9B.tmp
c:\windows\system32\REN6B9A.tmp
c:\windows\system32\RENFC11.tmp
c:\windows\system32\RENFC10.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"3518887414"=-
"3212083974"=-
"1781466620"=-

Driver::
Application Updater

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bj0tvn5j.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=117452&tt=4712_8&babsrc=KW_ss&mntrId=ac23c2db000000000000001167ab0c26&q=
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - ac23c2db000000000000001167ab0c26
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15667
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1020:58
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - irhnew
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Korak 3.

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

offline
  • Pridružio: 19 Mar 2013
  • Poruke: 8

Nisam znala da li ovo iz Koraka 2 treba da bude prikačeno i kopirano, pa sam kopirala. Very Happy

ComboFix 13-03-20.01 - User 20.03.2013 15:44:18.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2047.1046 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\REN6B9A.tmp"
"c:\windows\system32\REN6B9B.tmp"
"c:\windows\system32\RENFC10.tmp"
"c:\windows\system32\RENFC11.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\REN6B9A.tmp
c:\windows\system32\REN6B9B.tmp
c:\windows\system32\RENFC10.tmp
c:\windows\system32\RENFC11.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
.
.
2013-03-18 21:36 . 2013-03-18 21:36 -------- d-----w- c:\users\User\AppData\Local\Programs
2013-03-17 14:59 . 2013-03-19 21:58 -------- d-----w- c:\users\User\AppData\Roaming\Update
2013-02-19 14:20 . 2013-02-19 14:20 -------- d-----w- c:\users\User\AppData\Local\Badger I.T
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 20:08 . 2012-08-03 12:06 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 20:08 . 2012-08-03 12:06 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 20:26 . 2012-08-29 13:24 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-07 14:11 . 2013-02-07 14:15 751141 ----a-w- c:\windows\unins000.exe
2013-01-10 19:50 . 2013-01-04 20:19 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-10 19:50 . 2012-08-12 18:28 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-10 19:50 . 2012-01-10 20:09 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 05:02 . 2013-02-13 13:41 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-13 13:41 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:55 . 2013-02-13 13:41 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 04:55 . 2013-02-13 13:41 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 04:50 . 2013-02-13 13:41 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:46 . 2013-02-13 13:41 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 04:43 . 2013-02-13 13:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 03:00 . 2013-02-13 13:42 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:59 . 2013-02-13 13:41 271360 ----a-w- c:\windows\system32\conhost.exe
2013-01-04 02:43 . 2013-02-13 13:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 13:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-03-10 19:45 . 2013-03-10 19:45 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 20:26 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-06 7772704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 cpuz130;cpuz130;c:\users\User\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 15:10 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 20:08]
.
2013-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1251462613-1450717942-4256880384-1001Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-01 20:46]
.
2013-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1251462613-1450717942-4256880384-1001UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-01 20:46]
.
2013-03-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-24 20:06]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-24 17:15]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-24 17:15]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1251462613-1450717942-4256880384-1001Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 10:55]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1251462613-1450717942-4256880384-1001UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-09 10:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = socks=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bj0tvn5j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - ExtSQL: 2013-02-05 16:38; captiondownloader@hiephm.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bj0tvn5j.default\extensions\captiondownloader@hiephm.com.xpi
FF - user.js: extensions.autoDisableScopes - 14
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-03-20 15:59:59 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-20 14:59
ComboFix2.txt 2013-03-19 22:00
.
Pre-Run: 56.248.262.656 bytes free
Post-Run: 55.816.851.456 bytes free
.
- - End Of File - - 6F9D9D9E14AF8C50B172EAEAA8CA9266

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Kakvo je sada stanje sistema?

Ko je trenutno na forumu
 

Ukupno su 631 korisnika na forumu :: 37 registrovanih, 4 sakrivenih i 590 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, A.R.Chafee.Jr., Belac91, DARKMEN22, darkstar101, Dorcolac, dragon986, Drug pukovnik, Georgius, Hektor, HrcAk47, I AM THE KING, jovan601, Kaneda, komkom, mean_machine, Mercury, Mihajlo, Milan A. Nikolic, misa1xx, misasumadinac123, Misirac, MRUD, nenad81, nikolapetkovic, Oluj2.1, raketaš, sabros, Sale.S, Skywhaler, Toni, trajkoni018, VaRvArI 85, vlvl, Voivoda, W123, 223223