MyCity » Ambulanta -> Arhiva Ambulante » Virus Fb, i meni izgleda.

Virus Fb, i meni izgleda.

Napisano na dan: 12.1.2012
1

Virus Fb, i meni izgleda.
Sledeća strana Pagination

Idi na vrh

Poslao: 12 Jan 2012 04:32
Idi na vrh
offline
  • Mladen Lukić
  • Pridružio: 02 Apr 2009
  • Poruke: 1450
  • Gde živiš: Arilje

Posle otvaranja nekog vide na YT, sam mi se upali FarmVille umesto neke stranice na netu.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Maxo at 3:48:35 on 2012-01-12
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2047.908 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 91.150.90.2
TCP: Interfaces\{B8BC455C-66CB-48DD-B056-33C399E5E30C} : DhcpNameServer = 192.168.2.1 91.150.90.2
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-28 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-28 314456]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-11-10 291840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-28 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-28 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-28 44768]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-12-29 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-6-25 47104]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2012-01-11 17:24:10 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9e6b7c1b-82ad-4945-a484-24d20275d96d}\offreg.dll
2012-01-04 15:59:24 -------- d-----w- c:\users\maxo\appdata\local\Adobe
2012-01-04 15:59:12 -------- d-----w- c:\program files\McAfee Security Scan
2012-01-03 22:38:14 -------- d-----w- c:\windows\system32\Adobe
2011-12-31 02:28:10 -------- d-----w- c:\program files\JDownloader
2011-12-30 08:07:42 -------- d-----w- C:\Igrice
2011-12-30 07:51:20 -------- d-----w- c:\program files\Blobby Volley 2.0 Version 0.9c
2011-12-29 05:51:41 -------- d-----w- c:\users\maxo\appdata\local\Diagnostics
2011-12-29 03:01:59 -------- d-----r- c:\program files\Skype
2011-12-29 02:46:17 -------- d-----w- c:\users\maxo\appdata\local\realtech_VR
2011-12-29 02:45:23 -------- d-----w- c:\users\maxo\appdata\local\AMD
2011-12-29 02:45:16 -------- d-----w- c:\users\maxo\appdata\local\ATI
2011-12-29 02:45:14 -------- d-----w- c:\program files\AMD APP
2011-12-29 02:45:12 -------- d-----w- c:\program files\common files\ATI Technologies
2011-12-29 02:44:59 -------- d-----w- c:\programdata\AMD
2011-12-29 02:44:54 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2011-12-29 02:44:02 -------- d-----w- c:\program files\ATI Technologies
2011-12-29 02:43:59 -------- d-----w- c:\program files\ATI
2011-12-29 02:43:16 -------- d-----w- C:\ATI
2011-12-29 02:32:00 -------- d-----w- c:\programdata\realtech VR
2011-12-29 02:31:55 -------- d-----w- c:\program files\realtech VR
2011-12-29 02:13:20 -------- d-----w- c:\windows\system32\directx
2011-12-28 09:53:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-28 07:58:46 -------- d-----w- c:\program files\URUSoft
2011-12-28 07:51:52 -------- d-----w- c:\program files\GRETECH
2011-12-28 07:41:38 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9e6b7c1b-82ad-4945-a484-24d20275d96d}\mpengine.dll
2011-12-28 07:41:37 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 07:21:14 -------- d-----w- c:\windows\system32\RTCOM
2011-12-28 07:12:05 -------- d-----w- c:\users\maxo\appdata\roaming\.minecraft_server
2011-12-28 07:12:05 -------- d-----w- c:\users\maxo\appdata\roaming\.minecraft
2011-12-28 07:12:04 -------- d-----w- c:\users\maxo\appdata\roaming\.minecraft server
2011-12-28 07:11:49 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-28 07:11:47 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-28 07:11:42 -------- d-----w- c:\users\maxo\appdata\local\MapleStudio
2011-12-28 07:11:18 -------- d-sh--w- c:\windows\Installer
2011-12-28 07:11:14 41184 ----a-w- c:\windows\avastSS.scr
2011-12-28 07:11:08 -------- d-----w- c:\programdata\AVAST Software
2011-12-28 07:11:08 -------- d-----w- c:\program files\AVAST Software
2011-12-28 07:10:12 -------- d-----w- c:\users\maxo\appdata\roaming\Tencent
2011-12-28 07:10:12 -------- d-----w- c:\programdata\Tencent
2011-12-28 07:09:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-28 05:15:27 -------- d-----w- c:\windows\system32\wbem\Performance
2011-12-28 05:09:28 -------- d-sh--w- C:\Recovery
2011-12-28 05:05:54 0 ----a-w- c:\windows\ativpsrm.bin
2011-12-28 05:02:42 -------- d-----w- c:\windows\Panther
2011-12-28 05:02:29 -------- d-sh--w- C:\Boot
.
==================== Find3M ====================
.
2011-11-26 21:33:44 644400 ----a-w- c:\windows\system32\mscomct2.ocx
2011-11-10 06:39:44 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-10 06:39:32 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-10 06:38:40 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-10 06:37:46 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-10 03:44:12 8913920 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:17:10 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16:56 774656 ----a-w- c:\windows\system32\aticfx32.dll
2011-11-10 03:12:24 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:11:50 417792 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11:20 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10:08 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-11-10 03:09:52 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-10 03:09:40 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-10 03:09:32 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-10 03:06:20 6077952 ----a-w- c:\windows\system32\atidxx32.dll
2011-11-10 02:58:20 18996224 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-10 02:40:18 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-11-10 02:34:52 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-10 02:34:42 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-10 02:33:52 5852672 ----a-w- c:\windows\system32\atiumdag.dll
2011-11-10 02:29:58 11300864 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-10 02:29:46 4200960 ----a-w- c:\windows\system32\atiumdva.dll
2011-11-10 02:18:40 51200 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13:20 348160 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13:04 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:12:52 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-11-10 02:12:20 263680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11:46 32256 ----a-w- c:\windows\system32\atiuxpag.dll
2011-11-10 02:11:32 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-11-10 02:11:26 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-10 02:11:26 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-10 02:10:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-22 04:16:12 1843200 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-22 04:15:46 104448 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-17 17:40:44 85520 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
.
============= FINISH: 3:50:26,50 ===============



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Poslao: 12 Jan 2012 13:08
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmite program OTL sa donjeg linka na Desktop:


OTL download
Kliknite dati link - u prozoru koji se otvori, kliknite Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.

Dvoklikom pokrenite OTL;

kliknite Run Scan;

po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.

Priložite izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.

Poslao: 12 Jan 2012 14:38
Idi na vrh
offline
  • Mladen Lukić
  • Pridružio: 02 Apr 2009
  • Poruke: 1450
  • Gde živiš: Arilje

https://www.mycity.rs/must-login.png


OTL logfile created on: 12.1.2012 14:32:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Maxo\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000241a | Country: Srbija | Language: SRM | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,15% Memory free
4,00 Gb Paging File | 2,14 Gb Available in Paging File | 53,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 72,97 Gb Free Space | 74,72% Space Free | Partition Type: NTFS
Drive D: | 361,14 Gb Total Space | 44,27 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 281,06 Gb Free Space | 60,36% Space Free | Partition Type: FAT32

Computer Name: MAXO-PC | User Name: Maxo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.12 14:31:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maxo\Desktop\OTL.exe
PRC - [2011.12.30 10:22:59 | 001,595,832 | ---- | M] (Maple Studio) -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
PRC - [2011.12.28 10:53:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2011.12.10 11:03:40 | 003,714,728 | ---- | M] (Gretech Corp.) -- C:\Program Files\GRETECH\GomPlayer\GOM.EXE
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.11.10 07:07:44 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.11.10 04:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.11.10 04:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2004.03.19 17:51:04 | 000,630,784 | ---- | M] () -- C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.30 10:22:59 | 008,593,056 | ---- | M] () -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\2.0.0.4\gcswf32.dll
MOD - [2011.12.30 10:22:59 | 003,767,864 | ---- | M] () -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\2.0.0.4\pdf.dll
MOD - [2011.12.30 10:22:59 | 001,746,504 | ---- | M] () -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\2.0.0.4\avcodec-53.dll
MOD - [2011.12.30 10:22:59 | 000,532,408 | ---- | M] () -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\2.0.0.4\libglesv2.dll
MOD - [2011.12.30 10:22:59 | 000,421,304 | ---- | M] () -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\2.0.0.4\ppgooglenaclpluginchrome.dll
MOD - [2011.12.30 10:22:59 | 000,222,280 | ---- | M] () -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\2.0.0.4\avformat-53.dll
MOD - [2011.12.30 10:22:59 | 000,122,952 | ---- | M] () -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\2.0.0.4\avutil-51.dll
MOD - [2011.12.30 10:22:59 | 000,114,616 | ---- | M] () -- C:\Users\Maxo\AppData\Local\MapleStudio\ChromePlus\Application\2.0.0.4\libegl.dll
MOD - [2011.12.15 21:38:45 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.11.10 07:10:38 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.11.10 07:07:50 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.09.08 10:03:56 | 000,594,944 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GVF.ax
MOD - [2011.08.03 05:31:02 | 003,373,568 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\libavcodec.dll
MOD - [2011.08.03 05:31:02 | 000,184,320 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GRFU.ax
MOD - [2011.05.17 01:49:30 | 000,421,520 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GomTVStrm.dll
MOD - [2010.10.15 10:35:54 | 001,433,600 | ---- | M] () -- C:\Program Files\GRETECH\GomPlayer\GAF.ax
MOD - [2009.07.14 05:55:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\de8525cc2e6327337e1c6917352bfe16\WindowsFormsIntegration.ni.dll
MOD - [2009.07.14 05:43:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
MOD - [2009.07.14 05:43:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll
MOD - [2009.07.14 05:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009.07.14 05:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009.07.14 05:43:20 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
MOD - [2009.07.14 05:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 05:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 05:42:56 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\7ce9d463a5d343fe74d6f181f9226cab\UIAutomationProvider.ni.dll
MOD - [2009.07.14 05:42:55 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
MOD - [2009.07.14 05:42:45 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009.07.14 05:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 05:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009.07.14 05:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 05:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2004.03.19 17:51:04 | 000,630,784 | ---- | M] () -- C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe


========== Win32 Services (SafeList) ==========

SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.11.10 07:07:44 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.11.10 04:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.11.10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.11.10 03:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.10.17 18:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.02.18 18:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 36 BE E5 2E C5 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2011.12.31 03:31:21 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 91.150.90.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8BC455C-66CB-48DD-B056-33C399E5E30C}: DhcpNameServer = 192.168.2.1 91.150.90.2
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.02.27 01:57:36 | 000,000,120 | ---- | M] () - F:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010.05.22 18:13:36 | 000,000,000 | ---D | M] - F:\Autostrale -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.12 14:31:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Maxo\Desktop\OTL.exe
[2012.01.12 03:47:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Maxo\Desktop\dds.scr
[2012.01.07 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\Maxo\Desktop\The Day After Tomorrow
[2012.01.06 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Maxo\Desktop\The Chronicles Of Narnia - The Lion the Witch and the Wardrobe
[2012.01.04 16:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.01.04 16:59:24 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\Adobe
[2012.01.04 16:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.01.04 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.01.04 16:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.01.04 16:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.01.04 16:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.01.03 23:38:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012.01.01 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Google
[2012.01.01 14:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.01.01 14:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2012.01.01 14:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.12.31 03:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.12.31 03:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011.12.30 09:07:42 | 000,000,000 | ---D | C] -- C:\Igrice
[2011.12.30 08:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blobby Volley 2.0 Version 0.9c
[2011.12.30 08:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\Blobby Volley 2.0 Version 0.9c
[2011.12.29 06:51:41 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\Diagnostics
[2011.12.29 04:48:36 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\GRETECH
[2011.12.29 04:02:46 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Skype
[2011.12.29 04:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.12.29 04:01:59 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.12.29 04:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.12.29 03:46:17 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\realtech_VR
[2011.12.29 03:45:23 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\AMD
[2011.12.29 03:45:16 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\ATI
[2011.12.29 03:45:16 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\ATI
[2011.12.29 03:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.12.29 03:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011.12.29 03:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011.12.29 03:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011.12.29 03:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011.12.29 03:44:54 | 000,037,944 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox86.sys
[2011.12.29 03:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011.12.29 03:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.12.29 03:43:16 | 000,000,000 | ---D | C] -- C:\ATI
[2011.12.29 03:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\realtech VR
[2011.12.29 03:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\realtech VR
[2011.12.29 03:16:47 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011.12.29 03:16:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011.12.29 03:16:47 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011.12.29 03:16:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011.12.29 03:16:46 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011.12.29 03:16:46 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011.12.29 03:16:46 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011.12.29 03:16:46 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011.12.29 03:16:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011.12.29 03:16:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011.12.29 03:16:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011.12.29 03:16:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011.12.29 03:16:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011.12.29 03:16:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011.12.29 03:16:45 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.12.29 03:16:43 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011.12.29 03:16:43 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.12.29 03:16:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011.12.29 03:16:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.12.29 03:16:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011.12.29 03:16:43 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011.12.29 03:16:42 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011.12.29 03:16:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011.12.29 03:16:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011.12.29 03:16:42 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.12.29 03:16:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011.12.29 03:16:41 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011.12.29 03:16:41 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011.12.29 03:16:41 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011.12.29 03:16:41 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011.12.29 03:16:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011.12.29 03:16:41 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011.12.29 03:16:41 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011.12.29 03:16:40 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011.12.29 03:16:40 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.12.29 03:16:40 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011.12.29 03:16:40 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011.12.29 03:16:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.12.29 03:16:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011.12.29 03:16:40 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011.12.29 03:16:40 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011.12.29 03:16:39 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011.12.29 03:16:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011.12.29 03:16:39 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011.12.29 03:16:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011.12.29 03:16:38 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011.12.29 03:16:38 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011.12.29 03:16:38 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011.12.29 03:16:38 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011.12.29 03:16:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011.12.29 03:16:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011.12.29 03:16:37 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011.12.29 03:16:37 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011.12.29 03:16:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011.12.29 03:16:37 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011.12.29 03:16:36 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011.12.29 03:16:36 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.12.29 03:16:36 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011.12.29 03:16:36 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011.12.29 03:16:36 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011.12.29 03:16:35 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011.12.29 03:16:35 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011.12.29 03:16:35 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011.12.29 03:16:35 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011.12.29 03:16:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011.12.29 03:16:35 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.12.29 03:16:35 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011.12.29 03:16:34 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011.12.29 03:16:34 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011.12.29 03:16:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011.12.29 03:16:34 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011.12.29 03:16:33 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011.12.29 03:16:33 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011.12.29 03:16:33 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011.12.29 03:16:33 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011.12.29 03:16:33 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011.12.29 03:16:33 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011.12.29 03:16:33 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011.12.29 03:16:32 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011.12.29 03:16:32 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011.12.29 03:16:32 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011.12.29 03:16:32 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011.12.29 03:16:31 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.12.29 03:16:30 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.12.29 03:16:30 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.12.29 03:16:30 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.12.29 03:16:30 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.12.29 03:16:30 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.12.29 03:16:30 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.12.29 03:16:29 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.12.29 03:16:29 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.12.29 03:13:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011.12.28 10:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.12.28 10:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.28 10:53:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.28 10:53:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.28 10:53:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.28 10:53:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.28 10:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.12.28 08:58:46 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\URUSoft
[2011.12.28 08:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft
[2011.12.28 08:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2011.12.28 08:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2011.12.28 08:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2011.12.28 08:47:42 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\WinRAR
[2011.12.28 08:47:42 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.28 08:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.28 08:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.12.28 08:41:37 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.12.28 08:21:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011.12.28 08:20:48 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011.12.28 08:20:48 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011.12.28 08:20:48 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011.12.28 08:20:48 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011.12.28 08:20:47 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2011.12.28 08:20:46 | 002,965,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2011.12.28 08:20:46 | 001,292,832 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2011.12.28 08:20:46 | 000,338,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2011.12.28 08:20:46 | 000,053,280 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2011.12.28 08:20:45 | 000,347,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2011.12.28 08:20:45 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2011.12.28 08:20:45 | 000,164,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2011.12.28 08:20:45 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2011.12.28 08:20:45 | 000,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2011.12.28 08:20:44 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2011.12.28 08:20:44 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll
[2011.12.28 08:20:43 | 000,266,752 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2011.12.28 08:20:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011.12.28 08:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.12.28 08:20:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011.12.28 08:20:40 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011.12.28 08:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011.12.28 08:16:17 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Macromedia
[2011.12.28 08:16:17 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Adobe
[2011.12.28 08:12:05 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\.minecraft_server
[2011.12.28 08:12:05 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\.minecraft
[2011.12.28 08:12:04 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\.minecraft server
[2011.12.28 08:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.12.28 08:11:52 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.12.28 08:11:52 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.12.28 08:11:51 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChromePlus
[2011.12.28 08:11:50 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.12.28 08:11:49 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.12.28 08:11:49 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.12.28 08:11:49 | 000,000,000 | ---D | C] -- C:\Users\Maxo\Documents\Criterion Games
[2011.12.28 08:11:47 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.12.28 08:11:42 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\MapleStudio
[2011.12.28 08:11:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.12.28 08:11:14 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.12.28 08:11:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.12.28 08:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.12.28 08:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.12.28 08:10:12 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Tencent
[2011.12.28 08:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2011.12.28 08:09:48 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.28 08:09:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011.12.28 06:11:49 | 000,000,000 | R--D | C] -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.12.28 06:11:49 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Searches
[2011.12.28 06:11:49 | 000,000,000 | R--D | C] -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.12.28 06:11:49 | 000,000,000 | -H-D | C] -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011.12.28 06:11:40 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Identities
[2011.12.28 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Contacts
[2011.12.28 06:11:30 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\VirtualStore
[2011.12.28 06:11:28 | 000,000,000 | --SD | C] -- C:\Users\Maxo\AppData\Roaming\Microsoft
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Videos
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Saved Games
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Pictures
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Music
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Links
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Favorites
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Downloads
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Documents
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\Desktop
[2011.12.28 06:11:28 | 000,000,000 | R--D | C] -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\AppData\Local\Temporary Internet Files
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Templates
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Start Menu
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\SendTo
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Recent
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\PrintHood
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\NetHood
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Documents\My Videos
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Documents\My Pictures
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Documents\My Music
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\My Documents
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Local Settings
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\AppData\Local\History
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Cookies
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\Application Data
[2011.12.28 06:11:28 | 000,000,000 | -HSD | C] -- C:\Users\Maxo\AppData\Local\Application Data
[2011.12.28 06:11:28 | 000,000,000 | -H-D | C] -- C:\Users\Maxo\AppData
[2011.12.28 06:11:28 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\Temp
[2011.12.28 06:11:28 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Local\Microsoft
[2011.12.28 06:11:28 | 000,000,000 | ---D | C] -- C:\Users\Maxo\AppData\Roaming\Media Center Programs
[2011.12.28 06:09:28 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.12.28 06:06:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.12.28 06:04:21 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.12.28 06:03:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.12.28 06:02:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.12.28 06:02:29 | 000,000,000 | -HSD | C] -- C:\Boot

========== Files - Modified Within 30 Days ==========

[2012.01.12 14:31:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maxo\Desktop\OTL.exe
[2012.01.12 04:01:41 | 000,004,331 | ---- | M] () -- C:\Users\Maxo\Desktop\Capture.PNG
[2012.01.12 03:51:57 | 000,302,592 | ---- | M] () -- C:\Users\Maxo\Desktop\lfp2e1cu.exe
[2012.01.12 03:47:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Maxo\Desktop\dds.scr
[2012.01.11 18:27:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 18:27:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 18:26:21 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.11 18:26:21 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.11 18:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.11 18:21:49 | 1610,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.10 19:20:58 | 000,037,652 | ---- | M] () -- C:\Users\Maxo\Desktop\The Core 2003.rar
[2012.01.10 19:15:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.04 21:53:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.12.31 07:40:31 | 000,001,220 | ---- | M] () -- C:\prefs.js
[2011.12.28 10:53:40 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.28 10:53:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.28 10:53:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.28 10:53:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.28 08:58:46 | 000,002,146 | ---- | M] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2011.12.28 08:52:00 | 000,001,153 | ---- | M] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011.12.28 08:11:51 | 000,002,365 | ---- | M] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\ChromePlus.lnk
[2011.12.28 08:11:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.12.28 08:09:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.28 08:07:29 | 000,000,355 | ---- | M] () -- C:\Users\Maxo\Desktop\Computer.lnk
[2011.12.28 08:07:25 | 000,000,659 | ---- | M] () -- C:\Users\Maxo\Desktop\Maxo.lnk
[2011.12.28 08:01:22 | 000,001,411 | ---- | M] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.12.28 06:10:05 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2011.12.28 06:07:00 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.12.28 06:05:54 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011.12.28 06:04:08 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.28 06:02:30 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

========== Files Created - No Company Name ==========

[2012.01.12 04:01:41 | 000,004,331 | ---- | C] () -- C:\Users\Maxo\Desktop\Capture.PNG
[2012.01.12 03:51:58 | 000,302,592 | ---- | C] () -- C:\Users\Maxo\Desktop\lfp2e1cu.exe
[2012.01.10 19:20:58 | 000,037,652 | ---- | C] () -- C:\Users\Maxo\Desktop\The Core 2003.rar
[2012.01.10 19:15:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.04 21:53:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.01.04 16:58:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.04 16:49:44 | 004,173,874 | ---- | C] () -- C:\Users\Maxo\Desktop\Up-sem2012.pdf
[2012.01.04 16:49:44 | 000,127,243 | ---- | C] () -- C:\Users\Maxo\Desktop\Vodic_2012.pdf
[2012.01.04 16:49:44 | 000,071,359 | ---- | C] () -- C:\Users\Maxo\Desktop\Participacija-2012.pdf
[2011.12.31 03:31:21 | 000,001,220 | ---- | C] () -- C:\prefs.js
[2011.12.31 03:28:35 | 000,001,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.12.31 03:28:35 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011.12.31 03:28:35 | 000,001,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.12.30 09:07:42 | 000,000,811 | ---- | C] () -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blobby Volley.lnk
[2011.12.28 08:58:46 | 000,002,146 | ---- | C] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2011.12.28 08:52:00 | 000,001,153 | ---- | C] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2011.12.28 08:11:51 | 000,002,365 | ---- | C] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\ChromePlus.lnk
[2011.12.28 08:07:29 | 000,000,355 | ---- | C] () -- C:\Users\Maxo\Desktop\Computer.lnk
[2011.12.28 08:07:25 | 000,000,659 | ---- | C] () -- C:\Users\Maxo\Desktop\Maxo.lnk
[2011.12.28 08:01:22 | 000,001,411 | ---- | C] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.12.28 06:11:51 | 000,001,417 | ---- | C] () -- C:\Users\Maxo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.12.28 06:11:28 | 000,000,290 | ---- | C] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011.12.28 06:11:28 | 000,000,272 | ---- | C] () -- C:\Users\Maxo\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011.12.28 06:10:05 | 000,171,136 | RHS- | C] () -- C:\w7ldr
[2011.12.28 06:06:56 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.12.28 06:06:51 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.12.28 06:05:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.28 06:03:48 | 1610,059,776 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.28 06:02:30 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011.12.28 06:02:29 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2011.11.10 07:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.10 07:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.11.10 03:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.10 03:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.10.21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

Poslao: 12 Jan 2012 16:34
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Ponovo pokreni OTL OTL dvoklikom na ikonicu;

U beli okvir prozora gde piše Custom Scans/Fixes iskopirati sledeći tekst:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
[2011.12.31 03:31:21 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

:Commands
[purity]
[EmptyTemp]


Klikni taster Run Fix;


Log koji dobiješ iskopiraj ovde u poruci.



Arrow Korak 2

Pokreni ChromePlus i idi na sljedeću adresu.

chrome://plugins/

Onemogući (Disable) plugin YouTubePlayer i sve ostale nepotrebne plugin-ove.



Arrow Korak 3

Postavi svjež OTL izvještaj prema upustvu koje sam ti dao u prethodnoj poruci.



Kakvo je sad stanje sistema?

Poslao: 12 Jan 2012 17:29
Idi na vrh
offline
  • Mladen Lukić
  • Pridružio: 02 Apr 2009
  • Poruke: 1450
  • Gde živiš: Arilje

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Maxo
->Temp folder emptied: 89196555 bytes
->Temporary Internet Files folder emptied: 11571229 bytes
->Java cache emptied: 781237 bytes
->Flash cache emptied: 968489 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10173822 bytes
RecycleBin emptied: 3112626 bytes

Total Files Cleaned = 110,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01122012_165012

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...




Ovaj YoutubePlayer nisam imao u pluginovima, a stanje nije bolje. Otvara mi se neki sajt kao moj rank medju prijateljima na FB. Tako nesto.




https://www.mycity.rs/must-login.png

Poslao: 12 Jan 2012 23:59
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Možeš li mi napisati spisak plugin-ova koje imaš kad odeš na chrome://plugins/?

Ako ti je lakše, napravi screenshot kad otvoriš chrome://plugins/.

Poslao: 13 Jan 2012 14:42
Idi na vrh
offline
  • Mladen Lukić
  • Pridružio: 02 Apr 2009
  • Poruke: 1450
  • Gde živiš: Arilje

Poslao: 13 Jan 2012 21:49
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).



Arrow

Možeš li malo pojasniti "Otvara mi se neki sajt kao moj rank medju prijateljima na FB. Tako nesto." ?

Poslao: 14 Jan 2012 20:57
Idi na vrh
offline
  • Mladen Lukić
  • Pridružio: 02 Apr 2009
  • Poruke: 1450
  • Gde živiš: Arilje



Ovo gore Identified je taj sajt, kad u History kliknem na to, ne ode mi na taj sajt, nego na YouTube naprimer, a taj sajt izadje sam posle nekog vremena. A ovo dole Armies na FB mi isto samo ulazi, sa neke druge stranice. Wink


MBAM:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.14.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Maxo :: MAXO-PC [administrator]

Protection: Enabled

14.1.2012 20:52:41
mbam-log-2012-01-14 (20-52-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 157009
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Poslao: 14 Jan 2012 22:55
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U sistemu nemaš aktivnu infekciju pa bi trebalo da nastavimo sa riješavanjem ovog problema u Windows forumu no probaj još ovo da uradiš.

1) Deinstaliraj ChromePlus
2) Izbriši folder
C:\Users\Maxo\AppData\Local\MapleStudio

3) Opet isntaliraj Chrome


Da li ti se to dešava i u drugom browserima?

MyCity » Ambulanta -> Arhiva Ambulante » Virus Fb, i meni izgleda.

Ko je trenutno na forumu
 

Ukupno su 1099 korisnika na forumu :: 46 registrovanih, 7 sakrivenih i 1046 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, Apok, bojcistv, Boris BM, ccoogg123, darkangel, Darko001, Denaya, DonRumataEstorski, draganca, dragoljub11987, drimer, esx66, FileFinder, Frunze, goxin, Još malo pa deda, Karla, Krvava Devetka, kunktator, Marko Marković, Mercury, Metanoja, milenko crazy north, Milometer, moldway, mrvica78, nemkea71, Nobunaga, ozzy, radoznao, repac, RJ, Sirius, slonic_tonic, Stanlio, TheBeastOfMG, Toper, Trpe Grozni, uruk, vathra, vladulns, wolf431, Zoca, žeks62