Virusi, tastatura preskace

Virusi, tastatura preskace

offline
  • Pridružio: 15 Feb 2012
  • Poruke: 77

HELP STA DA RADI


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Administrator at 17:01:19 on 2012-12-01
Microsoft Windows XP Professional 5.1.2600.3.1250.387.1033.18.767.172 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = about:blank
mStart Page = hxxp://home.myplaycity.com/
mDefault_Page_URL = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {82EA3E77-7BD2-4744-A8F2-670770767EC5} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: GretechBHO Class: {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - c:\program files\gretech\gompicker\GomPickerBHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoInternetIcon = ??
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\XDogcat.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.88.1 192.168.11.5 8.8.8.8
TCP: Interfaces\{D3C9FF96-BA57-4F3F-B103-ED4642B59D81} : DHCPNameServer = 192.168.88.1 192.168.11.5 8.8.8.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hbdif0er.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - ExtSQL: 2012-10-02 18:42; superstart@enjoyfreeware.org; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hbdif0er.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2012-10-05 22:36; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
*
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
* To make a manual change to preferences, you can visit the URL about:config
*/
# Mozilla User Preferences
/* Do not edit this file.
FF - user.js: accessibility.browsewithcaret - true
FF - user.js: accessibility.typeaheadfind - true
FF - user.js: accessibility.typeaheadfind.casesensitive - 1
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1354255493
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1354255613
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1354255373
FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1354303665
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313414564
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304777900
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1354298453
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 552960
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.download.dir - c:\\documents and settings\\administrator\\my documents\\Downloads
FF - user.js: browser.download.lastDir - c:\\documents and settings\\administrator\\Desktop
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.save_converter_index - 0
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 6
FF - user.js: browser.newtabpage.enabled - false
FF - user.js: browser.offline - false
FF - user.js: browser.pagethumbnails.storage_version - 2
FF - user.js: browser.panorama.experienced_first_run - true
FF - user.js: browser.panorama.session_restore_enabled_once - true
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultthis.engineName -
FF - user.js: browser.search.openintab - true
FF - user.js: browser.search.suggest.enabled - false
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.google.ba/
FF - user.js: browser.startup.homepage_override.buildID - 20121024073032
FF - user.js: browser.startup.homepage_override.mstone - 16.0.2
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.loadInBackground - false
FF - user.js: browser.tabs.onTop - false
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.default.behavior - 1
FF - user.js: browser.zoom.full - false
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: DataMngr.Updater.Enabled - true
FF - user.js: devtools.hud.display.filter - false
FF - user.js: devtools.hud.display.filter.csserror - true
FF - user.js: devtools.hud.display.filter.cssparser - true
FF - user.js: devtools.hud.display.filter.error - true
FF - user.js: devtools.hud.display.filter.exception - true
FF - user.js: devtools.hud.display.filter.global - false
FF - user.js: devtools.hud.display.filter.info - true
FF - user.js: devtools.hud.display.filter.jswarn - true
FF - user.js: devtools.hud.display.filter.log - true
FF - user.js: devtools.hud.display.filter.network - true
FF - user.js: devtools.hud.display.filter.networkinfo - true
FF - user.js: devtools.hud.display.filter.warn - true
FF - user.js: devtools.hud.height - 294
FF - user.js: dom.disable_window_status_change - true
FF - user.js: dwhelper.conv-conf.auto.bc1e2619f37bea59f347c7c0c775df02 - true
FF - user.js: dwhelper.conversion-enabled - true
FF - user.js: dwhelper.conversion-was-enabled - true
FF - user.js: dwhelper.convert-free - true
FF - user.js: dwhelper.download-count - 19
FF - user.js: dwhelper.first-time - false
FF - user.js: dwhelper.last-media-host-blacklist - pop6.com|redlightcenter.com|dtiserv.com|mp3tunes.com|netflix.com
FF - user.js: dwhelper.last-shared-blacklist - 1353863583570
FF - user.js: dwhelper.last-version - 4.9.12
FF - user.js: dwhelper.manual-convert-output-format - avi/-f avi -vcodec mpeg1video
FF - user.js: dwhelper.menu-expiration - 60
FF - user.js: dwhelper.passwords-migrated - true
FF - user.js: dwhelper.safe-mode - false
FF - user.js: dwhelper.smartnamer.last-shared - 1354252699
FF - user.js: dwhelper.storagedirectory - c:\\documents and settings\\administrator\\my documents\\My Videos
FF - user.js: enableHighlight - false
FF - user.js: extensions.{27182e60-b5f3-411c-b545-b44205977502}.install-event-fired - true
FF - user.js: extensions.{51a86bb3-6602-4c85-92a5-130ee4864f13}.install-event-fired - true
FF - user.js: extensions.{7b13ec3e-999a-4b70-b9cb-2617b8323822}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.blocklist.pingCountTotal - 501
FF - user.js: extensions.blocklist.pingCountVersion - 32
FF - user.js: extensions.bootstrappedAddons - {\searchy@searchy\:{\version\:\2.7.6\,\type\:\extension\,\descriptor\:\c:\\\\documents and settings\\\\administrator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\hbdif0er.default\\\\extensions\\\\searchy@searchy.xpi\}}
FF - user.js: extensions.databaseSchema - 13
FF - user.js: extensions.dealply.firstUseDate - 1329470576043
FF - user.js: extensions.dealply.installId - _097336504348405235098539597676851289
FF - user.js: extensions.dealply.lastHeartBitDate - 2012_1_17
FF - user.js: extensions.enabledAddons - plugin@startsearcher.com:1.3,plugin@videofiledownload.com:1.5,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,superstart@enjoyfreeware.org:4.0.3,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12,wrc@avast.com:7.0.1474,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.4.0.11328,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,jqs@sun.com:1.0,{7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,engine@conduit.com:3.2.5.2,{51a86bb3-6602-4c85-92a5-130ee4864f13}:3.2.5.2,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.hotfix.lastVersion - 20121019.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1347194150625},\wrc@avast.com\:{\descriptor\:\c:\\\\program files\\\\avast software\\\\avast\\\\webrep\\\\ff\,\mtime\:1353788624281}}},{\name\:\app-global\,\addons\:{\{82af8dca-6de9-405d-bd5e-43525bdad38a}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{82af8dca-6de9-405d-bd5e-43525bdad38a}\,\mtime\:1354304363609},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1351347742500}}},{\name\:\app-profile\,\addons\:{\firefox@tvunetworks.com\:{\descriptor\:\c:\\\\documents and settings\\\\administrator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\hbdif0er.default\\\\extensions\\\\firefox@tvunetworks.com\,\mtime\:1323754736343},\oneclickdownloader@oneclickdownloader.com\:{\descriptor\:\c:\\\\documents and settings\\\\administrator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\hbdif0er.default\\\\extensions\\\\oneclickdownloader@oneclickdownloader.com.xpi\,\mtime\:1343128873879},\plugin@startsearcher.com\:{\descriptor\:\c:\\\\documents and settings\\\\administrator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\hbdif0er.default\\\\extensions\\\\plugin@startsearcher.com\,\mtime\:1340375480125},\plugin@videofiledownload.com\:{\descriptor\:\c:\\\\documents and settings\\\\administrator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\hbdif0er.default\\\\extensions\\\\plugin@videofiledownload.com\,\mtime\:1340375851203},\searchy@searchy\:{\descriptor\:\c:\\\\documents and settings\\\\administrator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\hbdif0er.default\\\\extensions\\\\searchy@searchy.xpi\,\mtime\:1350677794224},\superstart@enjoyfreeware.org\:{\descriptor\:\c:\\\\documents and settings\\\\administrator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\hbdif0er.default\\\\extensions\\\\superstart@enjoyfreeware.org\,\mtime\:1353439635281},\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\:{\descriptor\:\c:\\\\documents and settings\\\\administrator\\\\application data\\\\mozilla\\\\firefox\\\\profiles\\\\hbdif0er.default\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\,\mtime\:1353562813187}}}]
FF - user.js: extensions.InstantFox.context.usedefault - false
FF - user.js: extensions.InstantFox.opacity - 94
FF - user.js: extensions.InstantFox.removeOptions - false
FF - user.js: extensions.InstantFox.removeSearchbar - false
FF - user.js: extensions.InstantFox.shadowStyle - highlighthed
FF - user.js: extensions.InstantFox.suggestStyle - condensed
FF - user.js: extensions.InstantFox.takeSuggestedOnEnter - false
FF - user.js: extensions.InstantFox.version - 2.7.6
FF - user.js: extensions.jqs@sun.com.install-event-fired - true
FF - user.js: extensions.lastAppVersion - 16.0.2
FF - user.js: extensions.lastPlatformVersion - 16.0.2
FF - user.js: extensions.msntoolbar@msn.com.install-event-fired - true
FF - user.js: extensions.OneClickDownloader.last_register - 2012-5-2
FF - user.js: extensions.OneClickDownloader.SupportedSite - []
FF - user.js: extensions.OneClickDownloader.UserID - 10.53.106.974f8daa145962f0.09354390
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.predictad.isTrackedInstall - true
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.skype_toolbar.version - 6.4.0.11328
FF - user.js: extensions.superstart.theme - Default
FF - user.js: extensions.superstart.version - 4.0.3
FF - user.js: extensions.tryit.forderId - 5043
FF - user.js: extensions.ui.dictionary.hidden - true
FF - user.js: extensions.ui.lastCategory - addons://discover/
FF - user.js: extensions.ui.locale.hidden - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.vfdownload.installDate - 2012-6-22
FF - user.js: extensions.vfdownload.installed - done
FF - user.js: extensions.vfdownload.installedProduct - facetheme_bundle
FF - user.js: extensions.vfdownload.installerVersion - 1.0.0
FF - user.js: extensions.vfdownload.installID - {AD678FBC-CEA2-4F68-86FF-DECE4645DBA3}
FF - user.js: extensions.vfdownload.installpartner - ob
FF - user.js: extensions.wrc.RulesVersion - 121121154541479
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.style - some style
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.url - testik.bb
FF - user.js: extensions.wrc.SearchRules.atlas.cz.style - .WRCN {display:none} .results-list .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.cz.url - ^http\\:\\/\\/searchatlas\\.centrum\\.cz\\/.+
user_pref(extensions.wrc.SearchRules.atlas.cz\:{.style, .WRCN {display:none} .results-list .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat});
user_pref(extensions.wrc.SearchRules.atlas.cz\:{.url, ^http\\\\:\\\\/\\\\/searchatlas\\\\.centrum\\\\.cz\\\\/.+);
FF - user.js: extensions.wrc.SearchRules.atlas.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.sk.url - ^http\\:\\/\\/hladaj\\.atlas\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.baidu.com.style - .WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.baidu.com.url - ^http\\:\\/\\/www\\.baidu\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.bing.com.style - .WRCN {display:none} .sb_tlst .WRCN, .sp_pss .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.bing.com.url - ^http(s)?\\:\\/\\/www\\.bing\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.cz.style - .WRCN {display:none} .results-list h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.cz.url - ^http(s)?\\:\\/\\/search\\.centrum\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.sk.url - ^http\\:\\/\\/search\\.centrum\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.delicious.com.style - .WRCN {display:none} .taggedlink + .WRCN, .data .full-url .WRCN, .content .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.delicious.com.url - ^http\\:\\/\\/(www\\.)?delicious\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.dmoz.org.style - .WRCN {display:none} ol.site li .WRCN{display:inline !important; background: url(\IMAGE\) right no-repeat} ol.site li .ref .WRCN {display:none!important}
FF - user.js: extensions.wrc.SearchRules.dmoz.org.url - ^http\\:\\/\\/www\\.dmoz\\.org\\/search(.)+
FF - user.js: extensions.wrc.SearchRules.excite.com.style - .WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.excite.com.url - ^http\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.style - .WRCN {display:none} .results-index HEADER .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.url - ^http\\:\\/\\/szukaj\\.gazeta\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.google.com.style - .WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhsline ol .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.google.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*
FF - user.js: extensions.wrc.SearchRules.interia.pl.style - .WRCN {display:none} .row .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.interia.pl.url - ^http\\:\\/\\/(www\\.)?google\\.interia\\.pl\\/szukaj\\/.+
FF - user.js: extensions.wrc.SearchRules.onet.pl.style - .WRCN {display:none} #main .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.onet.pl.url - ^http\\:\\/\\/szukaj\\.onet\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.style - .WRCN {display:none} .lnkwww + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.url - ^http\\:\\/\\/www\\.paginegialle\\.it\\/pgol\\/.+
FF - user.js: extensions.wrc.SearchRules.public.avast.com.style - .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.public.avast.com.url - ^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.rambler.ru.style - .WRCN {display:none} .b-serp__list .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.rambler.ru.url - ^http\\:\\/\\/nova\\.rambler\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.scroogle.org.style - a + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.scroogle.org.url - ^http\\:\\/\\/www\\.scroogle\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.seznam.cz.style - .WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.seznam.cz.url - ^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.sky.com.style - .WRCN {display:none} #results h3 .WRCN, #sponsored_top h3 .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.sky.com.url - ^http\\:\\/\\/search\\.sky\\.com/.+
FF - user.js: extensions.wrc.SearchRules.slashdot.org.style - .WRCN {display:none} .body i .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.slashdot.org.url - ^http\\:\\/\\/slashdot\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.stackoverflow.com.style - .WRCN {display:none} .post-text .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}\}
FF - user.js: extensions.wrc.SearchRules.stackoverflow.com.url - ^http\\:\\/\\/stackoverflow\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.terra.com.br.style - .WRCN {display:none} #searchResultsDiv .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.terra.com.br.url - ^http\\:\\/\\/buscador\\.terra\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.tiscali.it.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.tiscali.it.url - ^http\\:\\/\\/search\\.tiscali\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.uol.com.br.style - .WRCN {display:none} #results dt .WRCN, #results .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} #results .link .similar .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.uol.com.br.url - ^http\\:\\/\\/(.\\.)?busca\\.uol\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.virgilio.it.style - .WRCN {display:none} .record .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .risultati .record .sponsor + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.virgilio.it.url - ^http\\:\\/\\/ricerca\\.virgilio\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.style - .WRCN {display:none} .result .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.url - ^http\\:\\/\\/search\\.virginmedia\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.whereis.com.style - .WRCN {display:none} .priority_url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.whereis.com.url - ^http\\:\\/\\/www\\.whereis\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.wp.pl.style - .WRCN {display:none} .res .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.wp.pl.url - ^http\\:\\/\\/szukaj\\.wp\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.yahoo.com.style - .WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yahoo.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.yandex.ru.style - .WRCN {display:none} .b-serp-item__title-link + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yandex.ru.url - ^http\\:\\/\\/yandex\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.yell.com.style - .WRCN {display:none} .advert-content .WRCN, .other-cta .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .advert-content .star + .WRCN, .advert-content .logoImg + .WRCN, .other-cta .shareLink + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.yell.com.url - ^http\\:\\/\\/www\\.yell\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.style - .WRCN {display:none} .box_content .link_right .link_title + .WRCN, .gsc-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.url - ^http\\:\\/\\/www\\.zoznam\\.sk\\/.+
FF - user.js: font.internaluseonly.changed - false
FF - user.js: font.language.group - x-central-euro
FF - user.js: font.size.variable.x-western - 15
FF - user.js: gfx.blacklist.suggested-driver-version - 10.6
FF - user.js: id_toolbar.bubble_border - true
FF - user.js: id_toolbar.bubble_extended - false
FF - user.js: id_toolbar.bubble_height - 480
FF - user.js: id_toolbar.bubble_screenx - 709
FF - user.js: id_toolbar.bubble_screeny - 137
FF - user.js: id_toolbar.bubble_scroll - 1
FF - user.js: id_toolbar.bubble_src - http%3A//www.youtube.com
FF - user.js: id_toolbar.bubble_type - 1
FF - user.js: id_toolbar.bubble_width - 640
FF - user.js: id_toolbar.firstlaunch - 0
FF - user.js: id_toolbar.guid - %7BEB02A452-603D-23A3-6682-C707BE917C60%7D
FF - user.js: id_toolbar.hiddenvisual - 0
FF - user.js: id_toolbar.searchengine - Google
FF - user.js: id_toolbar.variables.SVar1 - %13
FF - user.js: id_toolbar.variables.SVar10 - %13
FF - user.js: id_toolbar.variables.SVar2 - %13
FF - user.js: id_toolbar.variables.SVar3 - %13
FF - user.js: id_toolbar.variables.SVar4 - %13
FF - user.js: id_toolbar.variables.SVar5 - %13
FF - user.js: id_toolbar.variables.SVar6 - %13
FF - user.js: id_toolbar.variables.SVar7 - %13
FF - user.js: id_toolbar.variables.SVar8 - %13
FF - user.js: id_toolbar.variables.SVar9 - %13
FF - user.js: id_toolbar.variables.Var1 - 0
FF - user.js: id_toolbar.variables.Var10 - 0
FF - user.js: id_toolbar.variables.Var2 - 0
FF - user.js: id_toolbar.variables.Var3 - 0
FF - user.js: id_toolbar.variables.Var4 - 0
FF - user.js: id_toolbar.variables.Var5 - 0
FF - user.js: id_toolbar.variables.Var6 - 0
FF - user.js: id_toolbar.variables.Var7 - 0
FF - user.js: id_toolbar.variables.Var8 - 0
FF - user.js: id_toolbar.variables.Var9 - 0
FF - user.js: id_toolbar_installed_version - 1.0.26
FF - user.js: id_toolbar_tabpage - chrome%3A//id_toolbar/content/fasttabs.html
FF - user.js: idle.lastDailyNotification - 1354258434
FF - user.js: intl.charset.detector -
FF - user.js: intl.charsetmenu.browser.cache - windows-1251, ISO-8859-2, ISO-8859-1, UTF-8, windows-1250
FF - user.js: Keyword.Enabled - true
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: places.database.lastMaintenance - 1354258434
FF - user.js: places.history.expiration.transient_current_max_pages - 20107
FF - user.js: places.history.expiration.transient_optimal_database_size - 21432238
FF - user.js: places.last_vacuum - 1302408936
FF - user.js: plugin.expose_full_path - true
FF - user.js: pref.advanced.images.disable_button.view_image - false
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: pref.privacy.disable_button.cookie_exceptions - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: pref.privacy.disable_button.view_passwords - false
FF - user.js: pref.privacy.disable_button.view_passwords_exceptions - false
FF - user.js: print.print_bgcolor - false
FF - user.js: print.print_bgimages - false
FF - user.js: print.print_evenpages - true
FF - user.js: print.print_in_color - true
FF - user.js: print.print_margin_bottom - 0.5
FF - user.js: print.print_margin_left - 0.5
FF - user.js: print.print_margin_right - 0.5
FF - user.js: print.print_margin_top - 0.5
FF - user.js: print.print_oddpages - true
FF - user.js: print.print_orientation - 0
FF - user.js: print.print_reversed - false
FF - user.js: print.print_scaling - 1,00
FF - user.js: print.print_shrink_to_fit - true
FF - user.js: print_bgcolor - false
FF - user.js: print_bgimages - false
FF - user.js: print_colorspace -
FF - user.js: print_command -
FF - user.js: print_downloadfonts - false
FF - user.js: print_edge_bottom - 0
FF - user.js: print_edge_left - 0
FF - user.js: print_edge_right - 0
FF - user.js: print_edge_top - 0
FF - user.js: print_evenpages - true
FF - user.js: print_footercenter -
FF - user.js: print_footerleft - &PT
FF - user.js: print_footerright - &D
FF - user.js: print_headercenter -
FF - user.js: print_headerleft - &T
FF - user.js: print_headerright - &U
FF - user.js: print_in_color - true
FF - user.js: print_margin_bottom - 0.5
FF - user.js: print_margin_left - 0.5
FF - user.js: print_margin_right - 0.5
FF - user.js: print_margin_top - 0.5
FF - user.js: print_oddpages - true
FF - user.js: print_orientation - 0
FF - user.js: print_page_delay - 50
FF - user.js: print_paper_data - 0
FF - user.js: print_paper_height - 11,00
FF - user.js: print_paper_name -
FF - user.js: print_paper_size_type - 1
FF - user.js: print_paper_size_unit - 0
FF - user.js: print_paper_width - 8,50
FF - user.js: print_plex_name -
FF - user.js: print_printer - HP Deskjet D1400 series
FF - user.js: print_resolution_name -
FF - user.js: print_reversed - false
FF - user.js: print_scaling - 1,00
FF - user.js: print_shrink_to_fit - true
FF - user.js: print_to_file - false
FF - user.js: print_to_filename -
FF - user.js: print_unwriteable_margin_bottom - 0
FF - user.js: print_unwriteable_margin_left - 0
FF - user.js: print_unwriteable_margin_right - 0
FF - user.js: print_unwriteable_margin_top - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_bgcolor - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_bgimages - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_colorspace -
FF - user.js: printer_HP_Deskjet_D1400_series.print_command -
FF - user.js: printer_HP_Deskjet_D1400_series.print_downloadfonts - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_edge_bottom - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_edge_left - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_edge_right - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_edge_top - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_evenpages - true
FF - user.js: printer_HP_Deskjet_D1400_series.print_footercenter -
FF - user.js: printer_HP_Deskjet_D1400_series.print_footerleft - &PT
FF - user.js: printer_HP_Deskjet_D1400_series.print_footerright - &D
FF - user.js: printer_HP_Deskjet_D1400_series.print_headercenter -
FF - user.js: printer_HP_Deskjet_D1400_series.print_headerleft - &T
FF - user.js: printer_HP_Deskjet_D1400_series.print_headerright - &U
FF - user.js: printer_HP_Deskjet_D1400_series.print_in_color - true
FF - user.js: printer_HP_Deskjet_D1400_series.print_margin_bottom - 0.393750011920929
FF - user.js: printer_HP_Deskjet_D1400_series.print_margin_left - 0.393750011920929
FF - user.js: printer_HP_Deskjet_D1400_series.print_margin_right - 0.393750011920929
FF - user.js: printer_HP_Deskjet_D1400_series.print_margin_top - 0.393750011920929
FF - user.js: printer_HP_Deskjet_D1400_series.print_oddpages - true
FF - user.js: printer_HP_Deskjet_D1400_series.print_orientation - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_page_delay - 50
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_data - 9
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_height - 11,00
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_name -
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_size_type - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_size_unit - 1
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_width - 8,50
FF - user.js: printer_HP_Deskjet_D1400_series.print_plex_name -
FF - user.js: printer_HP_Deskjet_D1400_series.print_resolution_name -
FF - user.js: printer_HP_Deskjet_D1400_series.print_reversed - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_scaling - 1,25
FF - user.js: printer_HP_Deskjet_D1400_series.print_shrink_to_fit - true
FF - user.js: printer_HP_Deskjet_D1400_series.print_to_file - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_to_filename -
FF - user.js: printer_HP_Deskjet_D1400_series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_unwriteable_margin_left - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_unwriteable_margin_right - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_unwriteable_margin_top - 0
FF - user.js: privacy.popups.showBrowserMessage - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.csp.enable - false
FF - user.js: security.OCSP.enabled - 0
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.globalScore - 0
FF - user.js: services.sync.lastversion - 1.14.0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.nextSync - 0
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: spellchecker.dictionary - en-US
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1353055919
FF - user.js: toolkit.startup.last_success - 1354310818
FF - user.js: toolkit.telemetry.enabled - true
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: ui.submenuDelay - 0
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1356895550
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.103 -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-24 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-5 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-5 361032]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2011-5-2 30656]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-2-15 913752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-5 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-5 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-30 399432]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-26 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-1 40776]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-3-21 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-26 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2011-6-1 26752]
S3 pfsvgae;pfsvgae; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2060-08-19 01:02:32 2023424 ------w- c:\windows\system32\Vcl50.bpl
2060-08-19 01:02:22 1496064 ------w- c:\windows\system32\Cc3250mt.dll
2060-08-19 01:02:12 248832 ------w- c:\windows\system32\Vclx50.bpl
2060-08-19 00:40:44 909824 ------w- c:\windows\system32\Cp3245mt.dll
2060-08-19 00:40:44 24064 ------w- c:\windows\system32\Borlndmm.dll
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-22 08:43:24 1875328 ----a-w- c:\windows\system32\win32k.sys
2012-10-18 18:41:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-18 18:41:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 17:15:43 711240 ----a-w- c:\windows\isRS-000.tmp
2012-09-29 17:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 19:22:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-26 19:22:43 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-26 19:22:43 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-26 19:22:43 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 17:02:33,21 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Pozdrav, elvax.





Arrow Možeš li mi malo bolje opisati kakve probleme imaš sa tastaturom, i kada se oni ispoljavaju?




Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.





Ivance95 (AMF Tim)

offline
  • Pridružio: 15 Feb 2012
  • Poruke: 77

Napisano: 01 Dec 2012 19:24

ComboFix 12-12-01.01 - Administrator 01.12.2012 19:07:38.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.387.1033.18.767.289 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
c:\program files\smartdl
c:\program files\smartdl\gunzip.exe
c:\program files\smartdl\status
c:\program files\smartdl\TorrentSearch.exe
c:\program files\SSearch
c:\program files\SSearch\sqlite3.exe
c:\windows\isRS-000.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\SET27.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35D.tmp
c:\windows\system32\SET35E.tmp
c:\windows\system32\SET35F.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET4E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 15:36 . 2012-12-01 15:36 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-12-01 15:36 . 2012-12-01 15:36 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-12-01 15:36 . 2012-12-01 15:36 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-12-01 15:36 . 2012-12-01 15:36 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-12-01 15:36 . 2012-12-01 15:36 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-12-01 15:36 . 2012-12-01 15:36 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-12-01 15:36 . 2012-12-01 15:36 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-12-01 15:36 . 2012-12-01 15:36 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-12-01 15:36 . 2012-12-01 15:36 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-12-01 15:36 . 2012-12-01 15:36 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-12-01 15:36 . 2012-12-01 15:36 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-12-01 15:36 . 2012-12-01 15:36 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-12-01 15:35 . 2012-12-01 15:35 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-12-01 15:35 . 2012-12-01 15:35 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-12-01 15:35 . 2012-12-01 15:35 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-12-01 15:35 . 2012-12-01 15:35 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-12-01 15:35 . 2012-12-01 15:35 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-12-01 15:34 . 2012-12-01 15:34 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-24 05:31 . 2012-10-30 22:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-11-22 09:34 . 2012-11-22 09:34 5885632 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-11-20 20:47 . 2012-11-30 21:30 -------- d-----w- c:\program files\Angry Birds Space v1.0.0.2 Full
2012-11-19 18:34 . 2012-11-19 18:34 -------- d-----w- C:\Users
2012-11-17 20:20 . 2012-11-20 14:46 -------- d-----w- c:\program files\Pop up Blocker Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-19 01:02 . 2011-09-28 23:02 2023424 ------w- c:\windows\system32\Vcl50.bpl
2060-08-19 01:02 . 2011-09-28 23:02 1496064 ------w- c:\windows\system32\Cc3250mt.dll
2060-08-19 01:02 . 2011-09-28 23:02 248832 ------w- c:\windows\system32\Vclx50.bpl
2060-08-19 00:40 . 2011-09-28 23:02 909824 ------w- c:\windows\system32\Cp3245mt.dll
2060-08-19 00:40 . 2011-09-28 23:02 24064 ------w- c:\windows\system32\Borlndmm.dll
2012-10-30 22:51 . 2012-10-05 20:36 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-05 20:36 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-10-05 20:36 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-05 20:36 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-05 20:36 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2012-10-05 20:36 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2012-10-05 20:36 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-05 20:36 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2012-10-05 20:35 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-05 20:35 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-22 08:43 . 2008-10-31 13:52 1875328 ----a-w- c:\windows\system32\win32k.sys
2012-10-18 18:41 . 2012-10-01 18:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-18 18:41 . 2011-10-06 23:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2011-04-26 22:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 19:22 . 2012-09-26 19:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-26 19:22 . 2012-05-29 17:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-26 19:22 . 2012-02-17 09:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-26 19:22 . 2010-09-09 14:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-27 14:22 . 2012-10-27 14:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-09-30 . 038CA45522FE9B756EFB90DBFA9141EA . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-10-23 605184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-31 963984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-29 15:15 126976 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-29 15:15 155648 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-29 17:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2010-07-01 19:43 220336 ------w- c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 12:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
2010-09-30 18:47 93360 ------w- c:\program files\Olympus\ib\olycamdetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
2008-03-27 01:34 479412 ----a-w- c:\program files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-10-31 10:19 963984 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [24.11.2012 6:31 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.10.2012 21:36 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.10.2012 21:36 361032]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2.5.2011 5:31 30656]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [15.2.2012 23:00 913752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.10.2012 21:36 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [30.9.2012 18:15 399432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.4.2011 23:26 22856]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.3.2011 2:01 27632]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.4.2011 23:27 676936]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [22.11.2012 10:29 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [1.6.2011 17:47 26752]
S3 pfsvgae;pfsvgae; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASPI32
*Deregistered* - pxtdapow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 18:41]
.
2012-12-01 c:\windows\Tasks\ASC5_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe [2012-02-15 09:49]
.
2012-12-01 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2012-02-15 18:13]
.
2012-12-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-05 22:50]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 05:07]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 05:07]
.
2012-12-01 c:\windows\Tasks\User_Feed_Synchronization-{226F826B-D51C-4C13-8859-F3BA7BF943F8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.myplaycity.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
LSP: c:\windows\system32\XDogcat.dll
TCP: DhcpNameServer = 192.168.88.1 192.168.11.5 8.8.8.8
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hbdif0er.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - ExtSQL: 2012-10-02 18:42; superstart@enjoyfreeware.org; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hbdif0er.default\extensions\superstart@enjoyfreeware.org
FF - ExtSQL: 2012-10-05 22:36; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
*
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
* To make a manual change to preferences, you can visit the URL about:config
*/
# Mozilla User Preferences
/* Do not edit this file.
FF - user.js: accessibility.browsewithcaret - true
FF - user.js: accessibility.typeaheadfind - true
FF - user.js: accessibility.typeaheadfind.casesensitive - 1
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1354255493
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1354255613
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1354255373
FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1354303665
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313414564
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304777900
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1354298453
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 552960
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.download.dir - c:\\Documents and Settings\\Administrator\\My Documents\\Downloads
FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\Administrator\\Desktop
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.save_converter_index - 0
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 6
FF - user.js: browser.newtabpage.enabled - false
FF - user.js: browser.offline - false
FF - user.js: browser.pagethumbnails.storage_version - 2
FF - user.js: browser.panorama.experienced_first_run - true
FF - user.js: browser.panorama.session_restore_enabled_once - true
FF - user.js: browser.places.smartBookmarksVersion - 4
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultthis.engineName -
FF - user.js: browser.search.openintab - true
FF - user.js: browser.search.suggest.enabled - false
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.google.ba/
FF - user.js: browser.startup.homepage_override.buildID - 20121024073032
FF - user.js: browser.startup.homepage_override.mstone - 16.0.2
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.loadInBackground - false
FF - user.js: browser.tabs.onTop - false
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.default.behavior - 1
FF - user.js: browser.zoom.full - false
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: DataMngr.Updater.Enabled - true
FF - user.js: devtools.hud.display.filter - false
FF - user.js: devtools.hud.display.filter.csserror - true
FF - user.js: devtools.hud.display.filter.cssparser - true
FF - user.js: devtools.hud.display.filter.error - true
FF - user.js: devtools.hud.display.filter.exception - true
FF - user.js: devtools.hud.display.filter.global - false
FF - user.js: devtools.hud.display.filter.info - true
FF - user.js: devtools.hud.display.filter.jswarn - true
FF - user.js: devtools.hud.display.filter.log - true
FF - user.js: devtools.hud.display.filter.network - true
FF - user.js: devtools.hud.display.filter.networkinfo - true
FF - user.js: devtools.hud.display.filter.warn - true
FF - user.js: devtools.hud.height - 294
FF - user.js: dom.disable_window_status_change - true
FF - user.js: dwhelper.conv-conf.auto.bc1e2619f37bea59f347c7c0c775df02 - true
FF - user.js: dwhelper.conversion-enabled - true
FF - user.js: dwhelper.conversion-was-enabled - true
FF - user.js: dwhelper.convert-free - true
FF - user.js: dwhelper.download-count - 19
FF - user.js: dwhelper.first-time - false
FF - user.js: dwhelper.last-media-host-blacklist - pop6.com|redlightcenter.com|dtiserv.com|mp3tunes.com|netflix.com
FF - user.js: dwhelper.last-shared-blacklist - 1353863583570
FF - user.js: dwhelper.last-version - 4.9.12
FF - user.js: dwhelper.manual-convert-output-format - avi/-f avi -vcodec mpeg1video
FF - user.js: dwhelper.menu-expiration - 60
FF - user.js: dwhelper.passwords-migrated - true
FF - user.js: dwhelper.safe-mode - false
FF - user.js: dwhelper.smartnamer.last-shared - 1354252699
FF - user.js: dwhelper.storagedirectory - c:\\Documents and Settings\\Administrator\\My Documents\\My Videos
FF - user.js: enableHighlight - false
FF - user.js: extensions.{27182e60-b5f3-411c-b545-b44205977502}.install-event-fired - true
FF - user.js: extensions.{51a86bb3-6602-4c85-92a5-130ee4864f13}.install-event-fired - true
FF - user.js: extensions.{7b13ec3e-999a-4b70-b9cb-2617b8323822}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}.install-event-fired - true
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.blocklist.pingCountTotal - 501
FF - user.js: extensions.blocklist.pingCountVersion - 32
FF - user.js: extensions.bootstrappedAddons - {\searchy@searchy\:{\version\:\2.7.6\,\type\:\extension\,\descriptor\:\c:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hbdif0er.default\\\\extensions\\\\searchy@searchy.xpi\}}
FF - user.js: extensions.databaseSchema - 13
FF - user.js: extensions.dealply.firstUseDate - 1329470576043
FF - user.js: extensions.dealply.installId - _097336504348405235098539597676851289
FF - user.js: extensions.dealply.lastHeartBitDate - 2012_1_17
FF - user.js: extensions.enabledAddons - plugin@startsearcher.com:1.3,plugin@videofiledownload.com:1.5,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,superstart@enjoyfreeware.org:4.0.3,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12,wrc@avast.com:7.0.1474,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.4.0.11328,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,jqs@sun.com:1.0,{7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,engine@conduit.com:3.2.5.2,{51a86bb3-6602-4c85-92a5-130ee4864f13}:3.2.5.2,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.hotfix.lastVersion - 20121019.01
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1347194150625},\wrc@avast.com\:{\descriptor\:\c:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\,\mtime\:1353788624281}}},{\name\:\app-global\,\addons\:{\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\,\mtime\:1354304363609},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1351347742500}}},{\name\:\app-profile\,\addons\:{\firefox@tvunetworks.com\:{\descriptor\:\c:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hbdif0er.default\\\\extensions\\\\firefox@tvunetworks.com\,\mtime\:1323754736343},\OneClickDownloader@OneClickDownloader.com\:{\descriptor\:\c:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hbdif0er.default\\\\extensions\\\\OneClickDownloader@OneClickDownloader.com.xpi\,\mtime\:1343128873879},\plugin@startsearcher.com\:{\descriptor\:\c:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hbdif0er.default\\\\extensions\\\\plugin@startsearcher.com\,\mtime\:1340375480125},\plugin@videofiledownload.com\:{\descriptor\:\c:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hbdif0er.default\\\\extensions\\\\plugin@videofiledownload.com\,\mtime\:1340375851203},\searchy@searchy\:{\descriptor\:\c:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hbdif0er.default\\\\extensions\\\\searchy@searchy.xpi\,\mtime\:1350677794224},\superstart@enjoyfreeware.org\:{\descriptor\:\c:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hbdif0er.default\\\\extensions\\\\superstart@enjoyfreeware.org\,\mtime\:1353439635281},\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\:{\descriptor\:\c:\\\\Documents and Settings\\\\Administrator\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hbdif0er.default\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\,\mtime\:1353562813187}}}]
FF - user.js: extensions.InstantFox.context.usedefault - false
FF - user.js: extensions.InstantFox.opacity - 94
FF - user.js: extensions.InstantFox.removeOptions - false
FF - user.js: extensions.InstantFox.removeSearchbar - false
FF - user.js: extensions.InstantFox.shadowStyle - highlighthed
FF - user.js: extensions.InstantFox.suggestStyle - condensed
FF - user.js: extensions.InstantFox.takeSuggestedOnEnter - false
FF - user.js: extensions.InstantFox.version - 2.7.6
FF - user.js: extensions.jqs@sun.com.install-event-fired - true
FF - user.js: extensions.lastAppVersion - 16.0.2
FF - user.js: extensions.lastPlatformVersion - 16.0.2
FF - user.js: extensions.msntoolbar@msn.com.install-event-fired - true
FF - user.js: extensions.OneClickDownloader.last_register - 2012-5-2
FF - user.js: extensions.OneClickDownloader.SupportedSite - []
FF - user.js: extensions.OneClickDownloader.UserID - 10.53.106.974f8daa145962f0.09354390
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.predictad.isTrackedInstall - true
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.skype_toolbar.version - 6.4.0.11328
FF - user.js: extensions.superstart.theme - Default
FF - user.js: extensions.superstart.version - 4.0.3
FF - user.js: extensions.tryit.forderId - 5043
FF - user.js: extensions.ui.dictionary.hidden - true
FF - user.js: extensions.ui.lastCategory - addons://discover/
FF - user.js: extensions.ui.locale.hidden - true
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.vfdownload.installDate - 2012-6-22
FF - user.js: extensions.vfdownload.installed - done
FF - user.js: extensions.vfdownload.installedProduct - facetheme_bundle
FF - user.js: extensions.vfdownload.installerVersion - 1.0.0
FF - user.js: extensions.vfdownload.installID - {AD678FBC-CEA2-4F68-86FF-DECE4645DBA3}
FF - user.js: extensions.vfdownload.installpartner - ob
FF - user.js: extensions.wrc.RulesVersion - 121121154541479
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.style - some style
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.url - testik.bb
FF - user.js: extensions.wrc.SearchRules.atlas.cz.style - .WRCN {display:none} .results-list .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.cz.url - ^http\\:\\/\\/searchatlas\\.centrum\\.cz\\/.+
user_pref(extensions.wrc.SearchRules.atlas.cz\:{.style, .WRCN {display:none} .results-list .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat});
user_pref(extensions.wrc.SearchRules.atlas.cz\:{.url, ^http\\\\:\\\\/\\\\/searchatlas\\\\.centrum\\\\.cz\\\\/.+);
FF - user.js: extensions.wrc.SearchRules.atlas.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.sk.url - ^http\\:\\/\\/hladaj\\.atlas\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.baidu.com.style - .WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.baidu.com.url - ^http\\:\\/\\/www\\.baidu\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.bing.com.style - .WRCN {display:none} .sb_tlst .WRCN, .sp_pss .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.bing.com.url - ^http(s)?\\:\\/\\/www\\.bing\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.cz.style - .WRCN {display:none} .results-list h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.cz.url - ^http(s)?\\:\\/\\/search\\.centrum\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.sk.url - ^http\\:\\/\\/search\\.centrum\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.delicious.com.style - .WRCN {display:none} .taggedlink + .WRCN, .data .full-url .WRCN, .content .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.delicious.com.url - ^http\\:\\/\\/(www\\.)?delicious\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.dmoz.org.style - .WRCN {display:none} ol.site li .WRCN{display:inline !important; background: url(\IMAGE\) right no-repeat} ol.site li .ref .WRCN {display:none!important}
FF - user.js: extensions.wrc.SearchRules.dmoz.org.url - ^http\\:\\/\\/www\\.dmoz\\.org\\/search(.)+
FF - user.js: extensions.wrc.SearchRules.excite.com.style - .WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.excite.com.url - ^http\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.style - .WRCN {display:none} .results-index HEADER .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.url - ^http\\:\\/\\/szukaj\\.gazeta\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.google.com.style - .WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhsline ol .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.google.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*
FF - user.js: extensions.wrc.SearchRules.interia.pl.style - .WRCN {display:none} .row .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.interia.pl.url - ^http\\:\\/\\/(www\\.)?google\\.interia\\.pl\\/szukaj\\/.+
FF - user.js: extensions.wrc.SearchRules.onet.pl.style - .WRCN {display:none} #main .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.onet.pl.url - ^http\\:\\/\\/szukaj\\.onet\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.style - .WRCN {display:none} .lnkwww + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.url - ^http\\:\\/\\/www\\.paginegialle\\.it\\/pgol\\/.+
FF - user.js: extensions.wrc.SearchRules.public.avast.com.style - .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.public.avast.com.url - ^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.rambler.ru.style - .WRCN {display:none} .b-serp__list .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.rambler.ru.url - ^http\\:\\/\\/nova\\.rambler\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.scroogle.org.style - a + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.scroogle.org.url - ^http\\:\\/\\/www\\.scroogle\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.seznam.cz.style - .WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.seznam.cz.url - ^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.sky.com.style - .WRCN {display:none} #results h3 .WRCN, #sponsored_top h3 .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.sky.com.url - ^http\\:\\/\\/search\\.sky\\.com/.+
FF - user.js: extensions.wrc.SearchRules.slashdot.org.style - .WRCN {display:none} .body i .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.slashdot.org.url - ^http\\:\\/\\/slashdot\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.stackoverflow.com.style - .WRCN {display:none} .post-text .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}\}
FF - user.js: extensions.wrc.SearchRules.stackoverflow.com.url - ^http\\:\\/\\/stackoverflow\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.terra.com.br.style - .WRCN {display:none} #searchResultsDiv .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.terra.com.br.url - ^http\\:\\/\\/buscador\\.terra\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.tiscali.it.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.tiscali.it.url - ^http\\:\\/\\/search\\.tiscali\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.uol.com.br.style - .WRCN {display:none} #results dt .WRCN, #results .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} #results .link .similar .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.uol.com.br.url - ^http\\:\\/\\/(.\\.)?busca\\.uol\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.virgilio.it.style - .WRCN {display:none} .record .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .risultati .record .sponsor + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.virgilio.it.url - ^http\\:\\/\\/ricerca\\.virgilio\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.style - .WRCN {display:none} .result .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.url - ^http\\:\\/\\/search\\.virginmedia\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.whereis.com.style - .WRCN {display:none} .priority_url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.whereis.com.url - ^http\\:\\/\\/www\\.whereis\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.wp.pl.style - .WRCN {display:none} .res .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.wp.pl.url - ^http\\:\\/\\/szukaj\\.wp\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.yahoo.com.style - .WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yahoo.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.yandex.ru.style - .WRCN {display:none} .b-serp-item__title-link + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yandex.ru.url - ^http\\:\\/\\/yandex\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.yell.com.style - .WRCN {display:none} .advert-content .WRCN, .other-cta .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .advert-content .star + .WRCN, .advert-content .logoImg + .WRCN, .other-cta .shareLink + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.yell.com.url - ^http\\:\\/\\/www\\.yell\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.style - .WRCN {display:none} .box_content .link_right .link_title + .WRCN, .gsc-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.url - ^http\\:\\/\\/www\\.zoznam\\.sk\\/.+
FF - user.js: font.internaluseonly.changed - false
FF - user.js: font.language.group - x-central-euro
FF - user.js: font.size.variable.x-western - 15
FF - user.js: gfx.blacklist.suggested-driver-version - 10.6
FF - user.js: id_toolbar.bubble_border - true
FF - user.js: id_toolbar.bubble_extended - false
FF - user.js: id_toolbar.bubble_height - 480
FF - user.js: id_toolbar.bubble_screenx - 709
FF - user.js: id_toolbar.bubble_screeny - 137
FF - user.js: id_toolbar.bubble_scroll - 1
FF - user.js: id_toolbar.bubble_src - http%3A//www.youtube.com
FF - user.js: id_toolbar.bubble_type - 1
FF - user.js: id_toolbar.bubble_width - 640
FF - user.js: id_toolbar.firstlaunch - 0
FF - user.js: id_toolbar.guid - %7BEB02A452-603D-23A3-6682-C707BE917C60%7D
FF - user.js: id_toolbar.hiddenvisual - 0
FF - user.js: id_toolbar.searchengine - Google
FF - user.js: id_toolbar.variables.SVar1 - %13
FF - user.js: id_toolbar.variables.SVar10 - %13
FF - user.js: id_toolbar.variables.SVar2 - %13
FF - user.js: id_toolbar.variables.SVar3 - %13
FF - user.js: id_toolbar.variables.SVar4 - %13
FF - user.js: id_toolbar.variables.SVar5 - %13
FF - user.js: id_toolbar.variables.SVar6 - %13
FF - user.js: id_toolbar.variables.SVar7 - %13
FF - user.js: id_toolbar.variables.SVar8 - %13
FF - user.js: id_toolbar.variables.SVar9 - %13
FF - user.js: id_toolbar.variables.Var1 - 0
FF - user.js: id_toolbar.variables.Var10 - 0
FF - user.js: id_toolbar.variables.Var2 - 0
FF - user.js: id_toolbar.variables.Var3 - 0
FF - user.js: id_toolbar.variables.Var4 - 0
FF - user.js: id_toolbar.variables.Var5 - 0
FF - user.js: id_toolbar.variables.Var6 - 0
FF - user.js: id_toolbar.variables.Var7 - 0
FF - user.js: id_toolbar.variables.Var8 - 0
FF - user.js: id_toolbar.variables.Var9 - 0
FF - user.js: id_toolbar_installed_version - 1.0.26
FF - user.js: id_toolbar_tabpage - chrome%3A//id_toolbar/content/fasttabs.html
FF - user.js: idle.lastDailyNotification - 1354258434
FF - user.js: intl.charset.detector -
FF - user.js: intl.charsetmenu.browser.cache - windows-1251, ISO-8859-2, ISO-8859-1, UTF-8, windows-1250
FF - user.js: Keyword.Enabled - true
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: places.database.lastMaintenance - 1354258434
FF - user.js: places.history.expiration.transient_current_max_pages - 20107
FF - user.js: places.history.expiration.transient_optimal_database_size - 21432238
FF - user.js: places.last_vacuum - 1302408936
FF - user.js: plugin.expose_full_path - true
FF - user.js: pref.advanced.images.disable_button.view_image - false
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: pref.privacy.disable_button.cookie_exceptions - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: pref.privacy.disable_button.view_passwords - false
FF - user.js: pref.privacy.disable_button.view_passwords_exceptions - false
FF - user.js: print.print_bgcolor - false
FF - user.js: print.print_bgimages - false
FF - user.js: print.print_evenpages - true
FF - user.js: print.print_in_color - true
FF - user.js: print.print_margin_bottom - 0.5
FF - user.js: print.print_margin_left - 0.5
FF - user.js: print.print_margin_right - 0.5
FF - user.js: print.print_margin_top - 0.5
FF - user.js: print.print_oddpages - true
FF - user.js: print.print_orientation - 0
FF - user.js: print.print_reversed - false
FF - user.js: print.print_scaling - 1,00
FF - user.js: print.print_shrink_to_fit - true
FF - user.js: print_bgcolor - false
FF - user.js: print_bgimages - false
FF - user.js: print_colorspace -
FF - user.js: print_command -
FF - user.js: print_downloadfonts - false
FF - user.js: print_edge_bottom - 0
FF - user.js: print_edge_left - 0
FF - user.js: print_edge_right - 0
FF - user.js: print_edge_top - 0
FF - user.js: print_evenpages - true
FF - user.js: print_footercenter -
FF - user.js: print_footerleft - &PT
FF - user.js: print_footerright - &D
FF - user.js: print_headercenter -
FF - user.js: print_headerleft - &T
FF - user.js: print_headerright - &U
FF - user.js: print_in_color - true
FF - user.js: print_margin_bottom - 0.5
FF - user.js: print_margin_left - 0.5
FF - user.js: print_margin_right - 0.5
FF - user.js: print_margin_top - 0.5
FF - user.js: print_oddpages - true
FF - user.js: print_orientation - 0
FF - user.js: print_page_delay - 50
FF - user.js: print_paper_data - 0
FF - user.js: print_paper_height - 11,00
FF - user.js: print_paper_name -
FF - user.js: print_paper_size_type - 1
FF - user.js: print_paper_size_unit - 0
FF - user.js: print_paper_width - 8,50
FF - user.js: print_plex_name -
FF - user.js: print_printer - HP Deskjet D1400 series
FF - user.js: print_resolution_name -
FF - user.js: print_reversed - false
FF - user.js: print_scaling - 1,00
FF - user.js: print_shrink_to_fit - true
FF - user.js: print_to_file - false
FF - user.js: print_to_filename -
FF - user.js: print_unwriteable_margin_bottom - 0
FF - user.js: print_unwriteable_margin_left - 0
FF - user.js: print_unwriteable_margin_right - 0
FF - user.js: print_unwriteable_margin_top - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_bgcolor - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_bgimages - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_colorspace -
FF - user.js: printer_HP_Deskjet_D1400_series.print_command -
FF - user.js: printer_HP_Deskjet_D1400_series.print_downloadfonts - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_edge_bottom - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_edge_left - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_edge_right - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_edge_top - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_evenpages - true
FF - user.js: printer_HP_Deskjet_D1400_series.print_footercenter -
FF - user.js: printer_HP_Deskjet_D1400_series.print_footerleft - &PT
FF - user.js: printer_HP_Deskjet_D1400_series.print_footerright - &D
FF - user.js: printer_HP_Deskjet_D1400_series.print_headercenter -
FF - user.js: printer_HP_Deskjet_D1400_series.print_headerleft - &T
FF - user.js: printer_HP_Deskjet_D1400_series.print_headerright - &U
FF - user.js: printer_HP_Deskjet_D1400_series.print_in_color - true
FF - user.js: printer_HP_Deskjet_D1400_series.print_margin_bottom - 0.393750011920929
FF - user.js: printer_HP_Deskjet_D1400_series.print_margin_left - 0.393750011920929
FF - user.js: printer_HP_Deskjet_D1400_series.print_margin_right - 0.393750011920929
FF - user.js: printer_HP_Deskjet_D1400_series.print_margin_top - 0.393750011920929
FF - user.js: printer_HP_Deskjet_D1400_series.print_oddpages - true
FF - user.js: printer_HP_Deskjet_D1400_series.print_orientation - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_page_delay - 50
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_data - 9
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_height - 11,00
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_name -
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_size_type - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_size_unit - 1
FF - user.js: printer_HP_Deskjet_D1400_series.print_paper_width - 8,50
FF - user.js: printer_HP_Deskjet_D1400_series.print_plex_name -
FF - user.js: printer_HP_Deskjet_D1400_series.print_resolution_name -
FF - user.js: printer_HP_Deskjet_D1400_series.print_reversed - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_scaling - 1,25
FF - user.js: printer_HP_Deskjet_D1400_series.print_shrink_to_fit - true
FF - user.js: printer_HP_Deskjet_D1400_series.print_to_file - false
FF - user.js: printer_HP_Deskjet_D1400_series.print_to_filename -
FF - user.js: printer_HP_Deskjet_D1400_series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_unwriteable_margin_left - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_unwriteable_margin_right - 0
FF - user.js: printer_HP_Deskjet_D1400_series.print_unwriteable_margin_top - 0
FF - user.js: privacy.popups.showBrowserMessage - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.csp.enable - false
FF - user.js: security.OCSP.enabled - 0
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.globalScore - 0
FF - user.js: services.sync.lastversion - 1.14.0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.nextSync - 0
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: spellchecker.dictionary - en-US
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1353055919
FF - user.js: toolkit.startup.last_success - 1354310818
FF - user.js: toolkit.telemetry.enabled - true
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: ui.submenuDelay - 0
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1356895550
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.103 -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-12-01 19:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-436374069-1637723038-1417001333-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,3b,1b,27,6f,29,
37,cd,b7,bc,03,9c,0e,4e,ba,9c,b4,ea,bb
"{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}"=hex:51,66,7a,6c,4c,1d,3b,1b,e5,3e,6b,
a1,ff,3d,63,0a,ad,79,ee,b1,a0,44,79,8e
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,3b,1b,35,80,16,
86,bb,66,bf,06,a4,06,5f,c9,5c,8a,e2,bc
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,65,60,
82,7c,c5,79,02,9f,6a,36,4f,59,48,3f,ab
"{B939CF93-F2CB-443D-956C-DC523D85C9DB}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,d5,28,
a6,ff,a6,56,09,8f,6e,83,0e,3b,c5,8b,c0
.
[HKEY_USERS\S-1-5-21-436374069-1637723038-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,39,6e,fb,cc,ae,05,4f,a1,df,b3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,8d,5a,32,bd,9e,87,42,aa,7c,65,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-01 19:20:27
ComboFix-quarantined-files.txt 2012-12-01 18:20
.
Pre-Run: 12.143.771.648 bytes free
Post-Run: 12.256.727.040 bytes free
.
- - End Of File - - 7EF5E316CF044E72F019B4E54669E943

Dopuna: 01 Dec 2012 19:48

JEDOSTAO E RADI TASTATURA

Dopuna: 01 Dec 2012 19:50

AKO OZETE RAZUJETI STA DA RADI HELP

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
pfsvgae

FCOPY::
c:\windows\system32\dllcache\tcpip.sys|c:\windows\system32\drivers\tcpip.sys


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.




Arrow Da li je problem i dalje tu?




Ivance95 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1361 korisnika na forumu :: 46 registrovanih, 4 sakrivenih i 1311 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, aleksmajstor, Apok, BlekMen, Brana01, cemix, Dimitrije Paunovic, Dimitrise93, Djordjevic, draganca, dragoljub11987, dule10savic, Georgius, Griffon vulture, ILGromovnik, Ivan001, Ivica1102, JOntra, kuntalo, ladro, Lucije Kvint, Mcdado, mercedesamg, mikrimaus, milanovic, milenko crazy north, MilosKop, milutin134, nenad81, nick79, NoOneEver Dreams, Seeker, Sirius, SlaKoj, solic, srbijaiznadsvega, Srle993, Sumadija34, suton, Tragač, vathra, Vlad000, vladaa012, VP6919, zzapNDjuric99