MyCity » Ambulanta -> Arhiva Ambulante » SIREFEF - računar se restartuje za minut

SIREFEF - računar se restartuje za minut

Napisano na dan: 15.8.2012

Strana:
1
2
3
4

SIREFEF - računar se restartuje za minut

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

kubeti Poslao: 15 Avg 2012 15:40 Idi na vrh
offline kubeti Novi MyCity građanin Pridružio: 15 Avg 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li treba da isključim anti-virus programe?

Profil

magna86 Poslao: 15 Avg 2012 15:42 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kubeti ::Da li treba da isključim anti-virus programe? Naravno, iskljuci ih. Izvini ako nisam bio jasan. http://www.mycity.rs/MyCity-Laboratorija/Iskljucivanje-zastitnog-softvera.html

Profil

kubeti Poslao: 15 Avg 2012 15:56 Idi na vrh
offline kubeti Novi MyCity građanin Pridružio: 15 Avg 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 15 Avg 2012 15:48 Fajl je upload-ovan, pokrećem ComboFix. Dopuna: 15 Avg 2012 15:56 ComboFix 12-08-14.05 - Sale 15.08.2012 15:50:09.3.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.4009.2454 [GMT 2:00] Running from: c:\users\Sale\Desktop\ComboFix.exe AV: Microsoft Security Essentials Disabled/Updated {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials Disabled/Updated {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 ))))))))))))))))))))))))))))))) . . 2012-08-15 13:54 . 2012-08-15 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-15 11:49 . 2012-08-15 11:49 328704 ----a-w- c:\windows\system32\services.exe.85E45BF507E0BFA2 2012-08-15 11:31 . 2012-08-15 11:31 328704 ----a-w- c:\windows\system32\services.exe.C6F9167C8A289B5C 2012-08-15 11:22 . 2012-08-15 11:22 -------- d-----w- C:\_OTL 2012-08-15 10:26 . 2012-08-15 10:26 328704 ----a-w- c:\windows\system32\services.exe.016EA209B265727E 2012-08-15 00:01 . 2012-08-15 00:01 328704 ----a-w- c:\windows\system32\services.exe.A2B6C0DF908EF9F8 2012-08-14 23:09 . 2012-08-14 23:09 328704 ----a-w- c:\windows\system32\services.exe.6D27E6CDC187AD49 2012-08-14 23:01 . 2012-08-14 23:01 -------- d-----w- c:\users\Sale\AppData\Roaming\Malwarebytes 2012-08-14 23:01 . 2012-08-14 23:01 -------- d-----w- c:\programdata\Malwarebytes 2012-08-14 23:01 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-14 22:44 . 2012-08-14 22:44 328704 ----a-w- c:\windows\system32\services.exe.E2A63AC8E386D97F 2012-08-14 22:41 . 2012-08-14 22:41 328704 ----a-w- c:\windows\system32\services.exe.DCDD1248E5EF89EE 2012-08-14 22:37 . 2012-08-14 22:37 328704 ----a-w- c:\windows\system32\services.exe.7FA6A324391CC8AC 2012-08-14 22:34 . 2012-08-14 22:34 328704 ----a-w- c:\windows\system32\services.exe.FA9D80F22C939C2C 2012-08-14 22:32 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7E4696E-5C2A-477E-B8E6-1FC9EC86C981}\gapaengine.dll 2012-08-14 22:27 . 2012-08-14 22:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-08-14 22:27 . 2012-08-14 22:27 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-11 11:06 . 2012-08-11 11:07 -------- d-----w- c:\users\Sale\AppData\Roaming\Rovio . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 13:47 . 2012-08-15 13:47 22 ----a-w- C:\quarantine.zip 2012-08-14 22:03 . 2012-04-05 10:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:03 . 2011-11-09 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-10 21:33 . 2011-11-06 20:41 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-01 14:15 . 2012-07-01 14:15 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-01 14:15 . 2011-11-10 19:18 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-17 22:21 . 2011-11-07 22:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-17 22:21 . 2011-11-07 21:30 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-17 22:21 . 2011-11-07 21:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-12 03:08 . 2012-07-10 21:36 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-04-06 02:10 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2012-04-06 02:21 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-03-10 02:53 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-04-06 02:13 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-03-10 02:38 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-04-06 01:11 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-04-06 01:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2011-03-10 02:14 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-04-06 01:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2012-04-06 01:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-09 05:43 . 2012-07-10 21:32 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-10 21:32 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-10 21:32 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-10 21:32 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-10 21:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-10 21:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-10 21:32 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-09 01:33 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-09 01:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-09 01:33 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-09 01:33 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-09 01:33 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-09 01:33 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-09 01:33 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-09 01:32 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-09 01:32 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-10 21:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-10 21:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-10 21:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-10 21:32 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-10 21:32 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-10 21:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-10 21:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-10 21:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-10 21:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-15_12.02.26 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-15 13:45 . 2012-08-15 13:45 13312 c:\windows\SysWOW64\drivers\vdmwntk1.sys - 2009-07-14 04:54 . 2012-08-15 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-15 13:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-15 12:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 13:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 13:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-15 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-08-15 13:47 48724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-15 13:47 40090 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-11-05 22:46 . 2012-08-15 13:47 13332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2877674167-2366145874-1932723845-1000_UserData.bin - 2011-11-06 14:21 . 2012-08-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-06 14:21 . 2012-08-15 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-08-15 12:05 . 2012-08-15 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-06 19:24 . 2012-08-15 13:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-06 19:24 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-06 19:24 . 2012-08-15 11:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-11-06 19:24 . 2012-08-15 13:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-11-06 19:24 . 2012-08-15 13:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-06 19:24 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-06 19:03 . 2012-08-15 13:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-06 19:03 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-06 19:03 . 2012-08-15 13:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-06 19:03 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-09 16:05 . 2012-08-15 12:11 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-08-15 13:45 . 2012-08-15 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-15 12:01 . 2012-08-15 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-15 12:01 . 2012-08-15 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-15 13:45 . 2012-08-15 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-08-14 23:14 621064 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-15 13:50 621064 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-14 23:14 108284 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-08-15 13:50 108284 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-08-14 22:14 385492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-15 13:45 385492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-11-06 09:54 . 2012-08-14 22:14 1232744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-11-06 09:54 . 2012-08-15 13:45 1232744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Akamai NetSession Interface"="c:\users\Sale\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-11-18 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195] "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="z:\programi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-05 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-05 79360] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-11-06 31808] R3 GGSAFERDriver;GGSAFER Driver;z:\programi\Garena Classic\safedrv.sys [x] R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-04 129976] R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-11-05 79360] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;tsusbhub [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-11 270912] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-11-05 15936] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 GS In-Game Service;GS In-Game Service;z:\programi\GameTracker\GSInGameService.exe [2011-11-09 1677072] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;z:\igre\Hi-Rez Studios\HiPatchService.exe [2012-08-14 8704] S2 hshld;Hotspot Shield Service;z:\programi\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040] S2 HssWd;Hotspot Shield Monitoring Service;z:\programi\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544] S2 MBAMService;MBAMService;z:\programi\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-01-22 124832] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-10-15 11576] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512] S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:03] . 2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000Core.job - c:\users\Sale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 19:26] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000UA.job - c:\users\Sale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 19:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- z:\programi\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-11-26 437248] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://smart-homepage.blogspot.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local> IE: Download all links with IDM - z:\programi\Internet Download Manager\IEGetAll.htm IE: Download with IDM - z:\programi\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: bancaintesabeograd.com\online TCP: DhcpNameServer = 192.168.1.1 DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL FF - ProfilePath - c:\users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\4de730iu.default\ FF - prefs.js: browser.startup.homepage - about:home . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . Completion time: 2012-08-15 15:55:38 ComboFix-quarantined-files.txt 2012-08-15 13:55 ComboFix2.txt 2012-08-15 13:08 ComboFix3.txt 2012-08-15 12:05 . Pre-Run: 451.707.195.392 bytes free Post-Run: 451.400.798.208 bytes free . - - End Of File - - F3D43560F8FBABE5060EC7C63AB0C4BB

Profil

magna86 Poslao: 15 Avg 2012 16:35 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	2Ovo se svidja korisnicima: ThePhilosopher, g[h]ost Registruj se da bi pohvalio/la poruku! Opet nismo uspeli. Nemamo izbora nego da ovo resimo izvan Windows okruzenja. Imas li flesku ( flesh drive ility USB uredjaj? Odradi ovo, vrlo je jednostavno. Preuzmi FRST64 i sacuvaj ga na flash drive ( USB memorijski uredjaj ) Ubaci flash drive u inficiran racunar. Potrebno je pokrenuti racunar iz recovery okruzenja ( System Recovery Options ) Restartuj racunar i pritiskaj dugme F8 dok se ne pojavi Advanced Options Menu ili Advanced Boot Options. Izaberi Repair your computer. Izaberi jezik (Language) a zatim klikni na Next Unesi sifru (password) ukoliko je to potrebno i klikni na OK, i trebao bi da se pojavi prozor kao na slici ... Izaberi Command Prompt Novi (crn) prozor ce se otvoriti. Ukucaj notepad a potom pritisni Enter. Otvorice se Notepad Klikni File potom Open a zatimklikni na Computer. Zapisi ili upamti slovo koje je dodeljeno tvom flash drive uredjaju. Obicno je to slovo "e:" ali to nije uvek slucaj. Zatvori Notepad. Vrati se na Command Prompt (crn prozor).... Upisi e:/frst64.exe i pritisni Enter (gde ces slovo e: zameniti sa onim slovom koje je dodeljeno tvom flash drive uredjaju. Ukoliko je dodeljeno slovo "e" to bi izgledalo ovako: `e:\frst64.exe` FRST ce se pokrenuti. Kada se alat pokrene, klikni Yes na pop-up prozor. Pritisni Scan dugme. Kada alat zavrsi skeniranje, napravice log FRST.txt i sacuvace ga na tvom flesh drive uredjaju.. Potom: Ukucaj services.exe u polje Search: i potom klikni na Search File(s) Kada FRST zavrsi, napravice na tvom flesh uredjaju novi log pod nazivom Search.txt Zatvori Command Prompt ( crn prozor ) Podigni sistem u normal mode. Okaci uz poruku FRST.txt i Search.txt koristeci opciju Prikaci fajl

Profil

kubeti Poslao: 15 Avg 2012 16:53 Idi na vrh
offline kubeti Novi MyCity građanin Pridružio: 15 Avg 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Odrađeno. Scan result of Farbar Recovery Scan Tool Version: 14-08-2012 Ran by SYSTEM at 15-08-2012 16:45:49 Running from G:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11660904 2010-11-29] (Realtek Semiconductor) HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.) HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-03-19] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-03-19] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [439064 2012-03-19] (Intel Corporation) HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [5889816 2011-12-07] (Logitech Inc.) HKLM\...\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [437248 2010-11-26] () HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey [1233195 2009-07-08] (Creative Technology Ltd) HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.) HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-07-23] (Yuna Software) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software) HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] () HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "Z:\Programi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [x] HKU\Sale\...\Run: [Akamai NetSession Interface] "C:\Users\Sale\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc) HKU\Sale\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.) HKU\Sale\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-11-18] (AMD) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) ====== 2 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-21] () 2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation) 2 GS In-Game Service; C:\Programi\GameTracker\GSInGameService.exe [x] 2 HiPatchService; C:\Igre\Hi-Rez Studios\HiPatchService.exe [x] 2 hshld; C:\Programi\Hotspot Shield\bin\openvpnas.exe [x] 2 HssSrv; C:\Programi\Hotspot Shield\HssWPR\hsssrv.exe [x] 3 HssTrayService; C:\Programi\Hotspot Shield\bin\HssTrayService.EXE [x] 2 HssWd; C:\Programi\Hotspot Shield\bin\hsswd.exe -product HSS [x] 2 MBAMService; "C:\Programi\Malwarebytes' Anti-Malware\mbamservice.exe" [x] 2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [x] ========================== Drivers (Whitelisted) ============= 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-11-11] (DT Soft Ltd) 3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [31808 2011-11-06] (FNet Co., Ltd.) 1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-11-05] (FNet Co., Ltd.) 3 LGSHidFilt; C:\Windows\System32\Drivers\LGSHidFilt.sys [66328 2011-10-24] (Logitech Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () 3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2011-08-18] (The OpenVPN Project) 1 vdmwntk1; C:\Windows\SysWow64\Drivers\vdmwntk1.sys [13312 2012-08-15] () 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 GGSAFERDriver; \??\Z:\Programi\Garena Classic\safedrv.sys [x] 3 massfilter; C:\Windows\System32\drivers\massfilter.sys [x] 3 MSICDSetup; \??\D:\CDriver64.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] 3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x] 3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x] 3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-15 05:55 - 2012-08-15 05:55 - 00027225 ____A C:\ComboFix.txt 2012-08-15 05:47 - 2012-08-15 05:47 - 00000022 ____A C:\quarantine.zip 2012-08-15 05:45 - 2012-08-15 05:45 - 00013312 ____A C:\Windows\SysWOW64\Drivers\vdmwntk1.sys 2012-08-15 05:40 - 2012-08-15 05:44 - 00000000 ____D C:\Users\Sale\Desktop\avz4 2012-08-15 04:13 - 2012-08-15 04:15 - 00003211 ____A C:\Users\Sale\Desktop\FSS.txt 2012-08-15 03:56 - 2012-08-15 05:55 - 00000000 ____D C:\Qoobox 2012-08-15 03:56 - 2012-08-15 04:04 - 00000000 ____D C:\Windows\erdnt 2012-08-15 03:56 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-15 03:56 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-15 03:56 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-15 03:56 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-15 03:56 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-15 03:56 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-15 03:56 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-15 03:56 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-15 03:49 - 2012-08-15 03:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E45BF507E0BFA2 2012-08-15 03:31 - 2012-08-15 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6F9167C8A289B5C 2012-08-15 03:22 - 2012-08-15 03:22 - 00693235 ____A (Farbar) C:\Users\Sale\Desktop\FSS.exe 2012-08-15 03:22 - 2012-08-15 03:22 - 00000000 ____D C:\_OTL 2012-08-15 03:21 - 2012-08-15 03:22 - 04731615 ____R (Swearware) C:\Users\Sale\Desktop\ComboFix.exe 2012-08-15 03:03 - 2012-08-15 03:03 - 00048698 ____A C:\Users\Sale\Desktop\Extras.Txt 2012-08-15 03:02 - 2012-08-15 03:02 - 00111352 ____A C:\Users\Sale\Desktop\OTL.Txt 2012-08-15 02:46 - 2012-08-15 02:46 - 00596992 ____A (OldTimer Tools) C:\Users\Sale\Desktop\OTL.exe 2012-08-15 02:26 - 2012-08-15 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.016EA209B265727E 2012-08-14 16:01 - 2012-08-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B6C0DF908EF9F8 2012-08-14 15:09 - 2012-08-14 15:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D27E6CDC187AD49 2012-08-14 15:01 - 2012-08-14 15:01 - 00000735 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-14 15:01 - 2012-08-14 15:01 - 00000000 ____D C:\Users\Sale\AppData\Roaming\Malwarebytes 2012-08-14 15:01 - 2012-08-14 15:01 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-08-14 15:01 - 2012-07-03 03:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-14 14:44 - 2012-08-14 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A63AC8E386D97F 2012-08-14 14:41 - 2012-08-14 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCDD1248E5EF89EE 2012-08-14 14:37 - 2012-08-14 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FA6A324391CC8AC 2012-08-14 14:34 - 2012-08-14 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA9D80F22C939C2C 2012-08-14 14:27 - 2012-08-14 14:27 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-08-14 14:27 - 2012-08-14 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-08-14 14:24 - 2012-08-14 14:24 - 00000449 ____A C:\Users\Sale\Desktop\Anki.lnk 2012-08-13 01:33 - 2012-08-13 01:33 - 00000000 ____D C:\Windows\pss 2012-08-13 01:22 - 2012-08-13 01:22 - 00000000 ____D C:\Users\Sale\AppData\Local\{C9191A28-8987-4A18-AEFE-BDB35DC51E0F} 2012-08-13 01:22 - 2012-08-13 01:22 - 00000000 ____D C:\Users\Sale\AppData\Local\{1400F531-80E1-4751-AEA6-E85543059ACE} 2012-08-12 04:53 - 2012-08-12 04:54 - 00000000 ____D C:\Users\Sale\AppData\Local\{BE3B26D3-40AD-46E6-AF17-01B7372C5579} 2012-08-12 04:53 - 2012-08-12 04:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{E99D94B6-622C-45C4-AEB6-7452EB8E3271} 2012-08-11 03:06 - 2012-08-11 03:07 - 00000000 ____D C:\Users\Sale\AppData\Roaming\Rovio 2012-08-11 00:50 - 2012-08-11 00:50 - 00000000 ____D C:\Users\Sale\AppData\Local\{BA7C3EE7-68D7-4339-8FAF-C5DD52DD320D} 2012-08-11 00:50 - 2012-08-11 00:50 - 00000000 ____D C:\Users\Sale\AppData\Local\{AD2122EB-33CE-4EBC-B04D-9131935C0B35} 2012-08-10 11:46 - 2012-08-10 11:46 - 00010248 ____A C:\Users\Sale\AppData\Roaming\fk1xxx.e2ts 2012-08-10 01:51 - 2012-08-10 01:52 - 00000000 ____D C:\Users\Sale\AppData\Local\{B113FA16-6E71-4FC9-A977-3A34BD80AF90} 2012-08-10 01:51 - 2012-08-10 01:51 - 00000000 ____D C:\Users\Sale\AppData\Local\{F5896851-2D41-47F4-B44B-69970F46A0BC} 2012-08-09 12:47 - 2012-08-09 12:48 - 00000000 ____D C:\Users\Sale\AppData\Local\{28517AF7-59FF-4B5B-977A-B8502C7151D9} 2012-08-09 12:47 - 2012-08-09 12:47 - 00000000 ____D C:\Users\Sale\AppData\Local\{06C754DC-B826-48CA-951C-897A2453106C} 2012-08-08 23:53 - 2012-08-08 23:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{61619334-180E-4A7B-95CF-9E8303F5C78B} 2012-08-08 23:52 - 2012-08-08 23:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{A2DDA684-6D1B-4472-B727-257B3A2F1568} 2012-08-08 08:12 - 2012-08-08 08:12 - 00000000 ____D C:\Users\Sale\AppData\Local\{FB3CDD3E-A28D-4B0D-968F-D04A7E778AE7} 2012-08-08 08:12 - 2012-08-08 08:12 - 00000000 ____D C:\Users\Sale\AppData\Local\{A1E3C9B3-1632-4310-9832-AE31D26EFCC1} 2012-08-07 03:35 - 2012-08-07 03:36 - 00000000 ____D C:\Users\Sale\AppData\Local\{D4BD4207-82AE-4E5B-9992-BEC07525E295} 2012-08-07 03:35 - 2012-08-07 03:35 - 00000000 ____D C:\Users\Sale\AppData\Local\{88742D9F-FCC8-4C4A-BAAE-72D896CBBC34} 2012-08-06 01:17 - 2012-08-06 01:17 - 00000000 ____D C:\Users\Sale\AppData\Local\{ED37C086-4BAC-423E-A438-0EA6BC354CB6} 2012-08-06 01:17 - 2012-08-06 01:17 - 00000000 ____D C:\Users\Sale\AppData\Local\{68F67403-EB54-4C60-A5CA-DA18F4A0D83C} 2012-08-05 02:59 - 2012-08-05 03:00 - 00000000 ____D C:\Users\Sale\AppData\Local\{E4D82356-AB90-4EDC-851B-381F5ECB699B} 2012-08-05 02:59 - 2012-08-05 02:59 - 00000000 ____D C:\Users\Sale\AppData\Local\{0794B8AE-04AF-4649-9EB2-660DFDCA6E3D} 2012-08-04 05:09 - 2012-08-04 05:09 - 00000000 ____D C:\Users\Sale\AppData\Local\{079BDBC7-2106-42F6-8300-5787686CB02B} 2012-08-04 05:08 - 2012-08-04 05:09 - 00000000 ____D C:\Users\Sale\AppData\Local\{7EE5DDAC-32A5-4ADF-9D73-6230273430E4} 2012-08-03 01:27 - 2012-08-03 01:27 - 00000000 ____D C:\Users\Sale\AppData\Local\{7EAC2451-9382-424F-B939-344F4DED8F58} 2012-08-01 13:25 - 2012-08-01 13:26 - 00000000 ____D C:\Users\Sale\AppData\Local\{37C2FD5C-FDEA-4A9A-A4E7-7032F79F358C} 2012-08-01 13:25 - 2012-08-01 13:25 - 00000000 ____D C:\Users\Sale\AppData\Local\{A58A19B0-39DF-481F-835E-1B4112FBDDC5} 2012-08-01 00:19 - 2012-08-01 00:19 - 00000000 ____D C:\Users\Sale\AppData\Local\{DFE3C234-B992-4929-80AC-A8D968E2D234} 2012-08-01 00:19 - 2012-08-01 00:19 - 00000000 ____D C:\Users\Sale\AppData\Local\{D7FCBCD1-6EBC-463F-9B2A-E9350FB771D5} 2012-07-31 05:11 - 2012-07-31 05:11 - 00000000 ____D C:\Users\Sale\AppData\Local\{B7F947AF-FAB6-4998-A07C-8FE9A580EFE5} 2012-07-31 05:11 - 2012-07-31 05:11 - 00000000 ____D C:\Users\Sale\AppData\Local\{5B96CAE0-E9F9-4C49-897E-4F10A007B842} 2012-07-30 07:14 - 2012-07-30 07:14 - 00000000 ____D C:\Users\Sale\AppData\Local\{F1318645-2F81-4462-95C8-F3309D78D5B1} 2012-07-30 07:14 - 2012-07-30 07:14 - 00000000 ____D C:\Users\Sale\AppData\Local\{036996E4-9C3E-4F57-B37D-3D906E6A3DEF} 2012-07-29 08:22 - 2012-07-29 08:23 - 00000000 ____D C:\Users\Sale\AppData\Local\{C244893A-AFC9-411D-B527-DA286D2AA5D7} 2012-07-29 08:22 - 2012-07-29 08:22 - 00000000 ____D C:\Users\Sale\AppData\Local\{A50FE037-2386-4D03-87E0-1551AB6B8E3F} 2012-07-29 00:38 - 2012-07-29 00:38 - 00000000 ____D C:\Users\Sale\AppData\Local\{BD577E8F-7EFE-410B-84BB-63E62F2C37E2} 2012-07-29 00:38 - 2012-07-29 00:38 - 00000000 ____D C:\Users\Sale\AppData\Local\{405FBE4E-53DB-439B-BB66-F0AD632C2A5D} 2012-07-28 02:45 - 2012-07-28 02:45 - 00000000 ____D C:\Users\Sale\AppData\Local\{E57894DB-1BAB-4B25-9B3A-2DBF672FDE52} 2012-07-28 02:44 - 2012-07-28 02:45 - 00000000 ____D C:\Users\Sale\AppData\Local\{DA677F56-AB0F-445F-B7F4-853B184F7542} 2012-07-27 01:15 - 2012-07-27 01:16 - 00000000 ____D C:\Users\Sale\AppData\Local\{1216EE95-8736-4E7C-AD8E-0CD4F9E8E9BF} 2012-07-27 01:15 - 2012-07-27 01:15 - 00000000 ____D C:\Users\Sale\AppData\Local\{253FD33E-A945-4D5C-B23D-7370AE12B753} 2012-07-26 11:05 - 2012-07-26 11:05 - 00000211 ____A C:\Users\Sale\Desktop\Orcs Must Die!.url 2012-07-26 01:04 - 2012-07-26 01:04 - 00000000 ____D C:\Users\Sale\AppData\Local\{6AC998B1-80FB-4D35-A46D-B29E92B27D35} 2012-07-26 01:04 - 2012-07-26 01:04 - 00000000 ____D C:\Users\Sale\AppData\Local\{55EF20E7-D719-4C75-98FD-9C9667A7CAAE} 2012-07-25 10:53 - 2012-07-25 10:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{2FC640AE-CF5E-45BA-A861-C2F4145DCEE4} 2012-07-25 10:53 - 2012-07-25 10:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{1897E543-4551-446E-8C96-B862A85A7DC2} 2012-07-25 08:33 - 2012-07-25 08:33 - 00000000 ____D C:\Users\Sale\AppData\Local\{20CDAC1D-BDA7-4877-B4F2-6EEF403900FB} 2012-07-24 11:28 - 2012-07-24 11:28 - 00000000 ____D C:\Users\Sale\AppData\Local\{DA70C41F-F6F4-435D-80C7-2231DDCA355B} 2012-07-24 11:28 - 2012-07-24 11:28 - 00000000 ____D C:\Users\Sale\AppData\Local\{C7485B8C-767D-45AB-BA49-B39342A17E56} 2012-07-23 21:54 - 2012-07-23 21:57 - 00401408 ____A C:\Users\Sale\Documents\Database1.accdb 2012-07-23 12:50 - 2012-07-23 12:50 - 00000000 ____D C:\Users\Sale\AppData\Local\{C4511C47-C7C2-4E94-A32D-22FB13E5A8FE} 2012-07-23 12:49 - 2012-07-23 12:50 - 00000000 ____D C:\Users\Sale\AppData\Local\{3ED83BA3-BDA0-4974-91E2-11B2CDE7278B} 2012-07-22 01:59 - 2012-07-22 01:59 - 00000000 ____D C:\Users\Sale\AppData\Local\{D2990F76-5C1E-4E38-8B85-CE02962F25EA} 2012-07-22 01:59 - 2012-07-22 01:59 - 00000000 ____D C:\Users\Sale\AppData\Local\{AECB2F73-911C-4787-90F9-439B6A9B17AE} 2012-07-20 22:37 - 2012-07-20 22:38 - 00000000 ____D C:\Users\Sale\AppData\Local\{90571F7D-D6CE-4C9F-A66F-8C2A3E09983C} 2012-07-20 22:37 - 2012-07-20 22:37 - 00000000 ____D C:\Users\Sale\AppData\Local\{A0F696E3-F4AE-4839-B63A-91518681649D} 2012-07-20 00:16 - 2012-07-20 00:16 - 00000000 ____D C:\Users\Sale\AppData\Local\{883DFC45-F66B-45DC-9730-148DDA1C9CEE} 2012-07-20 00:16 - 2012-07-20 00:16 - 00000000 ____D C:\Users\Sale\AppData\Local\{253C266E-E3DC-48D4-87AE-1707D0E4517E} 2012-07-19 09:01 - 2012-07-19 09:01 - 00000000 ____D C:\Users\Sale\AppData\Local\{E0C6DBD2-80E5-4DF9-9E15-4ECCAB57A440} 2012-07-19 09:01 - 2012-07-19 09:01 - 00000000 ____D C:\Users\Sale\AppData\Local\{6E69F925-57A6-405F-BA1E-11C3727BEDFD} 2012-07-18 03:53 - 2012-07-18 03:54 - 00000000 ____D C:\Users\Sale\AppData\Local\{DA8C2F10-6111-4F5E-A5FE-5BF9FD859C74} 2012-07-18 03:53 - 2012-07-18 03:53 - 00000000 ____D C:\Users\Sale\AppData\Local\{084AFA08-EC9E-4A8A-A920-2E035E1968AC} 2012-07-17 01:23 - 2012-07-17 01:23 - 00000000 ____D C:\Users\Sale\AppData\Local\{B6BE086F-6566-4DBC-AE49-19D673D46E7E} 2012-07-17 01:23 - 2012-07-17 01:23 - 00000000 ____D C:\Users\Sale\AppData\Local\{319DE47D-1370-4780-BFF0-337E26B7F309} 2012-07-16 02:08 - 2012-07-16 02:08 - 00000000 ____D C:\Users\Sale\AppData\Local\{91FEC40B-782F-4170-B933-6305CB9E6285} 2012-07-16 02:08 - 2012-07-16 02:08 - 00000000 ____D C:\Users\Sale\AppData\Local\{100CDA82-F8E3-463E-BCCA-B1A83B8C8495} ============ 3 Months Modified Files ======================== 2012-08-15 06:42 - 2010-11-20 19:47 - 00286858 ____A C:\Windows\PFRO.log 2012-08-15 06:41 - 2011-11-06 06:25 - 01069095 ____A C:\Windows\WindowsUpdate.log 2012-08-15 06:41 - 2009-07-13 21:13 - 00733710 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-15 06:39 - 2012-06-01 04:12 - 00000099 ____A C:\Users\Public\LMDebug.log 2012-08-15 06:03 - 2012-04-05 02:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-15 05:55 - 2012-08-15 05:55 - 00027225 ____A C:\ComboFix.txt 2012-08-15 05:54 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-08-15 05:53 - 2009-07-13 20:45 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-15 05:53 - 2009-07-13 20:45 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-15 05:50 - 2011-11-06 11:26 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000UA.job 2012-08-15 05:47 - 2012-08-15 05:47 - 00000022 ____A C:\quarantine.zip 2012-08-15 05:45 - 2012-08-15 05:45 - 00013312 ____A C:\Windows\SysWOW64\Drivers\vdmwntk1.sys 2012-08-15 05:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-15 05:45 - 2009-07-13 20:51 - 00115746 ____A C:\Windows\setupact.log 2012-08-15 04:15 - 2012-08-15 04:13 - 00003211 ____A C:\Users\Sale\Desktop\FSS.txt 2012-08-15 03:49 - 2012-08-15 03:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E45BF507E0BFA2 2012-08-15 03:31 - 2012-08-15 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6F9167C8A289B5C 2012-08-15 03:22 - 2012-08-15 03:22 - 00693235 ____A (Farbar) C:\Users\Sale\Desktop\FSS.exe 2012-08-15 03:22 - 2012-08-15 03:21 - 04731615 ____R (Swearware) C:\Users\Sale\Desktop\ComboFix.exe 2012-08-15 03:03 - 2012-08-15 03:03 - 00048698 ____A C:\Users\Sale\Desktop\Extras.Txt 2012-08-15 03:02 - 2012-08-15 03:02 - 00111352 ____A C:\Users\Sale\Desktop\OTL.Txt 2012-08-15 02:46 - 2012-08-15 02:46 - 00596992 ____A (OldTimer Tools) C:\Users\Sale\Desktop\OTL.exe 2012-08-15 02:26 - 2012-08-15 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.016EA209B265727E 2012-08-14 16:01 - 2012-08-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B6C0DF908EF9F8 2012-08-14 15:09 - 2012-08-14 15:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D27E6CDC187AD49 2012-08-14 15:01 - 2012-08-14 15:01 - 00000735 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-14 14:44 - 2012-08-14 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A63AC8E386D97F 2012-08-14 14:41 - 2012-08-14 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCDD1248E5EF89EE 2012-08-14 14:37 - 2012-08-14 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FA6A324391CC8AC 2012-08-14 14:34 - 2012-08-14 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA9D80F22C939C2C 2012-08-14 14:27 - 2011-11-10 10:23 - 00739112 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-08-14 14:27 - 2011-11-06 09:49 - 00001945 ____A C:\Windows\epplauncher.mif 2012-08-14 14:24 - 2012-08-14 14:24 - 00000449 ____A C:\Users\Sale\Desktop\Anki.lnk 2012-08-14 14:15 - 2012-02-07 15:59 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT 2012-08-14 14:03 - 2012-04-05 02:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-14 14:03 - 2011-11-09 12:30 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-12 06:50 - 2011-11-06 11:26 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000Core.job 2012-08-10 11:46 - 2012-08-10 11:46 - 00010248 ____A C:\Users\Sale\AppData\Roaming\fk1xxx.e2ts 2012-07-26 11:05 - 2012-07-26 11:05 - 00000211 ____A C:\Users\Sale\Desktop\Orcs Must Die!.url 2012-07-23 21:57 - 2012-07-23 21:54 - 00401408 ____A C:\Users\Sale\Documents\Database1.accdb 2012-07-15 11:35 - 2011-11-30 09:18 - 00000565 ____A C:\Users\Sale\AppData\Roaming\myMPQ.ini 2012-07-14 05:33 - 2012-07-14 05:33 - 00000870 ____A C:\Users\Public\Desktop\End of Nations.lnk 2012-07-12 23:54 - 2012-07-12 23:54 - 00014848 __ASH C:\Users\Sale\Thumbs.db 2012-07-10 13:38 - 2009-07-13 20:45 - 00415992 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 13:33 - 2011-11-06 12:41 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-09 02:27 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-03 03:46 - 2012-08-14 15:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-01 06:15 - 2012-07-01 06:15 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll 2012-07-01 06:15 - 2012-07-01 06:15 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2012-07-01 06:15 - 2012-07-01 06:15 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2012-07-01 06:15 - 2012-07-01 06:15 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2012-07-01 06:15 - 2011-11-10 11:18 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll 2012-06-27 09:15 - 2012-02-06 12:01 - 00000855 ____A C:\Users\Public\Desktop\Waterfox.lnk 2012-06-17 14:25 - 2012-06-17 14:25 - 00001895 ____A C:\Users\Sale\Desktop\MPC-HC.lnk 2012-06-17 14:21 - 2011-11-07 14:09 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-06-17 14:21 - 2011-11-07 13:30 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-06-17 14:21 - 2011-11-07 13:30 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-06-17 11:49 - 2012-06-17 11:49 - 00000210 ____A C:\Users\Sale\Desktop\Cogs.url 2012-06-11 19:08 - 2012-07-10 13:36 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys 2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll 2012-06-11 10:29 - 2012-04-05 18:10 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll 2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb 2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb 2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe 2012-06-11 09:24 - 2012-04-05 18:21 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2012-06-11 09:23 - 2011-03-09 18:53 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll 2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll 2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe 2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe 2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll 2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll 2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll 2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll 2012-06-11 09:16 - 2012-04-05 18:13 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2012-06-11 09:01 - 2011-03-09 18:38 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll 2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll 2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap 2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2012-06-11 08:45 - 2012-04-05 17:34 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2012-06-11 08:43 - 2012-04-05 17:22 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap 2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll 2012-06-11 08:27 - 2012-04-05 17:11 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys 2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll 2012-06-11 08:26 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll 2012-06-11 08:26 - 2012-04-05 17:11 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll 2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll 2012-06-11 08:25 - 2012-04-05 17:09 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2012-06-11 08:25 - 2011-03-09 18:14 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll 2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll 2012-06-11 08:24 - 2012-04-05 17:09 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll 2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll 2012-06-11 03:50 - 2012-06-11 03:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll 2012-06-11 03:50 - 2012-06-11 03:50 - 00187392 ____A C:\Windows\System32\clinfo.exe 2012-06-11 03:50 - 2012-06-11 03:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll 2012-06-11 03:50 - 2012-06-11 03:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2012-06-11 03:50 - 2012-06-11 03:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll 2012-06-11 03:50 - 2012-06-11 03:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2012-06-11 03:49 - 2012-06-11 03:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2012-06-08 21:43 - 2012-07-10 13:32 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-10 13:32 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-10 13:32 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-10 13:32 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-10 13:32 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-10 13:32 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-10 13:32 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-10 13:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 12:22 - 2012-06-05 12:22 - 00002569 ____A C:\Users\Public\Desktop\Limundo Lister.lnk 2012-06-03 04:35 - 2012-06-03 04:35 - 00288518 ____A C:\Windows\msxml4-KB973688-enu.LOG 2012-06-03 04:35 - 2012-06-03 04:34 - 00291442 ____A C:\Windows\msxml4-KB954430-enu.LOG 2012-06-02 14:19 - 2012-06-08 17:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-08 17:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-08 17:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-08 17:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-08 17:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-08 17:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-08 17:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 07:08 - 2012-06-02 05:55 - 00000000 ____A C:\Users\All Users\LauncherAccess.dt 2012-06-02 07:04 - 2012-06-02 05:53 - 00012818 ____A C:\Windows\DPINST.LOG 2012-06-02 05:19 - 2012-06-08 17:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 05:15 - 2012-06-08 17:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 02:37 - 2011-11-07 13:29 - 00170265 ____A C:\Windows\DirectX.log 2012-06-01 21:50 - 2012-07-10 13:32 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-10 13:32 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-10 13:32 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-10 13:32 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-10 13:32 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-10 13:32 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-10 13:32 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-10 13:32 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-10 13:32 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-27 16:43 - 2012-05-27 16:43 - 00000701 ____A C:\Users\Sale\Desktop\Format Factory.lnk ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 15% Total physical RAM: 4008.67 MB Available physical RAM: 3375.52 MB Total Pagefile: 4006.87 MB Available Pagefile: 3364.79 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (System) (Fixed) (Total:472.29 GB) (Free:420.43 GB) NTFS 2 Drive e: (Data) (Fixed) (Total:459.12 GB) (Free:58.22 GB) NTFS 4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 1024 KB Disk 1 Online 1906 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 472 GB 101 MB Partition 3 Primary 459 GB 472 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C System NTFS Partition 472 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Data NTFS Partition 459 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1906 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 1906 MB Healthy ================================================================================== Last Boot: 2012-08-07 04:12 ======================= End Of Log ========================== mycity.rs/must-login.png mycity.rs/must-login.png

Profil

magna86 Poslao: 15 Avg 2012 17:07 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro, idemo dalje. Korak #1 Otvoriti Notepad i iskopirati sledeci tekst: Start 2012-08-15 03:49 - 2012-08-15 03:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E45BF507E0BFA2 2012-08-15 03:31 - 2012-08-15 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6F9167C8A289B5C 2012-08-15 02:26 - 2012-08-15 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.016EA209B265727E 2012-08-14 16:01 - 2012-08-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B6C0DF908EF9F8 2012-08-14 15:09 - 2012-08-14 15:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D27E6CDC187AD49 2012-08-14 14:44 - 2012-08-14 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A63AC8E386D97F 2012-08-14 14:41 - 2012-08-14 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCDD1248E5EF89EE 2012-08-14 14:37 - 2012-08-14 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FA6A324391CC8AC 2012-08-14 14:34 - 2012-08-14 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA9D80F22C939C2C 2012-08-15 03:49 - 2012-08-15 03:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85E45BF507E0BFA2 2012-08-15 03:31 - 2012-08-15 03:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6F9167C8A289B5C 2012-08-15 02:26 - 2012-08-15 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.016EA209B265727E 2012-08-14 16:01 - 2012-08-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2B6C0DF908EF9F8 2012-08-14 15:09 - 2012-08-14 15:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D27E6CDC187AD49 2012-08-14 14:44 - 2012-08-14 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2A63AC8E386D97F 2012-08-14 14:41 - 2012-08-14 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCDD1248E5EF89EE 2012-08-14 14:37 - 2012-08-14 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FA6A324391CC8AC 2012-08-14 14:34 - 2012-08-14 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FA9D80F22C939C2C end Sacuvaj fajl (notepad) na flash drive kao fixlist.txt Ponovo startuj System Recovery Options prateci isti postupak bas kao i prosli put. Pokreni FRST i klikni na dugme Fix i pricekaj da program zavrsi. Alat ce kreirati log na flash drive memorijskom uredjaju pod nazivom Fixlog.txt. Restartuj racunar. Kopiraj sadrzaj tog loga uz poruku. ------------------------------------------- Korak #2 Ponovo pokreni Combofix i postavi mi svez Combofix.txt log

Profil

kubeti Poslao: 15 Avg 2012 17:27 Idi na vrh
offline kubeti Novi MyCity građanin Pridružio: 15 Avg 2012 Poruke: 16	2Ovo se svidja korisnicima: magna86, TwinHeadedEagle Registruj se da bi pohvalio/la poruku! Želim da ti zahvalim što odvajaš toliko vremena da mi pomogneš. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012 Ran by SYSTEM at 2012-08-15 17:15:59 Run:1 Running from G:\ ============================================== C:\Windows\System32\services.exe.85E45BF507E0BFA2 moved successfully. C:\Windows\System32\services.exe.C6F9167C8A289B5C moved successfully. C:\Windows\System32\services.exe.016EA209B265727E moved successfully. C:\Windows\System32\services.exe.A2B6C0DF908EF9F8 moved successfully. C:\Windows\System32\services.exe.6D27E6CDC187AD49 moved successfully. C:\Windows\System32\services.exe.E2A63AC8E386D97F moved successfully. C:\Windows\System32\services.exe.DCDD1248E5EF89EE moved successfully. C:\Windows\System32\services.exe.7FA6A324391CC8AC moved successfully. C:\Windows\System32\services.exe.FA9D80F22C939C2C moved successfully. C:\Windows\System32\services.exe.85E45BF507E0BFA2 not found. C:\Windows\System32\services.exe.C6F9167C8A289B5C not found. C:\Windows\System32\services.exe.016EA209B265727E not found. C:\Windows\System32\services.exe.A2B6C0DF908EF9F8 not found. C:\Windows\System32\services.exe.6D27E6CDC187AD49 not found. C:\Windows\System32\services.exe.E2A63AC8E386D97F not found. C:\Windows\System32\services.exe.DCDD1248E5EF89EE not found. C:\Windows\System32\services.exe.7FA6A324391CC8AC not found. C:\Windows\System32\services.exe.FA9D80F22C939C2C not found. ==== End of Fixlog ==== ComboFix 12-08-14.05 - Sale 15.08.2012 17:20:46.4.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.4009.2497 [GMT 2:00] Running from: c:\users\Sale\Desktop\ComboFix.exe AV: Microsoft Security Essentials Disabled/Updated {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials Disabled/Updated {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 ))))))))))))))))))))))))))))))) . . 2012-08-16 00:45 . 2012-08-16 00:45 -------- d-----w- C:\FRST 2012-08-15 15:24 . 2012-08-15 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-15 11:22 . 2012-08-15 11:22 -------- d-----w- C:\_OTL 2012-08-14 23:01 . 2012-08-14 23:01 -------- d-----w- c:\users\Sale\AppData\Roaming\Malwarebytes 2012-08-14 23:01 . 2012-08-14 23:01 -------- d-----w- c:\programdata\Malwarebytes 2012-08-14 23:01 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-14 22:32 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7E4696E-5C2A-477E-B8E6-1FC9EC86C981}\gapaengine.dll 2012-08-14 22:27 . 2012-08-14 22:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-08-14 22:27 . 2012-08-14 22:27 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-11 11:06 . 2012-08-11 11:07 -------- d-----w- c:\users\Sale\AppData\Roaming\Rovio . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 13:47 . 2012-08-15 13:47 22 ----a-w- C:\quarantine.zip 2012-08-14 22:03 . 2012-04-05 10:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:03 . 2011-11-09 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-10 21:33 . 2011-11-06 20:41 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-01 14:15 . 2012-07-01 14:15 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-01 14:15 . 2011-11-10 19:18 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-17 22:21 . 2011-11-07 22:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-17 22:21 . 2011-11-07 21:30 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-17 22:21 . 2011-11-07 21:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-12 03:08 . 2012-07-10 21:36 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-04-06 02:10 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2012-04-06 02:21 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-03-10 02:53 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-04-06 02:13 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-03-10 02:38 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-04-06 01:34 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-04-06 01:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-04-06 01:11 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-04-06 01:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2011-03-10 02:14 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-04-06 01:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2012-04-06 01:09 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-09 05:43 . 2012-07-10 21:32 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-10 21:32 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-10 21:32 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-10 21:32 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-10 21:32 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-10 21:32 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-10 21:32 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-09 01:33 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-09 01:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-09 01:33 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-09 01:33 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-09 01:33 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-09 01:33 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-09 01:33 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-09 01:32 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-09 01:32 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-10 21:32 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-10 21:32 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-10 21:32 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-10 21:32 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-10 21:32 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-10 21:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-10 21:32 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-10 21:32 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-10 21:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-15_12.02.26 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-15 13:45 . 2012-08-15 13:45 13312 c:\windows\SysWOW64\drivers\vdmwntk1.sys - 2009-07-14 04:54 . 2012-08-15 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-15 15:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-15 12:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 15:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 15:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-15 12:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-08-15 15:19 48882 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-15 15:19 40138 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-11-05 22:46 . 2012-08-15 15:19 13332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2877674167-2366145874-1932723845-1000_UserData.bin - 2011-11-06 14:21 . 2012-08-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-06 14:21 . 2012-08-15 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-08-15 12:05 . 2012-08-15 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-14 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-06 19:24 . 2012-08-15 15:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-06 19:24 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-06 19:24 . 2012-08-15 11:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-11-06 19:24 . 2012-08-15 15:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-11-06 19:24 . 2012-08-15 15:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-06 19:24 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-06 19:03 . 2012-08-15 15:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-06 19:03 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-06 19:03 . 2012-08-15 15:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-06 19:03 . 2012-08-15 11:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-09 16:05 . 2012-08-15 12:11 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-08-15 15:16 . 2012-08-15 15:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-15 12:01 . 2012-08-15 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-15 12:01 . 2012-08-15 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-15 15:16 . 2012-08-15 15:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-08-14 23:14 621064 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-15 15:23 621064 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-14 23:14 108284 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-08-15 15:23 108284 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-08-14 22:14 385492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-15 15:14 385492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-11-06 09:54 . 2012-08-14 22:14 1232744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-11-06 09:54 . 2012-08-15 15:14 1232744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Akamai NetSession Interface"="c:\users\Sale\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-11-18 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195] "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="z:\programi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-05 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-05 79360] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 GGSAFERDriver;GGSAFER Driver;z:\programi\Garena Classic\safedrv.sys [x] R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-04 129976] R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-11-05 79360] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;tsusbhub [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-11 270912] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-11-05 15936] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 GS In-Game Service;GS In-Game Service;z:\programi\GameTracker\GSInGameService.exe [2011-11-09 1677072] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;z:\igre\Hi-Rez Studios\HiPatchService.exe [2012-08-14 8704] S2 hshld;Hotspot Shield Service;z:\programi\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040] S2 HssWd;Hotspot Shield Monitoring Service;z:\programi\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544] S2 MBAMService;MBAMService;z:\programi\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-01-22 124832] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-10-15 11576] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512] S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2011-11-06 31808] S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:03] . 2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000Core.job - c:\users\Sale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 19:26] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2877674167-2366145874-1932723845-1000UA.job - c:\users\Sale\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 19:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- z:\programi\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-11-26 437248] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://smart-homepage.blogspot.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local> IE: Download all links with IDM - z:\programi\Internet Download Manager\IEGetAll.htm IE: Download with IDM - z:\programi\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: bancaintesabeograd.com\online TCP: DhcpNameServer = 192.168.1.1 DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL FF - ProfilePath - c:\users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\4de730iu.default\ FF - prefs.js: browser.startup.homepage - about:home . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . Completion time: 2012-08-15 17:26:14 ComboFix-quarantined-files.txt 2012-08-15 15:26 ComboFix2.txt 2012-08-15 13:55 ComboFix3.txt 2012-08-15 13:08 ComboFix4.txt 2012-08-15 12:05 . Pre-Run: 451.372.224.512 bytes free Post-Run: 451.301.515.264 bytes free . - - End Of File - - 360312072AF7B7663327250DD7CC4A5B

Profil

magna86 Poslao: 15 Avg 2012 17:37 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U redu. Uklonili smo malware. Logovi sada izgledaju cisto. Hajde sada da pokusamo popraviti ono sto je ZA poremetio. U svojoj prvoj poruci dao sam ti link i uputstvo za koriscenje Farbar Service Scaner alata. Pokreni ga ( iz normal windowsa ) i postavi mi svez FSS.txt log

Profil

kubeti Poslao: 15 Avg 2012 17:40 Idi na vrh
offline kubeti Novi MyCity građanin Pridružio: 15 Avg 2012 Poruke: 16	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Farbar Service Scanner Version: 06-08-2012 Ran by Sale (administrator) on 15-08-2012 at 17:39:47 Running from "C:\Users\Sale\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal ************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit End of log **

Profil

magna86 Poslao: 15 Avg 2012 17:43 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Preuzmi ovaj file na Desktop. Pokreni ga dvoklikom i klikni na Yes/Ok. Restartuj racunar. https://www.mycity.rs/must-login.png Ponovo pokreni FSS i postavi mi svez FSS.txt log

Profil

MyCity » Ambulanta -> Arhiva Ambulante » SIREFEF - računar se restartuje za minut

Ko je trenutno na forumu

Ukupno su 1065 korisnika na forumu :: 25 registrovanih, 6 sakrivenih i 1034 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: airsuba, bufanje, Drakce65, FileFinder, goxin, HogarStrashni, Ivica1102, Krusarac, kuntalo, kybonacci, milenko crazy north, nemkea71, nenad81, Panter, Sir Budimir, Smiljke, solic, stagezin, Stija zmija, Trpe Grozni, USSVoyager, Vlada78, vladaa012, vladulns, W123

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by