MyCity » Ambulanta -> Arhiva Ambulante » Izgleda da mi virus rusi programe

Izgleda da mi virus rusi programe

Napisano na dan: 20.8.2010

Izgleda da mi virus rusi programe

Sledeća strana

Pagination

Odgovori

White_Shark Poslao: 20 Avg 2010 00:11 Idi na vrh
offline White_Shark Ugledni građanin Pridružio: 17 Sep 2006 Poruke: 421 Gde živiš: PALE, Republika Srpska	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Jutros mi se srusila windows media player i izgubio sam je iz taskbara, i kada je god pokrenem ona se srusi. Ovo nesto nije u redu, pocinje da mi rusi sve sada i na mozili pise Adobe Flash player has crashed please reload page. Pokusao da instaliram WinDVD srusi mi .exe fajl prilikom startovanja instalacija. Sigurno sam pokupio neku viruscinu. Skenirao sam kompjuter sa DDS-om a evo attachmenta. Inace koristim windows 7 32-bita. https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png DDS (Ver_10-03-17.01) - NTFSx86 Run by Aleksandar at 0:02:27,55 on pet 20.08.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.3327.1793 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Aleksandar\Downloads\dds(2).scr C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = uStart Page = hxxp://start.facemoods.com uSearch Bar = uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://start.facemoods.com/?s={searchTerms} uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [Windows] "c:\users\public\public documents\windows movie player\players.exe" uRun: [RGSC] d:\program files (x86)\rockstar games social club\RGSCLauncher.exe /silent uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [AdobeBridge] mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe" mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [New Value #1] “ctfmon”=”CTFMON.EXE” mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\users\aleksa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\youtring.lnk - c:\program files\youtring\YouTring.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\aleksa~1\appdata\roaming\mozilla\firefox\profiles\6035u98f.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1229009&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Hip Hop Internet Radio Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1229009&q= FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\users\aleksandar\appdata\roaming\mozilla\firefox\profiles\6035u98f.default\extensions\{59ed24c5-0745-4256-9f4a-8c86df2891c3}\components\FFExternalAlert.dll FF - component: c:\users\aleksandar\appdata\roaming\mozilla\firefox\profiles\6035u98f.default\extensions\{59ed24c5-0745-4256-9f4a-8c86df2891c3}\components\RadioWMPCore.dll FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\users\aleksandar\appdata\local\yahoo!\browserplus\2.5.1\plugins\npybrowserplus_2.5.1.dll FF - plugin: c:\users\aleksandar\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520] R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbguard.exe -s DefaultInstance [?] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016] R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2009-12-8 3616768] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-3-16 240232] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s DefaultInstance [?] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472] R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-9-23 543064] R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-9-23 190312] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-9-23 21848] R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-9-23 14680] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608] S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2009-12-6 57344] S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-29 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016] =============== Created Last 30 ================ 2010-08-19 21:41:08 0 d-----w- c:\users\aleksa~1\appdata\roaming\Thinstall 2010-08-16 12:45:24 0 d-----w- c:\users\aleksandar\SiteGrinderData 2010-08-15 21:49:06 0 d-----w- c:\program files\SiteGrinder 3 2010-08-12 22:20:06 0 d-----w- c:\program files\Eidos 2010-08-10 09:37:54 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-08-10 09:37:54 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-08-10 09:37:54 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-08-10 09:37:53 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-08-10 09:37:53 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-08-10 09:37:53 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-08-09 17:54:09 0 d-----w- c:\programdata\Itoo Software 2010-08-09 17:54:08 0 d-----w- c:\program files\Itoo Software 2010-08-08 12:04:41 0 d-----w- c:\program files\Microsoft XNA 2010-08-08 12:03:19 0 d-----w- c:\program files\Privates 2010-07-21 19:52:54 17 ----a-w- c:\windows\holdgemss.ini ==================== Find3M ==================== 2010-08-12 22:24:05 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-08-12 22:24:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-07-29 16:40:42 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-07-29 16:40:42 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-06-17 07:22:51 60112 ----a-w- c:\windows\fonts\cirZAPFINO-Tri.otf 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-03-01 20:14:21 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat 2010-03-01 20:14:21 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat 2010-03-01 20:14:21 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat 2009-10-28 21:27:05 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 0:03:16,86 ===============

Profil

Bogdan-Tc Poslao: 20 Avg 2010 01:08 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Zamolio bih te da postaviš i ostale (Gmer) log-ove koji se navode u uputstvu.

Profil

White_Shark Poslao: 20 Avg 2010 09:57 Idi na vrh
offline White_Shark Ugledni građanin Pridružio: 17 Sep 2006 Poruke: 421 Gde živiš: PALE, Republika Srpska	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: evo ih i GMER logovi, i jutros kada sam upalio komp nema mi media playera, ne znam sta se desava, a Kaspersky nista ne prijavljuje. https://www.mycity.rs/must-login.png prvi log sam morao rarovati jer prelazi 1MB https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 20 Avg 2010 11:28 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

White_Shark Poslao: 20 Avg 2010 14:59 Idi na vrh
offline White_Shark Ugledni građanin Pridružio: 17 Sep 2006 Poruke: 421 Gde živiš: PALE, Republika Srpska	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! skenirao sam sa ComboFix-om i izbrisao mi je viruscinu, samo mi nije jasno kako je to Kasperskom promaklo. Glupi facemoods je bio zarazen (extenzija za mozilu). Probao sam media player i radi sasvim normalno kao i svi ostali programi. Hvala na pomoci, a evo ga LOG fajl od combofix-a. ComboFix 10-08-18.05 - Aleksandar 20.08.2010 14:26:35.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.3327.2624 [GMT 2:00] Running from: c:\users\Aleksandar\Desktop\ComboFix.exe * Created a new restore point . ADS - Windows: deleted 0 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\program files\facemoods.com c:\program files\facemoods.com\facemoods\1.3.43.0\chrome.manifest c:\program files\facemoods.com\facemoods\1.3.43.0\chrome\content\facemoods.png c:\program files\facemoods.com\facemoods\1.3.43.0\chrome\content\ffxtlbr.xul c:\program files\facemoods.com\facemoods\1.3.43.0\components\FFHst.dll c:\program files\facemoods.com\facemoods\1.3.43.0\components\FFHst.xpt c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll c:\program files\facemoods.com\facemoods\1.3.43.0\escortApp.dll c:\program files\facemoods.com\facemoods\1.3.43.0\escortEng.dll c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll c:\program files\facemoods.com\facemoods\1.3.43.0\install.rdf c:\program files\facemoods.com\facemoods\1.3.43.0\uninstall.exe c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\chrome.manifest c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\blgc.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.png c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Loader.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\pref.jpg c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences.xul c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\prefman.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\facemoods.js c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\install.rdf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_osppsvc ((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 ))))))))))))))))))))))))))))))) . 2010-08-20 12:38 . 2010-08-20 12:41 -------- d-----w- c:\users\Aleksandar\AppData\Local\temp 2010-08-20 12:19 . 2010-08-20 12:19 -------- d-----w- C:\32788R22FWJFW 2010-08-19 21:41 . 2010-08-19 21:41 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\Thinstall 2010-08-19 21:41 . 2010-08-19 21:41 -------- d-----w- c:\users\Aleksandar\AppData\Local\Thinstall 2010-08-16 12:45 . 2010-08-16 17:15 -------- d-----w- c:\users\Aleksandar\SiteGrinderData 2010-08-15 21:49 . 2010-08-15 21:49 -------- d-----w- c:\program files\SiteGrinder 3 2010-08-12 22:20 . 2010-08-12 22:20 -------- d-----w- c:\program files\Eidos 2010-08-10 14:16 . 2010-08-10 14:16 -------- d-----w- c:\users\Aleksandar\AppData\Local\2K Games 2010-08-10 09:37 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-08-10 09:37 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-08-10 09:37 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-08-10 09:37 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-08-10 09:37 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-08-10 09:37 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-08-09 17:54 . 2010-08-09 17:54 -------- d-----w- c:\programdata\Itoo Software 2010-08-09 17:54 . 2010-08-09 17:54 -------- d-----w- c:\program files\Itoo Software 2010-08-08 12:04 . 2010-08-08 12:04 -------- d-----w- c:\program files\Microsoft XNA 2010-08-08 12:03 . 2010-08-08 12:03 -------- d-----w- c:\program files\Privates 2010-08-05 22:45 . 2010-08-05 22:45 -------- d-----w- c:\users\Aleksandar\AppData\Local\CrashRpt 2010-07-24 15:11 . 2010-07-24 15:11 -------- d-----w- c:\users\Aleksandar\AppData\Local\TechSmith . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-20 12:41 . 2009-11-09 20:06 -------- d-----w- c:\programdata\Kaspersky Lab 2010-08-20 12:40 . 2009-10-28 23:56 -------- d-----w- c:\programdata\NVIDIA 2010-08-18 22:29 . 2009-10-28 22:01 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\Skype 2010-08-18 22:08 . 2009-10-28 22:02 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\skypePM 2010-08-18 16:28 . 2010-08-18 16:28 340456 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\avp.exe 2010-08-18 16:28 . 2010-08-18 16:28 170512 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\prloader.dll 2010-08-18 16:28 . 2010-08-18 16:28 170584 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll 2010-08-18 16:28 . 2010-08-18 16:28 340520 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe 2010-08-17 12:33 . 2009-10-29 15:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-12 22:24 . 2009-12-20 22:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-08-12 22:24 . 2009-12-20 22:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-08-11 15:19 . 2009-11-17 14:50 -------- d-----w- c:\program files\Steam 2010-08-10 09:38 . 2009-10-28 23:57 -------- d-----w- c:\program files\NVIDIA Corporation 2010-08-09 17:16 . 2009-10-28 21:36 345800 ----a-w- c:\users\Aleksandar\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-06 12:19 . 2009-12-19 19:08 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\SoftGrid Client 2010-08-04 19:29 . 2010-07-05 19:37 -------- d-----w- c:\program files\Minefield 2010-07-31 19:56 . 2009-10-29 00:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-29 16:40 . 2010-03-22 08:05 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-07-29 16:40 . 2010-03-22 08:05 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-07-16 16:10 . 2010-07-16 16:10 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer 2010-07-16 13:01 . 2010-07-16 11:10 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\Apple Computer 2010-07-16 13:00 . 2009-10-28 21:50 -------- d-----w- c:\programdata\Apple 2010-07-16 11:10 . 2010-07-16 11:09 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-16 11:10 . 2010-07-16 11:09 -------- d-----w- c:\program files\iTunes 2010-07-16 11:09 . 2010-07-16 11:09 -------- d-----w- c:\program files\iPod 2010-07-16 11:09 . 2010-02-13 15:53 -------- d-----w- c:\program files\Common Files\Apple 2010-07-16 11:09 . 2009-10-28 21:51 -------- d-----w- c:\programdata\Apple Computer 2010-07-16 11:08 . 2010-02-26 07:54 -------- d-----w- c:\program files\QuickTime 2010-07-16 11:06 . 2010-07-16 11:06 -------- d-----w- c:\program files\Apple Software Update 2010-07-16 11:06 . 2010-07-16 11:06 -------- d-----w- c:\program files\Bonjour 2010-07-09 10:56 . 2010-05-13 16:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-09 10:56 . 2010-05-13 16:13 -------- d-----w- c:\programdata\DivX 2010-07-09 10:56 . 2010-07-09 10:56 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-07-09 10:56 . 2010-07-09 10:56 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-07-09 10:56 . 2009-11-10 11:04 -------- d-----w- c:\program files\DivX 2010-07-09 10:55 . 2010-07-09 10:55 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe 2010-07-09 10:55 . 2010-07-09 10:55 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe 2010-07-09 10:53 . 2010-05-13 16:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-07-09 10:53 . 2010-05-13 16:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-07-04 20:52 . 2010-07-04 20:52 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\Need for Speed World 2010-06-26 13:34 . 2010-04-15 20:26 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2010-06-24 20:06 . 2010-04-27 14:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-15 11:47 . 2010-06-15 11:47 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-06-06 07:20 . 2010-06-06 07:20 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-06-06 07:19 . 2010-06-06 07:19 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "New Value #1"="“ctfmon”=”CTFMON.EXE”" [X] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 340520] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-05-14 07:30 1238352 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 135664] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-29 721904] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520] S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064] S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848] S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608] . Contents of the 'Scheduled Tasks' folder 2010-04-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-Aleksandar-PC-Aleksandar.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-24 01:44] 2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c96b488b012.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 17:18] 2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 17:18] 2010-05-18 c:\windows\Tasks\{12E46AB7-1004-443D-8000-3C44266F78DA}.job - c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:57] 2010-07-07 c:\windows\Tasks\{E21233D4-455A-4525-8B2B-7ED35D18460D}.job - c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com uInternet Settings,ProxyOverride = .local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\6035u98f.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1229009&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Hip Hop Internet Radio Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1229009&q= FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\6035u98f.default\extensions\{59ed24c5-0745-4256-9f4a-8c86df2891c3}\components\FFExternalAlert.dll FF - component: c:\users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\6035u98f.default\extensions\{59ed24c5-0745-4256-9f4a-8c86df2891c3}\components\RadioWMPCore.dll FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\users\Aleksandar\AppData\Local\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll FF - plugin: c:\users\Aleksandar\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKCU-Run-RGSC - d:\program files (x86)\Rockstar Games Social Club\RGSCLauncher.exe HKCU-Run-AdobeBridge - (no file) MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe AddRemove-Call of Duty Modern Warfare 2_is1 - c:\program files\Activision\Modern Warfare 2\unins000.exe AddRemove-EyeCandy5Impact - c:\progra~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~2\EYECAN~1\Unwise32.exe AddRemove-EyeCandy5Nature - c:\progra~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~2\EYECAN~2\Unwise32.exe AddRemove-EyeCandy5Textures - c:\progra~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~2\EYECAN~3\Unwise32.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.3.43.0\uninstall.exe AddRemove-Snap Art - c:\progra~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~2\SNAPAR~1\Unwise32.exe AddRemove-Texas Hold'em Poker (Trial version)_is1 - d:\programi\Texas Hold'em Poker (Trial version)\unins000.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3638592946-3047454263-1808164732-1001\Software\Genie"!\FM Genie Scout 10] "GameDir"="c:\\Users\\Aleksandar\\Documents\\Sports Interactive\\Football Manager 2010\\games" "ShortlistDir"="c:\\Users\\Aleksandar\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists" "ScreenshotsDir"="c:\\Users\\Aleksandar\\Documents\\Sports Interactive\\Football Manager 2010" "SaveDir"="c:\\Users\\Aleksandar\\Documents\\Sports Interactive\\Football Manager 2010\\" "LangDB"="" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Steklo Black" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:0000006f "UniqueID"="C5-8380-E0EF" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" [HKEY_USERS\S-1-5-21-3638592946-3047454263-1808164732-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A28347E-B85B-A509-C6AB-CDD30B17F865}] "hadblflepdnffnnf"=hex:6a,61,63,6f,70,6c,6c,6f,6a,6f,6a,6e,68,63,6c,69,63,67, 6d,6b,00,fc "iabmbhoncemeoaanma"=hex:63,61,63,6f,6f,6c,00,00 "ianbfcpalofjggcfoh"=hex:6b,61,62,6f,62,6e,6e,68,70,70,69,6a,61,62,6c,70,70,6a, 6f,70,61,63,00,00 "dbloaanmhakcijofoecpoamgpbdofnohpbfnimkg"=hex:6a,62,6f,61,6e,64,6f,67,67,65, 67,63,70,67,64,64,6c,66,62,67,63,61,6e,6b,61,68,6d,6c,66,62,6e,6e,66,6f,62,\ "jbloaanmhakcijofoecpfokjcnmpobgiedfekmhfkplfjajonicd"=hex:67,63,6f,6c,62,63, 64,6c,6a,68,69,64,69,69,70,6b,62,6b,6c,62,67,65,6e,70,6c,69,70,66,70,64,65,\ [HKEY_USERS\S-1-5-21-3638592946-3047454263-1808164732-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:98,f6,5d,cd,9c,5e,46,04,05,fc,56,bf,84,8f,98,93,45,4d,c3,28,80,3d,7e, 1b,d2,52,a2,a7,ac,56,2d,f1,46,91,91,a5,82,7f,5e,b1,44,62,b6,d0,d2,f7,d2,d9,\ "??"=hex:bc,1c,4f,ad,e1,cf,1b,e4,ad,51,19,94,df,3d,14,af [HKEY_USERS\S-1-5-21-3638592946-3047454263-1808164732-1001\Software\SecuROM\License information] "datasecu"=hex:38,e1,9a,be,7e,6b,50,be,e8,df,d7,1e,af,d4,25,a7,c5,4f,41,8d,38, 04,10,24,89,0c,b1,4d,c8,bd,21,5f,56,0e,8e,59,18,ba,4a,c2,49,fc,01,ff,57,a9,\ "rkeysecu"=hex:c9,97,0a,cb,26,6e,ff,bf,19,6e,b3,c8,ca,30,28,74 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe c:\windows\system32\taskhost.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\Rundll32.exe . ************************************************************************* . Completion time: 2010-08-20 14:54:03 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-20 12:53 Pre-Run: 9.040.314.368 bytes free Post-Run: 11.890.118.656 bytes free - - End Of File - - 3865C6DA11371EDCE15C503A582E260A

Profil

Bogdan-Tc Poslao: 20 Avg 2010 17:57 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini na čekanju. Korak 1. Arhiviraj (zip, rar) folder C:\QooBox\Quarantine i upload-uj ga preko sledećeg link-a: http://www.mycity.rs/ambulanta-upload.php Korak 2. Otvoriti Notepad i iskopirati sledeci tekst: `RegNull:: [HKEY_USERS\S-1-5-21-3638592946-3047454263-1808164732-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A28347E-B85B-A509-C6AB-CDD30B17F865}*] Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "New Value #1"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

White_Shark Poslao: 22 Avg 2010 15:46 Idi na vrh
offline White_Shark Ugledni građanin Pridružio: 17 Sep 2006 Poruke: 421 Gde živiš: PALE, Republika Srpska	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uploadovao sam fajl, a evo ga i LOG fajt. ComboFix 10-08-20.01 - Aleksandar 22.08.2010 15:30:07.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.3327.2342 [GMT 2:00] Running from: c:\users\Aleksandar\Desktop\ComboFix.exe Command switches used :: c:\users\Aleksandar\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 ))))))))))))))))))))))))))))))) . 2010-08-22 13:38 . 2010-08-22 13:38 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-22 13:38 . 2010-08-22 13:38 -------- d-----w- c:\users\Guest\AppData\Local\temp 2010-08-22 13:38 . 2010-08-22 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-22 13:38 . 2010-08-22 13:38 -------- d-----w- c:\users\Coa\AppData\Local\temp 2010-08-22 13:26 . 2010-08-22 13:26 -------- d-----w- C:\32788R22FWJFW 2010-08-20 12:38 . 2010-08-22 13:38 -------- d-----w- c:\users\Aleksandar\AppData\Local\temp 2010-08-19 21:41 . 2010-08-19 21:41 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\Thinstall 2010-08-19 21:41 . 2010-08-19 21:41 -------- d-----w- c:\users\Aleksandar\AppData\Local\Thinstall 2010-08-18 16:28 . 2010-08-18 16:28 340456 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\avp.exe 2010-08-18 16:28 . 2010-08-18 16:28 170512 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\prloader.dll 2010-08-18 16:28 . 2010-08-18 16:28 170584 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll 2010-08-18 16:28 . 2010-08-18 16:28 340520 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe 2010-08-16 12:45 . 2010-08-16 17:15 -------- d-----w- c:\users\Aleksandar\SiteGrinderData 2010-08-15 21:49 . 2010-08-15 21:49 -------- d-----w- c:\program files\SiteGrinder 3 2010-08-12 22:20 . 2010-08-12 22:20 -------- d-----w- c:\program files\Eidos 2010-08-10 14:16 . 2010-08-10 14:16 -------- d-----w- c:\users\Aleksandar\AppData\Local\2K Games 2010-08-10 09:37 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-08-10 09:37 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-08-10 09:37 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-08-10 09:37 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-08-10 09:37 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-08-10 09:37 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-08-09 17:54 . 2010-08-09 17:54 -------- d-----w- c:\programdata\Itoo Software 2010-08-09 17:54 . 2010-08-09 17:54 -------- d-----w- c:\program files\Itoo Software 2010-08-08 12:04 . 2010-08-08 12:04 -------- d-----w- c:\program files\Microsoft XNA 2010-08-05 22:45 . 2010-08-05 22:45 -------- d-----w- c:\users\Aleksandar\AppData\Local\CrashRpt 2010-07-24 15:11 . 2010-07-24 15:11 -------- d-----w- c:\users\Aleksandar\AppData\Local\TechSmith . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-22 13:18 . 2009-11-09 20:06 -------- d-----w- c:\programdata\Kaspersky Lab 2010-08-22 13:17 . 2009-10-28 23:56 -------- d-----w- c:\programdata\NVIDIA 2010-08-21 23:23 . 2009-10-28 22:01 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\Skype 2010-08-21 22:08 . 2009-10-28 22:02 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\skypePM 2010-08-20 15:57 . 2009-10-29 15:50 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-08-20 14:34 . 2009-11-01 08:57 -------- d-----w- c:\program files\Sports Interactive 2010-08-17 12:33 . 2009-10-29 15:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-12 22:24 . 2009-12-20 22:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-08-12 22:24 . 2009-12-20 22:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-08-11 15:19 . 2009-11-17 14:50 -------- d-----w- c:\program files\Steam 2010-08-10 09:38 . 2009-10-28 23:57 -------- d-----w- c:\program files\NVIDIA Corporation 2010-08-09 17:16 . 2009-10-28 21:36 345800 ----a-w- c:\users\Aleksandar\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-06 12:19 . 2009-12-19 19:08 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\SoftGrid Client 2010-08-04 19:29 . 2010-07-05 19:37 -------- d-----w- c:\program files\Minefield 2010-07-31 19:56 . 2009-10-29 00:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-29 16:40 . 2010-03-22 08:05 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-07-29 16:40 . 2010-03-22 08:05 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-07-16 16:10 . 2010-07-16 16:10 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer 2010-07-16 13:01 . 2010-07-16 11:10 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\Apple Computer 2010-07-16 13:00 . 2009-10-28 21:50 -------- d-----w- c:\programdata\Apple 2010-07-16 11:10 . 2010-07-16 11:09 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-16 11:10 . 2010-07-16 11:09 -------- d-----w- c:\program files\iTunes 2010-07-16 11:09 . 2010-07-16 11:09 -------- d-----w- c:\program files\iPod 2010-07-16 11:09 . 2010-02-13 15:53 -------- d-----w- c:\program files\Common Files\Apple 2010-07-16 11:09 . 2009-10-28 21:51 -------- d-----w- c:\programdata\Apple Computer 2010-07-16 11:08 . 2010-02-26 07:54 -------- d-----w- c:\program files\QuickTime 2010-07-16 11:06 . 2010-07-16 11:06 -------- d-----w- c:\program files\Apple Software Update 2010-07-16 11:06 . 2010-07-16 11:06 -------- d-----w- c:\program files\Bonjour 2010-07-09 10:56 . 2010-05-13 16:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-09 10:56 . 2010-05-13 16:13 -------- d-----w- c:\programdata\DivX 2010-07-09 10:56 . 2010-07-09 10:56 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-07-09 10:56 . 2010-07-09 10:56 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-07-09 10:56 . 2009-11-10 11:04 -------- d-----w- c:\program files\DivX 2010-07-09 10:55 . 2010-07-09 10:55 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe 2010-07-09 10:55 . 2010-07-09 10:55 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe 2010-07-09 10:53 . 2010-05-13 16:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-07-09 10:53 . 2010-05-13 16:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-07-04 20:52 . 2010-07-04 20:52 -------- d-----w- c:\users\Aleksandar\AppData\Roaming\Need for Speed World 2010-06-26 13:34 . 2010-04-15 20:26 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2010-06-24 20:06 . 2010-04-27 14:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-15 11:47 . 2010-06-15 11:47 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-06-06 07:20 . 2010-06-06 07:20 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-06-06 07:19 . 2010-06-06 07:19 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-06 07:18 . 2010-06-06 07:18 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 340520] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-05-14 07:30 1238352 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-20 685816] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 135664] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520] S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064] S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848] S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608] . Contents of the 'Scheduled Tasks' folder 2010-04-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-Aleksandar-PC-Aleksandar.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-24 01:44] 2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c96b488b012.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 17:18] 2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 17:18] 2010-05-18 c:\windows\Tasks\{12E46AB7-1004-443D-8000-3C44266F78DA}.job - c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:57] 2010-07-07 c:\windows\Tasks\{E21233D4-455A-4525-8B2B-7ED35D18460D}.job - c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com uInternet Settings,ProxyOverride = .local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\6035u98f.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1229009&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Hip Hop Internet Radio Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1229009&q= FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\6035u98f.default\extensions\{59ed24c5-0745-4256-9f4a-8c86df2891c3}\components\FFExternalAlert.dll FF - component: c:\users\Aleksandar\AppData\Roaming\Mozilla\Firefox\Profiles\6035u98f.default\extensions\{59ed24c5-0745-4256-9f4a-8c86df2891c3}\components\RadioWMPCore.dll FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\users\Aleksandar\AppData\Local\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3638592946-3047454263-1808164732-1001\Software\Genie"!\FM Genie Scout 10] "GameDir"="c:\\Users\\Aleksandar\\Documents\\Sports Interactive\\Football Manager 2010\\games" "ShortlistDir"="c:\\Users\\Aleksandar\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists" "ScreenshotsDir"="c:\\Users\\Aleksandar\\Documents\\Sports Interactive\\Football Manager 2010" "SaveDir"="c:\\Users\\Aleksandar\\Documents\\Sports Interactive\\Football Manager 2010\\" "LangDB"="" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "GraphStep"=dword:00000000 "SkinName"="Steklo Black" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:0000006f "UniqueID"="C5-8380-E0EF" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" [HKEY_USERS\S-1-5-21-3638592946-3047454263-1808164732-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:98,f6,5d,cd,9c,5e,46,04,05,fc,56,bf,84,8f,98,93,45,4d,c3,28,80,3d,7e, 1b,d2,52,a2,a7,ac,56,2d,f1,46,91,91,a5,82,7f,5e,b1,44,62,b6,d0,d2,f7,d2,d9,\ "??"=hex:bc,1c,4f,ad,e1,cf,1b,e4,ad,51,19,94,df,3d,14,af [HKEY_USERS\S-1-5-21-3638592946-3047454263-1808164732-1001\Software\SecuROM\License information] "datasecu"=hex:38,e1,9a,be,7e,6b,50,be,e8,df,d7,1e,af,d4,25,a7,c5,4f,41,8d,38, 04,10,24,89,0c,b1,4d,c8,bd,21,5f,56,0e,8e,59,18,ba,4a,c2,49,fc,01,ff,57,a9,\ "rkeysecu"=hex:c9,97,0a,cb,26,6e,ff,bf,19,6e,b3,c8,ca,30,28,74 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-08-22 15:41:18 ComboFix-quarantined-files.txt 2010-08-22 13:41 ComboFix2.txt 2010-08-20 12:54 Pre-Run: 10.992.070.656 bytes free Post-Run: 10.707.464.192 bytes free - - End Of File - - 3011D21204D54968A37902FB1E215C00

Profil

Bogdan-Tc Poslao: 23 Avg 2010 17:51 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Izvinjavam se, totalno sam zaboravio za tvoj problem. Preuzmi RegFix i pokreni ga dvoklikom; Na upit klikni Yes, a zatim Ok. https://www.mycity.rs/must-login.png Restartuj računar i javi kakvo je stanje.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Izgleda da mi virus rusi programe

Ko je trenutno na forumu

Ukupno su 819 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 772 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AMCXXL, Apok, babaroga, bobomicek, cavatina, CheefCoach, dankisha, Daxi184, DPera, Frunze, Georgius, havoc995, hooraay, HrcAk47, ivica976, jackreacher011011, Karla, kybonacci, lucko1, maiden6657, mercedesamg, milenko crazy north, nemkea71, operniki, opt1, panzerwaffe, RJ, robytz, rodoljub, royst33, sevenino, Shinobi, slonic_tonic, Smiljke, sokars, suton, theNedjeljko, VJ, wizzardone, yufighter, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by