MyCity » Ambulanta -> Arhiva Ambulante » Problem trojanci rookit i tako to

Problem trojanci rookit i tako to

Napisano na dan: 2.7.2010

Problem trojanci rookit i tako to

Sledeća strana

Pagination

Odgovori

nesho_15 Poslao: 02 Jul 2010 12:23 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Posle skeniranja sa Malwarebytes' Anti-Malware pojavila su se tri problematicna fajla evo i slike naravno ja sam dao remove ali pitanje je da li je nesto ostalo i da li ima jos necega tu?avira nista ne prijavljuje,evo i logova: DDS (Ver_10-03-17.01) - NTFSx86 Run by Nikitovic at 11:43:25,86 on pet 02.07.2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17 Microsoft Windows 7 Ultimate 6.1.7600.2.1252.1.1033.18.2046.1261 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\RTHDCPL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\USB Disk Win98 Driver\Res.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Nikitovic\Desktop\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] mSearchAssistant = [Link mogu videti samo ulogovani korisnici]{searchTerms} BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "c:\program files\malwarebytes' anti-malware\mbamext.dll" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-OOCD0.exe" /REG mRunOnce: [123] c:\windows\DelToolbox.bat mRunServices: [csrcs] c:\windows\system32\csrcs.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [Link mogu videti samo ulogovani korisnici]\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206 TCP: {7C239371-D6FD-4EB9-AD28-2A8A2F06AE99} = 10.24.4.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\nikito~1\appdata\roaming\mozilla\firefox\profiles\q1twwevc.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-15 11608] R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-15 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-15 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-15 56816] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-2 38224] R3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr61.sys [2009-6-2 368128] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.cfxxe" exec /i "c:\combofix\hidec.exe" "c:\combofix\swreg.exe" acl "hkey_local_machine\system\currentcontrolset\enum\root\legacy_beep" /reset /q --> c:\combofix\PEV.cfxxe [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-30 181792] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2009-11-13 248448] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2009-11-13 476032] =============== Created Last 30 ================ 2010-07-02 09:43:13 53 ----a-w- c:\windows\DelToolbox.bat 2010-07-02 09:03:14 711168 ----a-w- c:\windows\is-OOCD0.exe 2010-07-02 09:03:14 361 ----a-w- c:\windows\is-OOCD0.lst 2010-07-02 09:03:14 10562 ----a-w- c:\windows\is-OOCD0.msg 2010-07-02 09:03:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-02 08:58:55 0 d-----w- c:\users\nikito~1\appdata\roaming\Malwarebytes 2010-07-02 08:58:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-02 08:58:50 0 d-----w- c:\programdata\Malwarebytes 2010-07-02 08:58:49 34296 ----a-w- c:\windows\system32\drivers\mbamcatchme.sys 2010-07-02 08:58:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-30 08:01:15 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll 2010-06-30 08:01:05 181792 ----a-w- c:\windows\system32\drivers\RtsUStor.sys 2010-06-25 23:06:45 0 d-----w- c:\users\nikitovic\.VirtualBox 2010-06-25 23:06:10 142992 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2010-06-25 23:06:02 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2010-06-25 14:01:16 100496 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2010-06-23 15:37:43 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2010-06-23 15:37:43 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2010-06-21 10:01:56 0 d-----w- c:\program files\Mv2Player ==================== Find3M ==================== 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-12-27 21:14:39 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat 2009-12-27 21:14:39 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat 2009-12-27 21:14:39 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat 2009-11-14 14:02:18 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-11-14 14:02:18 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-11-14 14:02:18 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-11-14 14:02:18 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-02-14 10:12:46 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 11:44:32,37 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

1l padr1n0 Poslao: 02 Jul 2010 14:41 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

nesho_15 Poslao: 03 Jul 2010 12:25 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne moze da mi otvori combo fix disejblovao sam aviru i ne moze,pise ovako Combofix.exe has stop working i imam opciju close the program.samo da napomenem da koristim win7

Profil

1l padr1n0 Poslao: 03 Jul 2010 13:33 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isprati jos jednom uputstvo za preuzimanje i pokretanje ComboFix-a iz mog prethodnog post-a. Obrati paznju na sve upute koji su navedeni i ispostuj ih. Ukoliko ni tada CF nece da se pokrene u Normalnom modu Windows-a: - pokreni racunar u SAFE MODE-u (link sa objasnjenjem) ; - isprati uputstvo za pokretanje ComboFix-a; - postavi potreban log.

Profil

nesho_15 Poslao: 03 Jul 2010 18:33 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo uspeo sam posle ponovnog downloada combofixa ComboFix 10-07-01.02 - Nikitovic 03.07.2010 16:01:46.1.1 - x86 Microsoft Windows 7 Ultimate 6.1.7600.2.1252.1.1033.18.2046.1350 [GMT 2:00] Running from: c:\users\Nikitovic\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 ))))))))))))))))))))))))))))))) . 2010-07-03 14:09 . 2010-07-03 14:09 -------- d-----w- c:\users\Nikitovic\AppData\Local\temp 2010-07-03 14:09 . 2010-07-03 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-03 13:57 . 2010-07-03 13:58 -------- d-----w- C:\32788R22FWJFW 2010-07-02 09:43 . 2010-07-02 09:43 53 ----a-w- c:\windows\DelToolbox.bat 2010-07-02 08:58 . 2010-07-02 08:58 -------- d-----w- c:\users\Nikitovic\AppData\Roaming\Malwarebytes 2010-07-02 08:58 . 2010-07-02 08:58 -------- d-----w- c:\programdata\Malwarebytes 2010-06-30 08:01 . 2009-11-11 13:11 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll 2010-06-30 08:01 . 2009-11-11 13:11 181792 ----a-w- c:\windows\system32\drivers\RtsUStor.sys 2010-06-30 07:57 . 2010-06-30 07:57 -------- d-----w- c:\users\Nikitovic\AppData\Local\Stardock 2010-06-25 23:06 . 2010-06-25 23:07 -------- d-----w- c:\users\Nikitovic\.VirtualBox 2010-06-25 23:06 . 2010-06-25 14:01 142992 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2010-06-25 23:06 . 2010-06-26 13:22 -------- dc----w- c:\windows\system32\DRVSTORE 2010-06-25 23:06 . 2010-06-25 14:01 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2010-06-25 14:01 . 2010-06-25 14:01 100496 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2010-06-23 15:37 . 2009-11-03 12:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2010-06-23 15:37 . 2009-11-03 12:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2010-06-21 10:01 . 2010-06-23 06:39 -------- d-----w- c:\program files\Mv2Player . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-03 13:59 . 2009-11-13 08:50 -------- d-----w- c:\programdata\NVIDIA 2010-07-03 13:54 . 2009-11-14 14:53 -------- d-----w- c:\users\Nikitovic\AppData\Roaming\Skype 2010-07-03 07:02 . 2009-11-14 15:00 -------- d-----w- c:\users\Nikitovic\AppData\Roaming\skypePM 2010-07-02 09:43 . 2009-11-13 08:41 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-01 13:00 . 2009-12-13 22:22 -------- d-----w- c:\users\Nikitovic\AppData\Roaming\Orbit 2010-06-30 08:01 . 2009-11-13 08:41 -------- d-----w- c:\program files\Realtek 2010-06-24 09:14 . 2009-11-15 21:47 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-21 13:10 . 2010-01-16 17:52 40 ----a-w- c:\windows\RSoftInfo.dat 2010-06-06 13:29 . 2009-11-13 08:35 65032 ----a-w- c:\users\Nikitovic\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-25 18:02 . 2009-12-27 15:28 -------- d-----w- c:\program files\DietMP3 2010-05-12 13:45 . 2010-05-11 22:12 -------- d-----w- c:\programdata\IncrediMail 2010-05-11 22:13 . 2010-05-11 22:12 -------- d-----w- c:\programdata\IM 2010-05-11 20:30 . 2010-05-09 11:34 -------- d-----w- c:\program files\JLC's Software 2010-05-09 11:35 . 2010-05-09 11:35 -------- d-----w- c:\users\Nikitovic\AppData\Roaming\JLC's Software 2010-05-08 13:15 . 2010-05-08 13:15 -------- d-----w- c:\program files\YouTube Downloader 2010-05-08 08:53 . 2010-05-08 08:48 -------- d-----w- c:\users\Nikitovic\AppData\Roaming\The Bat! 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 14202368] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-15 149280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector] DevDetect.exe -autorun [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-05-26 20:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 ----a-w- c:\windows\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-01-12 02:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2009-06-30 08:28 1217784 ----a-w- e:\igrice\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2007-04-13 17:08 114688 ----a-w- c:\program files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe R3 FXDRV;FXDRV;H:\Fxdrv.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2007-09-05 248448] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2007-06-13 476032] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-10 721904] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-11-15 108289] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232] S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [2009-06-02 368128] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Nikitovic\AppData\Roaming\Mozilla\Firefox\Profiles\q1twwevc.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.032" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.abr" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ani" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.arw" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bay" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bmp" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bw" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cr2" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.crw" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cs1" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cur" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcr" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcx" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dib" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djv" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djvu" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dng" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.emf" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.eps" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.erf" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fff" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fpx" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.gif" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.hdr" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icl" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icn" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iff" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ilbm" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.int" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.inta" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iw4" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2c" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2k" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jbr" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jfif" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jif" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jp2" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpc" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpe" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpeg" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpg" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpk" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpx" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.kdc" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.lbm" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mef" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mos" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mrw" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.nef" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.orf" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pbm" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pbr" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcd" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pct" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcx" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pef" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pgm" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pic" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pict" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pix" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.png" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ppm" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psd" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psp" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pspbrush" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pspimage" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raf" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ras" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raw" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgb" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgba" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rle" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rsb" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sgi" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sr2" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.srf" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tga" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.thm" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tif" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tiff" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttc" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttf" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10o" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10p" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10pf" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbm" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbmp" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wmf" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xbm" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xif" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xmp" [HKEY_USERS\S-1-5-21-2857616546-225453185-3479964130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xpm" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-07-03 16:13:00 ComboFix-quarantined-files.txt 2010-07-03 14:12 Pre-Run: 6.497.681.408 bytes free Post-Run: 6.415.425.536 bytes free - - End Of File - - 4097276291AFB8FB554CE80C0A5C1227

Profil

1l padr1n0 Poslao: 03 Jul 2010 19:18 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isprati jos ovo uputstvo: Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Pozdrav.

Profil

nesho_15 Poslao: 03 Jul 2010 20:28 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! odradio znaci sve je cisto?

Profil

1l padr1n0 Poslao: 03 Jul 2010 23:15 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nesho_15 ::odradio znaci sve je cisto? Da.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem trojanci rookit i tako to

Ko je trenutno na forumu

Ukupno su 1630 korisnika na forumu :: 91 registrovanih, 11 sakrivenih i 1528 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Anunakiii, Bahuss, BB, Belac91, berste23, BLACKBIRD201284, Bobrock1, bounty hunters, brandža84, C-Gun, cemix, Chainsaw, Crazzer, csipetcsapat, Ctrl x, DaliborVukadinovic, darkojbn, Denaya, Djokislav, Djuza, Dogma21, DonRumataEstorski, Dovla 1980, Džekson, gajasvi, Goran 0000, goxin, HrcAk47, istina, j-22orao, jaka013, Jaxupa, JOntra, K-1A, Kajzer Soze, Kenanjoz, Khaless, kinderpingvin, krasta, Kruger, kuntakinte, kybonacci, Leonov, ljuba.b, LostInSpaceandTime, LUDI, mercedesamg, Meteor1, milenko crazy north, Milos ZA, mocnijogurt, N.e.m.a.nj.a., nekdo, nenad81, nikolapetkovic, Orc, pceklic, Pekman, Permaldar, PlayerOne, Podljub, PoolbegD02, Povratak1912, Prle90, raf87, raptorsi, repac, RJ, Roksi, saputnik plavetnila, sevenino, Sonic, Srki98, Steeeefan, stefan95, stefanmpurtic, stegonosa, SympathyForTheDevil, Tafocus, Tas011, tooooom, Troja, tubular, tuf, Vlada78, vukajlo71, wolverined4, zvomar, Zvrk, 800077

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by