MyCity » Ambulanta -> Arhiva Ambulante » Malware

Malware

Napisano na dan: 11.10.2012
1

Malware
Sledeća strana Pagination

Idi na vrh

Poslao: 11 Okt 2012 11:21
Idi na vrh
rip
  • Vuco  Male
  • Nezaboravni član
  • Pridružio: 26 Sep 2012
  • Poruke: 43
  • Gde živiš: Kragujevac

Nakon updejta Adobe Flash pleyera izbacuje sledecu gresku

Ako kliknem na YES Flash crashuje i zaledi Google Chrome,ako kliknem NO nastavi normalno da radi,izbacuje samo na dok sam na Fejsu a sad sam primetio da nakon replay neke pesme na YT nakon replay-a zajuca pesma na pola refresujem i normalno nastavi od pocetka

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Korisnik at 10:34:15 on 2012-10-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.2015.721 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.gboxapp.com/
mStart Page = hxxp://search.gboxapp.com/
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=ac0a69450000000000006c626d3b9c13&tlver=1.4.19.19&affID=19404
uURLSearchHooks: H - No File
uURLSearchHooks: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} -
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} -
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Mario Forever: {707db484-2428-402d-afb5-d85b387544c7} - Mario Forever Toolbar
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: uTorrentBar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Nuclear Games Toolbar
BHO: Codecv Class: {d8b76f8c-a3a1-8a13-c413-f94fa4440f57} - c:\programdata\codecv\bhoclass.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Nuclear Games Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} -
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
uRun: [<NO NAME>]
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - file:///C:/Users/Korisnik/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/xplugCam.gadget/en-US/xplug.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C3BFA016-3C64-48F2-8FE0-79696CB443F2} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
IFEO: image file execution options - svchost.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\cx8ept1r.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=286&systemid=406&sr=0&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.BabylonToolbar_i.id - ac0a69450000000000006c626d3b9c13
FF - user.js: extensions.BabylonToolbar_i.hardId - ac0a69450000000000006c626d3b9c13
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111294&tt=010812_rbt_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - ac0a69450000000000006c626d3b9c13
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.123:10:42
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-17 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 151648]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 89440]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-9 27496]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/05/24 16:39:53];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-6-28 87536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-8-20 5751928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-8-20 184304]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-7-13 21096]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-7-13 25448]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-10-9 722528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-24 327784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-17 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-9 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-17 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-14 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-24 15872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-10-9 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-24 52224]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-10-10 16:48:13 -------- d-----w- c:\users\korisnik\appdata\roaming\AVG
2012-10-10 16:46:26 -------- d-----w- c:\programdata\AVG
2012-10-10 16:46:10 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-10 08:55:23 -------- d-----w- c:\programdata\TuneUp Software
2012-10-10 08:55:18 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-10-09 21:34:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 20:26:05 -------- d-----w- c:\users\korisnik\appdata\roaming\Malwarebytes
2012-10-09 20:25:32 -------- d-----w- c:\programdata\Malwarebytes
2012-10-09 20:25:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 20:25:29 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-09 19:53:24 -------- d-----w- c:\programdata\HitmanPro
2012-10-09 19:44:53 -------- d-----w- c:\users\korisnik\appdata\roaming\AVG2013
2012-10-09 19:43:46 -------- d-----w- c:\users\korisnik\appdata\local\AVG Secure Search
2012-10-09 19:43:37 -------- d-----w- c:\users\korisnik\appdata\roaming\TuneUp Software
2012-10-09 19:43:34 -------- d-----w- c:\programdata\AVG Secure Search
2012-10-09 19:43:19 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-09 19:43:16 -------- dc----w- c:\program files\common files\AVG Secure Search
2012-10-09 19:43:16 -------- dc----w- c:\program files\AVG Secure Search
2012-10-09 19:41:02 -------- d--h--w- C:\$AVG
2012-10-09 19:41:02 -------- d-----w- c:\programdata\AVG2013
2012-10-09 19:40:35 -------- dc----w- c:\program files\AVG
2012-10-09 19:34:57 -------- d--h--w- c:\programdata\Common Files
2012-10-09 19:34:57 -------- d-----w- c:\users\korisnik\appdata\local\MFAData
2012-10-09 19:34:57 -------- d-----w- c:\users\korisnik\appdata\local\Avg2013
2012-10-09 19:34:57 -------- d-----w- c:\programdata\MFAData
2012-10-09 19:19:18 638976 ----a-w- c:\windows\ESETUninstaller.exe
2012-10-09 18:37:40 -------- d-----w- c:\users\korisnik\appdata\roaming\Qualys
2012-10-09 18:16:42 -------- d-----w- c:\users\korisnik\appdata\local\VS Revo Group
2012-10-09 18:16:38 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-10-09 16:11:20 -------- d-----w- c:\users\korisnik\appdata\local\ElevatedDiagnostics
2012-10-09 16:00:20 -------- d-----w- c:\users\korisnik\appdata\roaming\Blitware
2012-10-09 16:00:18 -------- dc----w- c:\program files\Driver Robot
2012-10-09 12:34:38 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7791591e-8c62-491e-bec2-30943ba1c9d7}\offreg.dll
2012-10-09 09:17:08 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7791591e-8c62-491e-bec2-30943ba1c9d7}\mpengine.dll
2012-10-08 17:07:24 -------- dc----w- c:\program files\SpeedFan
2012-10-08 17:02:02 -------- dc----w- c:\program files\Everest
2012-09-29 14:00:46 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-09-29 09:33:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-28 08:58:18 -------- dc----w- c:\program files\Audacity
2012-09-27 13:18:32 -------- d-----w- C:\OutputFolder
2012-09-26 15:45:22 -------- d-----w- c:\users\korisnik\appdata\local\{E0FF6E8D-EF23-4B09-8EA3-82DCCDD1D523}
2012-09-26 15:45:22 -------- d-----w- c:\users\korisnik\appdata\local\{B1B213B9-0225-4A15-9E64-8F6758AA3DF8}
2012-09-26 15:33:39 -------- dc----w- c:\program files\Virtual
2012-09-26 04:41:21 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-17 16:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 09:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 09:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-12 08:34:40 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 08:34:40 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:34:39 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 08:34:39 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 08:34:39 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 08:34:39 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-10-09 21:34:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 09:33:24 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-29 09:33:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-13 14:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-08-10 02:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 02:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 11:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Negde sam ponovo video Babylon Toolbar ma koliko puta ga brisao i deinstalirao uvek se negde pojavi GUZ - Glavom U Zid

Poslao: 11 Okt 2012 12:50
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Korak 1.

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sledece programe:

- Java(TM) 6 Update 31
- Java(TM) SE Runtime Environment 6 Update 1
- Mesh Runtime
- Windows iLivid Toolbar
- Codecv

Restartuj racunar.



Korak 2.

Otidji u C:\Program Files, pronadji folder SProtector, zapakuj ga u arhivu (zip, rar) i posalji preko sledeceg linka

http://www.mycity.rs/ambulanta-upload.php

Poslao: 11 Okt 2012 13:07
Idi na vrh
rip
  • Vuco  Male
  • Nezaboravni član
  • Pridružio: 26 Sep 2012
  • Poruke: 43
  • Gde živiš: Kragujevac

Uplodovano Very Happy Mesh Runtime nisam naleteo na njega nema ga...

Poslao: 11 Okt 2012 13:21
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

Poslao: 11 Okt 2012 16:33
Idi na vrh
rip
  • Vuco  Male
  • Nezaboravni član
  • Pridružio: 26 Sep 2012
  • Poruke: 43
  • Gde živiš: Kragujevac

Napisano: 11 Okt 2012 16:18

ComboFix 12-10-11.03 - Korisnik 10/11/2012 15:51:59.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.2015.676 [GMT 2:00]
Running from: c:\users\Korisnik\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\bhoclass.dll
c:\programdata\Codecv\content.js
c:\programdata\Codecv\dabdfledpacnchclffbandlhdhhojbba.crx
c:\programdata\Codecv\settings.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\roboot.exe
c:\windows\system32\SETC076.tmp
c:\windows\system32\tmp1F79.tmp
c:\windows\system32\tmp95CA.tmp
c:\windows\system32\tmp9628.tmp
c:\windows\system32\tmpF7A8.tmp
c:\windows\system32\tmpF7F7.tmp
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-10 16:48 . 2012-10-10 16:48 -------- d-----w- c:\users\Korisnik\AppData\Roaming\AVG
2012-10-10 16:46 . 2012-10-10 16:49 -------- d-----w- c:\programdata\AVG
2012-10-10 16:46 . 2012-10-10 16:46 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-10 08:55 . 2012-10-10 08:56 -------- d-----w- c:\programdata\TuneUp Software
2012-10-10 08:55 . 2012-10-10 08:55 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-10-09 21:34 . 2012-10-09 21:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 20:26 . 2012-10-09 20:26 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Malwarebytes
2012-10-09 20:25 . 2012-10-09 20:25 -------- d-----w- c:\programdata\Malwarebytes
2012-10-09 20:25 . 2012-10-09 20:25 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-09 20:25 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 19:53 . 2012-10-09 20:21 -------- d-----w- c:\programdata\HitmanPro
2012-10-09 19:43 . 2012-10-09 19:43 -------- d-----w- c:\users\Korisnik\AppData\Local\AVG Secure Search
2012-10-09 19:43 . 2012-10-09 19:43 -------- d-----w- c:\users\Korisnik\AppData\Roaming\TuneUp Software
2012-10-09 19:43 . 2012-10-09 19:43 -------- d-----w- c:\programdata\AVG Secure Search
2012-10-09 19:43 . 2012-10-09 19:43 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-09 19:43 . 2012-10-09 19:43 -------- dc----w- c:\program files\AVG Secure Search
2012-10-09 19:43 . 2012-10-09 19:43 -------- dc----w- c:\program files\Common Files\AVG Secure Search
2012-10-09 19:41 . 2012-10-09 19:41 -------- d-----w- C:\$AVG
2012-10-09 19:40 . 2012-10-10 16:54 -------- dc----w- c:\program files\AVG
2012-10-09 19:34 . 2012-10-11 08:05 -------- d-----w- c:\programdata\MFAData
2012-10-09 19:34 . 2012-10-09 19:52 -------- d-----w- c:\users\Korisnik\AppData\Local\Avg2013
2012-10-09 19:34 . 2012-10-09 19:34 -------- d--h--w- c:\programdata\Common Files
2012-10-09 19:34 . 2012-10-09 19:34 -------- d-----w- c:\users\Korisnik\AppData\Local\MFAData
2012-10-09 19:19 . 2012-10-09 19:00 638976 ----a-w- c:\windows\ESETUninstaller.exe
2012-10-09 18:37 . 2012-10-09 18:37 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Qualys
2012-10-09 18:16 . 2012-10-09 18:16 -------- d-----w- c:\users\Korisnik\AppData\Local\VS Revo Group
2012-10-09 18:16 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-10-09 16:11 . 2012-10-11 11:03 -------- d-----w- c:\users\Korisnik\AppData\Local\ElevatedDiagnostics
2012-10-09 16:00 . 2012-10-09 16:00 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Blitware
2012-10-09 16:00 . 2012-10-09 16:00 -------- dc----w- c:\program files\Driver Robot
2012-10-09 12:34 . 2012-10-09 18:20 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7791591E-8C62-491E-BEC2-30943BA1C9D7}\offreg.dll
2012-10-09 09:17 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7791591E-8C62-491E-BEC2-30943BA1C9D7}\mpengine.dll
2012-10-08 17:07 . 2012-10-10 16:44 -------- dc----w- c:\program files\SpeedFan
2012-10-08 17:02 . 2012-10-08 17:03 -------- dc----w- c:\program files\Everest
2012-09-29 14:00 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2012-09-29 09:33 . 2012-09-29 09:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-28 08:58 . 2012-09-28 08:59 -------- d-----w- c:\users\Korisnik\AppData\Roaming\Audacity
2012-09-28 08:58 . 2012-09-28 08:58 -------- dc----w- c:\program files\Audacity
2012-09-27 13:18 . 2012-09-27 13:18 -------- d-----w- C:\OutputFolder
2012-09-26 15:37 . 2012-09-26 15:37 -------- d-----w- c:\windows\Sun
2012-09-26 15:33 . 2012-09-26 15:33 -------- dc----w- c:\program files\Virtual
2012-09-26 07:54 . 2012-09-26 11:04 -------- d-----w- c:\users\Korisnik\AppData\Roaming\ImgBurn
2012-09-26 07:53 . 2012-09-26 07:54 -------- dc----w- c:\program files\ImgBurn
2012-09-26 04:41 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-17 16:58 . 2012-09-17 16:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 03:34 . 2012-09-14 03:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 09:47 . 2012-09-12 09:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 09:47 . 2012-09-12 09:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-12 08:34 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 08:34 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 08:34 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:34 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 08:34 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 08:34 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 21:34 . 2011-05-24 15:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 09:33 . 2012-05-18 17:13 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-29 09:33 . 2011-07-10 08:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-13 14:40 . 2012-08-13 14:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 02:52 . 2012-08-10 02:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 02:52 . 2012-08-10 02:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 11:56 . 2012-08-09 11:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-28 12:44 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-18 17:47 . 2012-08-15 06:43 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-17 20:55 . 2012-06-14 07:00 136672 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-10-09 19:43 1734240 -c--a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-10-09 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\XviD\CheckUpdate.exe" [2011-01-17 8192]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-20 1021840]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-12 10025576]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-06-28 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-10-09 947808]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-10-09 856160]
.
c:\users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-06-20 07:57 1021840 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/05/24 16:39];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 21:34]
.
2012-10-09 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2012-10-09 16:00]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 22:11]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-16 22:11]
.
2012-10-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2012-06-29 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.gboxapp.com/
mStart Page = hxxp://search.gboxapp.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - file:///C:/Users/Korisnik/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/xplugCam.gadget/en-US/xplug.ocx
FF - ProfilePath - c:\users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\cx8ept1r.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=286&systemid=406&sr=0&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.BabylonToolbar_i.id - ac0a69450000000000006c626d3b9c13
FF - user.js: extensions.BabylonToolbar_i.hardId - ac0a69450000000000006c626d3b9c13
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111294&tt=010812_rbt_3112_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - ac0a69450000000000006c626d3b9c13
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.123:10
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{707db484-2428-402d-afb5-d85b387544c7} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
BHO-{707db484-2428-402d-afb5-d85b387544c7} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{707db484-2428-402d-afb5-d85b387544c7} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{707DB484-2428-402D-AFB5-D85B387544C7} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-504244733D18C8F63FF584AEB290E3904E791693 - c:\progra~1\DIFX\B4723E9A0713E5B1\dpinst.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-457889968-920633692-2427081306-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6A30109-0F3F-6487-C038-1F2D75C2C33E}*]
"haocgbgahdcdkghg"=hex:69,61,67,65,62,68,61,6c,6f,6d,6b,69,68,6e,62,64,64,6e,
00,dc
"gafcnfeleifopo"=hex:61,63,69,62,63,69,70,64,66,64,6a,65,67,6b,6e,63,61,6d,6d,
6c,64,65,6e,68,6a,63,61,6c,65,66,64,68,63,65,61,6b,6d,6e,6f,6f,6b,64,63,6a,\
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b0,ad,49,12,3f,98,24,80,87,37,05,5e,84,0e,14,36,87,b9,14,d2,89,d6,88,
03,e0,a2,c6,30,ea,0a,6f,47,9d,0a,cc,80,f1,53,c2,25,16,24,e7,19,1d,48,43,6c,\
"??"=hex:9c,f8,4d,03,f3,59,33,73,7e,69,34,21,9c,d7,cd,eb
.
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\SecuROM\License information*]
"datasecu"=hex:a6,fc,54,df,f0,04,6f,cd,35,54,b9,b6,b7,70,68,2c,92,b5,ca,ad,56,
11,e8,5d,6f,9b,d2,78,29,1f,2a,af,ca,af,19,ca,4b,99,42,b6,b5,a5,26,cd,d2,06,\
"rkeysecu"=hex:41,07,d2,4f,af,b6,1a,b8,ee,c8,ba,96,59,ba,89,75
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1224)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-10-11 16:07:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-11 14:07
.
Pre-Run: 39,232,057,344 bytes free
Post-Run: 39,027,335,168 bytes free
.
- - End Of File - - 3C7F3D8E10788E262A493BE132A890E6
Ali sad mi je pobrisao sve ikonice sa RocketDocka :/


Dopuna: 11 Okt 2012 16:33

Sto je pobrisao pola programa O.o CCleaner,Cool Edit Pro,TotalComander -.-

Poslao: 11 Okt 2012 19:17
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Mozes li malo detaljnije da opises sta se izdesavalo. ComboFix nije obrisao nista legitimno, desava se da neki programi ne rade, ali je dovoljno restartovati racunar da bi se to resilo...

Da li si dobijao ovu poruku?

"Illegal operation attempted on a registry key that has been marked for deletion"

Poslao: 11 Okt 2012 21:02
Idi na vrh
rip
  • Vuco  Male
  • Nezaboravni član
  • Pridružio: 26 Sep 2012
  • Poruke: 43
  • Gde živiš: Kragujevac

Nisam jedino je izbacio da ugasim AVG u pocetku nije nista radilo ali par restartovanja i radi samo sto se izgubio CCleaner TC i jos neki programcici..

Poslao: 11 Okt 2012 23:07
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Log ne pokazuje da je ista brisao, mozda je neka ikonica nestala, ali to se lako vraca...

Elem...


Korak 1.

Otvoriti Notepad i iskopirati sledeci tekst:

RegNull::
[HKEY_USERS\S-1-5-21-457889968-920633692-2427081306-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6A30109-0F3F-6487-C038-1F2D75C2C33E}*]

Folder::
C:\Program Files\SProtector

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Korak 2.

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad (AdwCleaner[R1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[R1].txt



Korak 3.

Nakon sto ovo zavrsis, kazi mi kakvo je stanje sistema?

Poslao: 12 Okt 2012 19:54
Idi na vrh
rip
  • Vuco  Male
  • Nezaboravni član
  • Pridružio: 26 Sep 2012
  • Poruke: 43
  • Gde živiš: Kragujevac

Nema nigde ComboFix.exe ali nigde O.o

Poslao: 12 Okt 2012 20:51
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pokretao si ga iz Downloads foldera, sto je suprotno uputstvu, ako ga nema, skini ponovo na Desktop, imas gore link...

MyCity » Ambulanta -> Arhiva Ambulante » Malware

Ko je trenutno na forumu
 

Ukupno su 1263 korisnika na forumu :: 57 registrovanih, 10 sakrivenih i 1196 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, 8u47, airsuba, ajo baba, Alibaba1981, amonsrb, Apok, aramis s, bagor10, Bobrock1, bokisha253, Boris Bosiljčić, celik, cemix, cifra, dankisha, Darko001, darkstar101, DonRumataEstorski, flash12, GandorCC, GenZee, GORDI, HrcAk47, ILGromovnik, JOntra, kikisp, kjkszpj, Koridor, KOV, krkalon, Krvava Devetka, kybonacci, Litostroton, LUDI, MB120mm, mercedesamg, Mercury, Metanoja, mikrimaus, milenko crazy north, moldway, pacika, Panonsky, Parker, raso7, Reinhardt, Shinobi, slonic_tonic, Stoilkovic, vathra, wolverined4, YugoSlav, Zaledjeni, zixmix, 1107, 79693