MyCity » Ambulanta -> Arhiva Ambulante » Trojanac koga ne mogu da skinem

Trojanac koga ne mogu da skinem

Napisano na dan: 24.4.2014

Strana:
1
2
3

Trojanac koga ne mogu da skinem

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

popaj Poslao: 26 Apr 2014 11:35 Idi na vrh
offline popaj Građanin Pridružio: 05 Jun 2004 Poruke: 81	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Malwarebytes Anti-Rootkit BETA 1.07.0.1009 malwarebytes.org Database version: v2014.04.26.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.17041 MONTAZA :: MONTAZA-PC [administrator] 4/26/2014 11:23:43 AM mbar-log-2014-04-26 (11-23-43).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit \| Drivers \| MBR \| Physical Sectors \| Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken Scan options disabled: Objects scanned: 238480 Time elapsed: 8 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) mycity.rs/must-login.png

Profil

argus Poslao: 26 Apr 2014 11:39 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisi stari Combofix (ikonicu) pa uradi po sledecem uputstvu: Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; Idi na Start -> Run, Pojaviće se prozor kao na slici. Kopiraj u tekst polje sljedeći tekst: "%userprofile%\Desktop\ComboFix.exe" /killall i pritisni Enter u prozoru koji se otvori klikni "I Agree". U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

popaj Poslao: 26 Apr 2014 12:26 Idi na vrh
offline popaj Građanin Pridružio: 05 Jun 2004 Poruke: 81	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne vredi sa comboxom, vec vise od pola sata stoji na Stage 2 i ne mrda dalje

Profil

argus Poslao: 26 Apr 2014 12:34 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pusti ga jos neko vreme mozda ce da progura, ako ne odradi sledece: Preuzmite program GMER sa donjeg linka na Desktop: GMER download Kliknite dati link; Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save. Dvoklikom pokrenite GMER. Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No; kliknite Scan i sačekajte da skeniranje bude završeno; kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1); kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan; po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2); kliknite taster >>> i odaberite Autostart karticu; po završetku kratkotrajnog skeniranja, kliknite Copy; otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3); Slikoviti prikaz postupka Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

Profil

popaj Poslao: 26 Apr 2014 13:03 Idi na vrh
offline popaj Građanin Pridružio: 05 Jun 2004 Poruke: 81	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Progurao je nekako jedva i restartovao racunar. Nakon restarta ponovo poruka o dvdsvr.exe. Evo izvestaja ComboFix 14-04-20.01 - MONTAZA 04/26/2014 11:50:16.17.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.883 [GMT 2:00] Running from: c:\users\MONTAZA\Desktop\ComboFix.exe Command switches used :: /killall AV: AVG AntiVirus Free Edition 2014 Disabled/Updated {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2014 Enabled/Updated {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\MediaViewerV1 c:\program files\MediaViewerV1\MediaViewerV1alpha326\ch\MediaViewerV1alpha326.crx c:\program files\MediaViewerV1\MediaViewerV1alpha326\ff\chrome.manifest c:\program files\MediaViewerV1\MediaViewerV1alpha326\ff\chrome\content\ffMediaViewerV1alpha326.js c:\program files\MediaViewerV1\MediaViewerV1alpha326\ff\chrome\content\ffMediaViewerV1alpha326ffaction.js c:\program files\MediaViewerV1\MediaViewerV1alpha326\ff\chrome\content\icons\default\MediaViewerV1alpha326_32.png c:\program files\MediaViewerV1\MediaViewerV1alpha326\ff\chrome\content\icons\Thumbs.db c:\program files\MediaViewerV1\MediaViewerV1alpha326\ff\chrome\content\overlay.xul c:\program files\MediaViewerV1\MediaViewerV1alpha326\ff\install.rdf c:\program files\MediaViewerV1\MediaViewerV1alpha326\ie\MediaViewerV1alpha326.dll c:\program files\MediaViewerV1\MediaViewerV1alpha326\uninstall.exe c:\program files\MediaViewV1 c:\program files\MediaViewV1\MediaViewV1alpha2322\ff\chrome.manifest c:\program files\MediaViewV1\MediaViewV1alpha2322\ff\chrome\content\ffMediaViewV1alpha2322.js c:\program files\MediaViewV1\MediaViewV1alpha2322\ff\chrome\content\ffMediaViewV1alpha2322ffaction.js c:\program files\MediaViewV1\MediaViewV1alpha2322\ff\chrome\content\icons\default\MediaViewV1alpha2322_32.png c:\program files\MediaViewV1\MediaViewV1alpha2322\ff\chrome\content\icons\Thumbs.db c:\program files\MediaViewV1\MediaViewV1alpha2322\ff\chrome\content\overlay.xul c:\program files\MediaViewV1\MediaViewV1alpha2322\ff\install.rdf c:\program files\MediaViewV1\MediaViewV1alpha2322\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2014-03-26 to 2014-04-26 ))))))))))))))))))))))))))))))) . . 2290-08-13 20:15 . 2290-08-13 20:15 929736 ----a-w- c:\windows\system32\aticfx32.dll 2290-08-13 20:15 . 2290-08-13 20:15 84480 ----a-w- c:\windows\system32\DelayAPO.dll 2290-08-13 20:15 . 2290-08-13 20:15 62976 ----a-w- c:\windows\system32\atimpc32.dll 2290-08-13 20:15 . 2290-08-13 20:15 62976 ----a-w- c:\windows\system32\amdpcom32.dll 2290-08-13 20:15 . 2290-08-13 20:15 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll 2290-08-13 20:15 . 2290-08-13 20:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2290-08-13 20:15 . 2290-08-13 20:15 48544 ----a-w- c:\windows\system32\atiuxpag.dll 2290-08-13 20:15 . 2290-08-13 20:15 45056 ----a-w- c:\windows\system32\ATIODCLI.exe 2290-08-13 20:15 . 2290-08-13 20:15 217088 ----a-w- c:\windows\system32\atiesrxx.exe 2290-08-13 20:15 . 2290-08-13 20:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2290-08-13 20:15 . 2290-08-13 20:15 13402112 ----a-w- c:\windows\system32\aticaldd.dll 2290-08-13 20:15 . 2290-08-13 20:15 118784 ----a-w- c:\windows\system32\atibtmon.exe 2290-08-13 20:15 . 2290-08-13 20:15 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2289-11-19 13:29 . 2014-02-15 07:38 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2014-04-26 10:44 . 2014-04-26 10:46 -------- d-----w- c:\users\MONTAZA\AppData\Local\temp 2014-04-26 10:44 . 2014-04-26 10:44 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-04-26 10:44 . 2014-04-26 10:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-26 09:50 . 2014-04-26 09:50 3575808 ----a-w- c:\windows\system32\dvdsvr.exe 2014-04-26 09:23 . 2014-04-26 09:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-04-25 16:21 . 2014-04-25 16:21 -------- d-----w- C:\The KMPlayer 2014-04-25 16:13 . 2014-04-26 06:05 -------- d-----w- C:\FRST 2014-04-24 10:40 . 2014-04-24 10:40 -------- d-----w- c:\program files\Microsoft Picture It! 7 2014-04-24 08:42 . 2014-04-24 08:42 297984 ----a-w- c:\windows\system32\AppInitHook321.dll 2014-04-24 08:42 . 2014-04-24 08:42 -------- d-----w- c:\windows\system32\drivers\sysfilter 2014-04-24 07:31 . 2014-04-24 08:04 -------- d-----w- c:\users\MONTAZA\AppData\Roaming\Audacity 2014-04-24 07:31 . 2014-04-24 07:31 -------- d-----w- c:\program files\Audacity 2014-04-24 06:05 . 2014-04-24 09:02 -------- d--h--w- c:\programdata\kprologs 2014-04-24 06:04 . 2009-05-13 17:35 50688 ----a-w- c:\windows\system32\wbhelp2.dll 2014-04-24 06:04 . 2009-05-13 17:35 28160 ----a-w- c:\windows\system32\anim.dll 2014-04-24 06:04 . 2009-05-13 17:35 258352 ----a-w- c:\windows\system32\unicows.dll 2014-04-24 06:04 . 2014-04-24 09:21 -------- d-----w- c:\program files\ProKAward 2014-04-24 06:04 . 2009-05-13 17:35 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2014-04-18 16:46 . 2014-04-18 16:46 -------- d-----w- c:\programdata\Avg_Update_0414b 2014-04-18 13:02 . 2014-04-18 13:02 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2014-04-17 08:47 . 2014-04-17 08:47 74703 ----a-w- c:\windows\system32\mfc45.dat 2014-04-17 08:46 . 2014-04-17 08:50 -------- d-----w- c:\programdata\AVG 2014-04-17 08:46 . 2014-04-17 08:46 -------- d-----w- c:\users\MONTAZA\AppData\Roaming\AVG 2014-04-17 08:46 . 2014-04-17 08:46 -------- d-----w- c:\programdata\Common Files 2014-04-17 08:07 . 2014-04-17 08:07 -------- d-----w- c:\program files\Burrrn 2014-04-16 12:04 . 2014-04-16 12:04 -------- d-----w- c:\users\MONTAZA\AppData\Local\RealVNC 2014-04-15 05:13 . 2014-04-15 05:13 -------- d-sh--w- c:\users\MONTAZA\AppData\Local\EmieUserList 2014-04-15 05:13 . 2014-04-15 05:13 -------- d-sh--w- c:\users\MONTAZA\AppData\Local\EmieSiteList 2014-04-14 15:47 . 2014-04-14 15:47 -------- d-----w- c:\programdata\Malwarebytes 2014-04-14 15:47 . 2014-04-26 09:23 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-14 15:46 . 2014-04-26 09:22 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-14 12:15 . 2014-04-14 12:09 24064 ----a-w- c:\windows\zoek-delete.exe 2014-04-14 12:09 . 2014-04-14 12:09 -------- d-----w- C:\zoek_backup 2014-04-10 09:42 . 2014-04-10 09:42 -------- d-----w- c:\program files\ALCATech 2014-04-10 05:15 . 2014-04-10 05:15 -------- d-----w- c:\program files\Settings Manager 2014-04-10 05:15 . 2014-04-10 08:14 -------- d-----w- c:\programdata\systemk 2014-04-10 05:15 . 2014-04-10 05:15 -------- d-----w- c:\program files\Flvto Youtube Downloader 2014-04-09 16:21 . 2014-04-09 16:21 -------- d-----w- c:\users\MONTAZA\AppData\Roaming\MixMeister Technology 2014-04-09 16:19 . 2014-04-09 16:19 -------- d-----w- c:\program files\MixMeister Fusion 2014-04-09 16:18 . 2014-04-09 16:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2014-04-09 05:06 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-04-09 05:06 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-04-09 05:06 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-04-09 05:06 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-04-09 05:06 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-04-01 13:26 . 2014-04-01 13:26 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys 2014-04-01 13:26 . 2014-04-01 13:26 20992 ----a-w- c:\windows\system32\vncmirror.dll 2014-03-31 14:11 . 2014-03-31 14:11 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2014-03-31 14:11 . 2014-03-31 14:11 108312 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2014-03-31 12:38 . 2014-04-25 16:10 -------- d-----w- c:\program files\The KMPlayer 2014-03-27 20:15 . 2014-03-27 20:15 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2014-03-27 20:14 . 2014-03-27 20:14 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2014-03-27 20:04 . 2014-03-27 20:04 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2014-03-27 20:04 . 2014-03-27 20:04 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys 2014-03-27 20:03 . 2014-03-27 20:03 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2014-03-27 20:03 . 2014-03-27 20:03 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2291-09-02 02:58 . 2009-07-13 22:09 4782960 ----a-w- c:\windows\system32\atiumdva.dll 2290-08-13 20:15 . 2009-07-13 22:09 6857392 ----a-w- c:\windows\system32\atidxx32.dll 2290-08-13 20:15 . 2009-06-10 21:19 6288832 ----a-w- c:\windows\system32\atiumdag.dll 2014-04-26 10:46 . 2014-03-24 12:54 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-04-26 10:45 . 2013-11-04 12:52 1536 ----a-w- c:\windows\system32\thunk.dll 2014-04-24 08:42 . 2014-04-24 08:42 881664 ----a-w- c:\windows\security\Syslogs\micromonitor.exe 2014-04-24 08:42 . 2014-04-24 08:42 1592320 ---h--w- c:\windows\security\Syslogs\core32_1.dll 2014-04-16 13:04 . 2013-09-03 15:07 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-16 13:04 . 2013-09-03 15:07 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-18 09:53 . 2014-03-18 09:53 65536 ----a-r- c:\users\MONTAZA\AppData\Roaming\Microsoft\Installer\{9B8A821E-1FCE-45D1-8BEC-738F5AAB20D8}\ARPPRODUCTICON.exe 2014-03-10 17:17 . 2014-02-06 10:31 109856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll 2014-03-04 11:12 . 2014-03-04 11:12 388096 ----a-r- c:\users\MONTAZA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-02-15 07:38 . 2014-02-15 07:38 76872 ----a-w- c:\windows\system32\RtNicProp32.dll 2014-02-15 07:38 . 2014-02-15 07:38 683736 ----a-w- c:\windows\system32\drivers\Rt86win7.sys 2014-02-07 01:07 . 2014-03-12 05:41 2349056 ----a-w- c:\windows\system32\win32k.sys 2014-02-06 07:08 . 2014-03-04 09:23 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{354105C4-57DA-41CD-9B3A-BB1A93B997A0}\mpengine.dll 2014-02-04 02:04 . 2014-03-12 05:41 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-12 05:42 509440 ----a-w- c:\windows\system32\qedit.dll 2014-01-29 02:06 . 2014-03-12 05:41 381440 ----a-w- c:\windows\system32\wer.dll 2014-01-28 02:07 . 2014-03-12 05:41 185344 ----a-w- c:\windows\system32\wwansvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-11-23 08:17 220632 ----a-w- c:\users\MONTAZA\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-11-23 08:17 220632 ----a-w- c:\users\MONTAZA\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-11-23 08:17 220632 ----a-w- c:\users\MONTAZA\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\users\MONTAZA\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-23 905296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-04-06 5180432] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 12021464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck\0= . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk] backup=c:\windows\pss\Device Detector 3.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW17EN] 2013-09-25 06:01 1414984 ----a-r- c:\program files\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShield Monitor] 2013-10-26 10:15 607232 ----a-w- c:\program files\MCShield\MCShieldRTM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE] 2008-03-28 05:57 14848 ----a-w- c:\windows\System32\P17RunE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2000-01-01 00:00 12021464 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2014-01-23 05:39 905296 ----a-w- c:\users\MONTAZA\AppData\Roaming\uTorrent\uTorrent.exe . R0 rjaty;rjaty;c:\windows\System32\drivers\imofugc.sys [x] R1 csc2k;csc2k;c:\windows\system32\drivers\csc2k.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2013-10-01 30504] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032] R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-04-26 13464] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 106752] R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 106752] R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [2011-01-13 106752] R3 zghsser;ZTE General Handset Serial Port;c:\windows\system32\DRIVERS\zghsser.sys [2012-07-18 116232] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2290-08-13 217088] R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-09-02 79360] R4 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200] R4 RServer3;Radmin Server V3;c:\windows\system32\rserver30\RServer3.exe [2009-10-09 1242504] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-03-27 150296] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-03-27 238872] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-03-27 28440] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 18624] S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-03-27 123160] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-04-18 199960] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-03-27 22296] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-03-27 193304] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-03-31 211224] S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files\Settings Manager\systemk\systemkmgrc1.cfg [2014-04-08 31120] S1 zghsn2k;zghsn2k;c:\windows\system32\drivers\zghsn2k.sys [2013-12-27 125680] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-04-18 3645456] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-03-27 291912] S2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952] S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-02 4972864] S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;f:\movie\AVG PC TuneUp 2014 v14.0.1001.295 Portable\App\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe [2014-04-17 1741624] S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2291-09-02 77312] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-02-15 683736] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2013-06-06 25088] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;f:\movie\AVG PC TuneUp 2014 v14.0.1001.295 Portable\App\AVG PC TuneUp 2014\TuneUpUtilitiesDriver32.sys [2014-04-17 12320] S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-11 10:06 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-03 13:04] . 2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-13 15:42] . 2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-13 15:42] . 2014-04-26 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 11:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.b92.net/ TCP: Interfaces\{333F000A-1FD6-4F43-BDC5-A92DE121FF1D}: NameServer = 192.168.1.1 FF - ProfilePath - c:\users\MONTAZA\AppData\Roaming\Mozilla\Firefox\Profiles\14vkjkc5.default-1393567253111\ FF - prefs.js: browser.startup.homepage - hxxp://www.default-search.net?sid=498&aid=121&itype=n&ver=12302&tm=313&src=hmp FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=498&aid=121&itype=n&ver=12302&tm=313&src=ds&p= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . BHO-{cd1d7496-85de-477a-9381-95be66f6a43a} - c:\program files\MediaViewerV1\MediaViewerV1alpha326\ie\MediaViewerV1alpha326.dll Toolbar-10 - (no file) AddRemove-MediaViewerV1alpha326 - c:\program files\MediaViewerV1\MediaViewerV1alpha326\uninstall.exe AddRemove-MediaViewV1alpha2322 - c:\program files\MediaViewV1\MediaViewV1alpha2322\uninstall.exe AddRemove-Free mp3 Wma Converter - c:\program files\Free mp3 Wma Converter\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A9119622] "ImagePath"="\??\c:\program files\Settings Manager\systemk\systemkmgrc1.cfg" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.032" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.abr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.ani" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.apd" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.arw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.bay" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.bmp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.cr2" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.crw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.cs1" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.cur" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.dcr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.dcx" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.dib" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.djv" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.djvu" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.dng" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.emf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.eps" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.erf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.fff" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2754972142-2546801407-1974970147-1000) "Progid"="ACDSee 17.gif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.hdr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.icl" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.icn" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.iw4" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.j2c" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.j2k" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jbr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jfif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jp2" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpc" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpe" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpeg" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2754972142-2546801407-1974970147-1000) "Progid"="ACDSee 17.jpg" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpk" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpx" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.kdc" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.mef" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.mos" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.mrw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.nef" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.nrw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.orf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pbr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pct" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pcx" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pef" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pic" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pict" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2754972142-2546801407-1974970147-1000) "Progid"="ACDSee 17.png" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.psd" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.psp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pspbrush" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pspimage" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.raf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.raw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.rle" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.rw2" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.rwl" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.sr2" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.srf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.srw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.tga" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.thm" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.tif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.tiff" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.ttc" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.ttf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.v17o" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.v17p" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.v17pf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.wbm" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.wbmp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.webp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.wmf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.xif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.xmp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7DBEE32D-F551-399B-5493-7739D1A7F819}] "jbmcbfebodjfeommggmaokpeidnpaeonmfkdecmbiacodcppmemc"=hex:68,61,65,69,67,68, 63,62,67,64,6c,61,65,68,66,64,00,00 "dbmcbfebodjfeommggmaijccbinaheonnmcpkaap"=hex:62,61,70,64,00,00 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2014\avgrsx.exe c:\program files\AVG\AVG2014\avgcsrvx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\taskhost.exe c:\program files\IObit\Smart Defrag 3\SmartDefrag.exe c:\program files\AVG\AVG2014\avgnsx.exe c:\program files\AVG\AVG2014\avgemcx.exe f:\movie\AVG PC TuneUp 2014 v14.0.1001.295 Portable\App\AVG PC TuneUp 2014\TuneUpUtilitiesApp32.exe c:\program files\TeamViewer\Version9\TeamViewer.exe c:\program files\TeamViewer\Version9\tv_w32.exe c:\windows\system32\conhost.exe c:\program files\teamviewer\version9\TeamViewer_Desktop.exe c:\program files\AIMP3\AIMP3.exe c:\windows\system32\sppsvc.exe . ************************************************************************* . Completion time: 2014-04-26 12:51:24 - machine was rebooted ComboFix-quarantined-files.txt 2014-04-26 10:51 ComboFix2.txt 2014-03-19 16:50 ComboFix3.txt 2014-01-13 16:23 ComboFix4.txt 2014-01-10 18:14 . Pre-Run: 43,207,270,400 bytes free Post-Run: 43,214,270,464 bytes free . - - End Of File - - DA16C90110D56ED5CF2C847E942A39F1 A36C5E4F47E84449FF07ED3517B43A31 i naravno ...

Profil

argus Poslao: 26 Apr 2014 13:39 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\drivers\zghsn2k.sys c:\program files\Settings Manager\systemk\systemkmgrc1.cfg c:\windows\system32\AppInitHook321.dll c:\windows\system32\dvdsvr.exe DirLook:: c:\windows\system32\drivers\sysfilter Folder:: c:\program files\ProKAward Driver:: zghsn2k F06DEFF2-5B9C-490D-910F-35D3A9119622` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

popaj Poslao: 27 Apr 2014 15:34 Idi na vrh
offline popaj Građanin Pridružio: 05 Jun 2004 Poruke: 81	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pošto skoro 24 sata Combofix nije uspeo da zavrsi skeniranje, moramo da trazimo druge nacine

Profil

argus Poslao: 27 Apr 2014 15:39 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hmm, zasto si cekao toliko dugo, probaj sa ovom skriptom trebalo najvise za pola sata da zavrsi. Gde je zapelo uopste? `KillAll:: File:: c:\windows\system32\drivers\zghsn2k.sys c:\program files\Settings Manager\systemk\systemkmgrc1.cfg c:\windows\system32\AppInitHook321.dll c:\windows\system32\dvdsvr.exe DirLook:: c:\windows\system32\drivers\sysfilter Folder:: c:\program files\ProKAward Driver:: zghsn2k F06DEFF2-5B9C-490D-910F-35D3A9119622`

Profil

popaj Poslao: 28 Apr 2014 15:08 Idi na vrh
offline popaj Građanin Pridružio: 05 Jun 2004 Poruke: 81	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jedva je Combofix uspeo da odradi ComboFix 14-04-26.01 - MONTAZA 04/28/2014 14:33:53.20.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1221 [GMT 2:00] Running from: c:\users\MONTAZA\Desktop\ComboFix.exe Command switches used :: c:\users\MONTAZA\Desktop\CFScript.txt SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\program files\Settings Manager\systemk\systemkmgrc1.cfg" "c:\windows\system32\AppInitHook321.dll" "c:\windows\system32\drivers\zghsn2k.sys" "c:\windows\system32\dvdsvr.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Settings Manager\systemk\systemkmgrc1.cfg c:\windows\system32\AppInitHook321.dll c:\windows\system32\drivers\zghsn2k.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A9119622 -------\Legacy_ZGHSN2K -------\Service_F06DEFF2-5B9C-490D-910F-35D3A9119622 -------\Service_zghsn2k -------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A9119622 -------\Legacy_ZGHSN2K -------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A9119622 -------\Legacy_ZGHSN2K . . ((((((((((((((((((((((((( Files Created from 2014-03-28 to 2014-04-28 ))))))))))))))))))))))))))))))) . . 2290-08-13 20:15 . 2290-08-13 20:15 929736 ----a-w- c:\windows\system32\aticfx32.dll 2290-08-13 20:15 . 2290-08-13 20:15 84480 ----a-w- c:\windows\system32\DelayAPO.dll 2290-08-13 20:15 . 2290-08-13 20:15 62976 ----a-w- c:\windows\system32\atimpc32.dll 2290-08-13 20:15 . 2290-08-13 20:15 62976 ----a-w- c:\windows\system32\amdpcom32.dll 2290-08-13 20:15 . 2290-08-13 20:15 58368 ----a-w- c:\windows\system32\coinst_8.97.100.11.dll 2290-08-13 20:15 . 2290-08-13 20:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2290-08-13 20:15 . 2290-08-13 20:15 48544 ----a-w- c:\windows\system32\atiuxpag.dll 2290-08-13 20:15 . 2290-08-13 20:15 45056 ----a-w- c:\windows\system32\ATIODCLI.exe 2290-08-13 20:15 . 2290-08-13 20:15 217088 ----a-w- c:\windows\system32\atiesrxx.exe 2290-08-13 20:15 . 2290-08-13 20:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2290-08-13 20:15 . 2290-08-13 20:15 13402112 ----a-w- c:\windows\system32\aticaldd.dll 2290-08-13 20:15 . 2290-08-13 20:15 118784 ----a-w- c:\windows\system32\atibtmon.exe 2290-08-13 20:15 . 2290-08-13 20:15 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2289-11-19 13:29 . 2014-02-15 07:38 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2014-04-28 13:00 . 2014-04-28 13:03 -------- d-----w- c:\users\MONTAZA\AppData\Local\temp 2014-04-28 13:00 . 2014-04-28 13:00 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-04-28 13:00 . 2014-04-28 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-28 12:25 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A51CA01-C429-4C31-A5E2-1A0D938778F2}\mpengine.dll 2014-04-26 09:23 . 2014-04-26 09:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-04-25 16:21 . 2014-04-25 16:21 -------- d-----w- C:\The KMPlayer 2014-04-25 16:13 . 2014-04-26 06:05 -------- d-----w- C:\FRST 2014-04-24 10:40 . 2014-04-24 10:40 -------- d-----w- c:\program files\Microsoft Picture It! 7 2014-04-24 08:42 . 2014-04-24 08:42 -------- d-----w- c:\windows\system32\drivers\sysfilter 2014-04-24 07:31 . 2014-04-24 08:04 -------- d-----w- c:\users\MONTAZA\AppData\Roaming\Audacity 2014-04-24 07:31 . 2014-04-24 07:31 -------- d-----w- c:\program files\Audacity 2014-04-24 06:05 . 2014-04-24 09:02 -------- d--h--w- c:\programdata\kprologs 2014-04-24 06:04 . 2009-05-13 17:35 50688 ----a-w- c:\windows\system32\wbhelp2.dll 2014-04-24 06:04 . 2009-05-13 17:35 28160 ----a-w- c:\windows\system32\anim.dll 2014-04-24 06:04 . 2009-05-13 17:35 258352 ----a-w- c:\windows\system32\unicows.dll 2014-04-24 06:04 . 2009-05-13 17:35 1706800 ----a-w- c:\windows\system32\gdiplus.dll 2014-04-18 16:46 . 2014-04-18 16:46 -------- d-----w- c:\programdata\Avg_Update_0414b 2014-04-17 08:47 . 2014-04-17 08:47 74703 ----a-w- c:\windows\system32\mfc45.dat 2014-04-17 08:46 . 2014-04-17 08:50 -------- d-----w- c:\programdata\AVG 2014-04-17 08:46 . 2014-04-17 08:46 -------- d-----w- c:\users\MONTAZA\AppData\Roaming\AVG 2014-04-17 08:46 . 2014-04-17 08:46 -------- d-----w- c:\programdata\Common Files 2014-04-17 08:07 . 2014-04-17 08:07 -------- d-----w- c:\program files\Burrrn 2014-04-16 12:04 . 2014-04-16 12:04 -------- d-----w- c:\users\MONTAZA\AppData\Local\RealVNC 2014-04-15 05:13 . 2014-04-15 05:13 -------- d-sh--w- c:\users\MONTAZA\AppData\Local\EmieUserList 2014-04-15 05:13 . 2014-04-15 05:13 -------- d-sh--w- c:\users\MONTAZA\AppData\Local\EmieSiteList 2014-04-14 15:47 . 2014-04-14 15:47 -------- d-----w- c:\programdata\Malwarebytes 2014-04-14 15:47 . 2014-04-26 09:23 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-14 15:46 . 2014-04-26 09:22 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-14 12:15 . 2014-04-14 12:09 24064 ----a-w- c:\windows\zoek-delete.exe 2014-04-14 12:09 . 2014-04-14 12:09 -------- d-----w- C:\zoek_backup 2014-04-10 09:42 . 2014-04-10 09:42 -------- d-----w- c:\program files\ALCATech 2014-04-10 05:15 . 2014-04-10 05:15 -------- d-----w- c:\program files\Settings Manager 2014-04-10 05:15 . 2014-04-10 08:14 -------- d-----w- c:\programdata\systemk 2014-04-10 05:15 . 2014-04-10 05:15 -------- d-----w- c:\program files\Flvto Youtube Downloader 2014-04-09 16:21 . 2014-04-09 16:21 -------- d-----w- c:\users\MONTAZA\AppData\Roaming\MixMeister Technology 2014-04-09 16:19 . 2014-04-09 16:19 -------- d-----w- c:\program files\MixMeister Fusion 2014-04-09 16:18 . 2014-04-09 16:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2014-04-09 05:06 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-04-09 05:06 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-04-09 05:06 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-04-09 05:06 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-04-09 05:06 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-04-01 13:26 . 2014-04-01 13:26 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys 2014-04-01 13:26 . 2014-04-01 13:26 20992 ----a-w- c:\windows\system32\vncmirror.dll 2014-03-31 12:38 . 2014-04-25 16:10 -------- d-----w- c:\program files\The KMPlayer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2291-09-02 02:58 . 2009-07-13 22:09 4782960 ----a-w- c:\windows\system32\atiumdva.dll 2290-08-13 20:15 . 2009-07-13 22:09 6857392 ----a-w- c:\windows\system32\atidxx32.dll 2290-08-13 20:15 . 2009-06-10 21:19 6288832 ----a-w- c:\windows\system32\atiumdag.dll 2014-04-28 13:02 . 2014-03-24 12:54 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-04-26 10:45 . 2013-11-04 12:52 1536 ----a-w- c:\windows\system32\thunk.dll 2014-04-24 08:42 . 2014-04-24 08:42 881664 ----a-w- c:\windows\security\Syslogs\micromonitor.exe 2014-04-24 08:42 . 2014-04-24 08:42 1592320 ---h--w- c:\windows\security\Syslogs\core32_1.dll 2014-04-16 13:04 . 2013-09-03 15:07 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-16 13:04 . 2013-09-03 15:07 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-31 07:35 . 2013-09-02 15:55 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-03-18 09:53 . 2014-03-18 09:53 65536 ----a-r- c:\users\MONTAZA\AppData\Roaming\Microsoft\Installer\{9B8A821E-1FCE-45D1-8BEC-738F5AAB20D8}\ARPPRODUCTICON.exe 2014-03-10 17:17 . 2014-02-06 10:31 109856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll 2014-03-04 11:12 . 2014-03-04 11:12 388096 ----a-r- c:\users\MONTAZA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-02-15 07:38 . 2014-02-15 07:38 76872 ----a-w- c:\windows\system32\RtNicProp32.dll 2014-02-15 07:38 . 2014-02-15 07:38 683736 ----a-w- c:\windows\system32\drivers\Rt86win7.sys 2014-02-07 01:07 . 2014-03-12 05:41 2349056 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:04 . 2014-03-12 05:41 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-12 05:42 509440 ----a-w- c:\windows\system32\qedit.dll 2014-01-29 02:06 . 2014-03-12 05:41 381440 ----a-w- c:\windows\system32\wer.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\drivers\sysfilter ---- . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-11-23 08:17 220632 ----a-w- c:\users\MONTAZA\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-11-23 08:17 220632 ----a-w- c:\users\MONTAZA\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-11-23 08:17 220632 ----a-w- c:\users\MONTAZA\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\users\MONTAZA\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-23 905296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 12021464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck\0= . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk] backup=c:\windows\pss\Device Detector 3.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACSW17EN] 2013-09-25 06:01 1414984 ----a-r- c:\program files\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShield Monitor] 2013-10-26 10:15 607232 ----a-w- c:\program files\MCShield\MCShieldRTM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE] 2008-03-28 05:57 14848 ----a-w- c:\windows\System32\P17RunE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2000-01-01 00:00 12021464 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 21:29 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2014-01-23 05:39 905296 ----a-w- c:\users\MONTAZA\AppData\Roaming\uTorrent\uTorrent.exe . R0 rjaty;rjaty;c:\windows\System32\drivers\imofugc.sys [x] R1 csc2k;csc2k;c:\windows\system32\drivers\csc2k.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2013-10-01 30504] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032] R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2014-04-28 13464] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 106752] R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 106752] R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [2011-01-13 106752] R3 zghsser;ZTE General Handset Serial Port;c:\windows\system32\DRIVERS\zghsser.sys [2012-07-18 116232] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2290-08-13 217088] R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-09-02 79360] R4 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200] R4 RServer3;Radmin Server V3;c:\windows\system32\rserver30\RServer3.exe [2009-10-09 1242504] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 18624] S2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952] S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-02 4972864] S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;f:\movie\AVG PC TuneUp 2014 v14.0.1001.295 Portable\App\AVG PC TuneUp 2014\TuneUpUtilitiesService32.exe [2014-04-17 1741624] S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2291-09-02 77312] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-02-15 683736] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2013-06-06 25088] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;f:\movie\AVG PC TuneUp 2014 v14.0.1001.295 Portable\App\AVG PC TuneUp 2014\TuneUpUtilitiesDriver32.sys [2014-04-17 12320] S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-11 10:06 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-03 13:04] . 2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-13 15:42] . 2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-13 15:42] . 2014-04-28 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 11:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.b92.net/ TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\MONTAZA\AppData\Roaming\Mozilla\Firefox\Profiles\14vkjkc5.default-1393567253111\ FF - prefs.js: browser.startup.homepage - hxxp://www.default-search.net?sid=498&aid=121&itype=n&ver=12302&tm=313&src=hmp FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=498&aid=121&itype=n&ver=12302&tm=313&src=ds&p= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.032" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.abr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.ani" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.apd" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.arw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.bay" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.bmp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.cr2" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.crw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.cs1" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.cur" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.dcr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.dcx" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.dib" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.djv" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.djvu" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.dng" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.emf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.eps" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.erf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.fff" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2754972142-2546801407-1974970147-1000) "Progid"="ACDSee 17.gif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.hdr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.icl" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.icn" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.iw4" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.j2c" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.j2k" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jbr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jfif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jp2" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpc" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpe" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpeg" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2754972142-2546801407-1974970147-1000) "Progid"="ACDSee 17.jpg" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpk" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.jpx" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.kdc" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.mef" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.mos" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.mrw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.nef" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.nrw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.orf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pbr" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pct" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pcx" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pef" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pic" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pict" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2754972142-2546801407-1974970147-1000) "Progid"="ACDSee 17.png" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.psd" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.psp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pspbrush" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.pspimage" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.raf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.raw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.rle" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.rw2" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.rwl" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.sr2" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.srf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.srw" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.tga" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.thm" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.tif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.tiff" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.ttc" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.ttf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.v17o" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.v17p" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v17pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.v17pf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.wbm" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.wbmp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.webp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.wmf" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.xif" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 17.xmp" . [HKEY_USERS\S-1-5-21-2754972142-2546801407-1974970147-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7DBEE32D-F551-399B-5493-7739D1A7F819}] "jbmcbfebodjfeommggmaokpeidnpaeonmfkdecmbiacodcppmemc"=hex:68,61,65,69,67,68, 63,62,67,64,6c,61,65,68,66,64,00,00 "dbmcbfebodjfeommggmaijccbinaheonnmcpkaap"=hex:62,61,70,64,00,00 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\taskhost.exe c:\program files\IObit\Smart Defrag 3\SmartDefrag.exe f:\movie\AVG PC TuneUp 2014 v14.0.1001.295 Portable\App\AVG PC TuneUp 2014\TuneUpUtilitiesApp32.exe c:\windows\system32\conhost.exe c:\program files\TeamViewer\Version9\TeamViewer.exe c:\program files\TeamViewer\Version9\tv_w32.exe c:\windows\system32\sppsvc.exe . ************************************************************************* . Completion time: 2014-04-28 15:05:17 - machine was rebooted ComboFix-quarantined-files.txt 2014-04-28 13:05 ComboFix2.txt 2014-04-26 10:51 ComboFix3.txt 2014-03-19 16:50 ComboFix4.txt 2014-01-13 16:23 ComboFix5.txt 2014-04-26 13:37 . Pre-Run: 44,213,227,520 bytes free Post-Run: 51,144,732,672 bytes free . - - End Of File - - FABD2116D8C7C6D9CFD692A571E3A703 A36C5E4F47E84449FF07ED3517B43A31

Profil

argus Poslao: 28 Apr 2014 15:26 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imao sam razloga zasto sam insistirao na Combofixu. Cini mi se da je sada sve u redu.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojanac koga ne mogu da skinem

Ko je trenutno na forumu

Ukupno su 627 korisnika na forumu :: 17 registrovanih, 3 sakrivenih i 607 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: anbeast, bojank, dragoljub11987, hyla, Kenanjoz, Koridor, kripo, krkalon, kybonacci, milenko crazy north, Mixelotti, pein, Romibrat, trundle, Tvrtko I, wolverined4, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by