UpdateTool.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prije nego odradim ovo sto si napisao, da kazem da sam uradio upravo onako kako si napisao, nisam kliknuo na "CONTINUE" vec na X, a nakon toga ponovo na X.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Shonewizard ::Prije nego odradim ovo sto si napisao, da kazem da sam uradio upravo onako kako si napisao, nisam kliknuo na "CONTINUE" vec na X, a nakon toga ponovo na X.

Hmm. Čudno. Sada isprati uputstvo za ComboFix.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skinuo sam Combo, pokrenem ga sa Desktop-a pojavi se omanji prozorcic crne pozadine na kojem se ispisuju zelena slova i odradjuju neki procesi, sve to traje nekih 10-ak sekundi i onda se iskljuci na C particiji nema nikakvog fajla imenovanog kao ComboFix, cak ni pretraga nije pomogla.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokušaj makar deset puta da ponovo pokreneš ComboFix. Ukoliko se ni tad ComboFix ne pokrene, restartuj računar i opet pokušaj jedno deset puta da ga pokreneš. Ako ne uspiješ, prijavi to u poruci i sačekaj dalja uputstva.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Restartovao sam kompjuter i uspio da pokrenem Combo, medjutim iako sam danas tokom dana aninstalirao NOD prilikom pokretanja Combo mi trazi da iskljucim i AntiVirus i SmartSecurity iako ni jedan ni drugi nisu ni instalirani, a ne ukljuceni.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isprati ovo uputstvo za uklanjanje ostataka NOD32 antivirusa:

[Link mogu videti samo ulogovani korisnici]

Nakon toga i povratka u normalni režim, pokušaj mi postaviti ComboFix izvještaj.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga konacno, vidim da je apdejt sistema ponovo moguc al' ni jednu aplikaciju ne mogu da pokrenem normalnim putem javlja se poruka da su registri markirani za brisanje, jedino sam Mozilu pokrenuo kao Administrator.

ComboFix 12-10-14.03 - IVANA 15.10.2012 20:08:36.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2725 [GMT 2:00]
Running from: c:\users\IVANA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\BarLcher.dll
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vShareBar.dll
c:\program files\StartSearch plugin\vshareplg.crx
c:\users\IVANA\AppData\Roaming\.#
c:\users\IVANA\AppData\Roaming\Local
c:\users\IVANA\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\IVANA\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\IVANA\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\IVANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3186910A.lnk
C:\Win
c:\win\names.txt
c:\windows\$NtUninstallKB60411$
c:\windows\$NtUninstallKB60411$\1143123929\L\00000004.@
c:\windows\$NtUninstallKB60411$\1143123929\L\201d3dde
c:\windows\$NtUninstallKB60411$\1143123929\L\xadqgnnk
c:\windows\iun6002.exe
c:\windows\system32\DEBUG.log
c:\windows\system32\is-4MLT6.tmp
c:\windows\system32\is-6F109.tmp
c:\windows\system32\is-7N15S.tmp
c:\windows\system32\is-A6QV9.tmp
c:\windows\system32\is-AKTL4.tmp
c:\windows\system32\is-DE75T.tmp
c:\windows\system32\is-GP442.tmp
c:\windows\system32\is-KUCA9.tmp
c:\windows\system32\is-L07EC.tmp
c:\windows\system32\is-M178K.tmp
c:\windows\system32\is-SMACB.tmp
c:\windows\system32\is-VRL7V.tmp
c:\windows\system32\nsis_loader.dll
c:\windows\system32\tmpB875.tmp
c:\windows\system32\tmpB8F3.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 18:16 . 2012-10-15 18:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD1CB52E-E2BC-4F11-90C7-D7E7A6AC4D81}\offreg.dll
2012-10-15 18:16 . 2012-10-15 18:47 -------- d-----w- c:\users\IVANA\AppData\Local\temp
2012-10-15 17:11 . 2012-10-15 17:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-14 13:44 . 2012-10-14 13:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-10-13 13:12 . 2012-10-13 12:58 137728 ----a-w- c:\windows\system32\rldea.dll
2012-10-13 00:14 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD1CB52E-E2BC-4F11-90C7-D7E7A6AC4D81}\mpengine.dll
2012-10-09 21:13 . 2012-08-20 15:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 21:13 . 2012-08-20 15:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 21:13 . 2012-08-20 15:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 21:13 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 21:13 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 21:13 . 2012-08-20 15:33 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 21:13 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 21:13 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 21:13 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 21:13 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 21:13 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 21:13 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 21:13 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-26 12:13 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 13:55 . 2012-09-26 20:57 -------- d-----w- c:\users\IVANA\workspace
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 17:48 . 2011-06-25 20:27 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-10-13 14:08 . 2012-07-09 23:08 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 14:08 . 2011-07-31 22:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 22:19 . 2010-05-09 04:21 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-08-22 17:16 . 2012-09-12 12:00 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 12:00 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 12:00 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 12:00 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-12 12:00 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:47 . 2012-08-15 11:37 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"Facebook Update"="c:\users\IVANA\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-10 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2012-03-01 347008]
"EADM"="d:\program files\Origin\Origin.exe" [2012-09-20 3341464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-02-03 198160]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"FileServe Manager Task"="d:\program files\FileServe Manager\FSStarter.exe" [2011-09-21 954648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PMBVolumeWatcher"="d:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2011-11-25 688184]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\IVANA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\IVANA\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\IVANA\AppData\Local\Temp\KMA19BD.tmp [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 14:08]
.
2012-10-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4245940820-2503427758-1862393816-1000Core.job
- c:\users\IVANA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-25 23:22]
.
2012-10-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4245940820-2503427758-1862393816-1000UA.job
- c:\users\IVANA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-25 23:22]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 04:25]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 04:25]
.
2012-10-15 c:\windows\Tasks\ReclaimerUpdateFiles_IVANA.job
- c:\users\IVANA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-25 17:30]
.
2012-10-12 c:\windows\Tasks\ReclaimerUpdateXML_IVANA.job
- c:\users\IVANA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-25 17:30]
.
2012-10-15 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_IVANA.job
- c:\users\IVANA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-25 17:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = *.local
IE: Download with FileServe Manager - d:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\IVANA\AppData\Roaming\Mozilla\Firefox\Profiles\rl47s1ay.Sef\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-iSafeCW - c:\program files\Ecodsoft Keylogger\winsrv.exe
HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
SafeBoot-27523998.sys
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
AddRemove-AP Guitar Tuner 1.02 - d:\program files\Audio Phonics
AddRemove-ObjectDock Plus 2 - c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
AddRemove-Petar_II_Petrovic_Njegos_»Gorski_vijenac«_2.0 - c:\windows\iun6002.exe
AddRemove-SmartFTP Client 4.0 Setup Files - c:\program files\SmartFTP Client 4.0 Setup Files\uninst-sftp.exe
AddRemove-vShare plugin - c:\program files\StartSearch plugin\uninst.exe
AddRemove-{3BD98AAF-61B5-46E0-A6C8-593C242C7C48} - c:\program files\InstallShield Installation Information\{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}\setup.exe
AddRemove-{E51DE402-6CEF-4B7D-A268-EBF34F782FD5}_is1 - d:\program files\2K Sports\NBA 2K12\MODS\NBA 2K12\NBA 2K12\unins000.exe
AddRemove-Counter-Strike 1.6 Bot - c:\games\CS 1.6 v42 FULL\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\IVANA\AppData\Local\Temp\KMA19BD.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4245940820-2503427758-1862393816-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:00,e3,c9,a7,b8,42,fe,69,15,4d,b3,28,fa,7f,e7,5f,83,5c,c7,cc,79,17,ae,
1f,b8,10,5b,5d,47,fc,ea,c8,0f,16,6c,c0,97,8e,f8,89,65,40,46,df,8b,e9,e2,3f,\
"??"=hex:30,e3,e3,4a,d4,25,d3,91,ef,3e,8b,a9,2c,3f,a0,5f
.
[HKEY_USERS\S-1-5-21-4245940820-2503427758-1862393816-1000\Software\SecuROM\License information*]
"datasecu"=hex:ec,a5,01,58,98,a3,52,c9,a7,5d,c3,30,b7,24,5f,8f,f7,e2,6e,fb,55,
72,f2,85,c8,df,10,ef,dd,4c,4f,08,23,89,4d,8a,54,fb,79,d8,1a,44,59,b6,76,66,\
"rkeysecu"=hex:b9,28,47,14,db,f0,a5,18,ba,d1,c7,a7,6d,d7,94,dd
.
[HKEY_USERS\S-1-5-21-4245940820-2503427758-1862393816-1000\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:0c,42,46,f6,23,bc,3e,2d,7a,2e,97,ca,8b,29,77,15,51,34,6d,4d,
14,44,bd,94,1f,90,16,e0,3a,99,33,1e,35,c3,ee,c5,4b,ed,5a,50,88,88,82,88,9d,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2724)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-15 20:52:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-15 18:52
.
Pre-Run: 13,087,244,288 bytes free
Post-Run: 12,891,021,312 bytes free
.
- - End Of File - - 8A18AD7EB99EC419DF0D08EEB5156E9E

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 15 Okt 2012 21:02

Citat:Ako nakon restarta dobijaš grešku prilikom startovanja nekih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce riješiti problem.

Opet ne čitaš pažljivo.

Dopuna: 15 Okt 2012 21:03



Spakuj u ZIP, RAR ili 7Z arhivu sljedeće foldere:

C:\TDSSKiller_Quarantine
C:\Qoobox

i pošalji ga preko sljedećeg linka:

[Link mogu videti samo ulogovani korisnici]


Javi kada to uradiš i sačekaj dalja uputstva.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Javlja se problem kada pokusam da ubacim fajlove u arhivu i to zbog 'BackEnv" foldera koji se nalazi u C:\Qoobox .

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zanemari tu grešku i pošalji kreirane arhive preko linka kojeg sam ti dao.