pucanje konekcije i plavi ekran

1

pucanje konekcije i plavi ekran

offline
  • Pridružio: 16 Maj 2011
  • Poruke: 68

pucanje konekcije i plavi ekran prave mi problem vec 3 meseca.
kada mi pukne internet da bi proradio moram da idem u Network and Sharing Center/local area connection/disable onda na crveni x. konekcija mi se ne gubi u neko idredjeno vreme ili kada nesto odredjeno radim na kompu.
nije do provajdera,imam tri kompa u mrezu samo kod mene puca net.


plavi ekran mi se kada je sistem vec podignut.ocistio sam komp od prasine,uradio sam testiranje rama sa Memtest86+ nisam dobio nijednu gresku,testirao sam hard sa MHDD takodje nista,uradio sam update svih drajvera.

BlueScreenView


==================================================
Dump File : 060911-24975-01.dmp
Crash Time : 9.6.2011 16:34:10
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0xa20ffa00
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x890b7fb6
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+18f622
File Description : NVIDIA Windows Kernel Mode Driver, Version 275.33
Product Name : NVIDIA Windows Kernel Mode Driver, Version 275.33
Company : NVIDIA Corporation
File Version : 8.17.12.7533
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\060911-24975-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 154.240
==================================================

==================================================
Dump File : 060911-23322-01.dmp
Crash Time : 9.6.2011 16:22:43
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x9de2fa10
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82e8f8dc
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+51dc
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\060911-23322-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 153.200
==================================================

==================================================
Dump File : 060611-28392-01.dmp
Crash Time : 6.6.2011 17:51:59
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x9e75ba00
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x890dbfb6
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+1fb6
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\060611-28392-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 154.184
==================================================

==================================================
Dump File : 052411-17877-01.dmp
Crash Time : 24.5.2011 1:39:41
Bug Check String : UNEXPECTED_KERNEL_MODE_TRAP
Bug Check Code : 0x1000007f
Parameter 1 : 0x00000008
Parameter 2 : 0x807c9750
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : halmacpi.dll
Caused By Address : halmacpi.dll+392d
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\052411-17877-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 161.280
==================================================

==================================================
Dump File : 051611-20779-01.dmp
Crash Time : 16.5.2011 12:08:20
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x0000000c
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x9477d0e7
Caused By Driver : halmacpi.dll
Caused By Address : halmacpi.dll+5ba9
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051611-20779-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 153.408
==================================================

==================================================
Dump File : 051611-21294-01.dmp
Crash Time : 16.5.2011 11:49:46
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00059a70
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82e8986c
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4681b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051611-21294-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 153.248
==================================================

==================================================
Dump File : 051611-22542-01.dmp
Crash Time : 16.5.2011 11:45:37
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8307d4a0
Parameter 3 : 0x8b31b864
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+23e4a0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051611-22542-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 154.144
==================================================

==================================================
Dump File : 051611-21996-01.dmp
Crash Time : 16.5.2011 11:35:58
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x830504a0
Parameter 3 : 0x8b327864
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+23e4a0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051611-21996-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 153.408
==================================================

==================================================
Dump File : 051511-22713-01.dmp
Crash Time : 15.5.2011 19:35:28
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0xa599fa10
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x82e588dc
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4681b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051511-22713-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 161.280
==================================================

==================================================
Dump File : 051411-27440-01.dmp
Crash Time : 14.5.2011 13:11:23
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82f0b3e1
Parameter 3 : 0x8b323b50
Parameter 4 : 0x8b323730
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+bb3e1
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051411-27440-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 161.280
==================================================

==================================================
Dump File : 051311-24679-01.dmp
Crash Time : 13.5.2011 15:13:37
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x82299870
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x89098fb6
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+1fb6
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051311-24679-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 154.344
==================================================

==================================================
Dump File : 051211-22869-01.dmp
Crash Time : 12.5.2011 23:48:47
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0xa0eb8a38
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x890a9fb6
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+1fb6
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051211-22869-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 161.280
==================================================

==================================================
Dump File : 051011-24476-01.dmp
Crash Time : 10.5.2011 19:17:40
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000016
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x82e7ba4b
Caused By Driver : halmacpi.dll
Caused By Address : halmacpi.dll+12459
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\051011-24476-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 154.208
==================================================



DDS
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 1.6.0_25
Run by Danilo at 20:39:57 on 2011-06-10
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.804 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Di recnik\Di.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\taskhost.exe
C:\Users\Danilo\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danilo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danilo\Desktop\BlueScreenView.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
uSearch Bar =
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Di dictionary] "c:\program files\di recnik\Di.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TaskTray]
mRunOnce: [AvgUninstallURL] cmd.exe /c start avg.com/ww.special-uninstallation-feedb.....er=9.0.894
dRun: [Qozizy] c:\windows\system32\config\systemprofile\appdata\roaming\Qozizy.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: Shell = explorer.exe,c:\windows\system32\config\systemprofile\appdata\roaming\Qozizy.exe
dPolicies-system: Shell = explorer.exe,c:\windows\system32\config\systemprofile\appdata\roaming\Qozizy.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Prevedi sa Di recnikom - c:\program files\di recnik\diie.htm
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Translate with Di dictionary -
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: kuaiche.com\software
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{01F6845C-0D15-438C-9C30-8F36E2E27AE7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70A504E5-2578-48B8-9BAC-67CA7A7EBAFE} : NameServer = 192.168.56.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danilo\appdata\roaming\mozilla\firefox\profiles\36s4e2oe.default\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\danilo\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cdburner;cdburner;c:\windows\system32\drivers\cdburner.sys [2011-4-21 15872]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-5-15 20088]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-9 2214504]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-9 362600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2011-6-9 27760]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-20 1343400]
.
=============== Created Last 30 ================
.
2012-01-07 02:29:58 -------- d-----w- c:\program files\Bonjour
2012-01-07 02:26:37 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-01-03 17:54:37 -------- d-----w- C:\MEET_THE_FOCKERS
2012-01-03 03:11:54 -------- d-----w- c:\users\danilo\DoctorWeb
2012-01-02 20:31:44 -------- d-----w- c:\program files\Webteh
2012-01-02 17:39:19 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-01-01 18:49:52 -------- d-----w- c:\users\danilo\appdata\local\Mozilla
2011-12-31 18:12:52 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-12-31 18:12:33 -------- d-----w- c:\windows\PCHEALTH
2011-12-31 18:12:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-31 18:11:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-31 18:11:33 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-31 18:11:00 -------- d-----w- c:\users\danilo\appdata\local\Microsoft Help
2011-12-27 19:18:41 -------- d-----w- c:\program files\VideoLAN
2011-12-26 20:27:24 -------- d-----w- c:\programdata\eMule
2011-12-26 20:26:42 -------- d-----w- c:\users\danilo\appdata\local\eMule
2011-06-09 23:08:19 -------- d-----w- c:\windows\system32\RTCOM
2011-06-09 14:06:21 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-09 14:05:51 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-09 14:05:51 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-09 14:05:51 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-06-09 14:05:51 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-06-09 14:05:51 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-06-09 14:05:51 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-06-09 14:05:51 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-06-09 14:05:51 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-06-09 14:05:51 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-06-09 14:05:51 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-06-09 14:05:51 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-09 14:05:31 -------- d-----w- C:\NVIDIA
2011-06-09 13:34:47 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-06-09 13:34:47 362600 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-06-09 13:34:47 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-06-09 13:18:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-09 13:17:53 -------- d-----w- C:\Intel
2011-06-09 12:51:51 -------- d-----w- c:\program files\Lavalys
2011-06-09 02:18:41 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{57e11817-bd5c-4bf6-b4b5-53ef1a7ef62b}\mpengine.dll
2011-06-08 20:46:13 -------- d-----w- c:\users\danilo\appdata\local\Activision
2011-05-30 00:22:55 -------- d-----w- c:\program files\Microsoft
2011-05-26 22:36:11 -------- d-----w- c:\users\danilo\VirtualBox VMs
2011-05-26 22:35:41 -------- d-----w- c:\users\danilo\.VirtualBox
2011-05-26 22:35:00 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-05-26 22:34:50 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-05-26 22:34:45 -------- d-----w- c:\program files\Oracle
2011-05-23 23:14:35 -------- d-----w- c:\program files\Yetisports
2011-05-22 14:42:29 -------- d-----w- c:\users\danilo\appdata\local\Screamer Radio
2011-05-22 14:38:40 -------- d-----w- c:\users\danilo\appdata\roaming\Free Audio Recorder
2011-05-22 14:38:24 -------- d-----w- c:\program files\Free Audio Recorder
2011-05-22 14:31:56 -------- d-----w- c:\program files\Fox Magic
2011-05-20 20:35:28 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-17 22:44:00 -------- d-----w- C:\USBNoRisk
2011-05-17 21:41:01 -------- d-----w- c:\users\danilo\appdata\roaming\Vistanita
2011-05-17 21:40:58 -------- d-----w- c:\program files\Vistanita
2011-05-17 11:52:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 17:01:00 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-05-16 17:01:00 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-16 17:00:58 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-05-15 20:16:16 -------- d-----w- c:\program files\DriverFinder
2011-05-15 20:14:58 -------- d-----w- c:\users\danilo\appdata\roaming\DriverFinder
2011-05-15 18:37:50 -------- d-----w- c:\program files\HWiNFO32
2011-05-15 18:14:24 -------- d-----w- c:\program files\Driver-Soft
2011-05-14 22:58:18 -------- d-----w- c:\programdata\Symantec
2011-05-14 22:58:13 -------- d-----w- c:\programdata\Norton
2011-05-14 22:58:11 -------- d-----w- c:\programdata\NortonInstaller
2011-05-14 19:57:38 -------- d-----w- c:\program files\DivX
2011-05-14 19:56:14 -------- d-----w- c:\programdata\DivX
2011-05-14 19:45:46 -------- d-----w- C:\film
2011-05-14 10:29:43 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-06-10 09:50:40 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-10 09:50:21 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-10 09:50:21 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 06:09:07 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09:07 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09:07 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 06:09:07 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09:06 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09:04 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09:04 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-03 14:33:46 3484712 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-05-02 16:03:30 73320 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-05-02 13:28:12 1004544 ----a-w- c:\windows\system32\RCoRes.dat
2011-04-29 23:13:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-20 12:34:30 4106344 ----a-w- c:\windows\system32\RtkAPO.dll
2011-04-20 12:34:30 2161768 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-04-18 16:50:00 1803608 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2011-04-18 16:50:00 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-04-14 03:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-26 19:33:23 2829 ----a-w- c:\windows\War3Unin.pif
2011-03-26 19:33:23 139264 ----a-w- c:\windows\War3Unin.exe
2011-03-15 13:32:20 485992 ----a-w- c:\windows\system32\RtkApoApi.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net
Windows 6.1.7600 Disk: WDC_WD10EADS-00L5B1 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x864AD439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x864b37b8]; MOV EAX, [0x864b3834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x83044448] -> \Device\Harddisk0\DR0[0x86489810]
3 CLASSPNP[0x896D859E] -> ntkrnlpa!IofCallDriver[0x83044448] -> [0x863AC918]
5 ACPI[0x837BB3B2] -> ntkrnlpa!IofCallDriver[0x83044448] -> \IdeDeviceP2T0L0-2[0x863A6908]
\Driver\atapi[0x864988B0] -> IRP_MJ_CREATE -> 0x864AD439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskWDC_WD10EADS-00L5B1_____________________01.01A01#5&266f3866&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 1953525166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:40:43,03 ===============

mycity.rs/must-login.png

kada skeniram sa GMER krene skeniranje pa dobijem ovu poruku
[url=http://www.mycity.rs/slika.php?slika=253496_87182498_Untitled.png]
[/url]


a sa RootRepeal-om ni nekrene skeniranje




[url=http://www.mycity.rs/slika.php?slika=253496_46704908_Untitled.png1.png]

[url=http://www.mycity.rs/slika.php?slika=253496_87182498_Untitled.png]

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav scepaaa1992!





U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------


Arrow Korak 1


Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)





Arrow Korak 2


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.









goran9888 (AMF Tim)

offline
  • Pridružio: 16 Maj 2011
  • Poruke: 68

mycity.rs/must-login.png

ComboFix 11-06-10.0A - Danilo 11.06.2011 13:16:30.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.1235 [GMT 2:00]
Running from: c:\users\Danilo\Desktop\MyCity.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\1
c:\program files\1\cryptapi.dll
c:\program files\1\dtpro.dll
c:\program files\1\dtproapi.dll
c:\program files\1\dtprores.dll
c:\program files\1\imgshl32.dll
c:\program files\1\pfctoc.dll
c:\program files\1\Plugins\Images\bw5mount.dll
c:\program files\1\Plugins\Images\bwtmount.dll
c:\program files\1\Plugins\Images\ccdmount.dll
c:\program files\1\Plugins\Images\cuemount.dll
c:\program files\1\Plugins\Images\iszmount.dll
c:\program files\1\Plugins\Images\mdsmount.dll
c:\program files\1\Plugins\Images\nrgmount.dll
c:\program files\1\Plugins\Images\pdimount.dll
c:\program files\1\Plugins\Images\pfcmount.dll
c:\program files\1\StarBurn.dll
c:\users\Danilo\AppData\Roaming\1F09.tmp
c:\users\Danilo\AppData\Roaming\BITS
c:\users\Danilo\AppData\Roaming\BITS\BITS.ini
c:\users\Danilo\AppData\Roaming\BITS\UPnP.ini
c:\users\Danilo\AppData\Roaming\C496.tmp
c:\users\Public\installer_daemon_tools_pro_advanced_4_40_0312_English.exe
c:\windows\system\VI30AUT.DLL
c:\windows\system32\ReadMe.txt
c:\windows\winservxv
c:\windows\winservxv\lsdzvz.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2012-01-07 02:31 . 2012-01-07 02:31 -------- d-----w- c:\programdata\FLEXnet
2012-01-07 02:29 . 2011-01-29 20:38 -------- d-----w- c:\program files\Bonjour
2012-01-07 02:26 . 2011-01-29 20:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-03 18:53 . 2011-04-01 21:58 -------- d-----w- c:\users\Danilo\AppData\Roaming\Winamp
2012-01-03 17:54 . 2012-01-03 18:22 -------- d-----w- C:\MEET_THE_FOCKERS
2012-01-03 03:11 . 2011-02-05 23:01 -------- d-----w- c:\users\Danilo\DoctorWeb
2012-01-03 00:09 . 2011-01-29 20:37 -------- d-----w- c:\users\Public\Counter-Strike 1.6
2012-01-02 20:31 . 2011-01-29 20:36 -------- d-----w- c:\program files\Webteh
2012-01-02 17:39 . 2011-02-06 10:27 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-01-01 18:49 . 2011-01-29 20:37 -------- d-----w- c:\users\Danilo\AppData\Local\Mozilla
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-12-31 18:12 . 2011-12-31 18:12 -------- d-----w- c:\windows\PCHEALTH
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-31 18:11 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-31 18:11 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-31 18:11 . 2011-12-31 18:11 -------- d-----w- c:\users\Danilo\AppData\Local\Microsoft Help
2011-12-31 18:10 . 2011-12-31 18:20 -------- d-----w- c:\programdata\Microsoft Help
2011-12-31 18:10 . 2011-01-29 20:36 -------- d-----r- C:\MSOCache
2011-12-27 19:18 . 2011-01-29 20:36 -------- d-----w- c:\program files\VideoLAN
2011-12-26 20:27 . 2011-02-19 16:49 -------- d-----w- c:\programdata\eMule
2011-12-26 20:26 . 2011-01-29 20:36 -------- d-----w- c:\users\Danilo\AppData\Local\eMule
2011-06-11 11:21 . 2011-06-11 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 11:15 . 2011-06-11 11:15 -------- d-----w- C:\MyCity
2011-06-10 22:28 . 2011-06-10 22:28 -------- d-----w- c:\program files\BabylonToolbar
2011-06-10 22:08 . 2011-06-11 10:32 -------- d-----w- c:\users\Danilo\AppData\Roaming\skypePM
2011-06-10 22:08 . 2011-06-10 22:08 -------- d-----w- c:\programdata\Skype Extras
2011-06-10 22:08 . 2011-06-11 11:17 -------- d-----w- c:\users\Danilo\AppData\Roaming\Skype
2011-06-10 22:07 . 2011-06-10 22:07 -------- d-----w- c:\program files\Common Files\Skype
2011-06-10 22:07 . 2011-06-10 22:08 -------- d-----r- c:\program files\Skype
2011-06-10 22:07 . 2011-06-10 22:07 -------- d-----w- c:\programdata\Skype
2011-06-10 20:02 . 2011-06-11 11:08 -------- d-----w- c:\users\Danilo\AppData\Roaming\MCShield
2011-06-10 20:02 . 2011-06-10 20:02 -------- d-----w- c:\program files\MCShield
2011-06-09 23:08 . 2011-06-09 23:08 -------- d-----w- c:\windows\system32\RTCOM
2011-06-09 14:06 . 2011-06-09 14:06 -------- d-----w- c:\users\UpdatusUser
2011-06-09 14:06 . 2011-05-25 06:09 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-09 14:05 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-09 14:05 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-09 14:05 . 2011-05-25 06:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-06-09 14:05 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-06-09 14:05 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-06-09 14:05 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-06-09 14:05 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-09 14:05 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-06-09 14:05 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-06-09 14:05 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-06-09 14:05 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-06-09 14:05 . 2011-06-09 14:05 -------- d-----w- C:\NVIDIA
2011-06-09 13:34 . 2011-03-21 19:22 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-06-09 13:34 . 2011-03-21 19:22 362600 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-06-09 13:34 . 2011-03-21 19:22 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-06-09 13:18 . 2011-06-09 13:18 -------- d-----w- c:\program files\Intel
2011-06-09 13:18 . 2010-06-17 10:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-09 13:17 . 2011-06-09 13:17 -------- d-----w- C:\Intel
2011-06-09 12:51 . 2011-06-09 12:51 -------- d-----w- c:\program files\Lavalys
2011-06-09 02:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57E11817-BD5C-4BF6-B4B5-53EF1A7EF62B}\mpengine.dll
2011-06-08 20:46 . 2011-06-08 20:46 -------- d-----w- c:\users\Danilo\AppData\Local\Activision
2011-06-03 21:52 . 2011-06-03 21:52 -------- d--h--r- c:\users\Public\Libraries
2011-05-30 00:22 . 2011-05-30 00:22 -------- d-----w- c:\program files\Microsoft
2011-05-26 22:36 . 2011-05-28 11:58 -------- d-----w- c:\users\Danilo\VirtualBox VMs
2011-05-26 22:35 . 2011-06-09 13:12 -------- d-----w- c:\users\Danilo\.VirtualBox
2011-05-26 22:35 . 2011-05-16 17:01 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-05-26 22:34 . 2011-05-26 22:35 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-26 22:34 . 2011-05-16 17:01 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-05-26 22:34 . 2011-05-26 22:34 -------- d-----w- c:\program files\Oracle
2011-05-23 23:14 . 2011-05-23 23:14 -------- d-----w- c:\program files\Yetisports
2011-05-22 14:42 . 2011-05-22 14:42 -------- d-----w- c:\users\Danilo\AppData\Local\Screamer Radio
2011-05-22 14:38 . 2011-05-22 14:39 -------- d-----w- c:\users\Danilo\AppData\Roaming\Free Audio Recorder
2011-05-22 14:38 . 2011-05-22 14:38 -------- d-----w- c:\program files\Free Audio Recorder
2011-05-22 14:31 . 2011-05-22 14:31 -------- d-----w- c:\program files\Fox Magic
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-17 22:44 . 2011-05-17 22:44 -------- d-----w- C:\USBNoRisk
2011-05-17 21:41 . 2011-05-17 21:41 -------- d-----w- c:\users\Danilo\AppData\Roaming\Vistanita
2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\program files\Vistanita
2011-05-17 11:52 . 2011-05-17 11:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 17:01 . 2011-05-16 17:01 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-05-16 17:01 . 2011-05-16 17:01 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-16 17:00 . 2011-05-16 17:00 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-05-15 20:16 . 2011-05-15 20:16 -------- d-----w- c:\program files\DriverFinder
2011-05-15 20:14 . 2011-05-15 20:14 -------- d-----w- c:\users\Danilo\AppData\Roaming\DriverFinder
2011-05-15 18:37 . 2011-05-17 00:00 -------- d-----w- c:\program files\HWiNFO32
2011-05-15 18:14 . 2011-05-15 18:14 -------- d-----w- c:\program files\Driver-Soft
2011-05-14 22:58 . 2011-05-14 22:58 -------- d-----w- c:\programdata\Symantec
2011-05-14 22:58 . 2011-05-15 18:15 -------- d-----w- c:\programdata\Norton
2011-05-14 20:04 . 2011-05-14 20:06 -------- d-----w- c:\users\Danilo\AppData\Roaming\DivX
2011-05-14 19:57 . 2011-05-15 21:28 -------- d-----w- c:\program files\DivX
2011-05-14 19:56 . 2011-05-15 21:28 -------- d-----w- c:\programdata\DivX
2011-05-14 19:45 . 2011-05-14 20:09 -------- d-----w- C:\film
2011-05-14 10:29 . 2011-05-14 10:29 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 09:50 . 2010-09-09 20:17 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-10 09:50 . 2010-09-09 20:31 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-10 09:50 . 2010-09-09 20:17 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 06:09 . 2010-07-09 14:20 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2010-07-09 14:20 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2010-07-09 14:20 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2010-07-09 14:20 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 06:09 . 2010-07-09 14:20 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-09 14:05 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 06:09 . 2010-07-10 04:37 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-04-29 23:13 . 2011-04-29 23:13 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-27 11:27 . 2011-04-27 11:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-27 11:27 . 2011-04-27 11:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-27 11:27 . 2011-04-27 11:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-27 11:27 . 2011-04-27 11:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-27 11:27 . 2011-04-27 11:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-27 11:27 . 2011-04-27 11:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-27 11:27 . 2011-04-27 11:27 367104 ----a-w- c:\windows\system32\html.iec
2011-04-27 11:27 . 2011-04-27 11:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-27 11:27 . 2011-04-27 11:27 161280 ----a-w- c:\windows\system32\msls31.dll
2011-04-27 11:27 . 2011-04-27 11:27 1426432 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-27 11:27 . 2011-04-27 11:27 1125376 ----a-w- c:\windows\system32\wininet.dll
2011-04-27 11:27 . 2011-04-27 11:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-27 11:27 . 2011-04-27 11:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-27 11:27 . 2011-04-27 11:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-27 11:27 . 2011-04-27 11:27 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-27 11:27 . 2011-04-27 11:27 1791488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-27 11:27 . 2011-04-27 11:27 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-27 11:27 . 2011-04-27 11:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-27 11:27 . 2011-04-27 11:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-27 11:27 . 2011-04-27 11:27 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-27 11:27 . 2011-04-27 11:27 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-16 21:02 . 2011-03-20 20:20 165232 ---ha-w- c:\users\Danilo\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-04-14 03:07 . 2010-10-08 19:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-26 19:33 . 2011-03-26 19:17 2829 ----a-w- c:\windows\War3Unin.pif
2011-03-26 19:33 . 2011-03-26 19:17 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-14 16:26 . 2011-05-15 21:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"Shell"= explorer.exe,c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"Shell"= explorer.exe,c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe
.
[HKLM\~\startupfolder\C:^Users^Danilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Danilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 16:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-27 14:04 136176 ----atw- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickPhrase]
2007-06-19 08:29 638232 ----a-w- c:\program files\TypingMaster\QuickPhrase\quickphrase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-05-03 13:50 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
2010-10-23 03:47 1070360 ----a-w- c:\program files\TrojanHunter 5.3\THGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-15 23:30 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2010-03-30 27760]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Danilo\AppData\Local\Temp\GPU-Z.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S0 cdburner;cdburner;c:\windows\system32\DRIVERS\cdburner.sys [2008-07-24 15872]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2010-09-29 20088]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 96586074
*Deregistered* - 96586074
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832218304-1381429587-2039531074-1001Core.job
- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 14:04]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832218304-1381429587-2039531074-1001UA.job
- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&affID=19404
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Translate with Di dictionary -
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70A504E5-2578-48B8-9BAC-67CA7A7EBAFE}: NameServer = 192.168.56.1
FF - ProfilePath - c:\users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\36s4e2oe.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&affID=19404
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&instlRef=sst&affID=19404&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-TaskTray - (no file)
SafeBoot-96586074.sys
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe
MSConfigStartUp-MediaGet2 - c:\users\Danilo\AppData\Local\MediaGet2\mediaget.exe
MSConfigStartUp-ShareDRMusic - c:\program files\ShareDRMusic\ShareDRMusic.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\Update\realsched.exe
AddRemove-Blast Pack for Pocket Tanks Deluxe_is1 - c:\program files\Pocket Tanks Deluxe\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-832218304-1381429587-2039531074-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-832218304-1381429587-2039531074-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\SecuROM\License information*]
"datasecu"=hex:a2,c6,13,79,c3,1f,b4,44,07,ae,de,c4,c8,52,fb,2f,66,0d,d5,99,37,
d7,59,3f,75,11,9c,20,71,ee,03,61,09,8a,ff,2b,22,6e,67,cd,6b,75,7c,48,ca,f6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-11 13:22:18
ComboFix-quarantined-files.txt 2011-06-11 11:22
.
Pre-Run: 318.088.892.416 bytes free
Post-Run: 319.189.041.152 bytes free
.
- - End Of File - - A123EAC074A7AABAD35D621CD37DB761

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Ne pratis detaljno moja uputstva
- Preimenovao si CF (to nigde nisam napisao da uradis);
- Obrisao si legitiman drajver i ako je preporucena akcija bila Skip.



Prati detaljno uputstva u buduce ...



Ponovo deaktiviraj AV zastitu, ukoliko si je aktivirao u medjuvremenu.



Arrow Korak 1

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe

Regedit::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"Shell"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
 "Shell"=-

DirLook::
c:\windows\system32\config\systemprofile\AppData\Roaming

DDS::
mStart Page = hxxp://home.sweetim.com

RegLock::
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.032"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.abr"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.ani"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.arw"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.bay"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.bmp"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.bw"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.cr2"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.crw" [HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.cs1"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.cur"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.dcr"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.dcx"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.dib"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.djv"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.djvu"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.dng"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.emf"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.eps"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.erf"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.fff"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.fpx"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.gif"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.hdr"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.icl"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.icn"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
 @Denied: (2) (S-1-5-21-832218304-1381429587-2039531074-1001)
 @Denied: (2) (LocalSystem)
 "Progid"="Winamp.File.iff"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.ilbm"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.int"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.inta"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.iw4"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.j2c"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.j2k"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jbr"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jfif"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jif"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jp2"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jpc"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jpe"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jpeg"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jpg"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jpk"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.jpx"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.kdc"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.lbm"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.mef"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.mos"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.mrw"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.nef"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.orf"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pbm"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pbr"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pcd"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pct"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pcx"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pef"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pgm"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pic"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pict"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pix"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.png"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.ppm"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.psd"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.psp"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pspbrush"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.pspimage"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.raf"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.ras"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
 @Denied: (2) (S-1-5-21-832218304-1381429587-2039531074-1001)
 @Denied: (2) (LocalSystem)
 "Progid"="Winamp.File.raw"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.rgb"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.rgba"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.rle"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.rsb"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.rw2"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.sgi"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.sr2"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.srf"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.tga"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.thm"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.tif"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.tiff"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.ttc"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.ttf"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.v11o"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.v11p"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.v11pf"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.wbm"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.wbmp" 
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.wmf" 
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.xbm"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.xif"
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.xmp" 
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.xpm"
 .
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\SecuROM\License information*]
 "datasecu"=hex:a2,c6,13,79,c3,1f,b4,44,07,ae,de,c4,c8,52,fb,2f,66,0d,d5,99,37,
 d7,59,3f,75,11,9c,20,71,ee,03,61,09,8a,ff,2b,22,6e,67,cd,6b,75,7c,48,ca,f6,\
 "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
 @Denied: (Full) (Everyone)


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Arrow Korak 2


Zapakuj u (zip, rar) arhivu sledeci folder:

C:\Qoobox\Quarantine

... i upload-uj ga preko link-a:

http://www.mycity.rs/ambulanta-upload.php




Arrow Korak 3

Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.
Klikni na Scan.
Kada zavrsi skeniranje, klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.




Arrow Korak 4

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).







goran9888 (AMF Tim)

offline
  • Pridružio: 16 Maj 2011
  • Poruke: 68

Napisano: 11 Jun 2011 22:50

ok.
1.
ComboFix 11-06-11.01 - Danilo 11.06.2011 22:21:12.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.601 [GMT 2:00]
Running from: c:\users\Danilo\Downloads\ComboFix.exe
Command switches used :: c:\users\Danilo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2012-01-07 02:31 . 2012-01-07 02:31 -------- d-----w- c:\programdata\FLEXnet
2012-01-07 02:29 . 2011-01-29 20:38 -------- d-----w- c:\program files\Bonjour
2012-01-07 02:26 . 2011-01-29 20:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-03 18:53 . 2011-04-01 21:58 -------- d-----w- c:\users\Danilo\AppData\Roaming\Winamp
2012-01-03 17:54 . 2012-01-03 18:22 -------- d-----w- C:\MEET_THE_FOCKERS
2012-01-03 03:11 . 2011-02-05 23:01 -------- d-----w- c:\users\Danilo\DoctorWeb
2012-01-03 00:09 . 2011-01-29 20:37 -------- d-----w- c:\users\Public\Counter-Strike 1.6
2012-01-02 20:31 . 2011-01-29 20:36 -------- d-----w- c:\program files\Webteh
2012-01-02 17:39 . 2011-02-06 10:27 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-01-01 18:49 . 2011-01-29 20:37 -------- d-----w- c:\users\Danilo\AppData\Local\Mozilla
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-12-31 18:12 . 2011-12-31 18:12 -------- d-----w- c:\windows\PCHEALTH
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-31 18:11 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-31 18:11 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-31 18:11 . 2011-12-31 18:11 -------- d-----w- c:\users\Danilo\AppData\Local\Microsoft Help
2011-12-31 18:10 . 2011-12-31 18:20 -------- d-----w- c:\programdata\Microsoft Help
2011-12-31 18:10 . 2011-01-29 20:36 -------- d-----r- C:\MSOCache
2011-12-27 19:18 . 2011-01-29 20:36 -------- d-----w- c:\program files\VideoLAN
2011-12-26 20:27 . 2011-02-19 16:49 -------- d-----w- c:\programdata\eMule
2011-12-26 20:26 . 2011-01-29 20:36 -------- d-----w- c:\users\Danilo\AppData\Local\eMule
2011-06-11 20:26 . 2011-06-11 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 11:15 . 2011-06-11 11:15 -------- d-----w- C:\MyCity
2011-06-10 22:28 . 2011-06-10 22:28 -------- d-----w- c:\program files\BabylonToolbar
2011-06-10 22:08 . 2011-06-11 14:08 -------- d-----w- c:\users\Danilo\AppData\Roaming\skypePM
2011-06-10 22:08 . 2011-06-10 22:08 -------- d-----w- c:\programdata\Skype Extras
2011-06-10 22:08 . 2011-06-11 20:22 -------- d-----w- c:\users\Danilo\AppData\Roaming\Skype
2011-06-10 22:07 . 2011-06-10 22:07 -------- d-----w- c:\program files\Common Files\Skype
2011-06-10 22:07 . 2011-06-10 22:08 -------- d-----r- c:\program files\Skype
2011-06-10 22:07 . 2011-06-10 22:07 -------- d-----w- c:\programdata\Skype
2011-06-10 20:02 . 2011-06-11 16:09 -------- d-----w- c:\users\Danilo\AppData\Roaming\MCShield
2011-06-10 20:02 . 2011-06-10 20:02 -------- d-----w- c:\program files\MCShield
2011-06-09 23:08 . 2011-06-09 23:08 -------- d-----w- c:\windows\system32\RTCOM
2011-06-09 14:06 . 2011-06-09 14:06 -------- d-----w- c:\users\UpdatusUser
2011-06-09 14:06 . 2011-05-25 06:09 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-09 14:05 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-09 14:05 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-09 14:05 . 2011-05-25 06:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-06-09 14:05 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-06-09 14:05 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-06-09 14:05 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-06-09 14:05 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-09 14:05 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-06-09 14:05 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-06-09 14:05 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-06-09 14:05 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-06-09 14:05 . 2011-06-09 14:05 -------- d-----w- C:\NVIDIA
2011-06-09 13:34 . 2011-03-21 19:22 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-06-09 13:34 . 2011-03-21 19:22 362600 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-06-09 13:34 . 2011-03-21 19:22 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-06-09 13:18 . 2011-06-09 13:18 -------- d-----w- c:\program files\Intel
2011-06-09 13:18 . 2010-06-17 10:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-09 13:17 . 2011-06-09 13:17 -------- d-----w- C:\Intel
2011-06-09 12:51 . 2011-06-09 12:51 -------- d-----w- c:\program files\Lavalys
2011-06-09 02:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57E11817-BD5C-4BF6-B4B5-53EF1A7EF62B}\mpengine.dll
2011-06-08 20:46 . 2011-06-08 20:46 -------- d-----w- c:\users\Danilo\AppData\Local\Activision
2011-06-03 21:52 . 2011-06-03 21:52 -------- d--h--r- c:\users\Public\Libraries
2011-05-30 00:22 . 2011-05-30 00:22 -------- d-----w- c:\program files\Microsoft
2011-05-26 22:36 . 2011-05-28 11:58 -------- d-----w- c:\users\Danilo\VirtualBox VMs
2011-05-26 22:35 . 2011-06-09 13:12 -------- d-----w- c:\users\Danilo\.VirtualBox
2011-05-26 22:35 . 2011-05-16 17:01 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-05-26 22:34 . 2011-05-26 22:35 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-26 22:34 . 2011-05-16 17:01 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-05-26 22:34 . 2011-05-26 22:34 -------- d-----w- c:\program files\Oracle
2011-05-23 23:14 . 2011-05-23 23:14 -------- d-----w- c:\program files\Yetisports
2011-05-22 14:42 . 2011-05-22 14:42 -------- d-----w- c:\users\Danilo\AppData\Local\Screamer Radio
2011-05-22 14:38 . 2011-05-22 14:39 -------- d-----w- c:\users\Danilo\AppData\Roaming\Free Audio Recorder
2011-05-22 14:38 . 2011-05-22 14:38 -------- d-----w- c:\program files\Free Audio Recorder
2011-05-22 14:31 . 2011-05-22 14:31 -------- d-----w- c:\program files\Fox Magic
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-17 22:44 . 2011-05-17 22:44 -------- d-----w- C:\USBNoRisk
2011-05-17 21:41 . 2011-05-17 21:41 -------- d-----w- c:\users\Danilo\AppData\Roaming\Vistanita
2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\program files\Vistanita
2011-05-17 11:52 . 2011-05-17 11:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 17:01 . 2011-05-16 17:01 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-05-16 17:01 . 2011-05-16 17:01 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-16 17:00 . 2011-05-16 17:00 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-05-15 20:16 . 2011-05-15 20:16 -------- d-----w- c:\program files\DriverFinder
2011-05-15 20:14 . 2011-05-15 20:14 -------- d-----w- c:\users\Danilo\AppData\Roaming\DriverFinder
2011-05-15 18:37 . 2011-05-17 00:00 -------- d-----w- c:\program files\HWiNFO32
2011-05-15 18:14 . 2011-05-15 18:14 -------- d-----w- c:\program files\Driver-Soft
2011-05-14 22:58 . 2011-05-14 22:58 -------- d-----w- c:\programdata\Symantec
2011-05-14 22:58 . 2011-05-15 18:15 -------- d-----w- c:\programdata\Norton
2011-05-14 20:04 . 2011-05-14 20:06 -------- d-----w- c:\users\Danilo\AppData\Roaming\DivX
2011-05-14 19:57 . 2011-05-15 21:28 -------- d-----w- c:\program files\DivX
2011-05-14 19:56 . 2011-05-15 21:28 -------- d-----w- c:\programdata\DivX
2011-05-14 19:45 . 2011-05-14 20:09 -------- d-----w- C:\film
2011-05-14 10:29 . 2011-05-14 10:29 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 11:45 . 2010-09-09 20:17 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-11 11:45 . 2010-09-09 20:31 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-11 11:45 . 2010-09-09 20:17 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 06:09 . 2010-07-09 14:20 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2010-07-09 14:20 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2010-07-09 14:20 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2010-07-09 14:20 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 06:09 . 2010-07-09 14:20 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-09 14:05 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 06:09 . 2010-07-10 04:37 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-04-29 23:13 . 2011-04-29 23:13 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-27 11:27 . 2011-04-27 11:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-27 11:27 . 2011-04-27 11:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-27 11:27 . 2011-04-27 11:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-27 11:27 . 2011-04-27 11:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-27 11:27 . 2011-04-27 11:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-27 11:27 . 2011-04-27 11:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-27 11:27 . 2011-04-27 11:27 367104 ----a-w- c:\windows\system32\html.iec
2011-04-27 11:27 . 2011-04-27 11:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-27 11:27 . 2011-04-27 11:27 161280 ----a-w- c:\windows\system32\msls31.dll
2011-04-27 11:27 . 2011-04-27 11:27 1426432 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-27 11:27 . 2011-04-27 11:27 1125376 ----a-w- c:\windows\system32\wininet.dll
2011-04-27 11:27 . 2011-04-27 11:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-27 11:27 . 2011-04-27 11:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-27 11:27 . 2011-04-27 11:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-27 11:27 . 2011-04-27 11:27 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-27 11:27 . 2011-04-27 11:27 1791488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-27 11:27 . 2011-04-27 11:27 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-27 11:27 . 2011-04-27 11:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-27 11:27 . 2011-04-27 11:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-27 11:27 . 2011-04-27 11:27 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-27 11:27 . 2011-04-27 11:27 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-16 21:02 . 2011-03-20 20:20 165232 ---ha-w- c:\users\Danilo\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-04-14 03:07 . 2010-10-08 19:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-26 19:33 . 2011-03-26 19:17 2829 ----a-w- c:\windows\War3Unin.pif
2011-03-26 19:33 . 2011-03-26 19:17 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-14 16:26 . 2011-05-15 21:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\config\systemprofile\AppData\Roaming ----
.
2011-05-02 17:49 . 2011-05-02 17:49 87 --sh--w- c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
2011-05-02 17:49 . 2009-07-14 04:54 1515 ----a-w- c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk
2011-04-12 20:27 . 2011-04-12 20:27 174 --sh--w- c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2011-04-12 20:27 . 2011-04-12 20:27 174 --sh--w- c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2011-02-23 21:58 . 2011-02-23 21:58 940 ----a-w- c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_E49185FEF588455E98B90EFE01C9147A.dat
2010-08-28 03:16 . 2011-06-11 11:00 16384 --sha-w- c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2010-08-27 12:25 . 2011-06-10 09:21 262144 --sha-w- c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"Shell"= explorer.exe,c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"Shell"= explorer.exe,c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe
.
[HKLM\~\startupfolder\C:^Users^Danilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Danilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 16:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-27 14:04 136176 ----atw- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickPhrase]
2007-06-19 08:29 638232 ----a-w- c:\program files\TypingMaster\QuickPhrase\quickphrase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-05-03 13:50 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
2010-10-23 03:47 1070360 ----a-w- c:\program files\TrojanHunter 5.3\THGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-15 23:30 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2010-03-30 27760]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Danilo\AppData\Local\Temp\GPU-Z.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S0 cdburner;cdburner;c:\windows\system32\DRIVERS\cdburner.sys [2008-07-24 15872]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2010-09-29 20088]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 96586074
*Deregistered* - 96586074
*Deregistered* - PnkBstrK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832218304-1381429587-2039531074-1001Core.job
- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 14:04]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832218304-1381429587-2039531074-1001UA.job
- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&affID=19404
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Translate with Di dictionary -
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70A504E5-2578-48B8-9BAC-67CA7A7EBAFE}: NameServer = 192.168.56.1
FF - ProfilePath - c:\users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\36s4e2oe.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&affID=19404
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&instlRef=sst&affID=19404&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\SecuROM\License information*]
"datasecu"=hex:a2,c6,13,79,c3,1f,b4,44,07,ae,de,c4,c8,52,fb,2f,66,0d,d5,99,37,
d7,59,3f,75,11,9c,20,71,ee,03,61,09,8a,ff,2b,22,6e,67,cd,6b,75,7c,48,ca,f6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Completion time: 2011-06-11 22:27:31
ComboFix-quarantined-files.txt 2011-06-11 20:27
ComboFix2.txt 2011-06-11 11:22
.
Pre-Run: 318.554.140.672 bytes free
Post-Run: 318.498.734.080 bytes free
.
- - End Of File - - 77B30F1CF22CAF84EE60E2479B4ACA28

2.
upload-ovo sam fajl pod nazivom Quarantine.rar

3.

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-11 22:34:15
-----------------------------
22:34:15.471 OS Version: Windows 6.1.7600
22:34:15.471 Number of processors: 2 586 0x170A
22:34:15.473 ComputerName: DANILO-PC UserName: Danilo
22:34:17.960 Initialize success
22:34:19.785 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:34:19.788 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 3
22:34:21.814 Disk 0 MBR read successfully
22:34:21.817 Disk 0 MBR scan
22:34:21.821 Disk 0 Windows 7 default MBR code
22:34:23.825 Disk 0 scanning sectors +1953519616
22:34:23.888 Disk 0 scanning C:\Windows\system32\drivers
22:34:26.579 Service scanning
22:34:27.766 Disk 0 trace - called modules:
22:34:27.778 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:34:27.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86271030]
22:34:27.789 3 CLASSPNP.SYS[897b659e] -> nt!IofCallDriver -> [0x861aa328]
22:34:27.795 5 ACPI.sys[892323b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86192908]
22:34:27.801 Scan finished successfully
22:35:21.156 Disk 0 MBR has been saved successfully to "C:\Users\Danilo\Desktop\MBR.dat"
22:35:21.162 The log file has been saved successfully to "C:\Users\Danilo\Desktop\aswMBR.txt"

4.nije nasao nijedan malware

Malwarebytes' Anti-Malware 1.51.0.1200
malwarebytes.org

Database version: 6837

Windows 6.1.7600
Internet Explorer 9.0.8080.16413

11.6.2011 22:47:17
mbam-log-2011-06-11 (22-47-17).txt

Scan type: Quick scan
Objects scanned: 168861
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dopuna: 12 Jun 2011 3:46

mora budala da dira nesto pa to ti je...
skenirao sam komp sa rootkit buster-om,kada se zavrsilo skeniranje obrisao sam one viruse na kraju ili sta li su vec.komp se restartovao uradio update windowsa i sada mi je ovakav desktop.

[img]
mycity.rs/thumbs2/253496_tmb_72658152_slika.png[/img]
i nece net da radi uopste

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pa ti sto radis ono sto ti ne pisem ...


Ne bi trebalo ovo da radim (jer jel'te ti znas sam da resis problem), al' bicu dobre volje ovog puta Razz ...


Posto si pokretao Trend Micro RootkitBuster, on je na Desktop-u napravio folder pod nazivom TMRBLog u kome se nalazi izvestaj (jedan ili vise; u zavisnosti koliko puta si pokretao skeniranje). Okaci mi izvestaj/e iz tog foldera da pogledam.




Arrow


Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
 "AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"Shell"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"Shell"=-

RegLock::
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
 @Denied: (2) (LocalSystem)
 "Progid"="ACDSee Photo Manager 2009.cs1"


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.






goran9888 (AMF Tim)

offline
  • Pridružio: 16 Maj 2011
  • Poruke: 68

ma znam...izvinjavam se Smile
nasao sam nesto tom programu na forumu i reko nece da skodi.
uradio sam restore sistema (kako se vec zove),vratio sam sistem na predhodno stanje pre instalacije update-a.da skeniram opet?


cComboFix 11-06-11.01 - Danilo 12.06.2011 21:24:29.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.905 [GMT 2:00]
Running from: c:\users\Danilo\Desktop\ComboFix.exe
Command switches used :: c:\users\Danilo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2012-01-07 02:31 . 2012-01-07 02:31 -------- d-----w- c:\programdata\FLEXnet
2012-01-07 02:29 . 2011-01-29 20:38 -------- d-----w- c:\program files\Bonjour
2012-01-07 02:26 . 2011-01-29 20:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-03 18:53 . 2011-06-12 10:19 -------- d-----w- c:\users\Danilo\AppData\Roaming\Winamp
2012-01-03 03:11 . 2011-02-05 23:01 -------- d-----w- c:\users\Danilo\DoctorWeb
2012-01-03 00:09 . 2011-01-29 20:37 -------- d-----w- c:\users\Public\Counter-Strike 1.6
2012-01-02 20:31 . 2011-01-29 20:36 -------- d-----w- c:\program files\Webteh
2012-01-02 17:39 . 2011-02-06 10:27 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-01-01 18:49 . 2011-01-29 20:37 -------- d-----w- c:\users\Danilo\AppData\Local\Mozilla
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-12-31 18:12 . 2011-12-31 18:12 -------- d-----w- c:\windows\PCHEALTH
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-31 18:12 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-31 18:11 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-31 18:11 . 2011-01-29 20:36 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-31 18:11 . 2011-12-31 18:11 -------- d-----w- c:\users\Danilo\AppData\Local\Microsoft Help
2011-12-31 18:10 . 2011-12-31 18:20 -------- d-----w- c:\programdata\Microsoft Help
2011-12-31 18:10 . 2011-01-29 20:36 -------- d-----r- C:\MSOCache
2011-12-27 19:18 . 2011-01-29 20:36 -------- d-----w- c:\program files\VideoLAN
2011-12-26 20:27 . 2011-02-19 16:49 -------- d-----w- c:\programdata\eMule
2011-12-26 20:26 . 2011-01-29 20:36 -------- d-----w- c:\users\Danilo\AppData\Local\eMule
2011-06-12 19:29 . 2011-06-12 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 20:39 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 20:39 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 11:15 . 2011-06-12 10:19 -------- d-----w- C:\MyCity
2011-06-10 22:28 . 2011-06-10 22:28 -------- d-----w- c:\program files\BabylonToolbar
2011-06-10 22:08 . 2011-06-12 14:01 -------- d-----w- c:\users\Danilo\AppData\Roaming\skypePM
2011-06-10 22:08 . 2011-06-10 22:08 -------- d-----w- c:\programdata\Skype Extras
2011-06-10 22:08 . 2011-06-12 19:27 -------- d-----w- c:\users\Danilo\AppData\Roaming\Skype
2011-06-10 22:07 . 2011-06-10 22:07 -------- d-----w- c:\program files\Common Files\Skype
2011-06-10 22:07 . 2011-06-10 22:08 -------- d-----r- c:\program files\Skype
2011-06-10 22:07 . 2011-06-10 22:07 -------- d-----w- c:\programdata\Skype
2011-06-10 20:02 . 2011-06-12 15:22 -------- d-----w- c:\users\Danilo\AppData\Roaming\MCShield
2011-06-10 20:02 . 2011-06-10 20:02 -------- d-----w- c:\program files\MCShield
2011-06-09 23:08 . 2011-06-09 23:08 -------- d-----w- c:\windows\system32\RTCOM
2011-06-09 14:06 . 2011-06-12 10:22 -------- d-----w- c:\users\UpdatusUser
2011-06-09 14:06 . 2011-05-25 06:09 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-09 14:05 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-09 14:05 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-09 14:05 . 2011-05-25 06:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-06-09 14:05 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-06-09 14:05 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-06-09 14:05 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-06-09 14:05 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-09 14:05 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-06-09 14:05 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-06-09 14:05 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-06-09 14:05 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-06-09 14:05 . 2011-06-12 10:19 -------- d-----w- C:\NVIDIA
2011-06-09 13:34 . 2011-03-21 19:22 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-06-09 13:34 . 2011-03-21 19:22 362600 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-06-09 13:34 . 2011-03-21 19:22 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-06-09 13:18 . 2011-06-09 13:18 -------- d-----w- c:\program files\Intel
2011-06-09 13:18 . 2010-06-17 10:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-09 12:51 . 2011-06-09 12:51 -------- d-----w- c:\program files\Lavalys
2011-06-09 02:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57E11817-BD5C-4BF6-B4B5-53EF1A7EF62B}\mpengine.dll
2011-06-08 20:46 . 2011-06-08 20:46 -------- d-----w- c:\users\Danilo\AppData\Local\Activision
2011-06-03 21:52 . 2011-06-03 21:52 -------- d--h--r- c:\users\Public\Libraries
2011-05-30 00:22 . 2011-05-30 00:22 -------- d-----w- c:\program files\Microsoft
2011-05-26 22:36 . 2011-05-28 11:58 -------- d-----w- c:\users\Danilo\VirtualBox VMs
2011-05-26 22:35 . 2011-06-12 09:17 -------- d-----w- c:\users\Danilo\.VirtualBox
2011-05-26 22:35 . 2011-05-16 17:01 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-05-26 22:34 . 2011-05-26 22:35 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-26 22:34 . 2011-05-16 17:01 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-05-26 22:34 . 2011-05-26 22:34 -------- d-----w- c:\program files\Oracle
2011-05-23 23:14 . 2011-05-23 23:14 -------- d-----w- c:\program files\Yetisports
2011-05-22 14:42 . 2011-05-22 14:42 -------- d-----w- c:\users\Danilo\AppData\Local\Screamer Radio
2011-05-22 14:38 . 2011-05-22 14:39 -------- d-----w- c:\users\Danilo\AppData\Roaming\Free Audio Recorder
2011-05-22 14:38 . 2011-05-22 14:38 -------- d-----w- c:\program files\Free Audio Recorder
2011-05-22 14:31 . 2011-05-22 14:31 -------- d-----w- c:\program files\Fox Magic
2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-17 21:41 . 2011-05-17 21:41 -------- d-----w- c:\users\Danilo\AppData\Roaming\Vistanita
2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\program files\Vistanita
2011-05-17 11:52 . 2011-05-17 11:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 17:01 . 2011-05-16 17:01 122224 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-05-16 17:01 . 2011-05-16 17:01 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-16 17:00 . 2011-05-16 17:00 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-05-15 20:16 . 2011-05-15 20:16 -------- d-----w- c:\program files\DriverFinder
2011-05-15 20:14 . 2011-05-15 20:14 -------- d-----w- c:\users\Danilo\AppData\Roaming\DriverFinder
2011-05-15 18:37 . 2011-05-17 00:00 -------- d-----w- c:\program files\HWiNFO32
2011-05-15 18:14 . 2011-05-15 18:14 -------- d-----w- c:\program files\Driver-Soft
2011-05-14 22:58 . 2011-05-14 22:58 -------- d-----w- c:\programdata\Symantec
2011-05-14 22:58 . 2011-05-15 18:15 -------- d-----w- c:\programdata\Norton
2011-05-14 20:04 . 2011-05-14 20:06 -------- d-----w- c:\users\Danilo\AppData\Roaming\DivX
2011-05-14 19:57 . 2011-05-15 21:28 -------- d-----w- c:\program files\DivX
2011-05-14 19:56 . 2011-05-15 21:28 -------- d-----w- c:\programdata\DivX
2011-05-14 10:29 . 2011-05-14 10:29 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 22:15 . 2010-09-09 20:17 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-11 22:15 . 2010-09-09 20:31 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-11 22:15 . 2010-09-09 20:17 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 06:09 . 2010-07-09 14:20 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2010-07-09 14:20 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2010-07-09 14:20 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2010-07-09 14:20 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-05-25 06:09 . 2010-07-09 14:20 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-06-09 14:05 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 06:09 . 2010-07-10 04:37 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-04-29 23:13 . 2011-04-29 23:13 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-27 11:27 . 2011-04-27 11:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-27 11:27 . 2011-04-27 11:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-27 11:27 . 2011-04-27 11:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-27 11:27 . 2011-04-27 11:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-27 11:27 . 2011-04-27 11:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-27 11:27 . 2011-04-27 11:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-27 11:27 . 2011-04-27 11:27 367104 ----a-w- c:\windows\system32\html.iec
2011-04-27 11:27 . 2011-04-27 11:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-27 11:27 . 2011-04-27 11:27 161280 ----a-w- c:\windows\system32\msls31.dll
2011-04-27 11:27 . 2011-04-27 11:27 1426432 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-27 11:27 . 2011-04-27 11:27 1125376 ----a-w- c:\windows\system32\wininet.dll
2011-04-27 11:27 . 2011-04-27 11:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-27 11:27 . 2011-04-27 11:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-27 11:27 . 2011-04-27 11:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-27 11:27 . 2011-04-27 11:27 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-27 11:27 . 2011-04-27 11:27 1791488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-27 11:27 . 2011-04-27 11:27 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-27 11:27 . 2011-04-27 11:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-27 11:27 . 2011-04-27 11:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-27 11:27 . 2011-04-27 11:27 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-27 11:27 . 2011-04-27 11:27 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-16 21:02 . 2011-03-20 20:20 165232 ---ha-w- c:\users\Danilo\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-04-14 03:07 . 2010-10-08 19:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-26 19:33 . 2011-03-26 19:17 2829 ----a-w- c:\windows\War3Unin.pif
2011-03-26 19:33 . 2011-03-26 19:17 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-14 16:26 . 2011-05-15 21:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^Danilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Danilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 16:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-27 14:04 136176 ----atw- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickPhrase]
2007-06-19 08:29 638232 ----a-w- c:\program files\TypingMaster\QuickPhrase\quickphrase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-05-03 13:50 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
2010-10-23 03:47 1070360 ----a-w- c:\program files\TrojanHunter 5.3\THGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-15 23:30 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2010-03-30 27760]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Danilo\AppData\Local\Temp\GPU-Z.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 111280]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-20 1343400]
S0 cdburner;cdburner;c:\windows\system32\DRIVERS\cdburner.sys [2008-07-24 15872]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2010-09-29 20088]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-05-16 162544]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-05-16 44720]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-05-16 122224]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832218304-1381429587-2039531074-1001Core.job
- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 14:04]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-832218304-1381429587-2039531074-1001UA.job
- c:\users\Danilo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&affID=19404
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Translate with Di dictionary -
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70A504E5-2578-48B8-9BAC-67CA7A7EBAFE}: NameServer = 192.168.56.1
FF - ProfilePath - c:\users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\36s4e2oe.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&affID=19404
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=22e9aa5e0000000000004061868567c1&tlver=1.4.19.19&instlRef=sst&affID=19404&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-832218304-1381429587-2039531074-1001\Software\SecuROM\License information*]
"datasecu"=hex:a2,c6,13,79,c3,1f,b4,44,07,ae,de,c4,c8,52,fb,2f,66,0d,d5,99,37,
d7,59,3f,75,11,9c,20,71,ee,03,61,09,8a,ff,2b,22,6e,67,cd,6b,75,7c,48,ca,f6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1524)
c:\program files\Di recnik\ALTFHOOK.DLL
c:\windows\system32\CC3260.DLL
.
Completion time: 2011-06-12 21:30:29
ComboFix-quarantined-files.txt 2011-06-12 19:30
ComboFix2.txt 2011-06-11 20:27
ComboFix3.txt 2011-06-11 11:22
.
Pre-Run: 347.918.376.960 bytes free
Post-Run: 348.010.491.904 bytes free
.
- - End Of File - - 837726E180DCBEFE64FF0FC781C18FF2

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Komplikujes stvari bez potrebe.

Ako za nesto nisi siguran, bolje pitaj i sacekaj odgovor.



Arrow


Napisao sam ti vec da mi okacis izvestaje RootkitBuster-a da pogledam.




Arrow


Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Files to delete:
c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system | Shell


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.


Arrow

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.



Arrow

Preporucuje se da odradis update sistema. No, problem moze biti ako ti operativni sistem nije legalno aktiviran.






goran9888 (AMF Tim)

offline
  • Pridružio: 16 Maj 2011
  • Poruke: 68

hmmm ne znam zasto nije okacilo ostatak poruke...valjda je bila prevelika...
evo ga u notepaid-u
mycity.rs/must-login.png

avenger log Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe" not found!
Deletion of file "c:\windows\system32\config\systemprofile\AppData\Roaming\Qozizy.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system|Shell"
Deletion of registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system|Shell" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


usbnorisk log


USBNoRisk 2.7 (28 December 2010) by bobby

Started at 12.6.2011 22:38:01

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {1b12b06d-b252-11df-aacf-806e6f6e6963}
D: {a904845b-b1d5-11df-bbba-4061868567c1}
F: {cdd869b4-c112-11df-83cf-4061868567c1}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 1b12b06d-b252-11df-aacf-806e6f6e6963
----------------------------------------
Desktop.ini found at C:\MyCity\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\Windows\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\shell32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-109
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\shell32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,MUIVerb = @%systemroot%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %SystemRoot%\system32\CompMgmtLauncher.exe
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for a904845b-b1d5-11df-bbba-4061868567c1
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on F:
No autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for cdd869b4-c112-11df-83cf-4061868567c1
No Desktop.ini files found on F:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed F:
========================================

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Nista ti ne radis onako kako ja napisem, vec malo tako, malo na svoju ruku.


Ako sam napisao da ne koristis flash uredjaje, to nisam napisao tek da bih eto nesto napisao;
Ako sam napisao da prvo pokrenes USB No Risk pa tek onda prikljucis USB mem. uredjaj, onda to trebas i da uradis a ne da ubodes USB mem. uredjaj pa da pokrenes USB No Risk;
itd itd



S'obzirom da neces da saradjujes, ja ovaj slucaj zatvaram.


Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow

Ostale koriscene programe mozes da obrises;
Sistem mozes da update-ujes;
Poseti ovu temu (sve tamo pise) sa svakim pretrazivacem koji koristis: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html
Programe koje ne koristis deinstaliraj, takodje i toolbar-ove.


Arrow

Preuzmi program ATF Cleaner i sačuvaj ga na Desktop.

Štikliraj Select All i nakon toga klikni na Empty Selected.
Kada se pojavi poruka Done Cleaning, zatvori program.






Ko je trenutno na forumu
 

Ukupno su 500 korisnika na forumu :: 1 registrovan, 1 sakriven i 498 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: mrav pesadinac