MyCity » Ambulanta -> Arhiva Ambulante » Problem sa pokretanjem programa

Problem sa pokretanjem programa

Napisano na dan: 6.5.2011

Strana:
1
2
3
4
5

Problem sa pokretanjem programa

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4
5

chupo17 Poslao: 11 Maj 2011 23:45 Idi na vrh
offline chupo17 Zaslužni građanin Milorad Pridružio: 09 Feb 2004 Poruke: 505 Gde živiš: U Srbiji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ništa novo. Nema promene.

Profil

1l padr1n0 Poslao: 12 Maj 2011 13:49 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! S'obzirom da si mi napisao u privatnoj poruci da si pokretao CF, okaci mi njegov izvestaj ovde da pogledam. U svakom slucaju, CF pokreci iskljucivo kada ti ja, ili moje kolege to zatraze. goran9888 (AMF Tim)

Profil

chupo17 Poslao: 12 Maj 2011 15:35 Idi na vrh
offline chupo17 Zaslužni građanin Milorad Pridružio: 09 Feb 2004 Poruke: 505 Gde živiš: U Srbiji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U redu. ComboFix log nakon uklanjanja Zone Alarma ComboFix 11-05-11.02 - Pc 12.05.2011 10:44:07.11.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2037.1504 [GMT 2:00] Running from: d:\desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 ))))))))))))))))))))))))))))))) . . 2011-05-12 07:36 . 2011-05-12 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles 2011-05-12 06:00 . 2011-05-12 08:37 -------- d-----w- c:\program files\TweakNow PowerPack 2011 2011-05-12 06:00 . 2011-05-12 08:37 -------- d-----w- c:\documents and settings\Pc\Application Data\TweakNow PowerPack 2011 2011-05-11 05:35 . 2001-08-17 10:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys 2011-05-11 05:34 . 2001-08-17 10:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys 2011-05-11 05:33 . 2007-11-30 15:25 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys 2011-05-11 05:32 . 2001-08-17 12:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys 2011-05-11 05:31 . 2007-11-30 15:24 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys 2011-05-11 05:30 . 2001-08-17 10:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys 2011-05-11 05:29 . 2001-08-17 20:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll 2011-05-11 05:28 . 2001-08-17 10:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys 2011-05-09 08:53 . 2011-05-09 08:53 -------- d-----w- c:\program files\CCleaner 2011-05-09 08:07 . 2011-05-12 06:06 -------- d-----w- c:\windows\system32\NtmsData 2011-05-09 06:44 . 2011-05-09 06:44 388096 ----a-r- c:\documents and settings\Pc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-06 12:06 . 2009-11-06 11:16 291328 ----a-w- C:\gmer.exe 2011-05-06 07:16 . 2011-05-06 07:16 -------- d-----r- C:\MSOCache 2011-04-18 10:08 . 2011-05-09 09:42 -------- d-----w- c:\documents and settings\Pc\Application Data\My Games 2011-04-18 07:25 . 2011-04-18 07:25 -------- d-----w- c:\program files\Firaxis Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 22:36 . 2011-04-06 22:36 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-02-11 21:23 . 2011-02-11 21:23 53299 ----a-w- c:\windows\system32\pthreadVC.dll 2011-02-11 21:23 . 2011-02-11 21:23 35088 ----a-w- c:\windows\system32\drivers\npf.sys 2011-02-11 21:23 . 2011-02-11 21:23 281104 ----a-w- c:\windows\system32\wpcap.dll 2011-02-11 21:23 . 2011-02-11 21:23 100880 ----a-w- c:\windows\system32\Packet.dll 2011-04-29 11:11 . 2011-03-23 07:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-02-17 06:50 . 2011-02-17 06:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2011-05-12 08:39 . 2011-05-12 08:39 16384 c:\windows\temp\Perflib_Perfdata_2fc.dat - 2011-05-12 08:23 . 2011-05-12 08:23 16384 c:\windows\temp\Perflib_Perfdata_2fc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "UseDesktopIniCache"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Firebird\\Firebird_1_5\\bin\\fbserver.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Documents and Settings\\Pc\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "9191:TCP"= 9191:TCP:PaperCut NG HTTP "9192:TCP"= 9192:TCP:PaperCut NG HTTPS "9193:TCP"= 9193:TCP:PaperCut NG Binary "5114:TCP"= 5114:TCP:PaperCut NG Firmware "5297:TCP"= 5297:TCP:orgdkxn . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2011 12:36 AM 685816] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 11:23 PM 35088] R2 PCPrintProvider;PaperCut Print Provider;c:\program files\PaperCut NG\providers\print\win\pc-print.exe [1/13/2011 1:32 PM 323584] R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11/30/2010 7:08 PM 2222376] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/16/2010 2:51 PM 44032] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2010 9:21 AM 136176] S2 PCAppServer;PaperCut Application Server;c:\program files\PaperCut NG\server\bin\win\pc-server.exe [1/13/2011 1:32 PM 135168] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/16/2010 2:49 PM 1684736] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/17/2011 8:50 AM 30192] S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?] S3 TrmbTS;TrmbTS;c:\windows\system32\drivers\TrmbTS.sys [11/10/2010 1:19 PM 29184] S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [11/10/2010 1:19 PM 9881] S4 PCWebPrint;PaperCut Web Print Server;c:\program files\PaperCut NG\providers\web-print\win\pc-web-print.exe [1/13/2011 1:32 PM 282624] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs tgjujo . Contents of the 'Scheduled Tasks' folder . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 07:21] . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 07:21] . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-839522115-1003Core.job - c:\documents and settings\Pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 14:34] . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-839522115-1003UA.job - c:\documents and settings\Pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 14:34] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] TCP: {8EBDE815-A126-43FB-80A3-C5F4595953E5} = 192.168.0.1 . . ------- File Associations ------- . .scr=AutoCADScriptFile . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2011-05-12 10:48 Windows 5.1.2600 Service Pack 3, v.3264 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components] @Denied: (Full) (Everyone) @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] @="Internet Explorer Version Update" "ComponentID"="IEUDINIT" "DontAsk"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe" "Version"="8,0,6001,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "DontAsk"=dword:00000002 "Version"="9,0,0,4503" "IsInstalled"=dword:00000000 "Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP" @="Windows Media Player" "ComponentID"="WMPACCESS" "Locale"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] @="Internet Explorer" "ComponentID"="IEACCESS" "Dontask"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigIE" "Version"="2,0,0,0" "LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] @="Browser Customizations" "ComponentiD"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Locale"="" "LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052" "StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" "Version"="6,0,2900,2149" "Locale"="" "IsInstalled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] @="Outlook Express" "ComponentID"="OEACCESS" "Dontask"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE" "Version"="2,0,0,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] @="Java (Sun)" "ComponentID"="JAVAVM" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll" "Version"="5,0,5000,0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] @="Vector Graphics Rendering (VML)" "ComponentID"="MSVML" "Version"="6,0,2462,0001" "IsInstalled"=hex:01,00,00,00 "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] @="" "ComponentID"="NetShow" "IsInstalled"=dword:00000001 "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "ComponentID"="Microsoft Windows Media Player" "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="" "IsInstalled"=dword:00000001 @="Microsoft Windows Media Player 6.4" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] @="DirectAnimation" "IsInstalled"=dword:00000001 "Version"="6,0,3,531" "Locale"="EN" "ComponentID"="DirectAnimation" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] @="Themes Setup" "ComponentID"="Theme Component" "IsInstalled"=dword:00000001 "Locale"="EN" "StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll" "Version"="1,1,1,7" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{31968B4C-3359-BB14-3AD0-3D6BE4FB4835}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="1,0,0,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] @="Dynamic HTML Data Binding for Java" "ComponentID"="TridataJava" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,7,0,0320" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "Version"="8,0,6001,18702" @="Offline Browsing Pack" "ComponentID"="MobilePk" "IsInstalled"=dword:00000001 "Locale"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] @="Uniscribe" "ComponentID"="USP10" "IsInstalled"=dword:00000001 "Locale"="" "Version"="1,397,2406,1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3E775812-CC9D-6B59-CAB1-6FD61B3C1CE7}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] @="Advanced Authoring" "ComponentID"="AdvAuth" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "Version"="6,0,2900,3264" @="Microsoft Outlook Express 6" "IsInstalled"=dword:00000001 "Locale"="EN" "ComponentID"="MailNews" "CloneUser"=dword:00000001 "StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] @="NetMeeting 3.01" "ComponentID"="NetMeeting" "IsInstalled"=hex:01,00,00,00 "Version"="4,4,0,3400" "Locale"="EN" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] @="DirectShow" "ComponentID"="activemovie" "IsInstalled"=dword:00000001 "DontAsk"=dword:00000002 "Locale"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}] @="Microsoft DirectX" "Version"=hex:04,00,09,00,00,00,88,03 . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] @="DirectDrawEx" "ComponentID"="DirectDrawEx" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,71,1113,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] @="Internet Explorer Help" "ComponentID"="HelpCont" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4EDEB605-DE0F-80F3-DB1F-0D1489FACDF8}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] @="DirectAnimation Java Classes" "ComponentID"="DAJava" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,00,01,0223" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] @="Microsoft Windows Script 5.8" "ComponentID"="MSVBScript" "IsInstalled"=dword:00000001 "Locale"="EN" "Version"="5,8,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5813F8E1-31D5-2BDC-EB50-D1BCC9CB8B0B}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] @="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser" "Locale"="EN" "Version"="4,7,0,3000" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" "IsInstalled"=dword:00000001 "Locale"="" "Version"="5,00,2918,1900" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] @="Internet Explorer Setup Tools" "ComponentID"="GenSetup" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "Version"="8,0,6001,18702" @="Browsing Enhancements" "ComponentID"="ExtraPack" "IsInstalled"=dword:00000001 "Locale"="" "KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] @="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp.inf,PerUserStub" "IsInstalled"=dword:00000001 "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] @="MSN Site Access" "ComponentID"="MSN_Auth" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,9,9,2" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "ComponentID"=".NETFramework" @=".NET Framework" "Locale"="" "Version"="2,0,50727,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] "Version"="1,0,1,7" @="Web Folders" "Locale"="" "IsInstalled"=dword:00000001 "ComponentID"="WebFolders" "StubPath"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "Version"="6,0,2900,3264" @="Address Book 6" "IsInstalled"=dword:00000001 "Locale"="EN" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "Version"="6,0,2900,2149" @="Windows Desktop Update" "ComponentID"="IE4Shell_NT" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "Version"="8,0,6001,18702" @="Internet Explorer" "ComponentID"="BASEIE40_W2K" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings" "LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "DontAsk"=dword:00000002 "StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install" "IsInstalled"=dword:00000001 "ComponentID"="DOTNETFRAMEWORKS" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] @="Dynamic HTML Data Binding" "ComponentID"="Tridata" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}] "Locale"="" "Version"="2,0,50727,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] "Locale"="" "Version"="2,0,50727,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C551C8E1-62AE-2F62-F864-3710BAC74A5E}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] @="Internet Explorer Core Fonts" "ComponentID"="Fontcore" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "Locale"="" "Version"="1,0,4322,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] @="Task Scheduler" "ComponentID"="MSTASK" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,71,1968,1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" "IsInstalled"=hex:01,00,00,00 "Version"="2,1,4026,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @="Macromedia Flash Player 8" "ComponentID"="Flash" "IsInstalled"=hex:01,00,00,00 "Version"="8.0.22.0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{DDE4117E-9B30-D614-1056-2BD4EC944AA0}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] @="HTML Help" "ComponentID"="HTMLHelp" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] @="Active Directory Service Interface" "ComponentID"="ADSI" "IsInstalled"=hex:01,00,00,00 "Locale"="EN" "Version"="5,0,00,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E9CA7759-B484-A6DA-9673-9B5D6ED3A838}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{FD9C6E1D-4CA2-0BE9-D265-E5ACAB3D60A7}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1320) c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\dot3dlg.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\hnetcfg.dll . Completion time: 2011-05-12 10:50:15 ComboFix-quarantined-files.txt 2011-05-12 08:50 ComboFix2.txt 2011-05-12 08:34 ComboFix3.txt 2011-05-09 14:29 . Pre-Run: 125.026.955.264 bytes free Post-Run: 125.005.426.688 bytes free . - - End Of File - - 784612D526DA9730393A2842DB14101D

Profil

1l padr1n0 Poslao: 12 Maj 2011 18:53 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Detaljno isprati sledeca Uputstva, korak po korak Korak 1 Skini i instaliraj sledece: Security Update for Windows XP Korak 2 Proveri da li je ukljucen Windows-ov Firewall: Start -> Control Panel -> Windows Firewall -> ON Korak 3 Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\wrwtw.dll c:\windows\system32\xlnalpu.dll Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5297:TCP"=- NetSvc:: tgjujo Driver:: tgjujo RegLock:: [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components] @Denied: (Full) (Everyone) @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] @="Internet Explorer Version Update" "ComponentID"="IEUDINIT" "DontAsk"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe" "Version"="8,0,6001,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "DontAsk"=dword:00000002 "Version"="9,0,0,4503" "IsInstalled"=dword:00000000 "Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP" @="Windows Media Player" "ComponentID"="WMPACCESS" "Locale"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] @="Internet Explorer" "ComponentID"="IEACCESS" "Dontask"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigIE" "Version"="2,0,0,0" "LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] @="Browser Customizations" "ComponentiD"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Locale"="" "LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052" "StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" "Version"="6,0,2900,2149" "Locale"="" "IsInstalled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] @="Outlook Express" "ComponentID"="OEACCESS" "Dontask"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE" "Version"="2,0,0,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] @="Java (Sun)" "ComponentID"="JAVAVM" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll" "Version"="5,0,5000,0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] @="Vector Graphics Rendering (VML)" "ComponentID"="MSVML" "Version"="6,0,2462,0001" "IsInstalled"=hex:01,00,00,00 "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] @="" "ComponentID"="NetShow" "IsInstalled"=dword:00000001 "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "ComponentID"="Microsoft Windows Media Player" "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="" "IsInstalled"=dword:00000001 @="Microsoft Windows Media Player 6.4" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] @="DirectAnimation" "IsInstalled"=dword:00000001 "Version"="6,0,3,531" "Locale"="EN" "ComponentID"="DirectAnimation" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] @="Themes Setup" "ComponentID"="Theme Component" "IsInstalled"=dword:00000001 "Locale"="EN" "StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll" "Version"="1,1,1,7" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{31968B4C-3359-BB14-3AD0-3D6BE4FB4835}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="1,0,0,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] @="Dynamic HTML Data Binding for Java" "ComponentID"="TridataJava" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,7,0,0320" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "Version"="8,0,6001,18702" @="Offline Browsing Pack" "ComponentID"="MobilePk" "IsInstalled"=dword:00000001 "Locale"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] @="Uniscribe" "ComponentID"="USP10" "IsInstalled"=dword:00000001 "Locale"="" "Version"="1,397,2406,1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3E775812-CC9D-6B59-CAB1-6FD61B3C1CE7}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] @="Advanced Authoring" "ComponentID"="AdvAuth" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "Version"="6,0,2900,3264" @="Microsoft Outlook Express 6" "IsInstalled"=dword:00000001 "Locale"="EN" "ComponentID"="MailNews" "CloneUser"=dword:00000001 "StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] @="NetMeeting 3.01" "ComponentID"="NetMeeting" "IsInstalled"=hex:01,00,00,00 "Version"="4,4,0,3400" "Locale"="EN" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] @="DirectShow" "ComponentID"="activemovie" "IsInstalled"=dword:00000001 "DontAsk"=dword:00000002 "Locale"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}] @="Microsoft DirectX" "Version"=hex:04,00,09,00,00,00,88,03 . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] @="DirectDrawEx" "ComponentID"="DirectDrawEx" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,71,1113,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] @="Internet Explorer Help" "ComponentID"="HelpCont" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4EDEB605-DE0F-80F3-DB1F-0D1489FACDF8}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] @="DirectAnimation Java Classes" "ComponentID"="DAJava" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,00,01,0223" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] @="Microsoft Windows Script 5.8" "ComponentID"="MSVBScript" "IsInstalled"=dword:00000001 "Locale"="EN" "Version"="5,8,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5813F8E1-31D5-2BDC-EB50-D1BCC9CB8B0B}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] @="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser" "Locale"="EN" "Version"="4,7,0,3000" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" "IsInstalled"=dword:00000001 "Locale"="" "Version"="5,00,2918,1900" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] @="Internet Explorer Setup Tools" "ComponentID"="GenSetup" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "Version"="8,0,6001,18702" @="Browsing Enhancements" "ComponentID"="ExtraPack" "IsInstalled"=dword:00000001 "Locale"="" "KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] @="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp.inf,PerUserStub" "IsInstalled"=dword:00000001 "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] @="MSN Site Access" "ComponentID"="MSN_Auth" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,9,9,2" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "ComponentID"=".NETFramework" @=".NET Framework" "Locale"="" "Version"="2,0,50727,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] "Version"="1,0,1,7" @="Web Folders" "Locale"="" "IsInstalled"=dword:00000001 "ComponentID"="WebFolders" "StubPath"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "Version"="6,0,2900,3264" @="Address Book 6" "IsInstalled"=dword:00000001 "Locale"="EN" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "Version"="6,0,2900,2149" @="Windows Desktop Update" "ComponentID"="IE4Shell_NT" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "Version"="8,0,6001,18702" @="Internet Explorer" "ComponentID"="BASEIE40_W2K" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings" "LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "DontAsk"=dword:00000002 "StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install" "IsInstalled"=dword:00000001 "ComponentID"="DOTNETFRAMEWORKS" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] @="Dynamic HTML Data Binding" "ComponentID"="Tridata" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}] "Locale"="" "Version"="2,0,50727,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] "Locale"="" "Version"="2,0,50727,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C551C8E1-62AE-2F62-F864-3710BAC74A5E}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] @="Internet Explorer Core Fonts" "ComponentID"="Fontcore" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "Locale"="" "Version"="1,0,4322,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] @="Task Scheduler" "ComponentID"="MSTASK" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,71,1968,1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" "IsInstalled"=hex:01,00,00,00 "Version"="2,1,4026,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @="Macromedia Flash Player 8" "ComponentID"="Flash" "IsInstalled"=hex:01,00,00,00 "Version"="8.0.22.0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{DDE4117E-9B30-D614-1056-2BD4EC944AA0}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] @="HTML Help" "ComponentID"="HTMLHelp" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] @="Active Directory Service Interface" "ComponentID"="ADSI" "IsInstalled"=hex:01,00,00,00 "Locale"="EN" "Version"="5,0,00,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E9CA7759-B484-A6DA-9673-9B5D6ED3A838}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{FD9C6E1D-4CA2-0BE9-D265-E5ACAB3D60A7}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Korak 4 - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. Korak 5 Startuj Windows u Safe mode i tu pokreni sve fikseve koje sam ti prethodno dao (u ovoj i ovoj poruci). Mislim na: fixAssociations, EXE File Association Fix i LNK (Shortcut) File Association Fix. Restartuj sistem, ali opet u Safe mode. Proveri da li rade programi koji nisu radili, npr Add or Remove Programs? Ukoliko rade, restartuj sistem u Normal mode i proveri stanje. goran9888 (AMF Tim)

Profil

chupo17 Poslao: 12 Maj 2011 19:15 Idi na vrh
offline chupo17 Zaslužni građanin Milorad Pridružio: 09 Feb 2004 Poruke: 505 Gde živiš: U Srbiji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. korak odradio - uspešno 2. korak - ne mogu prići u Control Panelu bilo čemo, tako da na taj način ne mogu pokrenuti Firewall, može li preko CommandPrompta. 3. korak - čekam da uradim drugi ili da krenem dalje?

Profil

1l padr1n0 Poslao: 12 Maj 2011 19:23 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Start -> Run -> services.msc -> Windows Firewall -> servis treba da bude startovan i stavljen na Automatic. Start -> Run -> firewall.cpl -> ON

Profil

chupo17 Poslao: 12 Maj 2011 20:21 Idi na vrh
offline chupo17 Zaslužni građanin Milorad Pridružio: 09 Feb 2004 Poruke: 505 Gde živiš: U Srbiji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 12 Maj 2011 19:25 Našao sam Start - Run - firewall.cpl ostale komande preko Run opcije [Link mogu videti samo ulogovani korisnici] Dopuna: 12 Maj 2011 19:34 Moram napomenuti za one koji nekada budu imali ovakav problem da se fajl "CFScript" ne može prevući na ikonu ComboFix-a, već se mora pokrenuti na sledeći način - desni taster na ikonu "CFScript" fajla - izbor opcije Open with - sa liste izabrati ComboFix (ako li nema ikone ComboFix-a na listi, izabrati taster Choose Program i potom naći putanju do ComboFix-a) Dopuna: 12 Maj 2011 20:21 3. korak završen i rezultat je ovakav: ComboFix 11-05-11.04 - Pc 12.05.2011 19:37:02.12.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2037.1322 [GMT 2:00] Running from: d:\desktop\ComboFix.exe Command switches used :: d:\desktop\CFScript.txt . FILE :: "c:\windows\system32\wrwtw.dll" "c:\windows\system32\xlnalpu.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\wrwtw.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_TGJUJO . . ((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 ))))))))))))))))))))))))))))))) . . 2011-05-12 07:36 . 2011-05-12 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles 2011-05-12 06:00 . 2011-05-12 08:37 -------- d-----w- c:\program files\TweakNow PowerPack 2011 2011-05-12 06:00 . 2011-05-12 08:37 -------- d-----w- c:\documents and settings\Pc\Application Data\TweakNow PowerPack 2011 2011-05-11 05:35 . 2001-08-17 10:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys 2011-05-11 05:34 . 2001-08-17 10:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys 2011-05-11 05:33 . 2007-11-30 15:25 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys 2011-05-11 05:32 . 2001-08-17 12:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys 2011-05-11 05:31 . 2007-11-30 15:24 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys 2011-05-11 05:30 . 2001-08-17 10:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys 2011-05-11 05:29 . 2001-08-17 20:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll 2011-05-11 05:28 . 2001-08-17 10:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys 2011-05-09 08:53 . 2011-05-09 08:53 -------- d-----w- c:\program files\CCleaner 2011-05-09 08:07 . 2011-05-12 06:06 -------- d-----w- c:\windows\system32\NtmsData 2011-05-09 06:44 . 2011-05-09 06:44 388096 ----a-r- c:\documents and settings\Pc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-06 12:06 . 2009-11-06 11:16 291328 ----a-w- C:\gmer.exe 2011-05-06 07:16 . 2011-05-06 07:16 -------- d-----r- C:\MSOCache 2011-04-18 10:08 . 2011-05-09 09:42 -------- d-----w- c:\documents and settings\Pc\Application Data\My Games 2011-04-18 07:25 . 2011-04-18 07:25 -------- d-----w- c:\program files\Firaxis Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 22:36 . 2011-04-06 22:36 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-02-11 21:23 . 2011-02-11 21:23 53299 ----a-w- c:\windows\system32\pthreadVC.dll 2011-02-11 21:23 . 2011-02-11 21:23 35088 ----a-w- c:\windows\system32\drivers\npf.sys 2011-02-11 21:23 . 2011-02-11 21:23 281104 ----a-w- c:\windows\system32\wpcap.dll 2011-02-11 21:23 . 2011-02-11 21:23 100880 ----a-w- c:\windows\system32\Packet.dll 2011-04-29 11:11 . 2011-03-23 07:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-02-17 06:50 . 2011-02-17 06:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2011-05-12 17:42 . 2011-05-12 17:42 16384 c:\windows\temp\Perflib_Perfdata_4e4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "UseDesktopIniCache"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Firebird\\Firebird_1_5\\bin\\fbserver.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Documents and Settings\\Pc\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "9191:TCP"= 9191:TCP:PaperCut NG HTTP "9192:TCP"= 9192:TCP:PaperCut NG HTTPS "9193:TCP"= 9193:TCP:PaperCut NG Binary "5114:TCP"= 5114:TCP:PaperCut NG Firmware . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2011 12:36 AM 685816] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 11:23 PM 35088] R2 PCAppServer;PaperCut Application Server;c:\program files\PaperCut NG\server\bin\win\pc-server.exe [1/13/2011 1:32 PM 135168] R2 PCPrintProvider;PaperCut Print Provider;c:\program files\PaperCut NG\providers\print\win\pc-print.exe [1/13/2011 1:32 PM 323584] R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11/30/2010 7:08 PM 2222376] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/16/2010 2:51 PM 44032] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2010 9:21 AM 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/16/2010 2:49 PM 1684736] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/17/2011 8:50 AM 30192] S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?] S3 TrmbTS;TrmbTS;c:\windows\system32\drivers\TrmbTS.sys [11/10/2010 1:19 PM 29184] S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [11/10/2010 1:19 PM 9881] S4 PCWebPrint;PaperCut Web Print Server;c:\program files\PaperCut NG\providers\web-print\win\pc-web-print.exe [1/13/2011 1:32 PM 282624] . Contents of the 'Scheduled Tasks' folder . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 07:21] . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 07:21] . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-839522115-1003Core.job - c:\documents and settings\Pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 14:34] . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-839522115-1003UA.job - c:\documents and settings\Pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 14:34] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] TCP: {8EBDE815-A126-43FB-80A3-C5F4595953E5} = 192.168.0.1 . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2011-05-12 19:43 Windows 5.1.2600 Service Pack 3, v.3264 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components] @Denied: (Full) (Everyone) @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] @="Internet Explorer Version Update" "ComponentID"="IEUDINIT" "DontAsk"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe" "Version"="8,0,6001,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "DontAsk"=dword:00000002 "Version"="9,0,0,4503" "IsInstalled"=dword:00000000 "Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP" @="Windows Media Player" "ComponentID"="WMPACCESS" "Locale"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] @="Internet Explorer" "ComponentID"="IEACCESS" "Dontask"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigIE" "Version"="2,0,0,0" "LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] @="Browser Customizations" "ComponentiD"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Locale"="" "LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052" "StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" "Version"="6,0,2900,2149" "Locale"="" "IsInstalled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] @="Outlook Express" "ComponentID"="OEACCESS" "Dontask"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE" "Version"="2,0,0,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] @="Java (Sun)" "ComponentID"="JAVAVM" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll" "Version"="5,0,5000,0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] @="Vector Graphics Rendering (VML)" "ComponentID"="MSVML" "Version"="6,0,2462,0001" "IsInstalled"=hex:01,00,00,00 "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] @="" "ComponentID"="NetShow" "IsInstalled"=dword:00000001 "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "ComponentID"="Microsoft Windows Media Player" "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="" "IsInstalled"=dword:00000001 @="Microsoft Windows Media Player 6.4" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] @="DirectAnimation" "IsInstalled"=dword:00000001 "Version"="6,0,3,531" "Locale"="EN" "ComponentID"="DirectAnimation" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] @="Themes Setup" "ComponentID"="Theme Component" "IsInstalled"=dword:00000001 "Locale"="EN" "StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll" "Version"="1,1,1,7" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{31968B4C-3359-BB14-3AD0-3D6BE4FB4835}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="1,0,0,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] @="Dynamic HTML Data Binding for Java" "ComponentID"="TridataJava" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,7,0,0320" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "Version"="8,0,6001,18702" @="Offline Browsing Pack" "ComponentID"="MobilePk" "IsInstalled"=dword:00000001 "Locale"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] @="Uniscribe" "ComponentID"="USP10" "IsInstalled"=dword:00000001 "Locale"="" "Version"="1,397,2406,1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3E775812-CC9D-6B59-CAB1-6FD61B3C1CE7}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] @="Advanced Authoring" "ComponentID"="AdvAuth" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "Version"="6,0,2900,3264" @="Microsoft Outlook Express 6" "IsInstalled"=dword:00000001 "Locale"="EN" "ComponentID"="MailNews" "CloneUser"=dword:00000001 "StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] @="NetMeeting 3.01" "ComponentID"="NetMeeting" "IsInstalled"=hex:01,00,00,00 "Version"="4,4,0,3400" "Locale"="EN" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] @="DirectShow" "ComponentID"="activemovie" "IsInstalled"=dword:00000001 "DontAsk"=dword:00000002 "Locale"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}] @="Microsoft DirectX" "Version"=hex:04,00,09,00,00,00,88,03 . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] @="DirectDrawEx" "ComponentID"="DirectDrawEx" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,71,1113,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] @="Internet Explorer Help" "ComponentID"="HelpCont" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4EDEB605-DE0F-80F3-DB1F-0D1489FACDF8}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] @="DirectAnimation Java Classes" "ComponentID"="DAJava" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,00,01,0223" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] @="Microsoft Windows Script 5.8" "ComponentID"="MSVBScript" "IsInstalled"=dword:00000001 "Locale"="EN" "Version"="5,8,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5813F8E1-31D5-2BDC-EB50-D1BCC9CB8B0B}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] @="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser" "Locale"="EN" "Version"="4,7,0,3000" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" "IsInstalled"=dword:00000001 "Locale"="" "Version"="5,00,2918,1900" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] @="Internet Explorer Setup Tools" "ComponentID"="GenSetup" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "Version"="8,0,6001,18702" @="Browsing Enhancements" "ComponentID"="ExtraPack" "IsInstalled"=dword:00000001 "Locale"="" "KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] @="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp.inf,PerUserStub" "IsInstalled"=dword:00000001 "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] @="MSN Site Access" "ComponentID"="MSN_Auth" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,9,9,2" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "ComponentID"=".NETFramework" @=".NET Framework" "Locale"="" "Version"="2,0,50727,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] "Version"="1,0,1,7" @="Web Folders" "Locale"="" "IsInstalled"=dword:00000001 "ComponentID"="WebFolders" "StubPath"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "Version"="6,0,2900,3264" @="Address Book 6" "IsInstalled"=dword:00000001 "Locale"="EN" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "Version"="6,0,2900,2149" @="Windows Desktop Update" "ComponentID"="IE4Shell_NT" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "Version"="8,0,6001,18702" @="Internet Explorer" "ComponentID"="BASEIE40_W2K" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings" "LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "DontAsk"=dword:00000002 "StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install" "IsInstalled"=dword:00000001 "ComponentID"="DOTNETFRAMEWORKS" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] @="Dynamic HTML Data Binding" "ComponentID"="Tridata" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}] "Locale"="" "Version"="2,0,50727,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] "Locale"="" "Version"="2,0,50727,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C551C8E1-62AE-2F62-F864-3710BAC74A5E}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] @="Internet Explorer Core Fonts" "ComponentID"="Fontcore" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "Locale"="" "Version"="1,0,4322,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] @="Task Scheduler" "ComponentID"="MSTASK" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,71,1968,1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" "IsInstalled"=hex:01,00,00,00 "Version"="2,1,4026,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @="Macromedia Flash Player 8" "ComponentID"="Flash" "IsInstalled"=hex:01,00,00,00 "Version"="8.0.22.0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{DDE4117E-9B30-D614-1056-2BD4EC944AA0}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] @="HTML Help" "ComponentID"="HTMLHelp" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] @="Active Directory Service Interface" "ComponentID"="ADSI" "IsInstalled"=hex:01,00,00,00 "Locale"="EN" "Version"="5,0,00,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E9CA7759-B484-A6DA-9673-9B5D6ED3A838}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{FD9C6E1D-4CA2-0BE9-D265-E5ACAB3D60A7}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2132) c:\program files\TeamViewer\Version6\tv_w32.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\dot3dlg.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\hnetcfg.dll c:\program files\Microsoft Virtual PC\VPCShExH.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\PaperCut NG\runtime\jre\bin\pc-app.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE c:\program files\TeamViewer\Version6\TeamViewer.exe c:\program files\TeamViewer\Version6\tv_w32.exe c:\windows\system32\wscntfy.exe c:\program files\teamviewer\version6\TeamViewer_Desktop.exe . ************************************************************************** . Completion time: 2011-05-12 19:46:37 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-12 17:46 ComboFix2.txt 2011-05-12 08:50 ComboFix3.txt 2011-05-12 08:34 ComboFix4.txt 2011-05-09 14:29 . Pre-Run: 124.964.593.664 bytes free Post-Run: 124.863.516.672 bytes free . - - End Of File - - 45C320DA130FD2F0BFBB3E7DB6B951E7

Profil

1l padr1n0 Poslao: 13 Maj 2011 01:52 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sta je sa koracima 4 i 5? Kada ih odradis, obavesti me o tome. Takodje uradi i sledece (nakon zavrsenog 5-og koraka) ... Start -> Run -> regedit Idi do sledeceg kljuca u registry bazi: HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components Desni klik na njega -> Permissions (kao na slici) U sledecem prozoru klikni na Everyone i destikliraj sve stavke koje se nalaze pod Deny (kao na slici): Onda klikni na Advanced u tom prozoru i stikliraj opciju Replace permissions entries ... kao na slici: Nakon toga pokreni ComboFix i postavi mi izvestaj koji dobijes, da pogledam. goran9888 (AMF Tim)

Profil

chupo17 Poslao: 13 Maj 2011 09:20 Idi na vrh
offline chupo17 Zaslužni građanin Milorad Pridružio: 09 Feb 2004 Poruke: 505 Gde živiš: U Srbiji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 13 Maj 2011 7:38 USB skeniranje USBNoRisk 2.7 (28 December 2010) by bobby Started at 13.5.2011 7:30:49 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {f75f65b4-156b-11df-8a19-806d6172696f} D: {f75f65b5-156b-11df-8a19-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for f75f65b4-156b-11df-8a19-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for f75f65b5-156b-11df-8a19-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 13.5.2011 7:31:13 Scanning for connected USB mass storage... ---------------------------------------- F: {f82fd0c4-4496-11e0-b557-6cf049550f37} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No autorun.inf files found on F: No mountpoint found for f82fd0c4-4496-11e0-b557-6cf049550f37 ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\000 INSTALL\ contains [Link mogu videti samo ulogovani korisnici] string ---------------------------------------- [.ShellClassInfo] HTMLInfoTipFile=file://Comment.htt ConfirmFileOp = 0 ---------------------------------------- Referenced file F:\000 INSTALL\Comment.htt not found ---------------------------------------- Desktop.ini found at F:\ contains [Link mogu videti samo ulogovani korisnici] string ---------------------------------------- [.ShellClassInfo] HTMLInfoTipFile=file://Comment.htt ConfirmFileOp = 0 ---------------------------------------- Referenced file F:\Comment.htt not found ---------------------------------------- No mimics found on drive F: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 13.5.2011 7:33:18 Scanning for connected USB mass storage... ---------------------------------------- F: {bd2cc40e-cd23-11df-b4a1-6cf049550f37} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No autorun.inf files found on F: No mountpoint found for bd2cc40e-cd23-11df-b4a1-6cf049550f37 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 13.5.2011 7:33:59 Scanning for connected USB mass storage... ---------------------------------------- J: {bd2cc407-cd23-11df-b4a1-6cf049550f37} Added J: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on J: ---------------------------------------- No autorun.inf files found on J: No mountpoint found for bd2cc407-cd23-11df-b4a1-6cf049550f37 ---------------------------------------- No Desktop.ini files found on J: ---------------------------------------- No mimics found on drive J: ---------------------------------------- .lnk/.pif/.com/.scr files found on drive J: ======================================== ======================================== Removed J: ======================================== New device connected at 13.5.2011 7:34:52 Scanning for connected USB mass storage... ---------------------------------------- F: {2d76dfc3-69a1-11e0-b58e-6cf049550f37} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No autorun.inf files found on F: No mountpoint found for 2d76dfc3-69a1-11e0-b58e-6cf049550f37 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive F: ======================================== ======================================== Removed F: ======================================== Dopuna: 13 Maj 2011 9:20 Odrađen 4 i 5 korak, ali nema povoljnih dešavanja. Zadatak vezan za Registry bazu je urađen, pokrenut ComboFix i log je u nastavku: ComboFix 11-05-12.02 - Pc 13.05.2011 8:57.13.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2037.1375 [GMT 2:00] Running from: d:\desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))) . . 2011-05-13 05:35 . 2011-05-13 05:38 -------- d-----w- C:\USBNoRisk 2011-05-12 07:36 . 2011-05-12 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles 2011-05-12 06:00 . 2011-05-12 08:37 -------- d-----w- c:\program files\TweakNow PowerPack 2011 2011-05-12 06:00 . 2011-05-12 08:37 -------- d-----w- c:\documents and settings\Pc\Application Data\TweakNow PowerPack 2011 2011-05-11 05:35 . 2001-08-17 10:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys 2011-05-11 05:34 . 2001-08-17 10:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys 2011-05-11 05:33 . 2007-11-30 15:25 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys 2011-05-11 05:32 . 2001-08-17 12:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys 2011-05-11 05:31 . 2007-11-30 15:24 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys 2011-05-11 05:30 . 2001-08-17 10:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys 2011-05-11 05:29 . 2001-08-17 20:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll 2011-05-11 05:28 . 2001-08-17 10:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys 2011-05-09 08:53 . 2011-05-09 08:53 -------- d-----w- c:\program files\CCleaner 2011-05-09 08:07 . 2011-05-12 06:06 -------- d-----w- c:\windows\system32\NtmsData 2011-05-09 06:44 . 2011-05-09 06:44 388096 ----a-r- c:\documents and settings\Pc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-06 12:06 . 2009-11-06 11:16 291328 ----a-w- C:\gmer.exe 2011-05-06 07:16 . 2011-05-06 07:16 -------- d-----r- C:\MSOCache 2011-04-18 10:08 . 2011-05-09 09:42 -------- d-----w- c:\documents and settings\Pc\Application Data\My Games 2011-04-18 07:25 . 2011-04-18 07:25 -------- d-----w- c:\program files\Firaxis Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 22:36 . 2011-04-06 22:36 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-04-29 11:11 . 2011-03-23 07:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-02-17 06:50 . 2011-02-17 06:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2011-05-13 06:39 . 2011-05-13 06:39 16384 c:\windows\temp\Perflib_Perfdata_360.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "UseDesktopIniCache"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Firebird\\Firebird_1_5\\bin\\fbserver.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Documents and Settings\\Pc\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "9191:TCP"= 9191:TCP:PaperCut NG HTTP "9192:TCP"= 9192:TCP:PaperCut NG HTTPS "9193:TCP"= 9193:TCP:PaperCut NG Binary "5114:TCP"= 5114:TCP:PaperCut NG Firmware . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2011 12:36 AM 685816] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 11:23 PM 35088] R2 PCPrintProvider;PaperCut Print Provider;c:\program files\PaperCut NG\providers\print\win\pc-print.exe [1/13/2011 1:32 PM 323584] R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11/30/2010 7:08 PM 2222376] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/16/2010 2:51 PM 44032] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2010 9:21 AM 136176] S2 PCAppServer;PaperCut Application Server;c:\program files\PaperCut NG\server\bin\win\pc-server.exe [1/13/2011 1:32 PM 135168] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/16/2010 2:49 PM 1684736] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/17/2011 8:50 AM 30192] S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?] S3 TrmbTS;TrmbTS;c:\windows\system32\drivers\TrmbTS.sys [11/10/2010 1:19 PM 29184] S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [11/10/2010 1:19 PM 9881] S4 PCWebPrint;PaperCut Web Print Server;c:\program files\PaperCut NG\providers\web-print\win\pc-web-print.exe [1/13/2011 1:32 PM 282624] . Contents of the 'Scheduled Tasks' folder . 2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 07:21] . 2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 07:21] . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-839522115-1003Core.job - c:\documents and settings\Pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 14:34] . 2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-839522115-1003UA.job - c:\documents and settings\Pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 14:34] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] TCP: {8EBDE815-A126-43FB-80A3-C5F4595953E5} = 192.168.0.1 . . ------- File Associations ------- . .scr=AutoCADScriptFile . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2011-05-13 09:01 Windows 5.1.2600 Service Pack 3, v.3264 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components] @Denied: (Full) (Everyone) @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] @="Internet Explorer Version Update" "ComponentID"="IEUDINIT" "DontAsk"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe" "Version"="8,0,6001,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "DontAsk"=dword:00000002 "Version"="9,0,0,4503" "IsInstalled"=dword:00000000 "Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP" @="Windows Media Player" "ComponentID"="WMPACCESS" "Locale"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] @="Internet Explorer" "ComponentID"="IEACCESS" "Dontask"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigIE" "Version"="2,0,0,0" "LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] @="Browser Customizations" "ComponentiD"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Locale"="" "LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052" "StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" "Version"="6,0,2900,2149" "Locale"="" "IsInstalled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] @="Outlook Express" "ComponentID"="OEACCESS" "Dontask"=dword:00000002 "IsInstalled"=dword:00000001 "Locale"="" "StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE" "Version"="2,0,0,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] @="Java (Sun)" "ComponentID"="JAVAVM" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll" "Version"="5,0,5000,0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] @="Vector Graphics Rendering (VML)" "ComponentID"="MSVML" "Version"="6,0,2462,0001" "IsInstalled"=hex:01,00,00,00 "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] @="" "ComponentID"="NetShow" "IsInstalled"=dword:00000001 "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] "ComponentID"="Microsoft Windows Media Player" "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="" "IsInstalled"=dword:00000001 @="Microsoft Windows Media Player 6.4" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] @="DirectAnimation" "IsInstalled"=dword:00000001 "Version"="6,0,3,531" "Locale"="EN" "ComponentID"="DirectAnimation" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] @="Themes Setup" "ComponentID"="Theme Component" "IsInstalled"=dword:00000001 "Locale"="EN" "StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll" "Version"="1,1,1,7" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{31968B4C-3359-BB14-3AD0-3D6BE4FB4835}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="1,0,0,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] @="Dynamic HTML Data Binding for Java" "ComponentID"="TridataJava" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,7,0,0320" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "Version"="8,0,6001,18702" @="Offline Browsing Pack" "ComponentID"="MobilePk" "IsInstalled"=dword:00000001 "Locale"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] @="Uniscribe" "ComponentID"="USP10" "IsInstalled"=dword:00000001 "Locale"="" "Version"="1,397,2406,1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3E775812-CC9D-6B59-CAB1-6FD61B3C1CE7}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] @="Advanced Authoring" "ComponentID"="AdvAuth" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "Version"="6,0,2900,3264" @="Microsoft Outlook Express 6" "IsInstalled"=dword:00000001 "Locale"="EN" "ComponentID"="MailNews" "CloneUser"=dword:00000001 "StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] @="NetMeeting 3.01" "ComponentID"="NetMeeting" "IsInstalled"=hex:01,00,00,00 "Version"="4,4,0,3400" "Locale"="EN" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] @="DirectShow" "ComponentID"="activemovie" "IsInstalled"=dword:00000001 "DontAsk"=dword:00000002 "Locale"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}] @="Microsoft DirectX" "Version"=hex:04,00,09,00,00,00,88,03 . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] @="DirectDrawEx" "ComponentID"="DirectDrawEx" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,71,1113,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] @="Internet Explorer Help" "ComponentID"="HelpCont" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4EDEB605-DE0F-80F3-DB1F-0D1489FACDF8}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] @="DirectAnimation Java Classes" "ComponentID"="DAJava" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,00,01,0223" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] @="Microsoft Windows Script 5.8" "ComponentID"="MSVBScript" "IsInstalled"=dword:00000001 "Locale"="EN" "Version"="5,8,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5813F8E1-31D5-2BDC-EB50-D1BCC9CB8B0B}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] @="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser" "Locale"="EN" "Version"="4,7,0,3000" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" "IsInstalled"=dword:00000001 "Locale"="" "Version"="5,00,2918,1900" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] @="Internet Explorer Setup Tools" "ComponentID"="GenSetup" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "Version"="8,0,6001,18702" @="Browsing Enhancements" "ComponentID"="ExtraPack" "IsInstalled"=dword:00000001 "Locale"="" "KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] @="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" "DontAsk"=dword:00000002 "Locale"="EN" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp.inf,PerUserStub" "IsInstalled"=dword:00000001 "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] @="MSN Site Access" "ComponentID"="MSN_Auth" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,9,9,2" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "ComponentID"=".NETFramework" @=".NET Framework" "Locale"="" "Version"="2,0,50727,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] "Version"="1,0,1,7" @="Web Folders" "Locale"="" "IsInstalled"=dword:00000001 "ComponentID"="WebFolders" "StubPath"="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "Version"="6,0,2900,3264" @="Address Book 6" "IsInstalled"=dword:00000001 "Locale"="EN" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "Version"="6,0,2900,2149" @="Windows Desktop Update" "ComponentID"="IE4Shell_NT" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "Version"="8,0,6001,18702" @="Internet Explorer" "ComponentID"="BASEIE40_W2K" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings" "LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "DontAsk"=dword:00000002 "StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install" "IsInstalled"=dword:00000001 "ComponentID"="DOTNETFRAMEWORKS" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] @="Dynamic HTML Data Binding" "ComponentID"="Tridata" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}] "Locale"="" "Version"="2,0,50727,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] "Locale"="" "Version"="2,0,50727,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C551C8E1-62AE-2F62-F864-3710BAC74A5E}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] @="Internet Explorer Core Fonts" "ComponentID"="Fontcore" "IsInstalled"=dword:00000001 "Locale"="" "Version"="8,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "Locale"="" "Version"="1,0,4322,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] @="Task Scheduler" "ComponentID"="MSTASK" "IsInstalled"=dword:00000001 "Locale"="" "Version"="4,71,1968,1" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" "IsInstalled"=hex:01,00,00,00 "Version"="2,1,4026,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @="Macromedia Flash Player 8" "ComponentID"="Flash" "IsInstalled"=hex:01,00,00,00 "Version"="8.0.22.0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{DDE4117E-9B30-D614-1056-2BD4EC944AA0}] @="Browser Customizations" "ComponentID"="BRANDING.CAB" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="6,0,2900,2149" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] @="HTML Help" "ComponentID"="HTMLHelp" "IsInstalled"=dword:00000001 "Locale"="" "Version"="6,0,6001,18702" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] @="Active Directory Service Interface" "ComponentID"="ADSI" "IsInstalled"=hex:01,00,00,00 "Locale"="EN" "Version"="5,0,00,0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E9CA7759-B484-A6DA-9673-9B5D6ED3A838}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . [HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{FD9C6E1D-4CA2-0BE9-D265-E5ACAB3D60A7}] @="Windows Media Player" "ComponentID"="WMPACCESS" "IsInstalled"=dword:00000001 "Local"="EN" "Version"="9,0,0,4503" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3856) c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\dot3dlg.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-05-13 09:03:25 ComboFix-quarantined-files.txt 2011-05-13 07:03 ComboFix2.txt 2011-05-12 17:46 ComboFix3.txt 2011-05-12 08:50 ComboFix4.txt 2011-05-12 08:34 ComboFix5.txt 2011-05-13 06:56 . Pre-Run: 127.929.344.000 bytes free Post-Run: 127.908.147.200 bytes free . - - End Of File - - 67EB48AF426630286F4A29BBF907F35F

Profil

1l padr1n0 Poslao: 13 Maj 2011 13:55 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! S'obzirom da nemas antivirus, ja ti predlazem da odmah instaliras jedan (i samo jedan). Moj predlog ti je da koristis neku besplatnu varijantu antivirusa tipa: Avast, Avira, AVG, Panda Cloud, MSE, itd. Ukoliko ti treba download link, javi. Bas me zanima dal' bi imao isti problem i kad bi napravio novi administratorski nalog. Start -> Control Panel -> User Accounts -> Create a New Account -> upisi ime novog naloga -> izaberi Computer Administaror na sledecem prozoru i idi na Create Account. Inace, User Accounts mozes pokrenuti i na sledeci nacin: Start -> Run -> nusrmgr.cpl Nakon sto napravis novi nalog, restartuj sistem i uloguj se na taj, novi nalog. Proveri da li imas problema sa sistemom? Ovaj postupak ponovi za svaki memorijski uredjaj ponaosob!!! - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{f82fd0c4-4496-11e0-b557-6cf049550f37} folder_list:%DRIVE% no_sh: {bd2cc407-cd23-11df-b4a1-6cf049550f37} folder_list: no_sh: {2d76dfc3-69a1-11e0-b58e-6cf049550f37} folder_list: no_sh:` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa pokretanjem programa

Ko je trenutno na forumu

Ukupno su 1343 korisnika na forumu :: 99 registrovanih, 11 sakrivenih i 1233 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., aramis s, Armadillo, Avalon015, blackjack, bojan_t, bokisha253, Borej, Boris90, brufen, Cian, CikaKURE, Civa, cojapop, darkojbn, debeli, Dimitrije Paunovic, Dorijan Grej, Drakce65, drgrozozo, dusanobr, ElGenius, Erast Petrovic, Fabius, goran.vvv, ikan, ILGromovnik, IQ116, Jeremiah, jodzula, Jose, K2, kljift, Kobrim, Koridor, kunktator, kybonacci, Lazur_01, lcc, Limeni91, LostInSpaceandTime, markolopin, markomacii9, Mi lao shu, mikrimaus, milenko crazy north, MILO-VAN, milos.cbr, Mldo, MountAndBlade, Mrav Obrad, Najax, nelezele, neutrino, nick79, niksa517, omen, opt1, Paklenica, Pale2025, panzermilan45, Parker, ping15, Povratak1912, Prašinar, precan, rakivan, Rebel Frank, samojednoimeznam, sekretar, septembar, Skok23, Slavian, sova72, spalev, sslay, stalja, StalniPromatrač, strelac07, styg, tamno.nebo, Tas011, Tribal, trutcina, ujke, User98, vathra, vidra boy, vladao75, vladas87, wizzardone, Wrangler, zg, ZlatniRez, Zoca, Zorge, |_MeD_|, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by