Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

.exe promenjeni u .lnk

[es] :: Zaštita :: .exe promenjeni u .lnk

[ Pregleda: 5336 | Odgovora: 5 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

Milos038
Miloš Lazić
Vienna

Član broj: 45891
Poruke: 684
*.dynamic.isp.telekom.rs.



+2 Profil

icon .exe promenjeni u .lnk26.08.2010. u 13:58 - pre 166 meseci
Najednom su mi se svi fajlovi na desktopu i u start meniju koji su bili .exe ili putanja za .exe promenili u .lnk ekstenziju
U pitanju je Windows 7 a od antivirusa imam NOD32 antivirus i internet security koji su redovno update-ovani
Probao sam da rešim problem na sledeće načine:

- fix .exe
- fix .lnk
- registry cleaner
- combofix
- skeniranje sa nod32

ništa od toga nije pomoglo

hijackthis kaže sledeće:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:58:21, on 26.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [RegTool] C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Milos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Recordingserver Manager.lnk = C:\Program Files\Milestone\Milestone Surveillance\DisplayStatus.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://nikolakum.dipmap.com/cab/OCXChecker_6110.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/....0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} (NEWIE Control) - http://pm72a.ath.cx/NEWIE.cab
O16 - DPF: {6714928B-F4BF-4E44-82EF-BB036DBD9213} (TLNetDvr ActiveX Control V1.0) - http://pm72a.ath.cx/TLNetDvr.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://news.beograd.com/AxisCamControl.ocx
O16 - DPF: {9D1DD603-DCCE-4738-ABAE-B367B170EEB1} (LvrWeb Control) - http://218.17.167.34:8081/LvrWeb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://nikolakum.dipmap.com/cab/DownloadFile_7000.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O23 - Service: Apache - Unknown owner - C:\APACHE\Apache.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GemSAFE Card Server - Gemplus - C:\Program Files\Gemalto\Classic Client\BIN\GCardSrvNT.exe
O23 - Service: GSL Share Memory (GslShmSrvc ) - Gemalto - C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
O23 - Service: Milestone Image Import Service - Unknown owner - C:\Program Files\Milestone\Milestone Surveillance\ImageImportService.exe
O23 - Service: Milestone Image Server - Milestone Systems A/S - C:\Program Files\Milestone\Milestone Surveillance\ImageServer.exe
O23 - Service: Milestone Log Check Service - Unknown owner - C:\Program Files\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe
O23 - Service: Milestone Recording Server - Milestone Systems A/S - C:\Program Files\Milestone\Milestone Surveillance\RecordingServer.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7752 bytes
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: .exe promenjeni u .lnk26.08.2010. u 15:23 - pre 166 meseci
Log je cist...
Combofix nemoj nikad na svoju ruku da pokreces...
Poznato je da virusi ponekad mogu da obrisu podatke, jedan od cestih problema je upravo vezan za ovaj pojam...desava se da virus pojede deo registry baze koji je namenjen za asocijacije za fajlove odnosno za fajlove sa tom ekstenzijom...unosenjem podrazumevanih vrednosti u registre vraca se mogucnost da se otvore fajlovi sa trenutno nedostupnom ekstenzijom...
Skini ovaj fix koji cu upload-ovati uz poruku, extract-uj ga, pokreni, restartuj kompjuter...nakon toga javi sta se desava...




[Ovu poruku je menjao Aleksandar Maletic dana 26.08.2010. u 19:52 GMT+1]
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
Prikačeni fajlovi
exe_fix_w7.zip exe_fix_w7.zip - 0.94k
 
Odgovor na temu

Milos038
Miloš Lazić
Vienna

Član broj: 45891
Poruke: 684
*.dynamic.isp.telekom.rs.



+2 Profil

icon Re: .exe promenjeni u .lnk26.08.2010. u 21:30 - pre 166 meseci
probao sam taj exe fix ali mi izbacuje grešku (kao da je registry već otvoren) nakon toga sam pokušao iz safe moda i isto nije htelo a nakon ponovnog restarta sve se samo vratilo
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: .exe promenjeni u .lnk27.08.2010. u 02:13 - pre 166 meseci
Procitaj malo o ovome...
http://www.raymond.cc/blog/arc...m-association-caused-by-virus/
Trebalo bi da resi tvoj problem...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

goran9888

Član broj: 171536
Poruke: 235
*.dynamic.isp.telekom.rs.



+18 Profil

icon Re: .exe promenjeni u .lnk27.08.2010. u 15:47 - pre 166 meseci
Okaci nam Combo Fix log (kad si ga vec pokretao na svoju ruku) koji se nalazi u root-u C particije i zove se ComboFix.txt.
 
Odgovor na temu

Milos038
Miloš Lazić
Vienna

Član broj: 45891
Poruke: 684
*.dynamic.isp.telekom.rs.



+2 Profil

icon Re: .exe promenjeni u .lnk02.09.2010. u 06:53 - pre 165 meseci
Evo loga kada je pc bio u problemu

ComboFix 10-08-25.01 - Milos 26.08.2010 13:43:24.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.381.1033.18.2047.1419 [GMT 2:00]
Running from: C:\Users\Milos\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\autorun.inf
L:\autorun.inf
N:\Autorun.inf
O:\Autorun.inf

C:\Windows\system32\wininit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-08 09:34:27 . 2010-08-08 09:34:27 -------- d-----w- C:\Users\Milos\AppData\Roaming\Milestone
2010-07-28 09:04:13 . 2010-07-28 09:04:13 143640 ----a-w- C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 09:02:18 . 2010-07-28 09:03:18 -------- d-----w- C:\Program Files\Milestone
2010-07-27 20:36:21 . 2010-07-27 20:36:21 -------- d-----w- C:\Users\Milos\AppData\Local\storage
2010-07-27 15:21:24 . 2010-07-27 15:21:24 -------- d-----w- C:\Program Files\Ubisoft
2010-07-27 15:20:44 . 2010-07-27 20:28:16 -------- d-----w- C:\Program Files\Prince of Persia The Forgotten Sands

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 11:51:44 . 2009-12-06 22:07:26 -------- d-----w- C:\ProgramData\NVIDIA
2010-08-26 11:18:18 . 2010-02-03 09:40:11 -------- d-----w- C:\Users\Milos\AppData\Roaming\Autodesk
2010-08-26 11:18:18 . 2010-02-03 09:40:11 -------- d-----w- C:\ProgramData\Autodesk
2010-08-25 21:28:50 . 2009-12-06 22:42:51 -------- d-----w- C:\Users\Milos\AppData\Roaming\uTorrent
2010-08-09 00:18:28 . 2009-12-08 00:13:53 2984 --sha-w- C:\ProgramData\KGyGaAvL.sys
2010-08-09 00:18:28 . 2009-12-08 00:13:53 2984 --sha-w- C:\ProgramData\KGyGaAvL.sys
2010-08-01 10:00:45 . 2009-12-08 00:13:53 88 --sh--r- C:\ProgramData\8123FFEA16.sys
2010-08-01 10:00:45 . 2009-12-08 00:13:53 88 --sh--r- C:\ProgramData\8123FFEA16.sys
2010-07-27 15:21:18 . 2010-01-05 10:55:03 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-07-21 10:14:18 . 2010-07-21 10:14:18 -------- d-----w- C:\Program Files\City Interactive
2010-07-18 08:56:37 . 2010-07-18 08:55:33 -------- d-----w- C:\Program Files\Serious Sam 2
2010-07-16 17:16:56 . 2010-07-16 17:16:56 12288 ----a-r- C:\Users\Milos\AppData\Roaming\Microsoft\Installer\{4DB614CA-47C0-468B-A83C-C44C2D6A29AE}\Icon4DB614CA.exe
2010-07-16 17:16:55 . 2010-07-16 17:16:55 -------- d-----w- C:\Program Files\DVR Client
2010-07-16 17:16:38 . 2009-12-06 22:06:57 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-16 17:11:39 . 2010-07-16 17:11:39 -------- d-----w- C:\Program Files\MainConcept
2010-07-16 15:07:19 . 2010-07-16 15:07:05 -------- d-----w- C:\Program Files\SNS
2010-07-16 15:05:24 . 2010-07-16 15:05:19 -------- d-----w- C:\Program Files\CMS
2010-07-16 15:03:06 . 2010-07-16 15:02:58 -------- d-----w- C:\Program Files\Player
2010-06-02 02:55:30 . 2010-07-27 20:34:45 74072 ----a-w- C:\Windows\system32\XAPOFX1_5.dll
2010-06-02 02:55:30 . 2010-07-27 20:34:45 527192 ----a-w- C:\Windows\system32\XAudio2_7.dll
2010-06-02 02:55:30 . 2010-07-27 20:34:44 239960 ----a-w- C:\Windows\system32\xactengine3_7.dll
2002-08-27 16:32:02 . 2010-01-01 19:49:42 401462 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcp60.dll
2002-08-27 16:32:02 . 2010-01-01 19:50:06 295000 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcrt.dll
2009-06-10 21:26:35 . 2009-07-14 02:04:20 9633792 --sha-r- C:\Windows\Fonts\StaticCache.dat
2009-07-14 01:14:45 . 2009-07-13 23:42:17 396800 --sha-w- C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 17:27:06 5137648]
"Google Update"="C:\Users\Milos\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-13 17:14:13 136176]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:14:38 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 12:02:52 2054360]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47:42 31016]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2009-11-09 03:17:50 180224]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 23:22:10 7514656]
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 23:22:52 1833504]
"WheelMouse"="C:\ADVANC~1\wh_exec.exe" [2008-08-21 21:53:10 151552]
"RegTool"="C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe" [2008-09-03 14:26:00 188416]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2010-6-18 118784]
Recordingserver Manager.lnk - C:\Program Files\Milestone\Milestone Surveillance\DisplayStatus.exe [2008-7-14 193888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DvrNet Site.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DvrNet Site.lnk
backup=C:\Windows\pss\DvrNet Site.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 22:32:51 640376 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 03:08:25 38768 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08:30 935288 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-05-12 10:36:18 623888 ----a-w- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17:50 180224 ----a-w- C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-04-30 11:19:18 1406224 ----a-w- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14:38 1173504 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-27 21:36:33 289584 ----a-w- C:\Program Files\uTorrent\uTorrent.exe

R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2009-07-13 22:02:53 545792]
R3 SDDrv;SDDrv;C:\Windows\system32\Drivers\SDDrv.sys [2007-04-24 05:25:06 39424]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 14:02:34 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2009-09-29 12:02:58 108792]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 12:03:46 735960]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 12:05:58 95896]
S2 GemSAFE Card Server;GemSAFE Card Server;C:\Program Files\Gemalto\Classic Client\BIN\GCardSrvNT.exe [2008-04-14 13:23:30 118784]
S2 GslShmSrvc ;GSL Share Memory;C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2007-10-19 15:09:52 57344]
S2 Milestone Image Import Service;Milestone Image Import Service;C:\Program Files\Milestone\Milestone Surveillance\ImageImportService.exe [2008-07-14 21:32:52 2064384]
S2 Milestone Image Server;Milestone Image Server;C:\Program Files\Milestone\Milestone Surveillance\ImageServer.exe [2008-07-14 21:35:06 3162112]
S2 Milestone Log Check Service;Milestone Log Check Service;C:\Program Files\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [2008-07-14 21:30:34 282624]
S2 Milestone Recording Server;Milestone Recording Server;C:\Program Files\Milestone\Milestone Surveillance\RecordingServer.exe [2009-02-07 19:58:32 2801664]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2009-10-20 18:19:44 50704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 18:17:00 240232]
S3 cxbu0wdm;CardMan 3x21;C:\Windows\system32\DRIVERS\cxbu0wdm.sys [2009-06-24 12:16:22 114304]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 23:52:10 14336]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 22:45:02 6784]

.
Contents of the 'Scheduled Tasks' folder

2010-08-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252205711-3377235566-1145461151-1001Core.job
- C:\Users\Milos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-13 17:14:13 . 2010-06-13 17:14:13]

2010-08-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4252205711-3377235566-1145461151-1001UA.job
- C:\Users\Milos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-13 17:14:13 . 2010-06-13 17:14:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ath.cx\pm72a
Trusted Zone: sanjatigrica.com\www
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://nikolakum.dipmap.com/cab/OCXChecker_6110.cab
DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} - hxxp://pm72a.ath.cx/NEWIE.cab
DPF: {6714928B-F4BF-4E44-82EF-BB036DBD9213} - hxxp://pm72a.ath.cx/TLNetDvr.CAB
DPF: {9D1DD603-DCCE-4738-ABAE-B367B170EEB1} - hxxp://218.17.167.34:8081/LvrWeb.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} - hxxp://nikolakum.dipmap.com/cab/DownloadFile_7000.cab
FF - ProfilePath - C:\Users\Milos\AppData\Roaming\Mozilla\Firefox\Profiles\mf3t056m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Users\Milos\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Users\Milos\AppData\Roaming\Mozilla\Firefox\Profiles\mf3t056m.default\extensions\[email protected]\plugins\npTVUAx.dll

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-EmergencyAutoRun - C:\DvrCenter\EmergencyMonitor.exe
 
Odgovor na temu

[es] :: Zaštita :: .exe promenjeni u .lnk

[ Pregleda: 5336 | Odgovora: 5 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.