Poslao: 31 Avg 2009 11:14
|
offline
- vucko16
- Ugledni građanin
- Pridružio: 20 Nov 2007
- Poruke: 387
- Gde živiš: Novi Beograd
|
pozz
Imam problema,naime opterecenje procesora dodje na 100% a nista ne radim,i pocne da mi komp baguje,i tako ga optereti i ne mogu nista da radim,otvara faskickle sporo,mozilu,sve. Jedino kada ga restartujem radi normalno neko vreme i opet iznova sve.
Da li mozete da vidite da li ima nekih problema?
evo i fajlova :
DDS (Ver_09-07-30.01) - NTFSx86
Run by Vuceta at 19:53:22,98 on ??? 30.08.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.515 [GMT 2:00]
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\Vuceta\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = https://online.bancaintesabeograd.com/
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\vuceta\startm~1\programs\startup\INTERN~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\funnsystems yump3com-user-authorization\YuMp3ComLogin.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bancaintesabeograd.com\online
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {4522FF65-4AB6-4376-A182-D7F9DF4F9C02} = 194.247.192.1 194.247.192.33
TCP: {7A30D411-D342-4FB5-9D00-CC5190374A49} = 85.255.112.39,85.255.112.40
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\vuceta\applic~1\mozilla\firefox\profiles\qb727rbi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - component: c:\program files\bs.player controlbar\firefoxdtt\components\BSToolbarFF.dll
FF - component: c:\program files\mozilla firefox 3 beta 5\components\iamfamous.dll
FF - plugin: c:\documents and settings\vuceta\application data\mozilla\firefox\profiles\qb727rbi.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2008-1-9 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-1-9 31504]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-1-9 618232]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 FGUARD32;FGUARD32;c:\program files\folder guard pro\FGUARD32.SYS [2009-7-3 48896]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2007-11-14 114616]
S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [?]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2007-11-14 63555]
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\gigabyte\@bios\markfun.w32 --> c:\program files\gigabyte\@bios\markfun.w32 [?]
S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [2009-8-3 58536]
S3 tusbdbus;Incentive Pro USB Bus Driver;c:\windows\system32\drivers\tusbdbus.sys --> c:\windows\system32\drivers\tusbdbus.sys [?]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-11-17 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-11-19 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-11-19 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-11-20 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-11-20 86368]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2009-08-20 21:18 421,888 a------- c:\windows\system32\ac3filter.acm
2009-08-20 21:18 <DIR> --d----- c:\program files\XP Codec Pack
2009-08-20 21:02 815,104 a------- c:\windows\system32\xvidcore.dll
2009-08-20 21:02 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-08-20 21:02 77,824 a------- c:\windows\system32\xvid.ax
2009-08-20 21:02 <DIR> --d----- c:\program files\Xvid
2009-08-20 20:19 <DIR> --d----- c:\program files\WinPcap
2009-08-19 11:03 352 a---h--- c:\windows\nod32fixtemdono.reg
2009-08-19 10:59 <DIR> --d----- c:\program files\ESET
2009-08-17 23:07 <DIR> --d----- c:\program files\FDRLab
2009-08-17 23:00 <DIR> --d----- c:\program files\Photo DVD Creator
2009-08-11 12:33 1,024 a------- c:\windows\system32\gncontent.cch
2009-08-11 12:22 <DIR> --d----- c:\program files\common files\Sony Shared
2009-08-11 12:22 <DIR> --d----- c:\program files\Sony
2009-08-05 19:22 1,246,648 a------- c:\windows\system32\gdi32s.dat
2009-08-03 11:06 58,536 a------- c:\windows\system32\drivers\SE1008mdm.sys
2009-08-03 10:53 1,355 a------- c:\windows\imsins.BAK
2009-08-03 10:52 <DIR> --d----- c:\program files\Sony Setup
2009-08-03 10:33 5,632 a------- c:\windows\system32\ptpusb.dll
2009-08-03 10:33 159,232 a------- c:\windows\system32\ptpusd.dll
==================== Find3M ====================
2009-04-14 09:00 24,360 a------- c:\docume~1\vuceta\applic~1\GDIPFONTCACHEV1.DAT
2009-02-11 22:51 2,672 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-02-11 22:51 88 ---shr-- c:\docume~1\alluse~1\applic~1\6A91D54700.sys
2007-11-27 14:01 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-09-11 23:48 185,344 a------- c:\documents and settings\vuceta\rt.exe
============= FINISH: 19:54:12,90 ===============
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 31 Avg 2009 12:09
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Zdravo Vucko,
bice ovde posla, samo bih ti savetovao da prvo se odlucis izmedju ESET-a i CIS-a.
Citat:AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
dva firewalla su ti aktivna, sto nikako ne valja.
Jedan deinstaliraj. Ako si vec platio licencu za ESET onda njega ostavi.
|
|
|
|
Poslao: 31 Avg 2009 17:50
|
offline
- vucko16
- Ugledni građanin
- Pridružio: 20 Nov 2007
- Poruke: 387
- Gde živiš: Novi Beograd
|
Evo obrisao sam ESET posto nije licenciran,nego trial pa cu ga opet instalirati kasnije.
Sta dalje ?
|
|
|
|
|
Poslao: 31 Avg 2009 18:34
|
offline
- vucko16
- Ugledni građanin
- Pridružio: 20 Nov 2007
- Poruke: 387
- Gde živiš: Novi Beograd
|
ComboFix 09-08-30.04 - Vuceta 31.08.2009 18:15.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.722 [GMT 2:00]
Running from: c:\documents and settings\Vuceta\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
C:\resycled
c:\resycled\ntldr.com
c:\windows\Installer\3d538.msi
c:\windows\Installer\d0f6a7.msi
c:\windows\system32\drivers\gaopdxawrrviwa.sys
c:\windows\system32\drivers\gaopdxbfpfqxae.sys
c:\windows\system32\drivers\gaopdxfqxtkbev.sys
c:\windows\system32\drivers\gaopdxkdsmpklu.sys
c:\windows\system32\drivers\gaopdxnrbfbsbv.sys
c:\windows\system32\drivers\gaopdxomyyxrat.sys
c:\windows\system32\drivers\gaopdxrqumqfva.sys
c:\windows\system32\drivers\gaopdxsalxgqtj.sys
c:\windows\system32\drivers\gaopdxtyqjwsfl.sys
c:\windows\system32\drivers\gaopdxvkipjdpx.sys
c:\windows\system32\drivers\gaopdxvpxlrsvs.sys
c:\windows\system32\gaopdxovrjoodu.dll
D:\Autorun.inf
D:\resycled
d:\resycled\ntldr.com
----- BITS: Possible infected sites -----
hxxp://hqsextube08.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
-------\Legacy_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.
2009-08-31 09:30 . 2009-08-31 09:30 3001 --sh--w- c:\documents and settings\Vuceta\ppUser.dat
2009-08-31 09:30 . 2009-08-31 09:30 -------- d-----w- c:\documents and settings\Vuceta\Application Data\Contrast
2009-08-31 09:28 . 2009-08-31 09:28 -------- d-----w- c:\program files\Contrast
2009-08-31 09:28 . 2009-08-31 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Contrast
2009-08-20 19:18 . 2009-08-20 19:18 -------- d-----w- c:\documents and settings\Vuceta\Application Data\Media Player Classic
2009-08-20 19:18 . 2009-08-20 19:18 -------- d-----w- c:\program files\XP Codec Pack
2009-08-20 19:02 . 2009-08-20 19:02 -------- d-----w- c:\program files\Xvid
2009-08-20 19:02 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-08-20 19:02 . 2008-12-04 19:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-08-20 18:19 . 2009-08-20 18:19 -------- d-----w- c:\program files\WinPcap
2009-08-19 08:59 . 2009-08-19 08:59 -------- d-----w- c:\program files\ESET
2009-08-17 21:07 . 2009-08-17 21:07 -------- d-----w- c:\program files\FDRLab
2009-08-17 21:00 . 2009-08-17 21:32 -------- d-----w- c:\program files\Photo DVD Creator
2009-08-17 17:05 . 2009-08-17 17:05 -------- d-----w- c:\documents and settings\Vuceta\Application Data\Publish Providers
2009-08-11 10:27 . 2009-08-17 17:41 -------- d-----w- c:\documents and settings\Vuceta\Application Data\Sony
2009-08-11 10:27 . 2009-08-17 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-08-11 10:23 . 2009-08-17 17:03 -------- d-----w- c:\documents and settings\Vuceta\Local Settings\Application Data\Sony
2009-08-11 10:22 . 2009-08-11 10:22 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-08-11 10:22 . 2009-08-11 10:22 -------- d-----w- c:\program files\Sony
2009-08-11 10:15 . 2009-08-11 10:19 21935408 ----a-w- c:\documents and settings\Vuceta\Application Data\Sony Setup\A189E68E-2253-4C3B-86B7-D77E36F13C55\QuickTimeInstaller.exe
2009-08-11 10:15 . 2009-08-11 10:15 -------- d-----w- c:\documents and settings\Vuceta\Application Data\Sony Setup
2009-08-05 17:22 . 2009-08-05 17:22 1246648 ----a-w- c:\windows\system32\gdi32s.dat
2009-08-03 09:06 . 2009-02-12 09:23 58536 ----a-w- c:\windows\system32\drivers\SE1008mdm.sys
2009-08-03 08:53 . 2009-08-03 08:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-03 08:52 . 2009-08-03 08:52 -------- d-----w- c:\program files\Sony Setup
2009-08-03 08:33 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-08-03 08:33 . 2008-04-14 03:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 16:13 . 2008-05-24 14:59 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-08-31 16:03 . 2007-11-20 08:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-31 15:07 . 2009-07-28 13:02 -------- d-----w- c:\documents and settings\Vuceta\Application Data\AIMP
2009-08-23 19:34 . 2009-04-06 15:26 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-20 19:06 . 2008-02-15 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 18:51 . 2008-06-24 07:30 -------- d-----w- c:\program files\QuickTime
2009-08-20 18:51 . 2008-03-02 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-17 21:44 . 2008-10-03 22:55 2447440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-17 16:59 . 2008-10-13 15:55 -------- d-----w- c:\program files\VstPlugins
2009-08-11 10:22 . 2008-11-24 12:46 -------- d-----w- c:\program files\Sony Ericsson
2009-08-03 19:44 . 2007-11-27 11:59 -------- d-----w- c:\documents and settings\Vuceta\Application Data\Skype
2009-08-03 19:43 . 2007-11-27 12:01 -------- d-----w- c:\documents and settings\Vuceta\Application Data\skypePM
2009-07-28 13:02 . 2009-07-28 13:02 -------- d-----w- c:\program files\AIMP2
2009-07-28 07:30 . 2007-11-16 13:15 -------- d-----w- c:\documents and settings\Vuceta\Application Data\Sports Interactive
2009-07-28 07:23 . 2008-11-18 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-07-28 07:01 . 2007-12-18 08:00 -------- d-----w- c:\documents and settings\Vuceta\Application Data\uTorrent
2009-07-27 12:20 . 2007-11-16 13:11 -------- d-----w- c:\program files\Sports Interactive
2009-07-23 07:42 . 2008-05-02 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-14 17:24 . 2009-07-14 17:22 -------- d-----w- c:\program files\Free Hide Folder
2009-07-12 12:49 . 2009-06-27 09:45 -------- d-----w- c:\program files\JetAudio
2009-07-11 18:36 . 2009-07-11 18:36 -------- d-----w- c:\program files\Common Files\COWON
2009-07-11 18:36 . 2007-11-14 14:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 18:29 . 2009-07-11 18:29 -------- d-----w- c:\documents and settings\Vuceta\Application Data\Songbird2
2009-07-04 08:21 . 2009-07-04 08:21 -------- d-----w- c:\documents and settings\Vuceta\Application Data\InstallShield
2009-07-03 18:40 . 2009-06-05 08:55 -------- d-----w- c:\program files\Folder Guard Pro
2009-06-27 10:04 . 2009-06-27 10:04 15360 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-27 10:04 . 2009-06-27 10:04 9728 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-27 10:04 . 2009-06-27 10:04 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
2009-06-25 08:50 . 2009-06-25 08:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.
------- Sigcheck -------
[-] 2008-01-09 16:02 359040 27A5959C94EE173A063CA06BD14F021A c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-02-01 15:58 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-02-01 15:58 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-08 1797880]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-08 1797880]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-11-14 839680]
[HKLM\~\startupfolder\C:^Documents and Settings^Vuceta^Start Menu^Programs^Startup^Pravoslavac 2008.lnk]
path=c:\documents and settings\Vuceta\Start Menu\Programs\Startup\Pravoslavac 2008.lnk
backup=c:\windows\pss\Pravoslavac 2008.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"=
"d:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9.1.2008 19:35 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9.1.2008 19:35 31504]
R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [3.7.2009 20:20 48896]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1.6.2008 9:13 34064]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [14.11.2007 18:47 114616]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [14.11.2007 18:47 63555]
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\Gigabyte\@BIOS\markfun.w32 --> c:\program files\Gigabyte\@BIOS\markfun.w32 [?]
S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [3.8.2009 11:06 58536]
S3 tusbdbus;Incentive Pro USB Bus Driver;c:\windows\system32\DRIVERS\tusbdbus.sys --> c:\windows\system32\DRIVERS\tusbdbus.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-08-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 07:42]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = https://online.bancaintesabeograd.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
Trusted Zone: bancaintesabeograd.com\online
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
FF - ProfilePath - c:\documents and settings\Vuceta\Application Data\Mozilla\Firefox\Profiles\qb727rbi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\iamfamous.dll
FF - plugin: c:\documents and settings\Vuceta\Application Data\Mozilla\Firefox\Profiles\qb727rbi.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3 Beta 5\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 18:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\@BIOS\markfun.w32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2025429265-630328440-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2025429265-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\¨* *\DirectSound\Device Presence]
"VxD"=dword:00000001
"WDM"=dword:00000001
[HKEY_LOCAL_MACHINE\System\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\¨* *\DirectSound\Mixer Defaults]
"Acceleration"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-31 18:25
ComboFix-quarantined-files.txt 2009-08-31 16:25
Pre-Run: 3.349.032.960 bytes free
Post-Run: 3.641.270.272 bytes free
294 --- E O F --- 2009-01-03 13:13
|
|
|
|
Poslao: 31 Avg 2009 18:51
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Kako sad radi?
Skeniraj ponovo sa DDS-om i postavi mi log.
|
|
|
|
Poslao: 31 Avg 2009 19:04
|
offline
- vucko16
- Ugledni građanin
- Pridružio: 20 Nov 2007
- Poruke: 387
- Gde živiš: Novi Beograd
|
Za sada kao da nema problema,mislim da normalno radi.
Evo log-a :
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14.11.2007 15:32:42
System Uptime: 31.8.2009 18:14:36 (1 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | 8I865GME-775-RH
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Socket 775 | 2679/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 21 GiB total, 3,451 GiB free.
D: is FIXED (NTFS) - 129 GiB total, 18,712 GiB free.
E: is CDROM ()
G: is CDROM ()
H: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic
==== System Restore Points ===================
RP491: 27.6.2009 11:07:39 - Kontrolna tačka sistema
RP492: 27.6.2009 11:45:04 - Installed COWON Media Center - jetAudio Basic
RP493: 11.7.2009 20:36:42 - Removed COWON Media Center - jetAudio Basic
RP494: 22.7.2009 1:35:09 - Installed ESET NOD32 Antivirus
RP495: 4.8.2009 11:14:47 - Kontrolna tačka sistema
RP496: 17.8.2009 17:54:33 - Kontrolna tačka sistema
RP497: 17.8.2009 18:58:56 - Installed Sony Vegas Pro 8.0
RP498: 31.8.2009 18:12:48 - ComboFix created restore point
==== Installed Programs ======================
ACDSee Pro
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.6
Adobe Shockwave Player
AIMP2
AirStrike 3D v1.40 (remove only)
Anti-Blaxx 1.16
AoA Audio Extractor 1.0
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
µTorrent
Audacity 1.2.6
AutoUpdate
Bonjour
BS.Player ControlBar
BS.Player FREE
Bus Driver 1.0
Camtasia Studio 6
CANYON CN-WCAM21 PC-Camera
CCleaner (remove only)
Cheatbook 11.2007
Cheatbook Database 2007
Collab
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
COMODO Firewall Pro
Contacts
Contrast PlanPlus 2006
Corel Paint Shop Pro Photo X2
CorelDRAW Graphics Suite 12
Counter-Strike 1.6
Disc2Phone
DivX 4.11 Codec
DivX Player
DkZ Studio
Easy CD-DA Extractor 10
EPSON Printer Software
EPSON Scan
Euro Truck Simulator 1.00
EVEREST Home Edition v1.00
FEAR
FL Studio 8
Folder Guard
Football Manager 2009
Free Hide Folder
Google Earth
Google Updater
Hooligans - Storm over Europe
IL Download Manager
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Java(TM) 6 Update 3
Jelen Super Liga Patch v2.0
jetAudio Basic
Labtec Media Keyboard V5.1
Macromedia Flash Player 8
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.105
Meteo Fusion 1.5.9.11
Micro DVD Player
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Booster
Monopoly
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.22)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Nero 7 Demo
OLYMPUS Master 2
OLYMPUS muvee theaterPack
Opera 9.27
PaySlots zzbz.303227
PC Connectivity Solution
PC Inspector File Recovery
PC Konfigurator v3.0.1
Photo DVD Creator 5.6
PowerDVD
Pravoslavac 2008
Pro Evolution Soccer 2009
Pro Evolution Soccer 6
Quintessential Media Player
Realtek AC'97 Audio
rFactor (remove only)
Rhapsody Player Engine
RocketDock 1.3.5
SAGEM F@st 800-840
save2pc Pro 3.42
save2pc Pro Demo 3.65
SecondLife (remove only)
Sid Meier's Railroads!
Skype™ 4.0
SoftV92 Data Fax Modem
Sony Ericsson Media Manager 1.2
Sony Ericsson Themes Creator 3.29
Sony Ericsson W395(c) driver v3.5.3.0
Sony Vegas Pro 8.0
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.5.1
SSC Service Utility v4.30
Steam
TacView 0.431
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Time Adjuster STANDARD 3.1
TmNationsForever
Total Commander (Remove or Repair)
Tropico
Tumble Bugs
vanBasco's Karaoke Player
VideoLAN VLC media player 0.8.6d
Virtua Tennis 3
WebFldrs XP
Winamp
Windows Communication Foundation
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Imaging Component
Windows Live Beta (all programs)
Windows Live Call
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
Windows XP srpski interfejs paket - latinica
winpcap-nmap 4.02
WinRAR archiver
Xilisoft Video Converter 3
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
Xvid 1.2.1 final uninstall
==== Event Viewer Messages From Past Week ========
31.8.2009 18:13:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
30.8.2009 19:48:15, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atitray
30.8.2009 14:35:37, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
28.8.2009 20:30:56, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
27.8.2009 17:42:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atitray Cdrom Imapi redbook
27.8.2009 17:42:03, error: Service Control Manager [7000] - The General Purpose USB Driver (e4ldr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
27.8.2009 11:07:38, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
==== End Of File ===========================
https://www.mycity.rs/must-login.png
|
|
|
|
|
Poslao: 31 Avg 2009 19:16
|
offline
- vucko16
- Ugledni građanin
- Pridružio: 20 Nov 2007
- Poruke: 387
- Gde živiš: Novi Beograd
|
Axa,sorry greska u kopiranju :
evo logo ovaj od DDS-a :
DDS (Ver_09-07-30.01) - NTFSx86
Run by Vuceta at 19:10:31,29 on ??? 31.08.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.570 [GMT 2:00]
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\Vuceta\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = https://online.bancaintesabeograd.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [SoundMan] SOUNDMAN.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\vuceta\startm~1\programs\startup\INTERN~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\funnsystems yump3com-user-authorization\YuMp3ComLogin.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bancaintesabeograd.com\online
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: {4522FF65-4AB6-4376-A182-D7F9DF4F9C02} = 194.247.192.1 194.247.192.33
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\vuceta\applic~1\mozilla\firefox\profiles\qb727rbi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - component: c:\program files\bs.player controlbar\firefoxdtt\components\BSToolbarFF.dll
FF - component: c:\program files\mozilla firefox 3 beta 5\components\iamfamous.dll
FF - plugin: c:\documents and settings\vuceta\application data\mozilla\firefox\profiles\qb727rbi.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3 beta 5\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2008-1-9 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-1-9 31504]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-1-9 618232]
R2 FGUARD32;FGUARD32;c:\program files\folder guard pro\FGUARD32.SYS [2009-7-3 48896]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2007-11-14 114616]
S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [?]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2007-11-14 63555]
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\gigabyte\@bios\markfun.w32 --> c:\program files\gigabyte\@bios\markfun.w32 [?]
S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [2009-8-3 58536]
S3 tusbdbus;Incentive Pro USB Bus Driver;c:\windows\system32\drivers\tusbdbus.sys --> c:\windows\system32\drivers\tusbdbus.sys [?]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-11-17 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-11-19 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-11-19 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-11-20 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-11-20 86368]
=============== Created Last 30 ================
2009-08-31 18:29 <DIR> --ds---- C:\ComboFix
2009-08-31 18:29 389,120 a------- c:\windows\system32\CF26009.exe
2009-08-31 18:23 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-31 18:11 229,376 a------- c:\windows\PEV.exe
2009-08-31 18:11 161,792 a------- c:\windows\SWREG.exe
2009-08-31 18:11 98,816 a------- c:\windows\sed.exe
2009-08-31 11:30 3,001 ---sh--- c:\documents and settings\vuceta\ppUser.dat
2009-08-31 11:30 <DIR> --d----- c:\docume~1\vuceta\applic~1\Contrast
2009-08-31 11:28 <DIR> --d----- c:\program files\Contrast
2009-08-31 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Contrast
2009-08-20 21:18 421,888 a------- c:\windows\system32\ac3filter.acm
2009-08-20 21:18 <DIR> --d----- c:\program files\XP Codec Pack
2009-08-20 21:02 815,104 a------- c:\windows\system32\xvidcore.dll
2009-08-20 21:02 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-08-20 21:02 77,824 a------- c:\windows\system32\xvid.ax
2009-08-20 21:02 <DIR> --d----- c:\program files\Xvid
2009-08-20 20:19 <DIR> --d----- c:\program files\WinPcap
2009-08-19 10:59 <DIR> --d----- c:\program files\ESET
2009-08-17 23:07 <DIR> --d----- c:\program files\FDRLab
2009-08-17 23:00 <DIR> --d----- c:\program files\Photo DVD Creator
2009-08-11 12:33 1,024 a------- c:\windows\system32\gncontent.cch
2009-08-11 12:22 <DIR> --d----- c:\program files\common files\Sony Shared
2009-08-11 12:22 <DIR> --d----- c:\program files\Sony
2009-08-05 19:22 1,246,648 a------- c:\windows\system32\gdi32s.dat
2009-08-03 11:06 58,536 a------- c:\windows\system32\drivers\SE1008mdm.sys
2009-08-03 10:53 1,355 a------- c:\windows\imsins.BAK
2009-08-03 10:52 <DIR> --d----- c:\program files\Sony Setup
2009-08-03 10:33 5,632 a------- c:\windows\system32\ptpusb.dll
2009-08-03 10:33 159,232 a------- c:\windows\system32\ptpusd.dll
==================== Find3M ====================
2009-04-14 09:00 24,360 a------- c:\docume~1\vuceta\applic~1\GDIPFONTCACHEV1.DAT
2009-02-11 22:51 2,672 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-02-11 22:51 88 ---shr-- c:\docume~1\alluse~1\applic~1\6A91D54700.sys
2007-11-27 14:01 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-09-11 23:48 185,344 a------- c:\documents and settings\vuceta\rt.exe
============= FINISH: 19:11:39,50 ===============
A evo i ovaj od Hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:01, on 31.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://online.bancaintesabeograd.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Internet ADSL.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Quick Login www.rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra 'Tools' menuitem: &Quick Login www.rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4522FF65-4AB6-4376-A182-D7F9DF4F9C02}: NameServer = 194.247.192.1 194.247.192.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://www.pcberza.rs/images/reklame/bcc.gif
--
End of file - 6314 bytes
|
|
|
|
|