Poslao: 13 Maj 2013 12:27
|
offline
- Vera55555
- Ugledni građanin
- Pridružio: 28 Okt 2008
- Poruke: 312
|
# DelFix v10.2 - Logfile created 13/05/2013 at 12:17:36
# Updated 02/04/2013 by Xplode
# Username : Novi korisnik - KORISNIK-E8450A
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\AdwCleaner[R1].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\AdwCleaner[S2].txt
Deleted : C:\RootRepeal report 05-12-13 (16-58-28).txt
Deleted : C:\Documents and Settings\Novi korisnik\Desktop\ComboFix.exe
Deleted : C:\Documents and Settings\Novi korisnik\Desktop\dds.scr
Deleted : C:\Documents and Settings\Novi korisnik\Desktop\dds.txt
Deleted : C:\Documents and Settings\Novi korisnik\Desktop\Extras.Txt
Deleted : C:\Documents and Settings\Novi korisnik\Desktop\OTL.Txt
Deleted : C:\Documents and Settings\Novi korisnik\Desktop\RootRepeal report 05-12-13 (16-58-28).txt
Deleted : C:\Documents and Settings\Novi korisnik\Desktop\RootRepeal.zip
Deleted : C:\Documents and Settings\Novi korisnik\My Documents\Downloads\adwcleaner.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
~ Cleaning system restore ...
Deleted : RP #1096 [Revo Uninstaller's restore point - Paint.NET v3.5.10 | 02/25/2013 12:47:54]
Deleted : RP #1097 [Removed Paint.NET v3.5.10 | 02/25/2013 12:48:04]
Deleted : RP #1098 [Revo Uninstaller's restore point - Comodo Dragon | 02/25/2013 12:50:00]
Deleted : RP #1099 [Revo Uninstaller's restore point - Comodo Dragon | 02/25/2013 12:50:58]
Deleted : RP #1100 [System Checkpoint | 02/26/2013 20:49:45]
Deleted : RP #1101 [System Checkpoint | 02/28/2013 10:49:16]
Deleted : RP #1102 [System Checkpoint | 03/02/2013 05:52:58]
Deleted : RP #1103 [System Checkpoint | 03/03/2013 07:43:47]
Deleted : RP #1104 [System Checkpoint | 03/04/2013 09:45:29]
Deleted : RP #1105 [System Checkpoint | 03/05/2013 10:27:00]
Deleted : RP #1106 [System Checkpoint | 03/06/2013 10:35:12]
Deleted : RP #1107 [System Checkpoint | 03/07/2013 11:52:31]
Deleted : RP #1108 [System Checkpoint | 03/08/2013 12:12:38]
Deleted : RP #1109 [Installed Magic Skin Filter | 03/08/2013 12:36:54]
Deleted : RP #1110 [System Checkpoint | 03/10/2013 05:05:13]
Deleted : RP #1111 [System Checkpoint | 03/11/2013 08:09:11]
Deleted : RP #1112 [System Checkpoint | 03/12/2013 09:36:08]
Deleted : RP #1113 [Revo Uninstaller's restore point - AthTek RegistryCleaner v2.0 | 03/12/2013 15:06:50]
Deleted : RP #1114 [Revo Uninstaller's restore point - AthTek RegistryCleaner v2.0 | 03/12/2013 15:07:40]
Deleted : RP #1115 [System Checkpoint | 03/13/2013 18:02:24]
Deleted : RP #1116 [System Checkpoint | 03/14/2013 18:38:14]
Deleted : RP #1117 [System Checkpoint | 03/15/2013 22:19:12]
Deleted : RP #1118 [System Checkpoint | 03/17/2013 05:46:39]
Deleted : RP #1119 [System Checkpoint | 03/18/2013 06:37:33]
Deleted : RP #1120 [System Checkpoint | 03/19/2013 07:54:16]
Deleted : RP #1121 [System Checkpoint | 03/20/2013 08:17:10]
Deleted : RP #1122 [System Checkpoint | 03/21/2013 22:05:29]
Deleted : RP #1123 [System Checkpoint | 03/23/2013 05:47:02]
Deleted : RP #1124 [System Checkpoint | 03/24/2013 07:13:56]
Deleted : RP #1125 [System Checkpoint | 03/25/2013 21:58:21]
Deleted : RP #1126 [System Checkpoint | 03/27/2013 08:04:03]
Deleted : RP #1127 [System Checkpoint | 03/28/2013 09:11:44]
Deleted : RP #1128 [System Checkpoint | 03/29/2013 10:15:21]
Deleted : RP #1129 [System Checkpoint | 03/30/2013 10:57:22]
Deleted : RP #1130 [System Checkpoint | 03/31/2013 13:17:07]
Deleted : RP #1131 [System Checkpoint | 04/01/2013 21:04:16]
Deleted : RP #1132 [System Checkpoint | 04/03/2013 04:53:00]
Deleted : RP #1133 [System Checkpoint | 04/04/2013 17:58:51]
Deleted : RP #1134 [System Checkpoint | 04/05/2013 20:26:17]
Deleted : RP #1135 [System Checkpoint | 04/07/2013 20:24:41]
Deleted : RP #1136 [System Checkpoint | 04/09/2013 17:54:15]
Deleted : RP #1137 [System Checkpoint | 04/11/2013 13:01:03]
Deleted : RP #1138 [System Checkpoint | 04/13/2013 21:14:20]
Deleted : RP #1139 [System Checkpoint | 04/16/2013 06:15:37]
Deleted : RP #1140 [System Checkpoint | 04/17/2013 17:31:53]
Deleted : RP #1141 [Printer Driver Foxit Reader PDF Printer Driver Installed | 04/17/2013 19:19:14]
Deleted : RP #1142 [System Checkpoint | 04/19/2013 06:40:31]
Deleted : RP #1143 [System Checkpoint | 04/20/2013 09:50:00]
Deleted : RP #1144 [System Checkpoint | 04/21/2013 10:42:45]
Deleted : RP #1145 [System Checkpoint | 04/22/2013 23:02:54]
Deleted : RP #1146 [System Checkpoint | 04/24/2013 06:12:32]
Deleted : RP #1147 [System Checkpoint | 04/25/2013 19:08:26]
Deleted : RP #1148 [System Checkpoint | 04/26/2013 19:59:46]
Deleted : RP #1149 [System Checkpoint | 04/27/2013 20:34:16]
Deleted : RP #1150 [System Checkpoint | 04/29/2013 07:06:00]
Deleted : RP #1151 [Revo Uninstaller's restore point - Magic Skin Filter | 04/29/2013 10:59:02]
Deleted : RP #1152 [Removed Magic Skin Filter | 04/29/2013 10:59:17]
Deleted : RP #1153 [Revo Uninstaller's restore point - Wise Disk Cleaner 7.81 | 04/29/2013 11:00:21]
Deleted : RP #1154 [Revo Uninstaller's restore point - Wise Registry Cleaner 7.68 | 04/29/2013 11:01:25]
Deleted : RP #1155 [Revo Uninstaller's restore point - Easter 3D Screensaver 1.0 | 04/29/2013 11:02:29]
Deleted : RP #1156 [Revo Uninstaller's restore point - SoftOrbits Photo Retoucher 1.3 | 04/29/2013 11:21:44]
Deleted : RP #1157 [System Checkpoint | 04/30/2013 19:48:47]
Deleted : RP #1158 [System Checkpoint | 05/01/2013 20:19:25]
Deleted : RP #1159 [System Checkpoint | 05/02/2013 21:42:51]
Deleted : RP #1160 [System Checkpoint | 05/04/2013 07:54:55]
Deleted : RP #1161 [System Checkpoint | 05/05/2013 09:07:29]
Deleted : RP #1162 [System Checkpoint | 05/06/2013 17:41:10]
Deleted : RP #1163 [Revo Uninstaller's restore point - FastStone Capture 7.4 | 05/07/2013 13:13:44]
Deleted : RP #1164 [Installed GeSWall 2.9.2 Freeware | 05/07/2013 13:21:00]
Deleted : RP #1165 [Revo Uninstaller's restore point - GeSWall 2.9.2 Freeware | 05/10/2013 21:50:50]
Deleted : RP #1166 [Removed GeSWall 2.9.2 Freeware | 05/10/2013 21:51:26]
Deleted : RP #1167 [Revo Uninstaller's restore point - GeSWall 2.9.2 Freeware | 05/10/2013 21:52:23]
Deleted : RP #1168 [Revo Uninstaller's restore point - OSForensics | 05/10/2013 22:00:24]
Deleted : RP #1169 [Revo Uninstaller's restore point - SpyShelter Personal Free 8.3 | 05/10/2013 22:01:52]
Deleted : RP #1170 [Revo Uninstaller's restore point - Wise Care 365 version 2.44 | 05/11/2013 11:24:40]
Deleted : RP #1171 [Revo Uninstaller's restore point - Wise Care 365 version 2.44 | 05/11/2013 11:25:53]
Deleted : RP #1172 [Revo Uninstaller's restore point - Sticky Password 6.0.8.437 | 05/11/2013 16:16:18]
Deleted : RP #1173 [Revo Uninstaller's restore point - Efficient Password Manager 3.10 | 05/11/2013 16:17:34]
Deleted : RP #1174 [System Checkpoint | 05/12/2013 17:07:13]
Deleted : RP #1175 [OTL Restore Point - 5/13/2013 12:07:47 AM | 05/12/2013 22:07:54]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
Evo i ovoga izveštaja.
Najlepše hvala na uloženom trudu i posvećenom vremenu.
Malo bi me i iznenadilo da je neka zaraza, jer prilično pazim, a i AV nije ništa prijavljivao.
Sada ću probati ponovo da instaliram MCShield.
Interesuje me, kako bih mogla da pronađem eventualne ostatke Bitdefendera?
|
|
|
|
|
|
|
Poslao: 13 Maj 2013 18:38
|
offline
- Vera55555
- Ugledni građanin
- Pridružio: 28 Okt 2008
- Poruke: 312
|
Napisano: 13 Maj 2013 18:38
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
Run by Novi korisnik at 18:32:39 on 2013-05-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.641 [GMT 2:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
FW: *Enabled*
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxeecoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PCTOOLS\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PCTOOLS\Binn\sqlagent.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Documents and Settings\Novi korisnik\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Novi korisnik\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://conn.skype.com/
uProxyOverride = <local>
mSearchAssistant = ${SEARCH_URL_IE7}
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Akamai NetSession Interface] "c:\documents and settings\novi korisnik\local settings\application data\akamai\netsession_win.exe"
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\novi korisnik\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\novi korisnik\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{65766D64-DA15-44B6-8306-2B1EADD0DA3B} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - <no file>
Notify: AtiExtEvent - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\novi korisnik\application data\mozilla\firefox\profiles\mmzu09h3.default-1359031359843\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=6a0862888289428a82f0e0063352e099&tu=10G9000822B0008&sku=&tstsId=&ver=&
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=6a0862888289428a82f0e0063352e099&tu=10G9000822B0008&sku=&tstsId=&ver=&&q=
FF - plugin: c:\documents and settings\novi korisnik\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-05-13 16:24; ffxtlbr@zonealarm.com; c:\documents and settings\novi korisnik\application data\mozilla\firefox\profiles\mmzu09h3.default-1359031359843\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: 2013-05-13 16:24; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\checkpoint\zaforcefield\TrustChecker
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.hpOld0 -
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=6a0862888289428a82f0e0063352e099&tu=10G9000822B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - e8a839c8000000000000001fd05b1356
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15838
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1116:19:48
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118037820710364-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=6a0862888289428a82f0e0063352e099&tu=10G9000822B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=6a0862888289428a82f0e0063352e099&tu=10G9000822B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=6a0862888289428a82f0e0063352e099&tu=10G9000822B0008&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-5-13 622616]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-16 64288]
R1 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-5-13 162976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-8-22 233472]
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\bitdefender\antivirus free edition\gzserv.exe [2013-5-13 27136]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 MSSQL$PCTOOLS;MSSQL$PCTOOLS;c:\program files\microsoft sql server\mssql$pctools\binn\sqlservr.exe [2005-5-4 9150464]
R2 SQLAgent$PCTOOLS;SQLAgent$PCTOOLS;c:\program files\microsoft sql server\mssql$pctools\binn\sqlagent.EXE [2005-5-3 323584]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-8-22 36608]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-3-27 527848]
S2 gupdate1c98db12e633070;Google Update Service (gupdate1c98db12e633070);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-5-13 447208]
S3 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2012-4-20 98984]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2013-2-11 260992]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2013-05-13 15:09:25 241992 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-05-13 15:05:17 139315 ----a-w- c:\documents and settings\all users\application data\1368457489.bdinstall.bin
2013-05-13 15:04:49 22345 ----a-w- c:\documents and settings\all users\application data\1368457487.bdinstall.bin
2013-05-13 14:49:23 153425 ----a-w- c:\documents and settings\all users\application data\1368456462.bdinstall.bin
2013-05-13 14:48:45 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-05-13 14:48:45 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-05-13 14:48:04 -------- d-----w- c:\program files\Bitdefender
2013-05-13 14:48:00 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-05-13 14:48:00 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-05-13 14:40:58 73532 ----a-w- c:\documents and settings\all users\application data\1368456023.bdinstall.bin
2013-05-13 14:40:23 22566 ----a-w- c:\documents and settings\all users\application data\1368455986.bdinstall.bin
2013-05-13 14:24:46 -------- d-----w- c:\documents and settings\novi korisnik\application data\CheckPoint
2013-05-13 14:19:46 -------- d-----w- c:\program files\Check Point Software Technologies LTD
2013-05-13 14:19:33 -------- d-----w- c:\documents and settings\novi korisnik\application data\Check Point Software Technologies LTD
2013-05-13 14:19:30 -------- d-----w- c:\program files\CheckPoint
2013-05-13 14:18:10 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2013-05-13 14:13:27 185396 ----a-w- c:\documents and settings\all users\application data\1368454226.bdinstall.bin
2013-05-13 14:11:27 -------- d-----w- c:\documents and settings\novi korisnik\application data\QuickScan
2013-05-13 13:56:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-05-13 13:56:02 -------- d-----w- c:\windows\system32\wbem\Repository
2013-05-13 13:52:53 -------- d-----w- c:\documents and settings\novi korisnik\application data\Uninstaller Tool(Comodo Forums)
2013-05-13 03:32:45 -------- d-----w- c:\documents and settings\novi korisnik\local settings\application data\Akamai
2013-05-12 19:01:30 -------- d-sha-r- C:\cmdcons
2013-05-12 12:32:49 -------- d-----w- C:\Stinger_Quarantine
2013-05-12 12:32:36 -------- d-----w- c:\program files\stinger
2013-05-11 16:08:06 -------- d-----w- c:\program files\VITSOFT
2013-05-01 11:30:31 -------- d-----w- c:\documents and settings\all users\application data\PassMark
.
==================== Find3M ====================
.
2013-04-15 17:38:37 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-04-15 17:38:25 276688 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-04-15 17:38:24 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-04-04 12:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 17:19:21 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-22 17:19:20 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:33:06.25 ===========
https://www.mycity.rs/must-login.png
Dopuna: 13 Maj 2013 18:38
Sve sam odradila kako si rekao i evo DDS loga.
|
|
|
|
Poslao: 13 Maj 2013 18:57
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Ovako, sad je instaliran Bitdefender i Zone alarm firewal.
Comodo nije dobro deinstaliran.
Takodje je prisutan i AD-Aware, imas li ga u Add or Remove pogledaj, ako ga imas deinstaliraj ga.
|
|
|
|