offline
- Pridružio: 30 Dec 2008
- Poruke: 193
|
Napisano: 11 Avg 2010 19:16
:oops: Tako je to kad se ne čita
E pa ovako onda:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Mirjana at 18:39:34,17 on sre 11.08.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1016 [GMT 2:00]
AV: My Security Shield *On-access scanning enabled* (Updated) {D9F22040-A050-40C4-82C7-09B9C1ED4F7A}
FW: My Security Shield *enabled* {D9F8F1A8-1627-4819-8933-03AAC365B101}
Nadam se da sam sad sve dobro uradila
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\antivirus\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IncrediMail\bin\ImNotfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mirjana\Desktop\dds.scr
============== Pseudo HJT Report ===============
uWindow Title = Service Pack 3 Internet Explorer
uStart Page = hxxp://mystart.incredimail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=fbpage&s={searchTerms}&f=4
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoStartNPSAgent] d:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [My Security Shield] "c:\documents and settings\all users\application data\08bf9d4\MS08bf_289.exe" /s /d
uRun: [SUPERAntiSpyware] d:\antivirus\SUPERAntiSpyware.exe
mRun: [DSLAGENTEXE] c:\program files\conexant\adsl\dslagent.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [DSLSTATEXE] c:\program files\conexant\adsl\dslstat.exe icon
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NPSStartup]
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\mirjana\startm~1\programs\startup\thinkg~1.lnk - c:\program files\stardock\desktopgadgets\think green weather\Think Green Weather.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {A0164A24-5F86-41AA-A8EE-0890C26C8708} = 77.105.0.19 77.105.0.18
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\antivirus\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - d:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\antivirus\SASSEH.DLL
mASetup: ccc-core-static - msiexec /fums {399150FC-EB45-1CE0-0792-1F3A23397BD4} /qb
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mirjana\applic~1\mozilla\firefox\profiles\yte2e31i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser_game/ws/redir?_iceUrl=true&user_id=35233539&tool_id=60531&qkw=
FF - component: c:\documents and settings\mirjana\application data\mozilla\firefox\profiles\yte2e31i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\mirjana\application data\mozilla\firefox\profiles\yte2e31i.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
FF - component: c:\documents and settings\mirjana\application data\mozilla\firefox\profiles\yte2e31i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\mirjana\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\mirjana\application data\mozilla\firefox\profiles\yte2e31i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-2-15 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-2-15 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R1 SASDIFSV;SASDIFSV;d:\antivirus\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\antivirus\SASKUTIL.SYS [2010-5-10 67656]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-5-17 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-17 36608]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 ekrn;ESET Service;"d:\program files\eset\eset nod32 antivirus\ekrn.exe" --> d:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-5-17 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-5-17 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-5-17 121856]
=============== Created Last 30 ================
2010-08-11 15:59:53 0 d-----w- c:\docume~1\mirjana\applic~1\SUPERAntiSpyware.com
2010-08-11 15:59:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-11 11:12:08 5694 ----a-w- C:\Sdicon32.ico
2010-08-11 10:12:51 0 d-----w- c:\docume~1\mirjana\applic~1\Malwarebytes
2010-08-11 10:12:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 10:12:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-11 10:12:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 09:51:54 0 d-----w- c:\docume~1\mirjana\applic~1\GetRightToGo
2010-08-07 09:29:24 767952 ----a-w- c:\windows\BDTSupport.dll0839.old
2010-08-07 09:29:23 1652688 ----a-w- c:\windows\PCTBDCore.dll0839.old
2010-08-07 09:29:23 149456 ----a-w- c:\windows\SGDetectionTool.dll0839.old
2010-08-07 09:09:39 0 d-----w- c:\program files\Spyware Doctor
2010-08-07 09:09:39 0 d-----w- c:\program files\common files\PC Tools
2010-08-07 07:26:59 0 d-----w- c:\docume~1\mirjana\applic~1\QuickScan
2010-08-07 07:21:51 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-08-06 19:09:32 0 d-sh--w- c:\docume~1\mirjana\applic~1\My Security Shield
2010-08-06 19:09:22 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MSKSGMEUIRS
2010-08-05 17:06:06 0 d-----w- c:\docume~1\alluse~1\applic~1\PhotoMail
2010-08-05 17:06:05 0 d-----w- c:\program files\PhotoMail Maker
2010-08-05 17:05:04 0 d-----w- c:\program files\IncrediMail
2010-08-05 17:05:04 0 d-----w- c:\docume~1\alluse~1\applic~1\IncrediMail
2010-08-05 17:05:04 0 d-----w- c:\docume~1\alluse~1\applic~1\IM
2010-07-26 13:08:46 0 d-----w- c:\docume~1\alluse~1\applic~1\KONAMI
2010-07-24 08:14:50 0 d-----w- c:\program files\common files\DivX Shared
2010-07-14 08:01:39 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
==================== Find3M ====================
2010-06-12 13:11:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-16 12:19:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
============= FINISH: 18:40:13,60 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
Dopuna: 11 Avg 2010 19:19
Da i zaboravila sam da kažem da mi je obrisao NOD32
|