Poslao: 29 Okt 2009 14:32
|
offline
- Pridružio: 03 Dec 2007
- Poruke: 156
- Gde živiš: Novi Sad
|
Napisano: 29 Okt 2009 13:48
Od pre par dana imam problem sa kucanjem teksta jer se slova pojavljuju mimo reda,neka pre neka posle,recimo otkucam-mycity,a komp napise -ymciyt,pa moram kucati slovo po slovo sa cekanjem izmedju kucanja od par sekundi.Drugi problem je,sto se stranice ili prozori pojavljuju kao iz magle da izlaze,usporeno,a kad zatvorim neki prozor on se usporeno zatvara,kao da nestaje u magli,slika bledi,ponekad celi ekran prekrije tamna providna folija i ne mogu da kliknem nigde pa preko task menagera,preko tastature, nesto izmuljam da se pojavi normalna slika,pre par dana mi se pojavio onaj lazni program za skeniranje sto registruje da ima virusa u kompu,kad sam kliknuo na neki video klip,a on trazio da skinem neki plejer a ja naivno kliknuo na run, i od tad problemi,garant sam pokupio nesto maliciozno.
Konekcija je kablovski internet SBB,od 1024\128.
DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 13:42:25,40 on cet 29.10.2009
Internet Explorer: 7.0.6001.18000
Windows Windows Vista™ Extreme Edition 6.0.6001.1.1252.1.1033.18.2047.1183 [GMT 1:00]
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\System Control Manager\edd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\program files\e-book systems\flipviewer\fplaunch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Rising PC Doctor: {98b7c13a-e9cd-4959-8b46-fbeab41e42a8} - c:\windows\system32\UrlFilter.dll
BHO: : {c90dbb52-46e0-4e65-92bc-799adee54c86} - c:\progra~1\flash2x\flashp~1\FLASHP~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618-)" -"http://www.srpskaanalitika.com/"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [run32] c:\win\lsass.exe
mRun: [Captcha7] rundll "c:\program files\captcha.dll",captcha
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: - Download &this page with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addsellinks.htm
IE: Download selected images with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addselimgs.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\productsfoundry\webcloner standard 2.7\webcloner.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - hxxp://www.flipviewer.com/exe/fv400p.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll,kmon.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll
STS: AveVistaBackgroundFolder Class: {73526e5a-fd53-4be7-b5e2-d3c89d7413dc} - c:\windows\system32\branding\folderbg\VistaFolderBackground.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-22 99344]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-7-30 277736]
R2 NishService;SCM Driver Daemon;c:\program files\system control manager\edd.exe [2009-1-31 61440]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2003-11-14 8192]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2009-1-31 19456]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\system32\drivers\ST50220.sys [2009-2-23 34224]
S1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2008-10-30 11264]
S3 FLASHSYS;FLASHSYS;c:\windows\system32\drivers\FlashSys.sys [2008-1-31 9216]
S3 LWXKDIX;LWXKDIX;c:\users\admini~1\appdata\local\temp\lwxkdix.exe --> c:\users\admini~1\appdata\local\temp\LWXKDIX.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2009-1-26 13056]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2009-2-5 10394624]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [2008-4-13 17920]
=============== Created Last 30 ================
2009-10-27 15:19:48 0 d-----w- c:\program files\ffdshow
2009-10-27 15:02:19 0 d-----w- c:\program files\Lonely Cat Games
2009-10-23 11:38:28 6144 ----a-w- c:\windows\rdr_1256297908.exe
2009-10-23 11:38:28 17408 --sh--r- c:\program files\captcha.dll
2009-10-23 11:38:27 95744 ----a-w- c:\windows\mstre22.exe
2009-10-23 11:38:27 2 ----a-w- c:\windows\0101120101465050.xxe
2009-10-23 11:38:27 1 ---h--w- c:\windows\mmsmark2.dat
2009-10-23 11:38:26 56832 ----a-w- c:\windows\freddy71.exe
2009-10-23 11:38:26 2 ----a-w- c:\windows\0101120101464955.xxe
2009-10-23 11:38:26 1 ---h--w- c:\windows\bk23567.dat
2009-10-23 11:38:24 2 ----a-w- c:\windows\010112010146116101.xxe
2009-10-23 11:32:53 40960 ----a-w- c:\windows\ld15.exe
==================== Find3M ====================
2009-10-29 10:58:44 45 ----a-w- c:\windows\system32\drivers\RemoveAny.log
2009-10-29 10:58:38 16643 ----a-w- c:\windows\system32\drivers\stwrte.log
2009-10-08 18:27:52 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-23 13:51:00 86016 ----a-w- c:\windows\inf\infstor.dat
2009-03-23 13:51:00 51200 ----a-w- c:\windows\inf\infpub.dat
2009-03-23 13:50:59 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-01-23 23:27:08 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-22 09:36:17 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-20 18:47:02 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2009-02-20 18:47:02 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2009-02-20 18:47:02 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-02-18 17:38:20 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-02-18 17:38:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021820090219\index.dat
2008-04-04 09:50:14 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 13:43:30,12 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
Windows Windows Vista™ Extreme Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 22.1.2009 10:36:37
System Uptime: 29.10.2009 11:58:19 (2 hours ago)
Motherboard: MSI | | MS-1634X
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53 | CPU 1 | 1700/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 51 GiB total, 1,93 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 14,159 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0021
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0021
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0022
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0022
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: IDT HDMI
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&D6201BF&0&0001
Manufacturer: IDT
Name: IDT HDMI
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&D6201BF&0&0001
Service: STHDA
==== System Restore Points ===================
RP442: 22.10.2009 22:24:30 - Scheduled Checkpoint
RP443: 24.10.2009 21:56:50 - Scheduled Checkpoint
RP444: 25.10.2009 19:34:14 - Scheduled Checkpoint
RP445: 27.10.2009 0:03:15 - Scheduled Checkpoint
RP446: 28.10.2009 22:26:05 - Scheduled Checkpoint
==== Installed Programs ======================
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.64
707 Great Games
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Advanced SystemCare 3
AGEIA PhysX v7.09.13
Agere Systems HDA Modem
AMP WinOFF
Apple Application Support
Atheros Driver Installation Program
ATI Catalyst Install Manager
AveoCap
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BatteryCare
Bluetooth Stack for Windows by Toshiba
BoneLab
Camera RAW Plug-In for EPSON Creativity Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CANYON USB PC Camera
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
CD Art Display 1.0
Clickster
COMODO Internet Security
DeskScapes
Double Vision
DriverAgent by eSupport.com
DriverMax 4
DVD Solution
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
FastStone Image Viewer 3.2
ffdshow [rev 3097] [2009-10-08]
Flash2X Flash Player version 3.0.2
FlipViewer 4.0.0
Foto2Avi 2.0
FotoMorph
Foxit Reader
GameHouse Super Games AIO®
GCH Guitar academy
GOM Player
Google Earth
HijackThis 2.0.2
Hitman - Codename 47
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
IKEA Home Planner
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Joost (tm) Beta 1.0
MediaShow 3.0
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Pandora's Box
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Run Time Lib Setup
MODEM Mobile Connection
MSXML 4.0 SP2 (KB954430)
My Expose
Need for Speed™ ProStreet Demo
Nero 8 Micro
nFLVPlayer
PhotoNow! 1.0
PONS Pocetni engleski
Poppy for Windows
Power2Go 5.0
PowerBackup 2.5
PowerCinema
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
ProtectDisc Driver, Version 11
QuickTime
Real Chess
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RGS-MODBlaster 2000 v2.1
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Rising PC Doctor
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Sight Words Buddy 1.0
Skins
Skype™ 3.8
SmartMovie Converter
Software tiskárny EPSON
Solway's Internet TV and Radio 1.56
SpeedFan (remove only)
System Control Manager
Tennis Elbow 2009 1.0
Turboball
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb943597)
VibrateGameDeviceDriver
Video Caster 3.4
VLC media player 0.9.8a
WildTangent Web Driver
Winamp
WinRAR archiver
World of Warcraft FREE Trial
==== Event Viewer Messages From Past Week ========
23.10.2009 13:56:31, Error: EventLog [6008] - The previous system shutdown at 1:53:52 PM on 10/23/2009 was unexpected.
22.10.2009 7:49:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RemoveAny
22.10.2009 7:47:46, Error: volmgr [46] - Crash dump initialization failed!
==== End Of File ===========================
Sada cu i Gmer da prikacim.
Dopuna: 29 Okt 2009 14:11
Dok sam skenirao sa GMER-om,skroz se ustopao komp,pa sam ga morao iskljuciti iz struje da ga ponovo ukljucim.Sad cu ponovo da skeniram i postavim log.
Dopuna: 29 Okt 2009 14:32
I drugi put mi je zastopao ceo komp.Preuzecu RootRepeal i sa njim skenirati.
|
|
|
|
|
Poslao: 29 Okt 2009 22:02
|
offline
- Pridružio: 03 Dec 2007
- Poruke: 156
- Gde živiš: Novi Sad
|
Napisano: 29 Okt 2009 18:47
Kad pocne combofix da radi pojavi mi se poruka:windows cannot find `32788R22FWJFW\hidec.exe`.Make sure you typed the name correctly,and then try again.
Dopuna: 29 Okt 2009 19:18
Drugi put mi je restartovao komp,sta mi je ciniti?Ne znam smem li opet pokrenuti combofix.
Dopuna: 29 Okt 2009 22:02
Cini mi se da sam uspeo da skeniram sa combofiksom,evo log.
ComboFix 09-10-28.08 - Administrator 29.10.2009 21:19.1.2 - NTFSx86
Windows Windows Vista™ Extreme Edition 6.0.6001.1.1252.1.1033.18.2047.1481 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
C:\desktop.ini
c:\users\Administrator\AppData\Roaming\Desktopicon
c:\users\Administrator\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\win
c:\win\1.exe
c:\win\lsass.exe
c:\win\names.txt
c:\windows\010112010146116101.xxe
c:\windows\0101120101464955.xxe
c:\windows\0101120101465050.xxe
c:\windows\bk23567.dat
c:\windows\freddy71.exe
c:\windows\ld15.exe
c:\windows\mstre22.exe
c:\windows\rdr_1256297908.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.
2009-10-29 20:47 . 2009-10-29 20:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-29 20:47 . 2009-10-29 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-27 15:19 . 2009-10-27 15:20 -------- d-----w- c:\program files\ffdshow
2009-10-27 15:02 . 2009-10-27 15:02 -------- d-----w- c:\program files\Lonely Cat Games
2009-10-23 11:38 . 2009-10-23 11:38 17408 --sh--r- c:\program files\captcha.dll
2009-10-23 11:38 . 2009-10-23 11:38 1 ---h--w- c:\windows\mmsmark2.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 18:18 . 2009-01-22 16:19 -------- d-----w- c:\programdata\_comodo_
2009-10-29 18:13 . 2009-05-18 17:04 -------- d-----w- c:\program files\Rising
2009-10-29 18:12 . 2009-08-30 12:48 45 ----a-w- c:\windows\system32\drivers\RemoveAny.log
2009-10-29 18:12 . 2009-08-30 12:48 17391 ----a-w- c:\windows\system32\drivers\stwrte.log
2009-10-29 18:10 . 2009-05-18 17:05 -------- d-----w- c:\programdata\Rising
2009-10-17 15:28 . 2009-06-28 14:01 -------- d-----w- c:\users\Administrator\AppData\Roaming\dvdcss
2009-10-14 15:08 . 2009-01-22 19:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2009-10-14 15:08 . 2009-01-22 19:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2009-10-14 13:21 . 2009-02-14 17:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent
2009-10-12 23:33 . 2009-02-03 16:30 -------- d-----w- c:\program files\SpeedFan
2009-10-11 11:43 . 2009-03-23 13:46 -------- d-----w- c:\program files\MODEM Mobile Connection
2009-10-08 18:27 . 2008-12-08 11:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-12 20:26 . 2009-09-12 20:25 -------- d-----w- c:\program files\QuickTime
2009-09-12 20:25 . 2009-09-12 20:25 -------- d-----w- c:\programdata\Apple Computer
2009-09-12 20:17 . 2009-09-12 20:17 -------- d-----w- c:\program files\Common Files\Apple
2008-04-04 09:50 . 2008-04-04 09:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
------- Sigcheck -------
[-] 2008-01-26 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-04 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-01-22 1797880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll" [2008-04-05 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-683045695-1400479875-3975659601-500]
"EnableNotificationsRef"=dword:00000002
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [22.1.2009 17:15 99344]
R2 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R3 DynCal;Dynamic Calibration Service;c:\windows\System32\drivers\DynCal.sys [14.11.2003 3:46 8192]
R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [31.1.2009 21:39 19456]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\System32\drivers\ST50220.sys [23.2.2009 0:27 34224]
S1 RemoveAny;RemoveAny driver;c:\windows\System32\drivers\RemoveAny.sys [30.10.2008 18:19 11264]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [31.1.2009 21:39 61440]
S3 FLASHSYS;FLASHSYS;c:\windows\System32\drivers\FlashSys.sys [31.1.2008 17:18 9216]
S3 LWXKDIX;LWXKDIX;c:\users\ADMINI~1\AppData\Local\Temp\LWXKDIX.exe --> c:\users\ADMINI~1\AppData\Local\Temp\LWXKDIX.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\System32\drivers\modrc.sys [26.1.2009 15:24 13056]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\System32\drivers\snp325.sys [5.2.2009 13:28 10394624]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [13.4.2008 11:21 17920]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-28 c:\windows\Tasks\User_Feed_Synchronization-{DCDA7072-6E24-44EC-92F1-C3CCEC085D27}.job
- c:\windows\system32\msfeedssync.exe [2008-04-04 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: - Download &this page with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addsellinks.htm
IE: Download selected images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addselimgs.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\ProductsFoundry\WebCloner Standard 2.7\webcloner.exe
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - hxxp://www.flipviewer.com/exe/fv400p.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-10-29 21:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRD32.exe"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MediaCenter.DVR"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dvr-ms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MediaCenter.DVR-MS"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\winamp.exe"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
[HKEY_USERS\S-1-5-21-683045695-1400479875-3975659601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\System32\guard32.dll
- - - - - - - > 'lsass.exe'(720)
c:\windows\System32\guard32.dll
.
Completion time: 2009-10-29 21:50
ComboFix-quarantined-files.txt 2009-10-29 20:50
Pre-Run: 1.557.053.440 bytes free
Post-Run: 1.552.920.576 bytes free
- - End Of File - - E45C7E38DB04C1ABCFA823DACCE9F8EF
|
|
|
|
|
Poslao: 29 Okt 2009 22:32
|
offline
- Pridružio: 03 Dec 2007
- Poruke: 156
- Gde živiš: Novi Sad
|
Napisano: 29 Okt 2009 22:14
Cini mi se da brze kuca,i brze otvara stranice,a magle nema.Kao da je u redu.Vidi li se iz loga da je bilo nesto?
Dopuna: 29 Okt 2009 22:19
Jel treba da obrisem ove fajlove na desktopu,combofiks,DDS itd?
Dopuna: 29 Okt 2009 22:21
Ako je to sve,zahvaljujem na pomoci!
Dopuna: 29 Okt 2009 22:32
Imam jos jedno pitanje,kad sam iskljucivao antivirus COMODO,stavku Defense + security level ,sam stavio na disable a zaboravio sam na kojoj je bio,pa sta treba da izcekiram?
|
|
|
|
|
Poslao: 31 Okt 2009 14:13
|
offline
- Pridružio: 03 Dec 2007
- Poruke: 156
- Gde živiš: Novi Sad
|
Napisano: 30 Okt 2009 17:37
Kad sam odradio skeniranje nije hteo da otkljuca ni jedan folder,tek kad sam ga restartovao proradio je,evo ga log,a sad moram na posao pa se izvinjavam.
ComboFix 09-10-28.08 - Administrator 30.10.2009 16:59.2.2 - NTFSx86
Windows Windows Vista™ Extreme Edition 6.0.6001.1.1252.1.1033.18.2047.1467 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.
2009-10-30 16:19 . 2009-10-30 16:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-30 16:19 . 2009-10-30 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-30 15:59 . 2008-04-04 09:39 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-30 11:48 . 2009-10-30 11:48 -------- d-----w- c:\program files\MMRadio
2009-10-29 20:50 . 2009-10-30 16:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-27 15:19 . 2009-10-27 15:20 -------- d-----w- c:\program files\ffdshow
2009-10-27 15:02 . 2009-10-27 15:02 -------- d-----w- c:\program files\Lonely Cat Games
2009-10-23 11:38 . 2009-10-23 11:38 17408 --sh--r- c:\program files\captcha.dll
2009-10-23 11:38 . 2009-10-23 11:38 1 ---h--w- c:\windows\mmsmark2.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 11:24 . 2009-01-22 16:19 -------- d-----w- c:\programdata\_comodo_
2009-10-30 11:18 . 2009-08-30 12:48 45 ----a-w- c:\windows\system32\drivers\RemoveAny.log
2009-10-30 11:18 . 2009-08-30 12:48 17578 ----a-w- c:\windows\system32\drivers\stwrte.log
2009-10-29 18:13 . 2009-05-18 17:04 -------- d-----w- c:\program files\Rising
2009-10-29 18:10 . 2009-05-18 17:05 -------- d-----w- c:\programdata\Rising
2009-10-17 15:28 . 2009-06-28 14:01 -------- d-----w- c:\users\Administrator\AppData\Roaming\dvdcss
2009-10-14 15:08 . 2009-01-22 19:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2009-10-14 15:08 . 2009-01-22 19:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2009-10-14 13:21 . 2009-02-14 17:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent
2009-10-12 23:33 . 2009-02-03 16:30 -------- d-----w- c:\program files\SpeedFan
2009-10-11 11:43 . 2009-03-23 13:46 -------- d-----w- c:\program files\MODEM Mobile Connection
2009-10-08 18:27 . 2008-12-08 11:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-12 20:26 . 2009-09-12 20:25 -------- d-----w- c:\program files\QuickTime
2009-09-12 20:25 . 2009-09-12 20:25 -------- d-----w- c:\programdata\Apple Computer
2009-09-12 20:17 . 2009-09-12 20:17 -------- d-----w- c:\program files\Common Files\Apple
2008-04-04 09:50 . 2008-04-04 09:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
------- Sigcheck -------
[-] 2008-01-26 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-29_20.48.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 09:59 . 2009-10-30 11:21 49202 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-10-30 11:21 66334 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:00 . 2009-10-29 18:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-10-30 15:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-10-29 18:21 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-10-30 15:45 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-10-29 18:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-10-30 15:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-13 14:54 . 2009-10-29 13:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-13 14:54 . 2009-10-30 11:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-13 14:54 . 2009-10-30 11:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-13 14:54 . 2009-10-29 13:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-13 14:54 . 2009-10-30 11:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-13 14:54 . 2009-10-29 13:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-22 09:41 . 2009-10-29 18:15 7958 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-683045695-1400479875-3975659601-500_UserData.bin
+ 2009-01-22 09:41 . 2009-10-30 11:21 7958 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-683045695-1400479875-3975659601-500_UserData.bin
+ 2009-10-30 11:18 . 2009-10-30 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-29 18:12 . 2009-10-29 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-30 11:18 . 2009-10-30 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-29 18:12 . 2009-10-29 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-22 13:39 . 2009-10-30 15:40 409862 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 10:33 . 2009-10-29 18:18 598588 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-30 11:24 598588 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-29 18:18 102194 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-30 11:24 102194 c:\windows\System32\perfc009.dat
+ 2009-10-30 11:48 . 2009-10-30 11:48 199168 c:\windows\Installer\1bb934.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-04 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-01-22 1797880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll" [2008-04-05 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-683045695-1400479875-3975659601-500]
"EnableNotificationsRef"=dword:00000002
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [22.1.2009 17:15 99344]
R2 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R3 DynCal;Dynamic Calibration Service;c:\windows\System32\drivers\DynCal.sys [14.11.2003 3:46 8192]
R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [31.1.2009 21:39 19456]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\System32\drivers\ST50220.sys [23.2.2009 0:27 34224]
S1 RemoveAny;RemoveAny driver;c:\windows\System32\drivers\RemoveAny.sys [30.10.2008 18:19 11264]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [31.1.2009 21:39 61440]
S3 FLASHSYS;FLASHSYS;c:\windows\System32\drivers\FlashSys.sys [31.1.2008 17:18 9216]
S3 LWXKDIX;LWXKDIX;c:\users\ADMINI~1\AppData\Local\Temp\LWXKDIX.exe --> c:\users\ADMINI~1\AppData\Local\Temp\LWXKDIX.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\System32\drivers\modrc.sys [26.1.2009 15:24 13056]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\System32\drivers\snp325.sys [5.2.2009 13:28 10394624]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\System32\Ntaccess.sys [13.4.2008 11:21 17920]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-30 c:\windows\Tasks\User_Feed_Synchronization-{DCDA7072-6E24-44EC-92F1-C3CCEC085D27}.job
- c:\windows\system32\msfeedssync.exe [2008-04-04 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: - Download &this page with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addsellinks.htm
IE: Download selected images with WebCloner - c:\program files\ProductsFoundry\WebCloner Standard 2.7\addselimgs.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\ProductsFoundry\WebCloner Standard 2.7\webcloner.exe
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - hxxp://www.flipviewer.com/exe/fv400p.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-10-30 17:20
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP0000005F655C493038E79B3A 524288 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(720)
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscape.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll
.
Completion time: 2009-10-30 17:24
ComboFix-quarantined-files.txt 2009-10-30 16:24
ComboFix2.txt 2009-10-29 20:50
Pre-Run: 716.312.576 bytes free
Post-Run: 585.248.768 bytes free
- - End Of File - - B30DD1F988962A7721EA9167389551AE
Dopuna: 31 Okt 2009 14:13
Jel treba jos nesto?
|
|
|
|
|
Poslao: 31 Okt 2009 15:08
|
offline
- Pridružio: 03 Dec 2007
- Poruke: 156
- Gde živiš: Novi Sad
|
Uradjeno.Hvala puno na pomoci diarno!
|
|
|
|