Trebam pomoc, unapred hvala

2

Trebam pomoc, unapred hvala

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

OK. Resicemo to ovako:

Iskljuci Antivirus

Otvoriti Notepad i iskopirati sledeci tekst:

File::
D:\2fiji.com


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Javljam se sutra.

Dopuna: 11 Jan 2009 22:20

ComboFix 09-01-07.01 - Biscom 2009-01-11 21:53:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.503.151 [GMT 1:00]
Running from: c:\documents and settings\Biscom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Biscom\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
FW: COMODO Firewall Pro *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\2fiji.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\2fiji.com

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 20:48 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-01-11 10:17 --------- d-----w c:\program files\LeaguePad
2009-01-10 23:32 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-08 13:27 --------- d-----w c:\program files\Hewlett-Packard
2009-01-07 13:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-07 13:22 --------- d-----w c:\documents and settings\Biscom\Application Data\SUPERAntiSpyware.com
2009-01-07 13:22 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-06 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-01-06 20:25 87,056 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-01-06 20:25 249,592 ----a-w c:\windows\system32\cssdll32.dll
2009-01-06 20:25 24,208 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-01-06 20:25 143,104 ----a-w c:\windows\system32\guard32.dll
2009-01-06 20:25 --------- d-----w c:\program files\COMODO
2009-01-06 20:25 --------- d-----w c:\documents and settings\Biscom\Application Data\Comodo
2009-01-06 18:28 --------- d-----w c:\program files\AIMP2
2009-01-05 23:18 --------- d-----w c:\program files\uTorrent
2009-01-05 23:18 --------- d-----w c:\documents and settings\Biscom\Application Data\uTorrent
2009-01-04 13:11 --------- d-----w c:\program files\GoWin Deluxe45
2009-01-03 20:01 --------- d-----w c:\program files\Soccer Stats Tracker
2008-12-29 14:33 --------- d-----w c:\program files\PC Soccer
2008-12-24 11:39 --------- d-----w c:\program files\OpenOffice.org 2.0
2008-12-24 11:33 --------- d-----w c:\documents and settings\Biscom\Application Data\OpenOffice.org2
2008-12-16 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 09:51 --------- d-----w c:\program files\Oddswiz
2008-12-11 20:26 720,896 ----a-w c:\windows\iun6002.exe
2008-12-11 19:02 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-12-11 19:02 253,952 ------w c:\windows\Setup1.exe
2008-12-11 10:28 --------- d-----w c:\program files\Mobile Master
2008-12-10 17:40 --------- d-----w c:\program files\Bet For Win
2008-12-09 11:29 --------- d-----w c:\program files\Betting Genius 3.04 Trial Version
2008-12-03 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2008-12-03 12:38 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-03 12:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 12:33 --------- d-----w c:\program files\Firefly Studios
2008-11-29 19:47 --------- d-----w c:\program files\GameSpy Arcade
2008-11-27 23:38 --------- d-----w c:\program files\Mv2Player
2008-11-20 10:38 --------- d-----w c:\program files\THQ
2008-11-20 10:38 --------- d-----w c:\program files\Desktop Currency Converter
2008-11-18 18:30 --------- d-----w c:\documents and settings\Biscom\Application Data\Free Download Manager
2008-11-13 14:24 --------- d-----w c:\program files\LingvoSoft
2006-07-30 22:20 959 --sha-r c:\windows\system32\autorun.bin
.

((((((((((((((((((((((((((((( snapshot@2009-01-07_21.36.41.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 18:49:28 69,750 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-11 20:37:02 69,750 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-07 18:49:28 414,216 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-11 20:37:02 414,216 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-20 950664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-06 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-06 1655552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 01:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2009-01-06 21:24 1655552 c:\program files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"hpqwmiex"=2 (0x2)
"AdobeActiveFileMonitor6.0"=2 (0x2)
"RichVideo"=3 (0x3)
"CiSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"cmdAgent"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
"Free Uploader Oe Integration"=c:\program files\Free Download Manager\FUM\fumoei.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-06 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-06 24208]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-03-06 3026]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-20 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37:48 41456]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
S4 qxvbq;Monitor Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
qxvbq
.
Contents of the 'Scheduled Tasks' folder

2009-01-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2009-01-11 c:\windows\Tasks\Winamp.job
- c:\progra~1\Winamp\winamp.exe [2007-12-20 16:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: content.switch.threshold - 750000
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: network.http.max-connections-per-server - 4
c:\program files\Mozilla Firefox 3 Beta 4\greprefs\all.js - pref("security.fileuri.origin_policy", 2);
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-11 21:57:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxvbq]
"ServiceDll"="c:\windows\system32\nlpkuomc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-616249376-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-01-11 22:01:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-11 21:01:31
ComboFix2.txt 2009-01-11 20:37:53
ComboFix3.txt 2009-01-10 12:16:21
ComboFix4.txt 2009-01-08 14:03:54
ComboFix5.txt 2009-01-11 20:51:02

Pre-Run: 26,927,882,240 bytes free
Post-Run: 26,913,431,552 bytes free

231

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Da li si ti dirao nesto na svoju ruku, a ja po logovima mogu reci da jesi?

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Ne znam kako ali se stanje vratilo na staro, opet sam pokupio istu stvar.Vjerovatno mi je na sticku.Onda sam ponovio proceduru.Nemoj mi reci da sam nesto zeznuo.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Ja te lepo pitam da li si nesto radio na svoju ruku i sta? Pokretao si CF 10.1.2009. Zasto???

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Pokretao sam ga da obrisem fajl D:\2fiji.com, onda je bilo sve u redu.Medjutim posle toga se virus ili sta vec vratio pa sam, opet ponaavljam, ponovio citavu proceduru.Sad nema prijasnjih simptoma niti fajla 2fiji.com.Izgleda da je sve u redu.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Priloži dobijeni izveštaj uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Sve sam uradio kako si rekao, ali se RootRepeal sam ugasio posle 2-3 min.
Nasao sam log u kome ovo pise:

ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x0042425b
Attempt to read from address: 0x00000008

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8466
  • Gde živiš: Novi Beograd

Izvini na cimanju, ali infekcija se ponovo vraca.

Postavi mi novi HJT log, ComboFix log i uradices sledece skeniranje:

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:37 AM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Networking Wizard\mngui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\Biscom\Desktop\New Folder\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4CFF1B5-A265-42F2-BDC9-3AB35230648B}: NameServer = 81.93.67.2 81.93.67.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6626 bytes

Dopuna: 15 Jan 2009 0:58

ComboFix 09-01-07.01 - Biscom 2009-01-15 0:45:02.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.503.137 [GMT 1:00]
Running from: c:\documents and settings\Biscom\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
FW: COMODO Firewall Pro *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-08 14:27 . 2009-01-08 14:27 <DIR> d-------- C:\spoolerlogs
2009-01-07 14:22 . 2009-01-11 00:32 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\documents and settings\Biscom\Application Data\SUPERAntiSpyware.com
2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-06 21:25 . 2009-01-06 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-01-06 21:25 . 2009-01-06 21:25 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-06 21:25 . 2009-01-06 21:25 143,104 --a------ c:\windows\system32\guard32.dll
2009-01-06 21:25 . 2009-01-06 21:25 87,056 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-01-06 21:25 . 2009-01-06 21:25 24,208 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-01-04 17:01 . 2009-01-06 00:18 <DIR> d-------- c:\program files\uTorrent
2008-12-28 17:13 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-28 17:13 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-28 17:13 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-28 17:13 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-24 12:33 . 2008-12-24 12:33 <DIR> d-------- c:\documents and settings\Biscom\Application Data\OpenOffice.org2
2008-12-24 12:32 . 2008-12-24 12:39 <DIR> d-------- c:\program files\OpenOffice.org 2.0
2008-12-24 10:46 . 2008-12-24 10:46 265,728 --a------ c:\windows\system32\MSCOMCTL.oca
2008-12-24 10:46 . 2008-12-24 10:46 64,000 --a------ c:\windows\system32\RICHTX32.oca
2008-12-24 10:46 . 2008-12-24 10:46 35,840 --a------ c:\windows\system32\comdlg32.oca
2008-12-24 10:23 . 2008-12-24 10:23 69,632 --a------ c:\windows\system32\MSDATLST.oca
2008-12-24 10:23 . 2008-12-24 10:23 65,536 --a------ c:\windows\system32\MSDATGRD.oca
2008-12-24 10:23 . 2008-12-24 10:23 44,032 --a------ c:\windows\system32\MSDATREP.oca
2008-12-24 10:23 . 2008-12-24 10:23 35,840 --a------ c:\windows\system32\MSADODC.oca

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 23:36 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4
2009-01-11 10:17 --------- d-----w c:\program files\LeaguePad
2009-01-08 13:27 --------- d-----w c:\program files\Hewlett-Packard
2009-01-07 13:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-06 20:25 --------- d-----w c:\program files\COMODO
2009-01-06 20:25 --------- d-----w c:\documents and settings\Biscom\Application Data\Comodo
2009-01-06 18:28 --------- d-----w c:\program files\AIMP2
2009-01-05 23:18 --------- d-----w c:\documents and settings\Biscom\Application Data\uTorrent
2009-01-04 13:11 --------- d-----w c:\program files\GoWin Deluxe45
2009-01-03 20:01 --------- d-----w c:\program files\Soccer Stats Tracker
2008-12-29 14:33 --------- d-----w c:\program files\PC Soccer
2008-12-16 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 09:51 --------- d-----w c:\program files\Oddswiz
2008-12-11 20:26 720,896 ----a-w c:\windows\iun6002.exe
2008-12-11 19:02 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-12-11 19:02 253,952 ------w c:\windows\Setup1.exe
2008-12-11 10:28 --------- d-----w c:\program files\Mobile Master
2008-12-10 17:40 --------- d-----w c:\program files\Bet For Win
2008-12-09 11:29 --------- d-----w c:\program files\Betting Genius 3.04 Trial Version
2008-12-03 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2008-12-03 12:38 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-03 12:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 12:33 --------- d-----w c:\program files\Firefly Studios
2008-11-29 19:47 --------- d-----w c:\program files\GameSpy Arcade
2008-11-27 23:38 --------- d-----w c:\program files\Mv2Player
2008-11-20 10:38 --------- d-----w c:\program files\THQ
2008-11-20 10:38 --------- d-----w c:\program files\Desktop Currency Converter
2008-11-18 18:30 --------- d-----w c:\documents and settings\Biscom\Application Data\Free Download Manager
2006-07-30 22:20 959 --sha-r c:\windows\system32\autorun.bin
.

((((((((((((((((((((((((((((( snapshot@2009-01-07_21.36.41.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-07 18:49:28 69,750 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-13 19:04:25 69,750 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-07 18:49:28 414,216 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-13 19:04:25 414,216 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-20 950664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-06 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-06 1655552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 01:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2009-01-06 21:24 1655552 c:\program files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"hpqwmiex"=2 (0x2)
"AdobeActiveFileMonitor6.0"=2 (0x2)
"RichVideo"=3 (0x3)
"CiSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"cmdAgent"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
"Free Uploader Oe Integration"=c:\program files\Free Download Manager\FUM\fumoei.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-06 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-06 24208]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-03-06 3026]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-20 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37:48 41456]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
S4 qxvbq;Monitor Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
qxvbq
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

2009-01-13 c:\windows\Tasks\Winamp.job
- c:\progra~1\Winamp\winamp.exe [2007-12-20 16:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
LSP: c:\windows\system32\imon.dll
TCP: {D4CFF1B5-A265-42F2-BDC9-3AB35230648B} = 81.93.67.2 81.93.67.6
FF - ProfilePath - c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561457&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: content.switch.threshold - 750000
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: network.http.max-connections-per-server - 4
c:\program files\Mozilla Firefox 3 Beta 4\greprefs\all.js - pref("security.fileuri.origin_policy", 2);
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-15 00:47:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxvbq]
"ServiceDll"="c:\windows\system32\nlpkuomc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-616249376-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948-)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1004)
c:\windows\system32\imon.dll
.
Completion time: 2009-01-15 0:48:33
ComboFix-quarantined-files.txt 2009-01-14 23:48:30
ComboFix2.txt 2009-01-11 21:01:39
ComboFix3.txt 2009-01-11 20:37:53
ComboFix4.txt 2009-01-10 12:16:21
ComboFix5.txt 2009-01-14 23:44:36

Pre-Run: 26,916,245,504 bytes free
Post-Run: 26,906,857,472 bytes free

231

Dopuna: 15 Jan 2009 1:11

mycity.rs/must-login.png

mycity.rs/must-login.png

Ko je trenutno na forumu
 

Ukupno su 794 korisnika na forumu :: 33 registrovanih, 8 sakrivenih i 753 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., amaterSRB, Apok, Brankoni, celik, dragon986, FOX, Haryy, HDMI, Helket, HrcAk47, ILGromovnik, kreza, krlebgd77, ljuba, Marko Marković, Milan A. Nikolic, nemkea71, nikoladim, nuke92, perica5, Pohovani_00, powSrb, ruso, Steeeefan, Toni, Trpe Grozni, Vlada78, vlvl, Wisdomseeker, zixmix, zoranis