[ biske86 @ 13.08.2008. 17:38 ] @
| Ovo je ComboFix log: ComboFix 08-08-12.01 - biske 2008-08-13 18:04:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1370 [GMT -4:00] Running from: D:\Download\Programi\ComboFix.exe * Created a new restore point * Resident AV is active [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mdm.exe . ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))) . 2008-08-13 17:29 . 2008-08-13 17:29 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-08-13 16:29 . 2008-08-13 16:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-13 16:29 . 2008-08-13 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-13 16:24 . 2008-08-13 16:24 <DIR> d-------- C:\Program Files\Lavalys 2008-08-10 22:42 . 2008-08-10 23:04 7,033 --a------ C:\WINDOWS\erwin40.ini 2008-08-09 23:48 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll 2008-08-09 23:48 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll 2008-08-09 23:48 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll 2008-08-09 23:48 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-08-09 23:48 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx 2008-08-09 23:48 . 2008-08-09 23:48 156,910 --a------ C:\WINDOWS\WMSysPr8.prx 2008-08-08 17:30 . 2008-08-08 17:30 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-08-08 17:27 . 2008-08-08 17:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-08-08 17:27 . 2008-08-08 17:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-08-08 17:24 . 2008-08-13 01:18 <DIR> d-------- C:\Program Files\XP Codec Pack 2008-08-07 11:08 . 2001-01-09 09:58 8,811 --a------ C:\WINDOWS\system32\drivers\SetupSys.sys 2008-08-06 18:48 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-08-06 18:48 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-06 18:48 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-08-06 18:48 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-08-06 16:00 . 2008-08-09 23:48 <DIR> d-------- C:\Program Files\Sony 2008-08-06 16:00 . 2008-08-06 16:00 <DIR> d-------- C:\Documents and Settings\biske\Application Data\Sony 2008-08-06 15:59 . 2008-08-09 23:47 <DIR> d-------- C:\Program Files\Sony Setup 2008-08-06 14:27 . 2008-08-06 14:27 <DIR> d-------- C:\Program Files\Yahoo! 2008-08-02 14:16 . 2008-08-02 14:16 <DIR> d-------- C:\Documents and Settings\biske\Application Data\Creative 2008-07-31 15:55 . 1997-11-19 15:31 143,360 --a------ C:\WINDOWS\system32\isdbgi51.dll 2008-07-31 15:55 . 1996-09-17 17:46 0 --a------ C:\WINDOWS\Isdbg.ini 2008-07-31 15:54 . 2008-07-31 15:54 <DIR> d-------- C:\Program Files\InstallShield 2008-07-31 15:54 . 1997-11-19 15:47 303,616 --a------ C:\WINDOWS\IsUninst.exe 2008-07-31 15:53 . 2008-07-31 15:53 <DIR> d-------- C:\Documents and Settings\biske\WINDOWS 2008-07-31 15:51 . 2008-08-10 21:25 185 --a------ C:\WINDOWS\mdm.ini 2008-07-31 15:46 . 2008-07-31 15:46 <DIR> d-------- C:\Program Files\Web Publish 2008-07-30 14:57 . 2008-07-30 15:52 <DIR> d-------- C:\Program Files\Portable MV2 Player 2008-07-29 15:14 . 2008-07-29 15:14 <DIR> d-------- C:\Documents and Settings\biske\Application Data\Nokia Multimedia Player 2008-07-29 14:29 . 2008-07-29 14:29 <DIR> d-------- C:\Documents and Settings\biske\Application Data\Nokia 2008-07-29 14:27 . 2008-07-29 14:27 <DIR> d-------- C:\Program Files\Nokia 2008-07-29 14:27 . 2008-07-29 14:27 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-07-29 14:27 . 2008-07-29 14:27 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-07-29 14:27 . 2008-07-29 14:27 <DIR> d-------- C:\Documents and Settings\biske\Application Data\PC Suite 2008-07-29 14:26 . 2008-07-29 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-07-28 13:03 . 2008-08-06 14:39 <DIR> d-------- C:\Magacioner 2008-07-28 12:57 . 2008-07-28 13:04 <DIR> d-------- C:\Program Files\PTT Counter 2008-07-28 02:35 . 2008-07-28 02:35 <DIR> d--h----- C:\WINDOWS\PIF 2008-07-27 15:00 . 2008-07-27 15:00 <DIR> d-------- C:\Program Files\MADteam 2008-07-27 14:07 . 2008-07-27 14:08 <DIR> d-------- C:\Program Files\WinHTTrack 2008-07-26 19:11 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-07-26 19:11 . 2008-07-31 15:50 636 --a------ C:\WINDOWS\ODBC.INI 2008-07-26 18:50 . 2008-07-26 18:51 <DIR> d-------- C:\Program Files\Winamp 2008-07-26 18:50 . 2008-07-26 18:51 <DIR> d-------- C:\Documents and Settings\biske\Application Data\Winamp 2008-07-26 18:50 . 2007-03-07 19:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-07-26 18:50 . 2007-03-07 19:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-07-26 18:50 . 2007-03-07 19:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-07-26 18:44 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-07-26 18:43 . 2008-07-26 18:43 <DIR> d-------- C:\Program Files\MSBuild 2008-07-26 18:43 . 2008-07-26 18:43 <DIR> d-------- C:\Program Files\Microsoft Works 2008-07-26 18:41 . 2008-07-26 18:41 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-07-26 18:40 . 2008-07-26 18:40 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-07-26 18:39 . 2008-07-26 18:42 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-26 18:39 . 2008-07-26 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-26 18:38 . 2008-07-26 18:38 <DIR> dr-h----- C:\MSOCache 2008-07-25 22:38 . 2008-07-25 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-07-25 22:36 . 2008-07-25 22:36 <DIR> d-------- C:\Documents and Settings\biske\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-07-25 22:34 . 2008-07-25 22:34 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-07-25 20:18 . 2008-07-25 20:18 <DIR> d-------- C:\Program Files\QuickTime 2008-07-25 20:16 . 2008-07-25 20:16 <DIR> d-------- C:\Program Files\Bonjour 2008-07-25 20:09 . 2008-07-25 20:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-07-25 19:59 . 2008-07-25 19:59 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-07-25 19:58 . 2007-03-07 19:51 43,528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-07-25 19:54 . 2008-07-25 19:54 <DIR> d-------- C:\Documents and Settings\biske\Application Data\CyberLink 2008-07-25 18:37 . 2008-07-25 18:37 <DIR> d-------- C:\Documents and Settings\biske\Application Data\Nero 2008-07-25 18:36 . 2008-07-25 18:36 <DIR> d-------- C:\Program Files\Nero 2008-07-25 18:36 . 2008-07-25 18:36 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-07-25 18:36 . 2008-07-25 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-07-25 18:36 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll 2008-07-25 18:36 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll 2008-07-25 18:36 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll 2008-07-25 18:36 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll 2008-07-25 18:36 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll 2008-07-25 16:54 . 2008-07-31 17:48 <DIR> d-------- C:\Program Files\CyberLink 2008-07-25 16:54 . 2008-07-25 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-07-25 12:09 . 2008-07-25 12:09 <DIR> d-------- C:\Program Files\DivX 2008-07-24 21:57 . 2007-08-24 18:00 172,032 --a------ C:\WINDOWS\system32\igfxres.dll 2008-07-24 21:55 . 2005-08-12 16:50 16,128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS 2008-07-24 21:54 . 2008-07-24 21:54 76 -r-hs---- C:\WINDOWS\CT4CET.bin 2008-07-24 21:53 . 2008-07-24 21:53 <DIR> d-------- C:\Program Files\Creative Live! Cam 2008-07-24 21:53 . 2008-07-24 21:53 <DIR> d-------- C:\Program Files\Common Files\Reallusion 2008-07-24 21:53 . 2007-02-14 12:27 5,627,904 --a------ C:\WINDOWS\system32\LiveCamVirtual.ocx 2008-07-24 21:53 . 2003-03-19 08:19 1,060,864 --------- C:\WINDOWS\system32\MFC71.DLL 2008-07-24 21:53 . 2008-07-31 17:46 505,392 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-07-24 21:53 . 2003-02-20 23:42 348,160 --------- C:\WINDOWS\system32\msvcr71.dll 2008-07-24 21:52 . 2008-07-24 21:53 <DIR> d-------- C:\Program Files\Creative 2008-07-24 21:46 . 2007-12-24 05:27 78,720 -----c--- C:\WINDOWS\system32\dllcache\sdbus.sys 2008-07-24 21:46 . 2007-12-24 05:20 12,032 -----c--- C:\WINDOWS\system32\dllcache\sffdisk.sys 2008-07-24 21:46 . 2007-12-24 05:20 11,008 -----c--- C:\WINDOWS\system32\dllcache\sffp_sd.sys 2008-07-24 21:46 . 2007-12-24 05:20 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-07-24 21:46 . 2007-12-24 05:20 10,240 -----c--- C:\WINDOWS\system32\dllcache\sffp_mmc.sys 2008-07-24 21:46 . 2008-07-24 21:46 5 --a------ C:\WINDOWS\system32\drivers\DELL_INS_1525.MRK 2008-07-24 21:46 . 2008-07-24 21:46 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_INS_1525.MRK 2008-07-24 21:45 . 2008-07-24 21:45 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-24 21:45 . 2006-10-30 08:13 2,182,016 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-07-24 21:45 . 2006-10-30 08:11 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-07-24 21:45 . 2006-10-30 07:27 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-07-24 21:44 . 2005-07-08 14:19 666 --a------ C:\WINDOWS\speed.reg 2008-07-24 21:41 . 2008-07-24 21:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel 2008-07-24 21:41 . 2008-07-24 21:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel 2008-07-24 21:41 . 2008-07-24 21:41 <DIR> d-------- C:\Documents and Settings\biske\Application Data\Intel 2008-07-24 21:41 . 2008-07-24 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel 2008-07-24 21:41 . 2008-07-24 21:41 356,352 --a------ C:\WINDOWS\system32\AegisI5Installer.exe 2008-07-24 21:41 . 2008-07-24 21:41 21,393 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-07-24 21:41 . 2008-07-24 21:41 21,393 --a------ C:\WINDOWS\AegisP.sys 2008-07-24 21:41 . 2008-07-24 21:41 13,864 --a------ C:\WINDOWS\AegisP.inf 2008-07-24 21:41 . 2008-07-24 21:41 10,640 --a------ C:\WINDOWS\AegisP.cat 2008-07-24 21:37 . 2008-07-24 21:37 <DIR> d-------- C:\Program Files\Marvell 2008-07-24 21:36 . 2008-07-24 21:36 <DIR> d-------- C:\Documents and Settings\biske\Application Data\TMP 2008-07-24 21:32 . 2008-07-24 21:32 <DIR> d-------- C:\Program Files\CONEXANT 2008-07-24 21:32 . 2006-11-02 18:47 989,696 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys 2008-07-24 21:32 . 2006-11-02 18:46 730,112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys 2008-07-24 21:32 . 2006-11-02 18:47 209,152 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys 2008-07-24 21:32 . 2006-11-07 09:54 172,032 --a------ C:\WINDOWS\system32\Uci32114.dll 2008-07-24 21:32 . 2006-09-29 12:14 144,360 --a------ C:\WINDOWS\system32\drivers\del1028.cty 2008-07-24 21:32 . 2006-06-19 13:26 94,208 --a------ C:\WINDOWS\system32\mdmxsdk.dll 2008-07-24 21:32 . 2006-06-19 13:26 12,672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-07-24 21:28 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-24 21:28 . 2008-07-24 21:28 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-07-24 21:28 . 2008-07-24 21:28 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-31 21:45 --------- d-----w C:\Program Files\LClock 2008-07-25 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-25 01:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-25 00:03 --------- d-----w C:\Program Files\CA 2008-07-24 23:40 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072] "Di dictionary"="C:\Program Files\Di recnik\Di.exe" [2005-07-05 14:09 496640] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-12-02 08:37 184320] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Start monitoring.lnk - C:\Program Files\PTT Counter\PTT.exe [2007-01-07 18:06:11 547328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codec"= l3codecp.acm "vidc.ffds"= ffdshow.ax "vidc.XVID"= xvid.dll "vidc.3ivx"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.i263"= i263_32.drv "VIDC.i420"= i263_32.drv "msacm.imc"= imc32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^biske^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\biske\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2007-10-25 13:31 167936 C:\Program Files\DellTPad\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] --a------ 2007-10-09 19:17 2183168 C:\WINDOWS\system32\WLTRAY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-09-01 09:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] --a------ 2007-12-10 18:06 1228800 C:\Program Files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager] --------- 2007-07-27 16:43 118784 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-09-05 17:13 166424 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-09-05 17:13 141848 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] --a------ 2007-07-25 16:30 974848 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] --a------ 2007-07-25 16:32 823296 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LockStatusTray] --a------ 2008-02-19 11:07 192512 C:\WINDOWS\LockStatusTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] --a------ 2007-05-10 01:01 36864 C:\WINDOWS\OEM02Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2005-12-13 08:49 217088 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a------ 2005-11-30 16:56 1306624 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-09-05 17:13 137752 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 16:24 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2007-05-10 10:22 405504 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray] --a------ 2007-06-23 14:28 331851 C:\Program Files\Dell\Dell Mobile Broadband\systray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2005-12-08 13:55 3096576 C:\Program Files\Yahoo!\Messenger\YPager.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [2007-05-04 23:00] R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-06-01 13:57] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-07-18 01:02] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 18:45] S2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [2003-01-17 17:47] S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-08 01:00] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-05-30 16:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c07c5658-59b3-11dd-a4e9-806d6172696f}] \Shell\AutoRun\command - E:\start.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-LClock - C:\Program Files\LClock\LClock.exe MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 -: Translate with Di dictionary - O17 -: HKLM\CCS\Interface\{9BB51160-66C9-455D-894C-11B07F13DF8A}: NameServer = 213.244.255.2 213.244.255.3 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 18:06:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-08-13 18:07:07 ComboFix-quarantined-files.txt 2008-08-13 22:06:51 Pre-Run: 13,450,076,160 bytes free Post-Run: 13,455,720,448 bytes free 268 Pomoću hijack sam generisao sledeći log: StartupList report, 13/Aug/2008, 18:19:25 StartupList version: 1.52 Started from : D:\Programi\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PTT Counter\PTT.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\explorer.exe D:\Programi\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Start monitoring.lnk = C:\Program Files\PTT Counter\PTT.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice Di dictionary = "C:\Program Files\Di recnik\Di.exe" MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater] = -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\test0123 => C:\Qoobox\Quarantine\C\MoveEx_test0123.vir||| -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 5,357 bytes Report generated in 0.047 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only kao i sledećo log: Logfile of HijackThis v1.97.7 Scan saved at 18:22:04, on 13/Aug/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PTT Counter\PTT.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\explorer.exe D:\Programi\HijackThis\HijackThis.exe C:\WINDOWS\system32\notepad.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Di dictionary] "C:\Program Files\Di recnik\Di.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Start monitoring.lnk = C:\Program Files\PTT Counter\PTT.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send to OneNote (HKLM) O9 - Extra 'Tools' menuitem: S&end to OneNote (HKLM) O9 - Extra button: Run WinHTTrack (HKLM) O9 - Extra 'Tools' menuitem: Launch WinHTTrack (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: @btrez.dll,-4015 (HKLM) O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 (HKLM) O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{9BB51160-66C9-455D-894C-11B07F13DF8A}: NameServer = 213.244.255.2 213.244.255.3 Laptop mi se nešto čudno ponaša jer sad ne mogu da pustam filmove a do pre par dana sam mogao bez problema iako nisam ništa dirao oko kodeka. DVD filmove mogu da pustim normalno ali ne mogu divx nikako. Javlja mi sledeću grešku: File: D:\Filmovi\Crni Gruja i kamen mudrosti (2007)\CrniGrujaiKamenMudrosti.avi Some of the streams in this movie are in an unsupported format. (XVID MP3) For playing XVID streams you need one of these filters: -ffdshow.ax (ffdshow MPEG-4 Video Decoder) -xvid.ax (Xvid MPEG-4 Video Decoder) Instalirao sam paket kodeka CodecXP i kao što rekoh do pre koji dan mi je sve super radilo. Još jedan problem ko koji sam naišao je da ne mogu da igram Need for Speed Carbon jer mi javlja onu grešku sa send i dont send i kad poiskljucujem neke procese onda mi ne javlja ovu grešku. Isto se dešava na bratovom računaru kome sam ja insalirao xp (mislim na problem sa puštanjem filmova). Ima li pomoći ili mora da ide reinstalacija (bolje bi bilo da ne mora pošto nemam baš vremena za to jer sam usred posla). |