offline
- 50nE
- Građanin
- Pridružio: 01 Nov 2008
- Poruke: 87
- Gde živiš: Kragujevac
|
Napisano: 28 Jul 2010 21:05
Da li znaš za šta je namenjen ovaj fajl aec.sys? Toliko muke oko njega..
Kako da pobrišem ove ostake?
Kada palim komp pita me da izaberem između Windows XP i nešto Recovery...
znam samo da ima veze sa combo fix-om..
Kako mi sve izgleda na prvi pogled sve se vratilo u normalu..Zvuk "WELCOME" se ujednačio sa slikom,net radi OK Google Chrom,takođe!
Čini mi se da je sada sve Ok! Da li sam u pravu evo pogledaj CF Log! Hvala ti! Što se tiče zipovanih fajlova C://Avanger obrisano je!
ComboFix 10-07-27.05 - Sone 28.07.2010 20:55:46.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.316 [GMT 2:00]
Running from: c:\documents and settings\Sone\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.
2010-07-28 18:27 . 2010-07-28 18:27 -------- d-sh--w- c:\documents and settings\Administrator.NEBOJSA\IETldCache
2010-07-28 01:11 . 2010-07-28 01:11 676224 ----a-w- c:\windows\system32\ogacheckcontrol.dll
2010-07-28 00:36 . 2010-07-28 00:36 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 18:50 . 2009-12-15 16:39 16 ----a-w- c:\windows\system32\magicpvt.dat
2010-07-28 13:47 . 2009-03-20 09:32 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-07-28 02:14 . 2009-05-04 03:30 -------- d-----w- c:\program files\Uniblue
2010-07-28 02:13 . 2009-03-20 19:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-28 01:15 . 2010-01-05 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 00:38 . 2009-05-04 02:23 -------- d-----w- c:\documents and settings\Sone\Application Data\Media Player Classic
2010-07-28 00:16 . 2009-05-04 03:33 -------- d-----w- c:\documents and settings\Sone\Application Data\uniblue
2010-07-24 11:17 . 2009-06-18 23:43 -------- d-----w- c:\program files\Red-Devils S©®ipt
2010-07-12 18:29 . 2009-12-15 16:39 32 ----a-w- c:\windows\system32\driver.dat
2010-06-22 22:01 . 2009-03-20 17:12 -------- d-----w- c:\documents and settings\Sone\Application Data\Winamp
2010-06-19 21:58 . 2009-03-25 16:26 -------- d-----w- c:\documents and settings\Sone\Application Data\uTorrent
2010-06-19 10:17 . 2010-06-19 10:17 -------- d-----w- c:\program files\MB2
2010-06-14 14:31 . 2009-03-20 08:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 02:14 . 2009-03-20 17:06 -------- d-----w- c:\program files\Valve
2010-06-07 11:45 . 2009-11-20 23:10 -------- d-----w- c:\documents and settings\Sone\Application Data\Skype
2010-06-07 06:00 . 2009-11-20 23:14 -------- d-----w- c:\documents and settings\Sone\Application Data\skypePM
2010-06-07 02:22 . 2009-06-26 12:30 -------- d-----w- c:\documents and settings\Sone\Application Data\AIMP
2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\ImTranslator_Pro
2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\Conduit
2010-05-27 23:04 . 2009-03-20 09:23 18048 ----a-w- c:\documents and settings\Sone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\MB2\tbMB2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
2010-05-20 13:35 2675296 ----a-w- c:\program files\ImTranslator_Pro\tbImTr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-20 16:57 133104 ----atw- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]
2008-02-11 11:07 1097728 ----a-w- c:\program files\MagicRotation\MagicPvt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-24 17:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [15.12.2009 18:39 9728]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:48 108289]
S0 yiuukchi;yiuukchi; [x]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2009 15:10 685816]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
Contents of the 'Scheduled Tasks' folder
2010-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 17:21]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003Core.job
- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003UA.job
- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-07-28 21:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:2b,fa,b8,ad,54,7c,53,28,9e,8f,71,42,2c,ae,45,69,df,2a,49,e8,
cf,47,a7,a9,06,88,97,76,2f,eb,5b,48,82,e4,e1,ed,48,09,f0,37,bd,3f,3b,22,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4020)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-28 21:04:16
ComboFix-quarantined-files.txt 2010-07-28 19:04
Pre-Run: 2.874.806.272 bytes free
Post-Run: 2.870.112.256 bytes free
- - End Of File - - 30939205979DB912BFD178415572CDA5
Dopuna: 28 Jul 2010 21:08
Da li znaš za šta je namenjen ovaj fajl aec.sys? Toliko muke oko njega..
Kako da pobrišem ove ostake?
Kada palim komp pita me da izaberem između Windows XP i nešto Recovery...
znam samo da ima veze sa combo fix-om..
Kako mi sve izgleda na prvi pogled sve se vratilo u normalu..Zvuk "WELCOME" se ujednačio sa slikom,net radi OK Google Chrom,takođe!
Čini mi se da je sada sve Ok! Da li sam u pravu evo pogledaj CF Log! Hvala ti! A što se tiče zipovanih fajlova C://Avanger,obrisani su!
ComboFix 10-07-27.05 - Sone 28.07.2010 20:55:46.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.316 [GMT 2:00]
Running from: c:\documents and settings\Sone\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.
2010-07-28 18:27 . 2010-07-28 18:27 -------- d-sh--w- c:\documents and settings\Administrator.NEBOJSA\IETldCache
2010-07-28 01:11 . 2010-07-28 01:11 676224 ----a-w- c:\windows\system32\ogacheckcontrol.dll
2010-07-28 00:36 . 2010-07-28 00:36 -------- d-----w- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 18:50 . 2009-12-15 16:39 16 ----a-w- c:\windows\system32\magicpvt.dat
2010-07-28 13:47 . 2009-03-20 09:32 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-07-28 02:14 . 2009-05-04 03:30 -------- d-----w- c:\program files\Uniblue
2010-07-28 02:13 . 2009-03-20 19:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-28 01:15 . 2010-01-05 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-28 00:38 . 2009-05-04 02:23 -------- d-----w- c:\documents and settings\Sone\Application Data\Media Player Classic
2010-07-28 00:16 . 2009-05-04 03:33 -------- d-----w- c:\documents and settings\Sone\Application Data\uniblue
2010-07-24 11:17 . 2009-06-18 23:43 -------- d-----w- c:\program files\Red-Devils S©®ipt
2010-07-12 18:29 . 2009-12-15 16:39 32 ----a-w- c:\windows\system32\driver.dat
2010-06-22 22:01 . 2009-03-20 17:12 -------- d-----w- c:\documents and settings\Sone\Application Data\Winamp
2010-06-19 21:58 . 2009-03-25 16:26 -------- d-----w- c:\documents and settings\Sone\Application Data\uTorrent
2010-06-19 10:17 . 2010-06-19 10:17 -------- d-----w- c:\program files\MB2
2010-06-14 14:31 . 2009-03-20 08:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 02:14 . 2009-03-20 17:06 -------- d-----w- c:\program files\Valve
2010-06-07 11:45 . 2009-11-20 23:10 -------- d-----w- c:\documents and settings\Sone\Application Data\Skype
2010-06-07 06:00 . 2009-11-20 23:14 -------- d-----w- c:\documents and settings\Sone\Application Data\skypePM
2010-06-07 02:22 . 2009-06-26 12:30 -------- d-----w- c:\documents and settings\Sone\Application Data\AIMP
2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\ImTranslator_Pro
2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\Conduit
2010-05-27 23:04 . 2009-03-20 09:23 18048 ----a-w- c:\documents and settings\Sone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\MB2\tbMB2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
2010-05-20 13:35 2675296 ----a-w- c:\program files\ImTranslator_Pro\tbImTr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296]
"{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
[HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-20 16:57 133104 ----atw- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]
2008-02-11 11:07 1097728 ----a-w- c:\program files\MagicRotation\MagicPvt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-24 17:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [15.12.2009 18:39 9728]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:48 108289]
S0 yiuukchi;yiuukchi; [x]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2009 15:10 685816]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
Contents of the 'Scheduled Tasks' folder
2010-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 17:21]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003Core.job
- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57]
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003UA.job
- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-07-28 21:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:2b,fa,b8,ad,54,7c,53,28,9e,8f,71,42,2c,ae,45,69,df,2a,49,e8,
cf,47,a7,a9,06,88,97,76,2f,eb,5b,48,82,e4,e1,ed,48,09,f0,37,bd,3f,3b,22,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4020)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-28 21:04:16
ComboFix-quarantined-files.txt 2010-07-28 19:04
Pre-Run: 2.874.806.272 bytes free
Post-Run: 2.870.112.256 bytes free
- - End Of File - - 30939205979DB912BFD178415572CDA5
|