problem sa windows explorerom

1

problem sa windows explorerom

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:11 AM, on 7/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Faster Than Ever\fte.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MorEmoticons\MorEmoticons.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Juca\Desktop\Nova mapa\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ysfte] C:\Program Files\Faster Than Ever\fte.exe ns
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.e_e
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MorEmoticons] C:\Program Files\MorEmoticons\MorEmoticons.exe /Minimize
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Startup: Moo0 SystemMonitor 1.35.lnk.disabled
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Software Director Scheduler.lnk = C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bw+0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: Wyyo Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo125.exe (file missing)

--
End of file - 25082 bytes

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

ComboFix 09-07-20.04 - Juca 07/21/2009 7:52.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.2046.1407 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Juca\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Juca\Local Settings\Temp\IadHide5.dll
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\Installer\c658f1.msi
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-19 05:02 . 2004-08-03 22:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-19 05:02 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-19 05:02 . 2001-08-17 20:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-19 05:02 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-19 05:02 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-19 05:01 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-19 05:01 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-19 05:01 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-19 04:59 . 2001-08-17 20:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-07-19 04:58 . 2004-08-03 20:41 95424 -c--a-w- c:\windows\system32\dllcache\slnthal.sys
2009-07-19 04:57 . 2004-08-03 22:56 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2009-07-19 04:56 . 2004-08-03 20:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2009-07-19 04:55 . 2001-08-17 20:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-07-19 04:54 . 2004-08-03 20:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-07-19 04:53 . 2001-08-17 20:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2009-07-19 04:52 . 2004-08-03 21:07 14080 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2009-07-19 04:51 . 2004-08-03 20:29 52224 -c--a-w- c:\windows\system32\dllcache\atinraxx.sys
2009-07-19 04:50 . 2001-08-17 12:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-17 22:30 . 2009-07-17 22:30 -------- d-----w- c:\documents and settings\Juca\Application Data\Search Settings
2009-07-17 22:29 . 2009-07-17 22:29 -------- d-----w- c:\documents and settings\Juca\Application Data\Dealio
2009-07-17 14:08 . 2009-06-23 07:23 331776 ----a-w- c:\windows\system32\TwcToolbarIe7.dll
2009-07-17 14:08 . 2008-07-22 11:24 98304 ----a-w- c:\windows\system32\TwcToolbarBho.dll
2009-07-17 14:08 . 2007-12-03 10:36 25600 ----a-w- c:\windows\system32\TwcToolInstDll.dll
2009-07-17 14:08 . 2009-07-17 14:08 -------- d-----w- c:\program files\The Weather Channel Toolbar
2009-07-17 14:02 . 2009-07-17 14:02 -------- d-----w- c:\documents and settings\Juca\Application Data\Sammsoft
2009-07-17 14:02 . 2009-07-17 14:02 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-07-17 13:59 . 2009-07-17 14:07 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\The Weather Channel
2009-07-16 07:55 . 2009-07-08 07:45 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\windows\system32\drivers\NSS
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\program files\NortonInstaller
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-15 08:43 . 2009-07-15 08:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-07 13:03 . 2009-07-07 13:03 4096 ----a-w- c:\windows\d3dx.dat
2009-07-01 09:40 . 2009-07-01 09:40 -------- d-----w- C:\My Music
2009-07-01 06:18 . 2009-07-01 06:18 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Temp
2009-06-29 11:16 . 2009-06-29 11:16 860400 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\en\ustarrs.dll
2009-06-29 11:16 . 2009-06-29 11:16 864496 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\de\ustarrs.dll
2009-06-29 11:16 . 2009-06-29 11:16 4710640 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UpdateStar.exe
2009-06-29 11:16 . 2009-06-29 11:16 269824 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UstarRO64.exe
2009-06-29 11:15 . 2009-06-29 11:15 192512 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UstarRO32.exe
2009-06-29 11:12 . 2009-06-29 11:12 847872 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\zh\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\uk\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\sv\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\sk\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ru\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ro\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 839680 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\pt\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\pl\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\nl\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 851968 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ja\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\it\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\hu\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 839680 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\fr\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\Es\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\Cs\ustarrs.dll
2009-06-29 08:12 . 2009-06-29 08:12 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-29 08:12 . 2009-06-29 08:12 -------- d-----w- c:\documents and settings\Juca\Application Data\DAEMON Tools Pro
2009-06-29 07:34 . 2009-06-29 07:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-28 12:48 . 2009-06-28 12:48 -------- d-----w- c:\program files\CodeStuff
2009-06-28 06:58 . 2009-06-28 06:58 -------- d-----w- c:\program files\XviD
2009-06-28 06:58 . 2009-06-28 06:58 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-28 06:57 . 2009-06-28 06:58 -------- d-----w- c:\program files\AutoGK
2009-06-24 09:31 . 2009-06-24 09:31 -------- d-----w- C:\Deleted 32736
2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-22 05:52 . 2009-07-19 16:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-22 05:52 . 2009-07-15 16:12 -------- d-----w- c:\program files\Norton Security Scan
2009-06-22 05:42 . 2009-06-22 05:42 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 05:45 . 2009-02-20 14:53 5 ----a-w- c:\windows\sbacknt.bin
2009-07-21 05:44 . 2009-02-28 09:18 -------- d-----w- c:\documents and settings\Juca\Application Data\FrostWire
2009-07-20 21:44 . 2009-02-18 17:42 16608 ----a-w- c:\windows\gdrv.sys
2009-07-20 21:15 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2009-07-15 08:38 . 2009-05-11 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 21:24 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2009-07-13 14:58 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2009-07-09 12:37 . 2009-06-18 11:51 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 12:37 . 2009-06-18 11:50 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 12:36 . 2009-06-18 11:47 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-08 07:45 . 2009-03-20 05:46 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-07 15:12 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2009-07-07 14:17 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-07 14:00 . 2009-05-13 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-07-07 13:25 . 2009-04-21 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\mevo
2009-07-01 06:15 . 2009-02-20 14:52 152904 ----a-w- c:\windows\system32\vghd.scr
2009-07-01 06:15 . 2009-02-20 14:52 -------- d-----w- c:\program files\vghd
2009-07-01 06:09 . 2009-02-19 11:38 -------- d-----w- c:\documents and settings\Juca\Application Data\UpdateStar
2009-06-29 12:01 . 2009-06-18 11:51 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 12:00 . 2009-06-18 11:51 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-29 11:59 . 2009-06-18 11:50 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 11:57 . 2009-06-18 11:50 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 11:57 . 2009-05-28 11:44 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 11:53 . 2009-05-28 11:43 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 11:53 . 2009-05-28 11:43 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 11:53 . 2009-06-18 11:49 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 11:52 . 2009-06-18 11:49 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 11:51 . 2009-06-18 11:49 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 11:51 . 2009-06-18 11:48 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-29 11:50 . 2009-06-18 11:46 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 11:49 . 2009-06-18 11:45 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 11:49 . 2009-06-18 11:45 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-29 07:34 . 2009-02-19 09:04 -------- d-----w- c:\program files\Common Files\Real
2009-06-28 14:35 . 2009-02-25 06:54 26 ----a-w- c:\windows\popcinfo.dat
2009-06-17 22:57 . 2009-06-11 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-17 06:28 . 2009-03-20 05:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2004-08-04 01:07 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 15:45 . 2009-06-12 15:45 152576 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 07:31 . 2009-06-11 07:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 07:34 . 2009-06-07 14:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon
2009-06-08 20:52 . 2009-05-11 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-08 05:30 . 2009-02-18 16:07 45336 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 08:33 . 2009-02-18 16:01 89783 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 10:24 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-05 10:24 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-04 18:51 . 2009-03-06 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-06-03 19:27 . 2004-08-04 01:07 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 11:38 . 2009-06-17 22:57 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-01 16:22 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2009-06-01 16:21 . 2009-03-27 05:29 152576 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-30 11:37 . 2009-05-30 11:37 -------- d-----w- c:\program files\ALLPlayer
2009-05-28 11:44 . 2009-05-28 11:44 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-23 04:37 . 2009-05-23 04:37 -------- d-----w- c:\documents and settings\Juca\Application Data\r2 Studios
2009-05-23 04:37 . 2009-05-23 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\r2 Studios
2009-05-23 04:36 . 2009-05-23 04:36 -------- d-----w- c:\program files\r2 Studios
2009-05-07 15:44 . 2004-08-04 01:07 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 11:39 . 2009-05-01 11:39 8 ----a-w- c:\windows\system32\nvModes.dat
2009-04-30 06:33 . 2009-03-20 05:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-30 06:33 . 2009-03-20 05:46 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-30 06:33 . 2009-03-20 05:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:52 . 2004-08-04 01:07 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 11:45 . 2009-04-23 11:45 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-23 11:45 . 2009-02-19 12:44 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-17 22:29 . 2009-07-07 13:35 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 07:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-02-19 32768]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]
"Google Update"="c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-04-23 801904]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-09-18 2242176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"ysfte"="c:\program files\Faster Than Ever\fte.exe" [2007-06-19 1681408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Juca\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-2-20 402768]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-4 114688]
Moo0 SystemMonitor 1.35.lnk.disabled [2009-5-11 888]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-2-19 45056]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2009-3-19 1593]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-2-18 241664]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2009-4-25 288328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-30 06:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/20/2009 7:46 AM 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/19/2009 2:44 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/20/2009 7:46 AM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/20/2009 7:46 AM 108552]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/20/2009 7:46 AM 298776]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2/18/2009 9:28 PM 698368]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 11:34 PM 1029456]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S2 Wyyo Service;Wyyo Service;"c:\documents and settings\All Users\Application Data\Wyyo\wyyo125.exe" "c:\program files\Wyyo\wyyo.dll" Service --> c:\documents and settings\All Users\Application Data\Wyyo\wyyo125.exe [?]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
.
Contents of the 'Scheduled Tasks' folder

2009-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:51]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003Core.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 05:19]

2009-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003UA.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 05:19]

2009-07-19 c:\windows\Tasks\Norton Security Scan for Juca.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-15 16:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
HKLM-Run-GEST - c:\program files\GIGABYTE\GEST\RUN.e_e
HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ch/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 07:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE5D901-C3A6-EA11-8FD9-CA472E696B4E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-07-21 7:55
ComboFix-quarantined-files.txt 2009-07-21 05:55

Pre-Run: 102,936,584,192 bytes free
Post-Run: 103,078,023,168 bytes free

402 --- E O F --- 2009-07-15 15:41

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll

Folder::
c:\program files\AskSearch
c:\documents and settings\All Users\Application Data\Wyyo
c:\program files\Wyyo
c:\documents and settings\Juca\Application Data\Dealio
c:\documents and settings\Juca\Application Data\Search Settings

Driver::
Wyyo Service

DDS::
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s

Firefox::
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

ComboFix 09-07-22.05 - Juca 07/23/2009 8:05.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.2046.1514 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Juca\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll"
"c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll"
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Juca\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Juca\Local Settings\temp\IadHide5.dll
.
---- Previous Run -------
.
c:\docume~1\Juca\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Juca\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WYYO_SERVICE
-------\Service_Wyyo Service


((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-19 05:02 . 2004-08-03 22:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-19 05:02 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-19 05:02 . 2001-08-17 20:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-19 05:02 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-19 05:02 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-19 05:01 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-19 05:01 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-19 05:01 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-19 04:59 . 2001-08-17 20:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-07-19 04:58 . 2004-08-03 20:41 95424 -c--a-w- c:\windows\system32\dllcache\slnthal.sys
2009-07-19 04:57 . 2004-08-03 22:56 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2009-07-19 04:56 . 2004-08-03 20:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2009-07-19 04:55 . 2001-08-17 20:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-07-19 04:54 . 2004-08-03 20:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-07-19 04:53 . 2001-08-17 20:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2009-07-19 04:52 . 2004-08-03 21:07 14080 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2009-07-19 04:51 . 2004-08-03 20:29 52224 -c--a-w- c:\windows\system32\dllcache\atinraxx.sys
2009-07-19 04:50 . 2001-08-17 12:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-17 14:08 . 2009-06-23 07:23 331776 ----a-w- c:\windows\system32\TwcToolbarIe7.dll
2009-07-17 14:08 . 2008-07-22 11:24 98304 ----a-w- c:\windows\system32\TwcToolbarBho.dll
2009-07-17 14:08 . 2007-12-03 10:36 25600 ----a-w- c:\windows\system32\TwcToolInstDll.dll
2009-07-17 14:08 . 2009-07-17 14:08 -------- d-----w- c:\program files\The Weather Channel Toolbar
2009-07-17 14:02 . 2009-07-17 14:02 -------- d-----w- c:\documents and settings\Juca\Application Data\Sammsoft
2009-07-17 14:02 . 2009-07-17 14:02 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-07-17 13:59 . 2009-07-17 14:07 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\The Weather Channel
2009-07-16 07:55 . 2009-07-08 07:45 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\windows\system32\drivers\NSS
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\program files\NortonInstaller
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-15 08:43 . 2009-07-15 08:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-07 13:03 . 2009-07-07 13:03 4096 ----a-w- c:\windows\d3dx.dat
2009-07-01 09:40 . 2009-07-01 09:40 -------- d-----w- C:\My Music
2009-07-01 06:18 . 2009-07-01 06:18 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Temp
2009-06-29 11:16 . 2009-06-29 11:16 860400 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\en\ustarrs.dll
2009-06-29 11:16 . 2009-06-29 11:16 864496 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\de\ustarrs.dll
2009-06-29 11:16 . 2009-06-29 11:16 4710640 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UpdateStar.exe
2009-06-29 11:16 . 2009-06-29 11:16 269824 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UstarRO64.exe
2009-06-29 11:15 . 2009-06-29 11:15 192512 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UstarRO32.exe
2009-06-29 11:12 . 2009-06-29 11:12 847872 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\zh\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\uk\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\sv\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\sk\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ru\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ro\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 839680 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\pt\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\pl\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\nl\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 851968 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ja\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\it\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\hu\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 839680 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\fr\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\Es\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\Cs\ustarrs.dll
2009-06-29 08:12 . 2009-06-29 08:12 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-29 08:12 . 2009-06-29 08:12 -------- d-----w- c:\documents and settings\Juca\Application Data\DAEMON Tools Pro
2009-06-29 07:34 . 2009-06-29 07:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-28 12:48 . 2009-06-28 12:48 -------- d-----w- c:\program files\CodeStuff
2009-06-28 06:58 . 2009-06-28 06:58 -------- d-----w- c:\program files\XviD
2009-06-28 06:58 . 2009-06-28 06:58 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-28 06:57 . 2009-06-28 06:58 -------- d-----w- c:\program files\AutoGK
2009-06-24 09:31 . 2009-06-24 09:31 -------- d-----w- C:\Deleted 32736

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 06:13 . 2009-02-28 09:18 -------- d-----w- c:\documents and settings\Juca\Application Data\FrostWire
2009-07-23 06:12 . 2009-02-20 14:53 5 ----a-w- c:\windows\sbacknt.bin
2009-07-21 21:13 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2009-07-21 06:10 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-20 21:44 . 2009-02-18 17:42 16608 ----a-w- c:\windows\gdrv.sys
2009-07-19 16:00 . 2009-06-22 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 16:12 . 2009-06-22 05:52 -------- d-----w- c:\program files\Norton Security Scan
2009-07-15 08:38 . 2009-05-11 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 21:24 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2009-07-13 14:58 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2009-07-09 12:37 . 2009-06-18 11:51 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 12:37 . 2009-06-18 11:50 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 12:36 . 2009-06-18 11:47 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-08 07:45 . 2009-03-20 05:46 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-07 15:12 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2009-07-07 14:00 . 2009-05-13 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-07-07 13:25 . 2009-04-21 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\mevo
2009-07-01 06:15 . 2009-02-20 14:52 152904 ----a-w- c:\windows\system32\vghd.scr
2009-07-01 06:15 . 2009-02-20 14:52 -------- d-----w- c:\program files\vghd
2009-07-01 06:09 . 2009-02-19 11:38 -------- d-----w- c:\documents and settings\Juca\Application Data\UpdateStar
2009-06-29 12:01 . 2009-06-18 11:51 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 12:00 . 2009-06-18 11:51 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-29 11:59 . 2009-06-18 11:50 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 11:57 . 2009-06-18 11:50 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 11:57 . 2009-05-28 11:44 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 11:53 . 2009-05-28 11:43 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 11:53 . 2009-05-28 11:43 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 11:53 . 2009-06-18 11:49 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 11:52 . 2009-06-18 11:49 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 11:51 . 2009-06-18 11:49 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 11:51 . 2009-06-18 11:48 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-29 11:50 . 2009-06-18 11:46 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 11:49 . 2009-06-18 11:45 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 11:49 . 2009-06-18 11:45 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-29 07:34 . 2009-02-19 09:04 -------- d-----w- c:\program files\Common Files\Real
2009-06-28 14:35 . 2009-02-25 06:54 26 ----a-w- c:\windows\popcinfo.dat
2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-17 22:57 . 2009-06-11 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-17 06:28 . 2009-03-20 05:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2004-08-04 01:07 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 15:45 . 2009-06-12 15:45 152576 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 07:31 . 2009-06-11 07:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 07:34 . 2009-06-07 14:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon
2009-06-08 20:52 . 2009-05-11 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-08 05:30 . 2009-02-18 16:07 45336 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 08:33 . 2009-02-18 16:01 89783 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 10:24 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-05 10:24 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-04 18:51 . 2009-03-06 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-06-03 19:27 . 2004-08-04 01:07 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 11:38 . 2009-06-17 22:57 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-01 16:22 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2009-06-01 16:21 . 2009-03-27 05:29 152576 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-30 11:37 . 2009-05-30 11:37 -------- d-----w- c:\program files\ALLPlayer
2009-05-28 11:44 . 2009-05-28 11:44 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-07 15:44 . 2004-08-04 01:07 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 11:39 . 2009-05-01 11:39 8 ----a-w- c:\windows\system32\nvModes.dat
2009-04-30 06:33 . 2009-03-20 05:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-30 06:33 . 2009-03-20 05:46 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-30 06:33 . 2009-03-20 05:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:52 . 2004-08-04 01:07 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-17 22:29 . 2009-07-07 13:35 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-21_05.54.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-23 06:09 . 2009-07-23 06:09 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 07:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-02-19 32768]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]
"Google Update"="c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-04-23 801904]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-09-18 2242176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"ysfte"="c:\program files\Faster Than Ever\fte.exe" [2007-06-19 1681408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Juca\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-2-20 402768]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-4 114688]
Moo0 SystemMonitor 1.35.lnk.disabled [2009-5-11 888]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-2-19 45056]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2009-3-19 1593]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-2-18 241664]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2009-4-25 288328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-30 06:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/20/2009 7:46 AM 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/19/2009 2:44 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/20/2009 7:46 AM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/20/2009 7:46 AM 108552]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/20/2009 7:46 AM 298776]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 11:34 PM 1029456]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2/18/2009 9:28 PM 698368]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\Temp\drv1.tmp [7/23/2009 8:09 AM 3584]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
.
Contents of the 'Scheduled Tasks' folder

2009-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:51]

2009-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003Core.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 05:19]

2009-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003UA.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 05:19]

2009-07-19 c:\windows\Tasks\Norton Security Scan for Juca.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-15 16:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ch/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 08:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE5D901-C3A6-EA11-8FD9-CA472E696B4E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(8316)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\Juca\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\nview.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Webshots\Webshots.scr
c:\program files\vghd\VirtuaGirl_Downloader.exe
.
**************************************************************************
.
Completion time: 2009-07-23 8:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-23 06:15
ComboFix2.txt 2009-07-21 05:55

Pre-Run: 102,972,817,408 bytes free
Post-Run: 102,931,009,536 bytes free

406 --- E O F --- 2009-07-15 15:41

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Stanje ?

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

Ne razumem sta stanje?

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kako ne razumes "sta stanje", niti si objasnio koji problem imas, niti sta, samo si postavio HJT log, pitam za stanje komjutera, imas ili nemas vise problem koji si imao i ako si imao.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 787
  • Gde živiš: Cacak

Nemogu pola foldera da otvorim. kad pokusam da ih otvorim dobijam poruku windows explorera "Send Error Report". Samo sam hteo da proverim da li imam virus ili je greska u Windowsu.Kad pokusam da izdrisem sadrzaj recikle bina neuspevam , izlazi mi takva poruka.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Sto se tice malware-a, problem nije do njih, probaj u forumu Windows da pitas za pomoc.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 1314 korisnika na forumu :: 57 registrovanih, 5 sakrivenih i 1252 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Abazovic Mustafa, Acivi, aramis s, Asparagus, babaroga, Bane san, bankulen, bojank, Botovac, darcaud, DENIRO, Dimitrise93, dmdr, DPera, Duh sa sekirom, FileFinder, Frunze, GandorCC, Georgius, gorantrojka, HrcAk47, ILGromovnik, Ivan Campo, Ivan001, kalens021, kikisp, kunktator, kybonacci, Lubica, LUDI, Luka Blažević, mercedesamg, mile09, milenko crazy north, Mirage 2000N, Motocar, mrvica78, NoOneEver Dreams, Panter, Parker, pein, RecA, Ripanjac, S2M, ser.hill, Shinobi, Srle993, stalja, Sumadija34, theNedjeljko, Tragač, Trpe Grozni, vathra, VJ, Zi0mek, Zobara, Žrnov