Poslao: 20 Jul 2009 08:05
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:11 AM, on 7/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Faster Than Ever\fte.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MorEmoticons\MorEmoticons.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Juca\Desktop\Nova mapa\TR3.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ysfte] C:\Program Files\Faster Than Ever\fte.exe ns
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.e_e
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MorEmoticons] C:\Program Files\MorEmoticons\MorEmoticons.exe /Minimize
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Startup: Moo0 SystemMonitor 1.35.lnk.disabled
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Software Director Scheduler.lnk = C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bw+0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {0541175D-ADBF-488E-B2F9-BC7C05561E55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: Wyyo Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo125.exe (file missing)
--
End of file - 25082 bytes
|
|
|
|
|
Poslao: 21 Jul 2009 08:03
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
ComboFix 09-07-20.04 - Juca 07/21/2009 7:52.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.2046.1407 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Juca\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Juca\Local Settings\Temp\IadHide5.dll
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\Installer\c658f1.msi
I:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.
2009-07-19 05:02 . 2004-08-03 22:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-19 05:02 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-19 05:02 . 2001-08-17 20:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-19 05:02 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-19 05:02 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-19 05:01 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-19 05:01 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-19 05:01 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-19 04:59 . 2001-08-17 20:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-07-19 04:58 . 2004-08-03 20:41 95424 -c--a-w- c:\windows\system32\dllcache\slnthal.sys
2009-07-19 04:57 . 2004-08-03 22:56 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2009-07-19 04:56 . 2004-08-03 20:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2009-07-19 04:55 . 2001-08-17 20:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-07-19 04:54 . 2004-08-03 20:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-07-19 04:53 . 2001-08-17 20:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2009-07-19 04:52 . 2004-08-03 21:07 14080 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2009-07-19 04:51 . 2004-08-03 20:29 52224 -c--a-w- c:\windows\system32\dllcache\atinraxx.sys
2009-07-19 04:50 . 2001-08-17 12:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-17 22:30 . 2009-07-17 22:30 -------- d-----w- c:\documents and settings\Juca\Application Data\Search Settings
2009-07-17 22:29 . 2009-07-17 22:29 -------- d-----w- c:\documents and settings\Juca\Application Data\Dealio
2009-07-17 14:08 . 2009-06-23 07:23 331776 ----a-w- c:\windows\system32\TwcToolbarIe7.dll
2009-07-17 14:08 . 2008-07-22 11:24 98304 ----a-w- c:\windows\system32\TwcToolbarBho.dll
2009-07-17 14:08 . 2007-12-03 10:36 25600 ----a-w- c:\windows\system32\TwcToolInstDll.dll
2009-07-17 14:08 . 2009-07-17 14:08 -------- d-----w- c:\program files\The Weather Channel Toolbar
2009-07-17 14:02 . 2009-07-17 14:02 -------- d-----w- c:\documents and settings\Juca\Application Data\Sammsoft
2009-07-17 14:02 . 2009-07-17 14:02 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-07-17 13:59 . 2009-07-17 14:07 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\The Weather Channel
2009-07-16 07:55 . 2009-07-08 07:45 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\windows\system32\drivers\NSS
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\program files\NortonInstaller
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-15 08:43 . 2009-07-15 08:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-07 13:03 . 2009-07-07 13:03 4096 ----a-w- c:\windows\d3dx.dat
2009-07-01 09:40 . 2009-07-01 09:40 -------- d-----w- C:\My Music
2009-07-01 06:18 . 2009-07-01 06:18 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Temp
2009-06-29 11:16 . 2009-06-29 11:16 860400 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\en\ustarrs.dll
2009-06-29 11:16 . 2009-06-29 11:16 864496 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\de\ustarrs.dll
2009-06-29 11:16 . 2009-06-29 11:16 4710640 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UpdateStar.exe
2009-06-29 11:16 . 2009-06-29 11:16 269824 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UstarRO64.exe
2009-06-29 11:15 . 2009-06-29 11:15 192512 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UstarRO32.exe
2009-06-29 11:12 . 2009-06-29 11:12 847872 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\zh\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\uk\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\sv\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\sk\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ru\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ro\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 839680 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\pt\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\pl\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\nl\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 851968 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ja\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\it\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\hu\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 839680 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\fr\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\Es\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\Cs\ustarrs.dll
2009-06-29 08:12 . 2009-06-29 08:12 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-29 08:12 . 2009-06-29 08:12 -------- d-----w- c:\documents and settings\Juca\Application Data\DAEMON Tools Pro
2009-06-29 07:34 . 2009-06-29 07:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-28 12:48 . 2009-06-28 12:48 -------- d-----w- c:\program files\CodeStuff
2009-06-28 06:58 . 2009-06-28 06:58 -------- d-----w- c:\program files\XviD
2009-06-28 06:58 . 2009-06-28 06:58 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-28 06:57 . 2009-06-28 06:58 -------- d-----w- c:\program files\AutoGK
2009-06-24 09:31 . 2009-06-24 09:31 -------- d-----w- C:\Deleted 32736
2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-22 05:52 . 2009-07-19 16:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-22 05:52 . 2009-07-15 16:12 -------- d-----w- c:\program files\Norton Security Scan
2009-06-22 05:42 . 2009-06-22 05:42 -------- d-----w- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 05:45 . 2009-02-20 14:53 5 ----a-w- c:\windows\sbacknt.bin
2009-07-21 05:44 . 2009-02-28 09:18 -------- d-----w- c:\documents and settings\Juca\Application Data\FrostWire
2009-07-20 21:44 . 2009-02-18 17:42 16608 ----a-w- c:\windows\gdrv.sys
2009-07-20 21:15 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2009-07-15 08:38 . 2009-05-11 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 21:24 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2009-07-13 14:58 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2009-07-09 12:37 . 2009-06-18 11:51 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 12:37 . 2009-06-18 11:50 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 12:36 . 2009-06-18 11:47 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-08 07:45 . 2009-03-20 05:46 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-07 15:12 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2009-07-07 14:17 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-07 14:00 . 2009-05-13 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-07-07 13:25 . 2009-04-21 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\mevo
2009-07-01 06:15 . 2009-02-20 14:52 152904 ----a-w- c:\windows\system32\vghd.scr
2009-07-01 06:15 . 2009-02-20 14:52 -------- d-----w- c:\program files\vghd
2009-07-01 06:09 . 2009-02-19 11:38 -------- d-----w- c:\documents and settings\Juca\Application Data\UpdateStar
2009-06-29 12:01 . 2009-06-18 11:51 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 12:00 . 2009-06-18 11:51 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-29 11:59 . 2009-06-18 11:50 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 11:57 . 2009-06-18 11:50 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 11:57 . 2009-05-28 11:44 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 11:53 . 2009-05-28 11:43 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 11:53 . 2009-05-28 11:43 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 11:53 . 2009-06-18 11:49 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 11:52 . 2009-06-18 11:49 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 11:51 . 2009-06-18 11:49 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 11:51 . 2009-06-18 11:48 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-29 11:50 . 2009-06-18 11:46 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 11:49 . 2009-06-18 11:45 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 11:49 . 2009-06-18 11:45 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-29 07:34 . 2009-02-19 09:04 -------- d-----w- c:\program files\Common Files\Real
2009-06-28 14:35 . 2009-02-25 06:54 26 ----a-w- c:\windows\popcinfo.dat
2009-06-17 22:57 . 2009-06-11 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-17 06:28 . 2009-03-20 05:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2004-08-04 01:07 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 15:45 . 2009-06-12 15:45 152576 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 07:31 . 2009-06-11 07:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 07:34 . 2009-06-07 14:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon
2009-06-08 20:52 . 2009-05-11 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-08 05:30 . 2009-02-18 16:07 45336 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 08:33 . 2009-02-18 16:01 89783 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 10:24 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-05 10:24 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-04 18:51 . 2009-03-06 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-06-03 19:27 . 2004-08-04 01:07 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 11:38 . 2009-06-17 22:57 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-01 16:22 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2009-06-01 16:21 . 2009-03-27 05:29 152576 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-30 11:37 . 2009-05-30 11:37 -------- d-----w- c:\program files\ALLPlayer
2009-05-28 11:44 . 2009-05-28 11:44 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-23 04:37 . 2009-05-23 04:37 -------- d-----w- c:\documents and settings\Juca\Application Data\r2 Studios
2009-05-23 04:37 . 2009-05-23 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\r2 Studios
2009-05-23 04:36 . 2009-05-23 04:36 -------- d-----w- c:\program files\r2 Studios
2009-05-07 15:44 . 2004-08-04 01:07 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 11:39 . 2009-05-01 11:39 8 ----a-w- c:\windows\system32\nvModes.dat
2009-04-30 06:33 . 2009-03-20 05:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-30 06:33 . 2009-03-20 05:46 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-30 06:33 . 2009-03-20 05:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:52 . 2004-08-04 01:07 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 11:45 . 2009-04-23 11:45 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-23 11:45 . 2009-02-19 12:44 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-17 22:29 . 2009-07-07 13:35 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 07:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-02-19 32768]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]
"Google Update"="c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-04-23 801904]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-09-18 2242176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"ysfte"="c:\program files\Faster Than Ever\fte.exe" [2007-06-19 1681408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Juca\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-2-20 402768]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-4 114688]
Moo0 SystemMonitor 1.35.lnk.disabled [2009-5-11 888]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-2-19 45056]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2009-3-19 1593]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-2-18 241664]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2009-4-25 288328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-30 06:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/20/2009 7:46 AM 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/19/2009 2:44 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/20/2009 7:46 AM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/20/2009 7:46 AM 108552]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/20/2009 7:46 AM 298776]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2/18/2009 9:28 PM 698368]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 11:34 PM 1029456]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S2 Wyyo Service;Wyyo Service;"c:\documents and settings\All Users\Application Data\Wyyo\wyyo125.exe" "c:\program files\Wyyo\wyyo.dll" Service --> c:\documents and settings\All Users\Application Data\Wyyo\wyyo125.exe [?]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
.
Contents of the 'Scheduled Tasks' folder
2009-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:51]
2009-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003Core.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 05:19]
2009-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003UA.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 05:19]
2009-07-19 c:\windows\Tasks\Norton Security Scan for Juca.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-15 16:12]
.
- - - - ORPHANS REMOVED - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
HKLM-Run-GEST - c:\program files\GIGABYTE\GEST\RUN.e_e
HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ch/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 07:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE5D901-C3A6-EA11-8FD9-CA472E696B4E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-07-21 7:55
ComboFix-quarantined-files.txt 2009-07-21 05:55
Pre-Run: 102,936,584,192 bytes free
Post-Run: 103,078,023,168 bytes free
402 --- E O F --- 2009-07-15 15:41
|
|
|
|
|
Poslao: 23 Jul 2009 08:22
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
ComboFix 09-07-22.05 - Juca 07/23/2009 8:05.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.2046.1514 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Juca\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll"
"c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll"
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Juca\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Juca\Local Settings\temp\IadHide5.dll
.
---- Previous Run -------
.
c:\docume~1\Juca\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Juca\Local Settings\temp\IadHide5.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WYYO_SERVICE
-------\Service_Wyyo Service
((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-19 05:02 . 2004-08-03 22:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-19 05:02 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-19 05:02 . 2001-08-17 20:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-19 05:02 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-19 05:02 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-19 05:01 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-19 05:01 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-19 05:01 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-19 04:59 . 2001-08-17 20:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-07-19 04:58 . 2004-08-03 20:41 95424 -c--a-w- c:\windows\system32\dllcache\slnthal.sys
2009-07-19 04:57 . 2004-08-03 22:56 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2009-07-19 04:56 . 2004-08-03 20:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2009-07-19 04:55 . 2001-08-17 20:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-07-19 04:54 . 2004-08-03 20:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-07-19 04:53 . 2001-08-17 20:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2009-07-19 04:52 . 2004-08-03 21:07 14080 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2009-07-19 04:51 . 2004-08-03 20:29 52224 -c--a-w- c:\windows\system32\dllcache\atinraxx.sys
2009-07-19 04:50 . 2001-08-17 12:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-17 14:08 . 2009-06-23 07:23 331776 ----a-w- c:\windows\system32\TwcToolbarIe7.dll
2009-07-17 14:08 . 2008-07-22 11:24 98304 ----a-w- c:\windows\system32\TwcToolbarBho.dll
2009-07-17 14:08 . 2007-12-03 10:36 25600 ----a-w- c:\windows\system32\TwcToolInstDll.dll
2009-07-17 14:08 . 2009-07-17 14:08 -------- d-----w- c:\program files\The Weather Channel Toolbar
2009-07-17 14:02 . 2009-07-17 14:02 -------- d-----w- c:\documents and settings\Juca\Application Data\Sammsoft
2009-07-17 14:02 . 2009-07-17 14:02 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-07-17 13:59 . 2009-07-17 14:07 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\The Weather Channel
2009-07-16 07:55 . 2009-07-08 07:45 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\windows\system32\drivers\NSS
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\program files\NortonInstaller
2009-07-15 16:12 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-15 08:43 . 2009-07-15 08:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-07 13:03 . 2009-07-07 13:03 4096 ----a-w- c:\windows\d3dx.dat
2009-07-01 09:40 . 2009-07-01 09:40 -------- d-----w- C:\My Music
2009-07-01 06:18 . 2009-07-01 06:18 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Temp
2009-06-29 11:16 . 2009-06-29 11:16 860400 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\en\ustarrs.dll
2009-06-29 11:16 . 2009-06-29 11:16 864496 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\de\ustarrs.dll
2009-06-29 11:16 . 2009-06-29 11:16 4710640 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UpdateStar.exe
2009-06-29 11:16 . 2009-06-29 11:16 269824 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UstarRO64.exe
2009-06-29 11:15 . 2009-06-29 11:15 192512 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\UstarRO32.exe
2009-06-29 11:12 . 2009-06-29 11:12 847872 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\zh\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\uk\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\sv\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\sk\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ru\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ro\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 839680 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\pt\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\pl\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\nl\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 851968 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\ja\ustarrs.dll
2009-06-29 11:12 . 2009-06-29 11:12 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\it\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\hu\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 839680 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\fr\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 876544 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\Es\ustarrs.dll
2009-06-29 11:11 . 2009-06-29 11:11 872448 ----a-w- c:\documents and settings\Juca\Application Data\UpdateStar\lang\Cs\ustarrs.dll
2009-06-29 08:12 . 2009-06-29 08:12 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-29 08:12 . 2009-06-29 08:12 -------- d-----w- c:\documents and settings\Juca\Application Data\DAEMON Tools Pro
2009-06-29 07:34 . 2009-06-29 07:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-28 12:48 . 2009-06-28 12:48 -------- d-----w- c:\program files\CodeStuff
2009-06-28 06:58 . 2009-06-28 06:58 -------- d-----w- c:\program files\XviD
2009-06-28 06:58 . 2009-06-28 06:58 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-28 06:57 . 2009-06-28 06:58 -------- d-----w- c:\program files\AutoGK
2009-06-24 09:31 . 2009-06-24 09:31 -------- d-----w- C:\Deleted 32736
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 06:13 . 2009-02-28 09:18 -------- d-----w- c:\documents and settings\Juca\Application Data\FrostWire
2009-07-23 06:12 . 2009-02-20 14:53 5 ----a-w- c:\windows\sbacknt.bin
2009-07-21 21:13 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2009-07-21 06:10 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-20 21:44 . 2009-02-18 17:42 16608 ----a-w- c:\windows\gdrv.sys
2009-07-19 16:00 . 2009-06-22 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 16:12 . 2009-06-22 05:52 -------- d-----w- c:\program files\Norton Security Scan
2009-07-15 08:38 . 2009-05-11 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 21:24 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2009-07-13 14:58 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2009-07-09 12:37 . 2009-06-18 11:51 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 12:37 . 2009-06-18 11:50 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 12:36 . 2009-06-18 11:47 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-08 07:45 . 2009-03-20 05:46 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-07 15:12 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2009-07-07 14:00 . 2009-05-13 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-07-07 13:25 . 2009-04-21 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\mevo
2009-07-01 06:15 . 2009-02-20 14:52 152904 ----a-w- c:\windows\system32\vghd.scr
2009-07-01 06:15 . 2009-02-20 14:52 -------- d-----w- c:\program files\vghd
2009-07-01 06:09 . 2009-02-19 11:38 -------- d-----w- c:\documents and settings\Juca\Application Data\UpdateStar
2009-06-29 12:01 . 2009-06-18 11:51 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 12:00 . 2009-06-18 11:51 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-29 11:59 . 2009-06-18 11:50 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 11:57 . 2009-06-18 11:50 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 11:57 . 2009-05-28 11:44 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 11:53 . 2009-05-28 11:43 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 11:53 . 2009-05-28 11:43 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 11:53 . 2009-06-18 11:49 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 11:52 . 2009-06-18 11:49 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 11:51 . 2009-06-18 11:49 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 11:51 . 2009-06-18 11:48 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-29 11:50 . 2009-06-18 11:46 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 11:49 . 2009-06-18 11:45 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 11:49 . 2009-06-18 11:45 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-29 07:34 . 2009-02-19 09:04 -------- d-----w- c:\program files\Common Files\Real
2009-06-28 14:35 . 2009-02-25 06:54 26 ----a-w- c:\windows\popcinfo.dat
2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-17 22:57 . 2009-06-11 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-17 06:28 . 2009-03-20 05:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2004-08-04 01:07 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 15:45 . 2009-06-12 15:45 152576 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 07:31 . 2009-06-11 07:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 07:34 . 2009-06-07 14:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon
2009-06-08 20:52 . 2009-05-11 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-08 05:30 . 2009-02-18 16:07 45336 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 08:33 . 2009-02-18 16:01 89783 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 10:24 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-05 10:24 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-06-04 18:51 . 2009-03-06 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-06-03 19:27 . 2004-08-04 01:07 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 11:38 . 2009-06-17 22:57 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-01 16:22 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2009-06-01 16:21 . 2009-03-27 05:29 152576 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-30 11:37 . 2009-05-30 11:37 -------- d-----w- c:\program files\ALLPlayer
2009-05-28 11:44 . 2009-05-28 11:44 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-07 15:44 . 2004-08-04 01:07 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 11:39 . 2009-05-01 11:39 8 ----a-w- c:\windows\system32\nvModes.dat
2009-04-30 06:33 . 2009-03-20 05:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-30 06:33 . 2009-03-20 05:46 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-30 06:33 . 2009-03-20 05:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 04:52 . 2004-08-04 01:07 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-17 22:29 . 2009-07-07 13:35 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-21_05.54.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-23 06:09 . 2009-07-23 06:09 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 07:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-02-19 32768]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]
"Google Update"="c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-04 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-04-23 801904]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-09-18 2242176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"ysfte"="c:\program files\Faster Than Ever\fte.exe" [2007-06-19 1681408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Juca\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-2-20 402768]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-4 114688]
Moo0 SystemMonitor 1.35.lnk.disabled [2009-5-11 888]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-2-19 45056]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2009-3-19 1593]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-2-18 241664]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2009-4-25 288328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-30 06:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/20/2009 7:46 AM 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/19/2009 2:44 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/20/2009 7:46 AM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/20/2009 7:46 AM 108552]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/20/2009 7:46 AM 298776]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 11:34 PM 1029456]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2/18/2009 9:28 PM 698368]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\Temp\drv1.tmp [7/23/2009 8:09 AM 3584]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
.
Contents of the 'Scheduled Tasks' folder
2009-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:51]
2009-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003Core.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 05:19]
2009-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003UA.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 05:19]
2009-07-19 c:\windows\Tasks\Norton Security Scan for Juca.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-15 16:12]
.
- - - - ORPHANS REMOVED - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ch/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 08:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE5D901-C3A6-EA11-8FD9-CA472E696B4E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(8316)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\Juca\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\nview.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Webshots\Webshots.scr
c:\program files\vghd\VirtuaGirl_Downloader.exe
.
**************************************************************************
.
Completion time: 2009-07-23 8:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-23 06:15
ComboFix2.txt 2009-07-21 05:55
Pre-Run: 102,972,817,408 bytes free
Post-Run: 102,931,009,536 bytes free
406 --- E O F --- 2009-07-15 15:41
|
|
|
|
|
Poslao: 23 Jul 2009 15:31
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Ne razumem sta stanje?
|
|
|
|
Poslao: 23 Jul 2009 16:37
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Kako ne razumes "sta stanje", niti si objasnio koji problem imas, niti sta, samo si postavio HJT log, pitam za stanje komjutera, imas ili nemas vise problem koji si imao i ako si imao.
|
|
|
|
Poslao: 23 Jul 2009 16:51
|
offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Nemogu pola foldera da otvorim. kad pokusam da ih otvorim dobijam poruku windows explorera "Send Error Report". Samo sam hteo da proverim da li imam virus ili je greska u Windowsu.Kad pokusam da izdrisem sadrzaj recikle bina neuspevam , izlazi mi takva poruka.
|
|
|
|
|