problem u windows exsploreru

1

problem u windows exsploreru

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Kada otvorim windows explorer posle dva tri klika izlazi mi poruka : data execution prevention i kada kliknem na ok zatvara mi win explorer sa prozorom dont send error. Koristim adsl brzine 140 kb/sek .Ptroblem je poceo pre 10 dana,inace AVG ne detektuje nikakav virus . Nisam probao nista posto neznam u cemu je problem.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Juca at 13:25:21,03 on Wed 08/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1050 [GMT 2:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Internet Lock\ILSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Documents and Settings\Juca\Desktop\utorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Juca\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://uahq.com/ipt.php
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {64182481-4F71-486b-A045-B233BD0DA8FC} - No File
BHO: GigaSize Toolbar: {89de49c7-e350-4c8e-885b-a41f859b93c4} - c:\program files\gigasizetb\gigasizeDx.dll
BHO: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
BHO: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No File
TB: {E9FAB13D-4600-49E1-90D1-EE961C859D39} - No File
TB: GigaSize Toolbar: {89de49c7-e350-4c8e-885b-a41f859b93c4} - c:\program files\gigasizetb\gigasizeDx.dll
TB: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
uRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
uRun: [µTorrent] "c:\documents and settings\juca\desktop\utorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VisualTaskTips] c:\program files\visualtasktips\VisualTaskTips.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [PCTVRemote] c:\program files\pinnacle\pctv stereo\remote\Remoterm.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [GEST] "c:\program files\gigabyte\gest\run.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\common files\cloanto\software director\softdir.exe
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Search
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179}
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\juca\applic~1\mozilla\firefox\profiles\mfgjnbjj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\mfgjnbjj.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\juca\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\juca\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\juca\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-3-14 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-18 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-18 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-18 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-18 243024]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-25 234888]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-21 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [2008-12-17 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2008-12-17 139264]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2009-2-18 698368]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-14 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-3-14 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-3-14 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-3-14 26192]
R3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\gsvr.exe [2009-2-18 55816]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-6-19 3584]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2009-2-18 6400]
S0 Lbd;Lbd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-17 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-14 30104]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-6-23 30192]

=============== Created Last 30 ================

2010-08-02 11:57:31 0 d-----w- c:\docume~1\juca\applic~1\Desktopicon
2010-07-30 14:53:18 0 d-----w- c:\docume~1\juca\applic~1\Canon Drivers Update Utility
2010-07-23 05:28:25 0 d-----w- c:\program files\Uniblue
2010-07-21 08:51:20 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-07-21 08:51:20 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-21 08:51:20 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-21 08:51:19 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-07-21 08:51:19 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-07-21 08:51:03 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-07-21 08:51:01 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-07-21 08:51:00 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-07-21 08:49:59 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-07-21 08:48:57 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-07-21 08:47:59 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-07-21 08:46:56 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-07-21 08:45:53 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-21 08:44:58 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-21 08:43:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-07-21 08:42:56 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-07-21 08:41:58 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2010-07-21 08:40:56 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2010-07-20 10:37:27 0 d-----w- c:\docume~1\juca\applic~1\Marine Aquarium 3
2010-07-15 17:02:51 0 d-----w- c:\docume~1\juca\applic~1\STV Software
2010-07-12 08:25:22 0 d-----w- c:\windows\system32\drivers\NSS
2010-07-12 08:25:22 0 d-----w- c:\program files\Norton Security Scan
2010-07-12 08:25:20 0 d-----w- c:\program files\NortonInstaller
2010-07-10 08:05:11 0 d-----w- c:\program files\common files\Elecard
2010-07-10 08:05:09 0 d-----w- c:\program files\Elecard

==================== Find3M ====================

2010-08-04 05:28:30 16608 ----a-w- c:\windows\gdrv.sys
2010-08-03 21:21:12 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-07-17 17:20:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-17 17:20:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-22 06:42:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:42:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 06:41:56 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 06:41:48 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-08 16:10:50 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-08 16:10:50 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-27 05:37:00 56432 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-18 21:15:07 335 ----a-w- c:\docume~1\alluse~1\applic~1\Setting.dat
2010-02-17 12:30:19 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 13:25:57,92 ===============
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8295
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Evo izvestaja:ComboFix 10-08-04.04 - Juca 08/05/2010 7:56.20.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1415 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\Juca\Desktop\40SEXT~1.7R~\40SEx-~1.exe
c:\documents and settings\Juca\Application Data\Desktopicon\config.ini
c:\documents and settings\Juca\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Juca\Desktop001.Focus - Hocus Pocus .mp3
c:\documents and settings\Juca\Desktop007.Who - Pinball Wizard .mp3
c:\documents and settings\Juca\My Documents\21 07 2010.reg
C:\test.txt
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\zlpo

.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-04 16:52 . 2010-08-04 17:17 -------- d-----w- c:\program files\Simple Port Forwarding
2010-08-04 15:35 . 2010-08-04 15:37 -------- d-----w- c:\program files\SensorsViewPro31
2010-08-04 13:26 . 2010-08-04 13:27 5125664 ----a-w- c:\documents and settings\Juca\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2010-07-30 14:53 . 2010-07-30 14:53 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon Drivers Update Utility
2010-07-28 15:01 . 2010-07-28 15:01 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Smart Data Recovery v4.3\4000008000002i\Splash Screen.exe
2010-07-23 05:28 . 2010-07-23 05:28 -------- d-----w- c:\program files\Uniblue
2010-07-21 08:51 . 2004-08-03 22:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-21 08:51 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-07-21 08:51 . 2001-08-17 20:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-21 08:51 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-07-21 08:51 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-07-21 08:51 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-07-21 08:51 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-07-21 08:51 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-07-21 08:49 . 2001-08-17 11:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-07-21 08:48 . 2001-08-17 20:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-07-21 08:47 . 2001-08-17 10:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-07-21 08:46 . 2001-08-17 20:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-07-21 08:45 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-21 08:44 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-21 08:43 . 2001-08-17 11:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-07-21 08:42 . 2001-08-17 10:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-07-21 08:41 . 2001-08-17 10:13 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2010-07-21 08:40 . 2001-08-17 12:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-07-20 13:22 . 2010-07-26 12:19 -------- d-----w- c:\documents and settings\Juca\Application Data\dvdcss
2010-07-20 10:37 . 2010-07-20 10:37 -------- d-----w- c:\documents and settings\Juca\Application Data\Marine Aquarium 3
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-17 17:21 . 2010-07-17 17:21 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-17 17:21 . 2010-07-17 17:21 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-17 17:21 . 2010-07-17 17:21 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-15 17:02 . 2010-07-15 17:02 -------- d-----w- c:\documents and settings\Juca\Application Data\STV Software
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\windows\system32\drivers\NSS
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\program files\Norton Security Scan
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\program files\NortonInstaller
2010-07-10 08:05 . 2010-07-10 08:05 -------- d-----w- c:\program files\Common Files\Elecard
2010-07-10 08:05 . 2010-07-10 08:05 -------- d-----w- c:\program files\Elecard
2010-07-09 05:36 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Juca\Application Data\GRETECH\GomPlayer\GrLauncher.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 06:01 . 2010-02-28 16:39 16608 ----a-w- c:\windows\gdrv.sys
2010-08-05 05:51 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-08-05 05:51 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-08-04 23:06 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-08-04 22:34 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-08-04 22:05 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-08-04 21:05 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-08-04 17:17 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-04 07:16 . 2010-04-06 15:45 -------- d-----w- c:\documents and settings\Juca\Application Data\gigasizetb
2010-08-02 12:06 . 2009-05-11 04:54 -------- d-----w- c:\program files\Unlocker
2010-08-02 07:38 . 2010-04-01 05:32 5 ----a-w- c:\windows\treeskp.sys
2010-08-02 07:38 . 2009-02-20 14:53 5 ----a-w- c:\windows\sbacknt.bin
2010-08-02 04:56 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-07-29 05:49 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-07-29 05:49 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-07-29 05:49 . 2009-08-19 10:11 -------- d-----w- c:\program files\mobile PhoneTools
2010-07-29 05:49 . 2010-06-13 14:10 -------- d-----w- c:\program files\megui
2010-07-29 05:49 . 2009-09-14 08:53 -------- d-----w- c:\program files\kikin
2010-07-29 05:49 . 2009-08-19 10:12 -------- d-----w- c:\program files\LiveUpdate
2010-07-29 05:49 . 2010-06-06 05:02 -------- d-----w- c:\program files\HandBrake
2010-07-29 05:49 . 2009-10-26 13:50 -------- d-----w- c:\program files\360desktop
2010-07-29 05:49 . 2009-02-18 20:15 -------- d-----w- c:\program files\BSPlayer
2010-07-28 15:01 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-07-23 05:28 . 2010-03-06 13:57 -------- d-----w- c:\documents and settings\Juca\Application Data\Uniblue
2010-07-21 09:07 . 2009-02-18 16:07 56432 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-17 17:21 . 2010-03-18 07:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-17 17:21 . 2010-03-18 07:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-17 17:21 . 2010-03-18 07:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-17 17:20 . 2009-02-19 09:04 -------- d-----w- c:\program files\Real
2010-07-17 17:20 . 2009-02-18 18:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-17 17:20 . 2009-02-18 18:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-17 17:19 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-07-12 10:22 . 2009-03-11 08:16 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-12 09:59 . 2009-03-11 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-07-12 08:25 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-12 05:42 . 2009-02-19 09:04 -------- d-----w- c:\program files\Common Files\Real
2010-07-04 05:25 . 2010-07-04 05:25 -------- d-----w- c:\documents and settings\Juca\Application Data\Roxio Log Files
2010-06-29 09:45 . 2010-06-29 09:45 39936 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\ImageConverter Plus 7.1\40000018000002i\icp.exe
2010-06-28 13:34 . 2010-06-26 11:39 -------- d-----w- c:\program files\RegistryTool
2010-06-28 13:28 . 2010-06-28 13:28 7168 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Natura Sound Therapy\10000001500003i\NAT.exe
2010-06-26 15:19 . 2010-06-26 11:39 -------- d-----w- c:\documents and settings\Juca\Application Data\RegistryTool
2010-06-25 22:40 . 2010-06-25 22:30 -------- d-----w- c:\program files\EvilLyrics
2010-06-23 17:48 . 2010-05-02 13:00 -------- d-----w- c:\program files\SuperMP3Download
2010-06-22 15:56 . 2010-06-22 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2010-06-22 06:42 . 2010-02-18 14:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:42 . 2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 06:41 . 2010-03-14 11:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 06:41 . 2010-02-18 14:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-22 06:05 . 2010-06-22 05:47 -------- d-----w- c:\program files\Software by Design
2010-06-22 05:44 . 2010-06-22 05:44 -------- d-----w- c:\documents and settings\Juca\Application Data\XemiComputers
2010-06-22 05:40 . 2009-02-19 13:10 -------- d-----w- c:\program files\Webshots
2010-06-18 13:21 . 2009-11-08 06:35 -------- d-----w- c:\documents and settings\Juca\Application Data\KidZui
2010-06-16 13:22 . 2010-06-16 13:22 -------- d-----w- c:\program files\Vodei
2010-06-14 14:30 . 2009-02-18 16:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 10:33 . 2010-06-14 10:32 2285996 ----a-w- c:\documents and settings\Juca\Application Data\Xilisoft\Video Converter Ultimate 6\x-video-converter-ultimate6.exe
2010-06-13 14:10 . 2010-05-02 08:29 -------- d-----w- c:\program files\MediaMonkey
2010-06-13 07:46 . 2010-06-14 06:49 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-11 14:23 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-08 16:10 . 2009-01-25 21:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-08 16:10 . 2009-01-08 23:01 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-07 17:53 . 2010-06-07 14:00 -------- d-----w- c:\documents and settings\Juca\Application Data\VSO
2010-06-07 13:59 . 2010-06-07 13:59 -------- d-----w- c:\program files\VSO
2010-06-07 04:28 . 2010-05-02 13:00 -------- d-----w- c:\program files\Hot_MP3
2010-06-06 14:12 . 2010-06-06 05:11 -------- d-----w- c:\documents and settings\Juca\Application Data\HandBrake
2010-06-03 14:49 . 2010-06-03 14:49 2515552 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Super Mp3 Download by Laneth\%ProgramFilesDir%\Hot_MP3\tbHot1.dll
2010-06-03 14:49 . 2010-06-03 14:49 2117704 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Super Mp3 Download by Laneth\%ProgramFilesDir%\AVG\AVG9\Toolbar\Update\igtfd00.tmp.dir\IEToolbar.dll
2010-06-01 08:15 . 2010-02-18 14:06 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 11:36 . 2009-11-18 16:24 8 ----a-w- c:\windows\system32\nvModes.dat
2010-05-28 01:52 . 2010-05-28 01:52 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\msvcp71.dll
2010-05-28 01:52 . 2010-05-28 01:52 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\jmc.dll
2010-05-28 01:52 . 2010-05-28 01:52 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\msvcr71.dll
2010-05-28 01:51 . 2010-05-28 01:51 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-213e271f-n\decora-sse.dll
2010-05-28 01:51 . 2010-05-28 01:51 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-213e271f-n\decora-d3d.dll
2010-05-27 05:37 . 2009-11-18 16:24 56432 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-18 21:15 . 2010-01-19 14:57 335 ----a-w- c:\documents and settings\All Users\Application Data\Setting.dat
2010-05-10 15:09 . 2010-05-10 15:09 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\AVS4YOU Software Navigator 1.3\300000003400002i\dwwin.exe
2010-06-23 10:28 . 2010-06-23 10:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
2010-06-07 04:29 2515552 ----a-w- c:\program files\Hot_MP3\tbHot1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2009-03-12 236040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-17 202256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Juca\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2010-2-13 288328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2004-08-04 01:07 628224 ----a-w- c:\windows\system32\catsrvut.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"d:\\Portabl programi\\uTorrent_1.8.5.17091_Final_Portable\\App\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Nova mapa\\utorrent.exe"=
"c:\\Documents and Settings\\Juca\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54945:TCP"= 54945:TCP:tcp54945
"54945:UDP"= 54945:UDP:udp54945
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [3/14/2010 1:55 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/18/2010 4:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/18/2010 4:06 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/18/2010 4:06 PM 243024]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 8:42 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/22/2010 8:41 AM 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 8:41 AM 5897808]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [12/17/2008 9:03 AM 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet Lock\ILSvc.exe [12/17/2008 10:14 AM 139264]
R2 sensorsview;sensorsview;c:\windows\system32\drivers\sensorsview.sys [8/17/2007 6:00 PM 4224]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2/18/2009 9:28 PM 698368]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/14/2010 1:53 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/14/2010 1:53 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/14/2010 1:53 PM 26192]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S0 Lbd;Lbd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 7:19 PM 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/23/2010 12:27 PM 30192]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2009 10:12 AM 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]

2010-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-08-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-08-05 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-04 07:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uahq.com/ipt.php
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu
AddRemove-Convert Doc_is1 - c:\program files\Softinterface
AddRemove-PhotoZoom Pro 2 - c:\program files\PhotoZoom Pro 2\Uninstall.exe
AddRemove-WinImage - c:\documents and settings\Juca\Desktop\winimage_8.50_portable\winimage.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 08:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36D244FC-5C6C-7873-513B-B0B681DC0DFA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahkpgoficimoobgoc"=hex:6a,61,69,66,6b,66,63,6b,6d,6e,69,67,6b,66,63,64,6f,70,
63,63,00,00
"hankagcakhooljjp"=hex:6a,61,6c,66,6c,66,68,6f,67,6f,6c,69,67,62,67,61,67,6f,
6f,68,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E1ED8F5-B610-42B3-CB1C-6DC38D7482B7}\InProcServer32*]
"oannkmjbhbedmpedefcpfifpponiib"=hex:69,61,6a,6d,67,6a,70,67,62,6d,70,69,70,6f,
70,6b,64,65,00,00
"nannenhlcnephdmcpadbdhfcbpdn"=hex:69,61,67,6e,64,6a,68,66,68,67,6f,68,6b,6a,
68,63,69,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1400)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Internet Explorer\mui\041a\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
.
Completion time: 2010-08-05 08:04:09
ComboFix-quarantined-files.txt 2010-08-05 06:03

Pre-Run: 89,304,391,680 bytes free
Post-Run: 89,277,911,040 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - A8C6E9AAFF84505A06894E115BA0749C

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8295
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

RegNull::
[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36D244FC-5C6C-7873-513B-B0B681DC0DFA}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E1ED8F5-B610-42B3-CB1C-6DC38D7482B7}\InProcServer32*]

DDS::
uStart Page = hxxp://uahq.com/ipt.php


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

ComboFix 10-08-05.02 - Juca 08/06/2010 10:36:27.21.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1314 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Juca\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 05:59 . 2010-08-06 05:59 -------- d-----w- c:\windows\Simple Port Forwarding
2010-08-05 12:19 . 2010-08-05 12:19 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\IsolatedStorage
2010-08-05 10:34 . 2010-08-05 10:34 -------- d-----w- c:\windows\Time Stopper
2010-08-05 10:34 . 2010-08-05 10:34 -------- d-----w- c:\program files\Time Stopper
2010-08-04 16:52 . 2010-08-06 06:27 -------- d-----w- c:\program files\Simple Port Forwarding
2010-08-04 15:35 . 2010-08-04 15:37 -------- d-----w- c:\program files\SensorsViewPro31
2010-08-04 13:26 . 2010-08-04 13:27 5125664 ----a-w- c:\documents and settings\Juca\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2010-07-30 14:53 . 2010-07-30 14:53 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon Drivers Update Utility
2010-07-28 15:01 . 2010-07-28 15:01 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Smart Data Recovery v4.3\4000008000002i\Splash Screen.exe
2010-07-23 05:28 . 2010-07-23 05:28 -------- d-----w- c:\program files\Uniblue
2010-07-21 08:51 . 2004-08-03 22:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-21 08:51 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-07-21 08:51 . 2001-08-17 20:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-21 08:51 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-07-21 08:51 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-07-21 08:51 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-07-21 08:51 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-07-21 08:51 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-07-21 08:49 . 2001-08-17 11:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-07-21 08:48 . 2001-08-17 20:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-07-21 08:47 . 2001-08-17 10:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-07-21 08:46 . 2001-08-17 20:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-07-21 08:45 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-21 08:44 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-21 08:43 . 2001-08-17 11:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-07-21 08:42 . 2001-08-17 10:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-07-21 08:41 . 2001-08-17 10:13 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2010-07-21 08:40 . 2001-08-17 12:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-07-20 13:22 . 2010-07-26 12:19 -------- d-----w- c:\documents and settings\Juca\Application Data\dvdcss
2010-07-20 10:37 . 2010-07-20 10:37 -------- d-----w- c:\documents and settings\Juca\Application Data\Marine Aquarium 3
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-17 17:21 . 2010-07-17 17:21 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-17 17:21 . 2010-07-17 17:21 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-17 17:21 . 2010-07-17 17:21 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-15 17:02 . 2010-07-15 17:02 -------- d-----w- c:\documents and settings\Juca\Application Data\STV Software
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\windows\system32\drivers\NSS
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\program files\Norton Security Scan
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\program files\NortonInstaller
2010-07-10 08:05 . 2010-07-10 08:05 -------- d-----w- c:\program files\Common Files\Elecard
2010-07-10 08:05 . 2010-07-10 08:05 -------- d-----w- c:\program files\Elecard
2010-07-09 05:36 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Juca\Application Data\GRETECH\GomPlayer\GrLauncher.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 08:41 . 2010-02-28 16:39 16608 ----a-w- c:\windows\gdrv.sys
2010-08-06 08:24 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-08-06 05:54 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 21:14 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-08-05 21:14 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-08-05 15:49 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-08-05 11:33 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-08-05 10:04 . 2009-02-18 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 08:37 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-08-04 07:16 . 2010-04-06 15:45 -------- d-----w- c:\documents and settings\Juca\Application Data\gigasizetb
2010-08-02 12:06 . 2009-05-11 04:54 -------- d-----w- c:\program files\Unlocker
2010-08-02 07:38 . 2010-04-01 05:32 5 ----a-w- c:\windows\treeskp.sys
2010-08-02 07:38 . 2009-02-20 14:53 5 ----a-w- c:\windows\sbacknt.bin
2010-08-02 04:56 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-07-29 05:49 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-07-29 05:49 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-07-29 05:49 . 2009-08-19 10:11 -------- d-----w- c:\program files\mobile PhoneTools
2010-07-29 05:49 . 2010-06-13 14:10 -------- d-----w- c:\program files\megui
2010-07-29 05:49 . 2009-09-14 08:53 -------- d-----w- c:\program files\kikin
2010-07-29 05:49 . 2009-08-19 10:12 -------- d-----w- c:\program files\LiveUpdate
2010-07-29 05:49 . 2010-06-06 05:02 -------- d-----w- c:\program files\HandBrake
2010-07-29 05:49 . 2009-10-26 13:50 -------- d-----w- c:\program files\360desktop
2010-07-29 05:49 . 2009-02-18 20:15 -------- d-----w- c:\program files\BSPlayer
2010-07-28 15:01 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-07-23 05:28 . 2010-03-06 13:57 -------- d-----w- c:\documents and settings\Juca\Application Data\Uniblue
2010-07-21 09:07 . 2009-02-18 16:07 56432 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-17 17:21 . 2010-03-18 07:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-17 17:21 . 2010-03-18 07:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-17 17:21 . 2010-03-18 07:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-17 17:20 . 2009-02-19 09:04 -------- d-----w- c:\program files\Real
2010-07-17 17:20 . 2009-02-18 18:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-17 17:20 . 2009-02-18 18:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-17 17:19 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-07-12 10:22 . 2009-03-11 08:16 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-12 09:59 . 2009-03-11 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-07-12 08:25 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-12 05:42 . 2009-02-19 09:04 -------- d-----w- c:\program files\Common Files\Real
2010-07-04 05:25 . 2010-07-04 05:25 -------- d-----w- c:\documents and settings\Juca\Application Data\Roxio Log Files
2010-06-29 09:45 . 2010-06-29 09:45 39936 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\ImageConverter Plus 7.1\40000018000002i\icp.exe
2010-06-28 13:34 . 2010-06-26 11:39 -------- d-----w- c:\program files\RegistryTool
2010-06-28 13:28 . 2010-06-28 13:28 7168 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Natura Sound Therapy\10000001500003i\NAT.exe
2010-06-26 15:19 . 2010-06-26 11:39 -------- d-----w- c:\documents and settings\Juca\Application Data\RegistryTool
2010-06-25 22:40 . 2010-06-25 22:30 -------- d-----w- c:\program files\EvilLyrics
2010-06-23 17:48 . 2010-05-02 13:00 -------- d-----w- c:\program files\SuperMP3Download
2010-06-22 15:56 . 2010-06-22 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2010-06-22 06:42 . 2010-02-18 14:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:42 . 2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 06:41 . 2010-03-14 11:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 06:41 . 2010-02-18 14:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-22 06:05 . 2010-06-22 05:47 -------- d-----w- c:\program files\Software by Design
2010-06-22 05:44 . 2010-06-22 05:44 -------- d-----w- c:\documents and settings\Juca\Application Data\XemiComputers
2010-06-22 05:40 . 2009-02-19 13:10 -------- d-----w- c:\program files\Webshots
2010-06-18 13:21 . 2009-11-08 06:35 -------- d-----w- c:\documents and settings\Juca\Application Data\KidZui
2010-06-16 13:22 . 2010-06-16 13:22 -------- d-----w- c:\program files\Vodei
2010-06-14 14:30 . 2009-02-18 16:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 10:33 . 2010-06-14 10:32 2285996 ----a-w- c:\documents and settings\Juca\Application Data\Xilisoft\Video Converter Ultimate 6\x-video-converter-ultimate6.exe
2010-06-13 14:10 . 2010-05-02 08:29 -------- d-----w- c:\program files\MediaMonkey
2010-06-13 07:46 . 2010-06-14 06:49 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-11 14:23 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-08 16:10 . 2009-01-25 21:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-08 16:10 . 2009-01-08 23:01 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-07 17:53 . 2010-06-07 14:00 -------- d-----w- c:\documents and settings\Juca\Application Data\VSO
2010-06-07 13:59 . 2010-06-07 13:59 -------- d-----w- c:\program files\VSO
2010-06-03 14:49 . 2010-06-03 14:49 2515552 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Super Mp3 Download by Laneth\%ProgramFilesDir%\Hot_MP3\tbHot1.dll
2010-06-03 14:49 . 2010-06-03 14:49 2117704 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Super Mp3 Download by Laneth\%ProgramFilesDir%\AVG\AVG9\Toolbar\Update\igtfd00.tmp.dir\IEToolbar.dll
2010-06-01 08:15 . 2010-02-18 14:06 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 11:36 . 2009-11-18 16:24 8 ----a-w- c:\windows\system32\nvModes.dat
2010-05-28 01:52 . 2010-05-28 01:52 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\msvcp71.dll
2010-05-28 01:52 . 2010-05-28 01:52 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\jmc.dll
2010-05-28 01:52 . 2010-05-28 01:52 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\msvcr71.dll
2010-05-28 01:51 . 2010-05-28 01:51 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-213e271f-n\decora-sse.dll
2010-05-28 01:51 . 2010-05-28 01:51 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-213e271f-n\decora-d3d.dll
2010-05-27 05:37 . 2009-11-18 16:24 56432 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-18 21:15 . 2010-01-19 14:57 335 ----a-w- c:\documents and settings\All Users\Application Data\Setting.dat
2010-05-10 15:09 . 2010-05-10 15:09 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\AVS4YOU Software Navigator 1.3\300000003400002i\dwwin.exe
2010-06-23 10:28 . 2010-06-23 10:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-05_06.01.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-06 05:34 . 2010-08-06 05:34 16384 c:\windows\temp\Perflib_Perfdata_2d0.dat
+ 2010-08-05 10:34 . 2010-08-05 10:34 472576 c:\windows\Time Stopper\uninstall.exe
+ 2004-08-04 08:56 . 2004-08-04 08:56 151552 c:\windows\system32\scrrun.dll
- 2004-08-04 01:07 . 2004-08-04 01:07 151552 c:\windows\system32\scrrun.dll
+ 2004-08-04 08:56 . 2004-08-04 08:56 151552 c:\windows\system32\dllcache\scrrun.dll
- 2004-08-04 01:07 . 2004-08-04 01:07 151552 c:\windows\system32\dllcache\scrrun.dll
+ 2010-08-06 05:59 . 2010-08-06 05:59 578560 c:\windows\Simple Port Forwarding\uninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
2010-06-07 04:29 2515552 ----a-w- c:\program files\Hot_MP3\tbHot1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2009-03-12 236040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-17 202256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Juca\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2010-2-13 288328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2004-08-04 01:07 628224 ----a-w- c:\windows\system32\catsrvut.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"d:\\Portabl programi\\uTorrent_1.8.5.17091_Final_Portable\\App\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Nova mapa\\utorrent.exe"=
"c:\\Documents and Settings\\Juca\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54945:TCP"= 54945:TCP:tcp54945
"54945:UDP"= 54945:UDP:udp54945
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [3/14/2010 1:55 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/18/2010 4:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/18/2010 4:06 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/18/2010 4:06 PM 243024]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 8:42 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/22/2010 8:41 AM 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 8:41 AM 5897808]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [12/17/2008 9:03 AM 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet Lock\ILSvc.exe [12/17/2008 10:14 AM 139264]
R2 sensorsview;sensorsview;c:\windows\system32\drivers\sensorsview.sys [8/17/2007 6:00 PM 4224]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2/18/2009 9:28 PM 698368]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/14/2010 1:53 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/14/2010 1:53 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/14/2010 1:53 PM 26192]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S0 Lbd;Lbd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 7:19 PM 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/23/2010 12:27 PM 30192]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2009 10:12 AM 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]

2010-08-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-08-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-08-06 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-04 07:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SystemExplorerAutoStart - c:\documents and settings\Juca\Desktop\System_Explorer_2.2.3_Portable\SystemExplorer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 10:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5708-)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-06 10:43:52
ComboFix-quarantined-files.txt 2010-08-06 08:43
ComboFix2.txt 2010-08-05 06:04

Pre-Run: 89,113,133,056 bytes free
Post-Run: 89,101,815,808 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - E50ED4E07B0762E18D33DB64A5330E8B

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8295
  • Gde živiš: Novi Beograd

Da li sad ima nekih promena?

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Napisano: 06 Avg 2010 15:45

Izgleda da je sada u redu. Dali treba da deinstaliram combo fix i da izbrisem izvestaje?

Dopuna: 06 Avg 2010 16:01

tacija ::Izgleda da je sada u redu. Dali treba da deinstaliram combo fix i da izbrisem izvestaje? Ops... ponovo je poceo da mi zatvara windows explorer.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8295
  • Gde živiš: Novi Beograd

Problemi nisu prouzrokovani malwerom.



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Miroslav Tanaskovic
  • Gradjevinski tehnicar
  • Pridružio: 02 Jan 2009
  • Poruke: 731
  • Gde živiš: Cacak

Popravio mi je dosta stvari koje nisu radil: nije imalo tona na brovserima -sad ima , nije hteo da se instalira k lite codek pak-sad sam ga instalirao, nije imalo ikonice zvucnika u task baru-sad je ima ali kada dam komandu da deinstalira combo fix on odradi proces skeniranja i na kraju izbaci poruku da nemoze da deinstalira.Sta je u pitanju? Ovaj problem oko windovs explorea sam postavio kao temu na forumu i dobio odgovor da proverim u ambulanti komp na viruse. U svakom slucaju hvala i za ovo sto je uradjeno.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8295
  • Gde živiš: Novi Beograd

Rucno pobrisi ComboFix-ove fajlove i foldere.

Ko je trenutno na forumu
 

Ukupno su 664 korisnika na forumu :: 19 registrovanih, 0 sakrivenih i 645 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1798 - dana 19 Sep 2019 18:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, aljosa7, Arhiv, bato3, bojank, cikadeda, djordje92sm, drasko003, Gabriel18, Georgius2, GreenMan, havoc995, Kos93, Milos1977, NenadG, Pakito93, Panter, Srki94, wizzardone