offline
- tacija
- Počasni građanin
- Miroslav Tanaskovic
- Gradjevinski tehnicar
- Pridružio: 02 Jan 2009
- Poruke: 787
- Gde živiš: Cacak
|
Evo izvestaja:ComboFix 10-08-04.04 - Juca 08/05/2010 7:56.20.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1415 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\Juca\Desktop\40SEXT~1.7R~\40SEx-~1.exe
c:\documents and settings\Juca\Application Data\Desktopicon\config.ini
c:\documents and settings\Juca\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Juca\Desktop001.Focus - Hocus Pocus .mp3
c:\documents and settings\Juca\Desktop007.Who - Pinball Wizard .mp3
c:\documents and settings\Juca\My Documents\21 07 2010.reg
C:\test.txt
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\zlpo
.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.
2010-08-04 16:52 . 2010-08-04 17:17 -------- d-----w- c:\program files\Simple Port Forwarding
2010-08-04 15:35 . 2010-08-04 15:37 -------- d-----w- c:\program files\SensorsViewPro31
2010-08-04 13:26 . 2010-08-04 13:27 5125664 ----a-w- c:\documents and settings\Juca\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2010-07-30 14:53 . 2010-07-30 14:53 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon Drivers Update Utility
2010-07-28 15:01 . 2010-07-28 15:01 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Smart Data Recovery v4.3\4000008000002i\Splash Screen.exe
2010-07-23 05:28 . 2010-07-23 05:28 -------- d-----w- c:\program files\Uniblue
2010-07-21 08:51 . 2004-08-03 22:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-21 08:51 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-07-21 08:51 . 2001-08-17 20:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-21 08:51 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-07-21 08:51 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-07-21 08:51 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-07-21 08:51 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-07-21 08:51 . 2004-08-03 20:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-07-21 08:49 . 2001-08-17 11:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-07-21 08:48 . 2001-08-17 20:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-07-21 08:47 . 2001-08-17 10:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-07-21 08:46 . 2001-08-17 20:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-07-21 08:45 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-21 08:44 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-21 08:43 . 2001-08-17 11:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-07-21 08:42 . 2001-08-17 10:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-07-21 08:41 . 2001-08-17 10:13 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2010-07-21 08:40 . 2001-08-17 12:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-07-20 13:22 . 2010-07-26 12:19 -------- d-----w- c:\documents and settings\Juca\Application Data\dvdcss
2010-07-20 10:37 . 2010-07-20 10:37 -------- d-----w- c:\documents and settings\Juca\Application Data\Marine Aquarium 3
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-17 17:21 . 2010-07-17 17:21 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-17 17:21 . 2010-07-17 17:21 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-17 17:21 . 2010-07-17 17:21 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-15 17:02 . 2010-07-15 17:02 -------- d-----w- c:\documents and settings\Juca\Application Data\STV Software
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\windows\system32\drivers\NSS
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\program files\Norton Security Scan
2010-07-12 08:25 . 2010-07-12 08:25 -------- d-----w- c:\program files\NortonInstaller
2010-07-10 08:05 . 2010-07-10 08:05 -------- d-----w- c:\program files\Common Files\Elecard
2010-07-10 08:05 . 2010-07-10 08:05 -------- d-----w- c:\program files\Elecard
2010-07-09 05:36 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Juca\Application Data\GRETECH\GomPlayer\GrLauncher.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 06:01 . 2010-02-28 16:39 16608 ----a-w- c:\windows\gdrv.sys
2010-08-05 05:51 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-08-05 05:51 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-08-04 23:06 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-08-04 22:34 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-08-04 22:05 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-08-04 21:05 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-08-04 17:17 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-04 07:16 . 2010-04-06 15:45 -------- d-----w- c:\documents and settings\Juca\Application Data\gigasizetb
2010-08-02 12:06 . 2009-05-11 04:54 -------- d-----w- c:\program files\Unlocker
2010-08-02 07:38 . 2010-04-01 05:32 5 ----a-w- c:\windows\treeskp.sys
2010-08-02 07:38 . 2009-02-20 14:53 5 ----a-w- c:\windows\sbacknt.bin
2010-08-02 04:56 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-07-29 05:49 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-07-29 05:49 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-07-29 05:49 . 2009-08-19 10:11 -------- d-----w- c:\program files\mobile PhoneTools
2010-07-29 05:49 . 2010-06-13 14:10 -------- d-----w- c:\program files\megui
2010-07-29 05:49 . 2009-09-14 08:53 -------- d-----w- c:\program files\kikin
2010-07-29 05:49 . 2009-08-19 10:12 -------- d-----w- c:\program files\LiveUpdate
2010-07-29 05:49 . 2010-06-06 05:02 -------- d-----w- c:\program files\HandBrake
2010-07-29 05:49 . 2009-10-26 13:50 -------- d-----w- c:\program files\360desktop
2010-07-29 05:49 . 2009-02-18 20:15 -------- d-----w- c:\program files\BSPlayer
2010-07-28 15:01 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-07-23 05:28 . 2010-03-06 13:57 -------- d-----w- c:\documents and settings\Juca\Application Data\Uniblue
2010-07-21 09:07 . 2009-02-18 16:07 56432 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-17 17:21 . 2010-03-18 07:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-17 17:21 . 2010-03-18 07:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-17 17:21 . 2010-03-18 07:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-17 17:20 . 2009-02-19 09:04 -------- d-----w- c:\program files\Real
2010-07-17 17:20 . 2009-02-18 18:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-17 17:20 . 2009-02-18 18:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-17 17:19 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-07-12 10:22 . 2009-03-11 08:16 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-12 09:59 . 2009-03-11 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-07-12 08:25 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-12 05:42 . 2009-02-19 09:04 -------- d-----w- c:\program files\Common Files\Real
2010-07-04 05:25 . 2010-07-04 05:25 -------- d-----w- c:\documents and settings\Juca\Application Data\Roxio Log Files
2010-06-29 09:45 . 2010-06-29 09:45 39936 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\ImageConverter Plus 7.1\40000018000002i\icp.exe
2010-06-28 13:34 . 2010-06-26 11:39 -------- d-----w- c:\program files\RegistryTool
2010-06-28 13:28 . 2010-06-28 13:28 7168 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Natura Sound Therapy\10000001500003i\NAT.exe
2010-06-26 15:19 . 2010-06-26 11:39 -------- d-----w- c:\documents and settings\Juca\Application Data\RegistryTool
2010-06-25 22:40 . 2010-06-25 22:30 -------- d-----w- c:\program files\EvilLyrics
2010-06-23 17:48 . 2010-05-02 13:00 -------- d-----w- c:\program files\SuperMP3Download
2010-06-22 15:56 . 2010-06-22 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2010-06-22 06:42 . 2010-02-18 14:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:42 . 2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 06:41 . 2010-03-14 11:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 06:41 . 2010-02-18 14:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-22 06:05 . 2010-06-22 05:47 -------- d-----w- c:\program files\Software by Design
2010-06-22 05:44 . 2010-06-22 05:44 -------- d-----w- c:\documents and settings\Juca\Application Data\XemiComputers
2010-06-22 05:40 . 2009-02-19 13:10 -------- d-----w- c:\program files\Webshots
2010-06-18 13:21 . 2009-11-08 06:35 -------- d-----w- c:\documents and settings\Juca\Application Data\KidZui
2010-06-16 13:22 . 2010-06-16 13:22 -------- d-----w- c:\program files\Vodei
2010-06-14 14:30 . 2009-02-18 16:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 10:33 . 2010-06-14 10:32 2285996 ----a-w- c:\documents and settings\Juca\Application Data\Xilisoft\Video Converter Ultimate 6\x-video-converter-ultimate6.exe
2010-06-13 14:10 . 2010-05-02 08:29 -------- d-----w- c:\program files\MediaMonkey
2010-06-13 07:46 . 2010-06-14 06:49 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-11 14:23 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-08 16:10 . 2009-01-25 21:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-08 16:10 . 2009-01-08 23:01 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-07 17:53 . 2010-06-07 14:00 -------- d-----w- c:\documents and settings\Juca\Application Data\VSO
2010-06-07 13:59 . 2010-06-07 13:59 -------- d-----w- c:\program files\VSO
2010-06-07 04:28 . 2010-05-02 13:00 -------- d-----w- c:\program files\Hot_MP3
2010-06-06 14:12 . 2010-06-06 05:11 -------- d-----w- c:\documents and settings\Juca\Application Data\HandBrake
2010-06-03 14:49 . 2010-06-03 14:49 2515552 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Super Mp3 Download by Laneth\%ProgramFilesDir%\Hot_MP3\tbHot1.dll
2010-06-03 14:49 . 2010-06-03 14:49 2117704 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Super Mp3 Download by Laneth\%ProgramFilesDir%\AVG\AVG9\Toolbar\Update\igtfd00.tmp.dir\IEToolbar.dll
2010-06-01 08:15 . 2010-02-18 14:06 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 11:36 . 2009-11-18 16:24 8 ----a-w- c:\windows\system32\nvModes.dat
2010-05-28 01:52 . 2010-05-28 01:52 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\msvcp71.dll
2010-05-28 01:52 . 2010-05-28 01:52 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\jmc.dll
2010-05-28 01:52 . 2010-05-28 01:52 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62e050cd-n\msvcr71.dll
2010-05-28 01:51 . 2010-05-28 01:51 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-213e271f-n\decora-sse.dll
2010-05-28 01:51 . 2010-05-28 01:51 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-213e271f-n\decora-d3d.dll
2010-05-27 05:37 . 2009-11-18 16:24 56432 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-18 21:15 . 2010-01-19 14:57 335 ----a-w- c:\documents and settings\All Users\Application Data\Setting.dat
2010-05-10 15:09 . 2010-05-10 15:09 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\AVS4YOU Software Navigator 1.3\300000003400002i\dwwin.exe
2010-06-23 10:28 . 2010-06-23 10:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
2010-06-07 04:29 2515552 ----a-w- c:\program files\Hot_MP3\tbHot1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2009-03-12 236040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-17 202256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Juca\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2010-2-13 288328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2004-08-04 01:07 628224 ----a-w- c:\windows\system32\catsrvut.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"d:\\Portabl programi\\uTorrent_1.8.5.17091_Final_Portable\\App\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Nova mapa\\utorrent.exe"=
"c:\\Documents and Settings\\Juca\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54945:TCP"= 54945:TCP:tcp54945
"54945:UDP"= 54945:UDP:udp54945
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [3/14/2010 1:55 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/18/2010 4:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/18/2010 4:06 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/18/2010 4:06 PM 243024]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 8:42 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/22/2010 8:41 AM 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 8:41 AM 5897808]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [12/17/2008 9:03 AM 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet Lock\ILSvc.exe [12/17/2008 10:14 AM 139264]
R2 sensorsview;sensorsview;c:\windows\system32\drivers\sensorsview.sys [8/17/2007 6:00 PM 4224]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2/18/2009 9:28 PM 698368]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/14/2010 1:53 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/14/2010 1:53 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/14/2010 1:53 PM 26192]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S0 Lbd;Lbd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 7:19 PM 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/23/2010 12:27 PM 30192]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2009 10:12 AM 721904]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]
2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]
2010-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
2010-08-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
2010-08-05 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-04 07:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uahq.com/ipt.php
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu
AddRemove-Convert Doc_is1 - c:\program files\Softinterface
AddRemove-PhotoZoom Pro 2 - c:\program files\PhotoZoom Pro 2\Uninstall.exe
AddRemove-WinImage - c:\documents and settings\Juca\Desktop\winimage_8.50_portable\winimage.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 08:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{36D244FC-5C6C-7873-513B-B0B681DC0DFA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahkpgoficimoobgoc"=hex:6a,61,69,66,6b,66,63,6b,6d,6e,69,67,6b,66,63,64,6f,70,
63,63,00,00
"hankagcakhooljjp"=hex:6a,61,6c,66,6c,66,68,6f,67,6f,6c,69,67,62,67,61,67,6f,
6f,68,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E1ED8F5-B610-42B3-CB1C-6DC38D7482B7}\InProcServer32*]
"oannkmjbhbedmpedefcpfifpponiib"=hex:69,61,6a,6d,67,6a,70,67,62,6d,70,69,70,6f,
70,6b,64,65,00,00
"nannenhlcnephdmcpadbdhfcbpdn"=hex:69,61,67,6e,64,6a,68,66,68,67,6f,68,6b,6a,
68,63,69,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1400)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Internet Explorer\mui\041a\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
.
Completion time: 2010-08-05 08:04:09
ComboFix-quarantined-files.txt 2010-08-05 06:03
Pre-Run: 89,304,391,680 bytes free
Post-Run: 89,277,911,040 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - A8C6E9AAFF84505A06894E115BA0749C
|