Poslao: 17 Avg 2013 13:18
|
offline
- Pridružio: 14 Avg 2010
- Poruke: 185
|
Napisano: 17 Avg 2013 13:14
- na koji način se ispoljava problem oko koga tražite pomoć;
u usporenosti i cudnog ponasanja Firefoxa
- kada se taj problem počeo ispoljavati;
pre par kada kad instalirah novu verziju Firefoxa. Od svega najgore Sto se pojavio WebSearch kojeg ne mogu ni da uklonim ni da vratim google kao glavni pretrazivac, niti da otvara normalno stranice...
- ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku;
u prilogu Log MBAM
- na koji način ste pokušali rešiti problem;
MBAM detektovao inficirane objekte, medjutim nista jos nije uradjeno. DDS fajlovi sleduju.
- kakvom internet konekcijom raspolažete (tip i brzina konekcije);
Wirelles Speed: 54 Mbps
- bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru.
Dopuna: 17 Avg 2013 13:17
Uz to pri prvom pokusaju update-ovanja MBAM-a nije uspelo, pa posle tek nove kopije programa je radio normalno.
Log MBAM-a:
Malwarebytes Anti-Malware 1.75.0.1300
malwarebytes.org
Database version: v2013.08.16.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
mir :: MIKI [administrator]
17.08.2013 12:55:18 PM
MBAM-log-2013-08-17 (13-02-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230720
Time elapsed: 7 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 13
HKCR\CLSID\{64A2403E-C4F3-0F9D-E81E-FAF98A8D072E} (PUP.Optional.MultiPlug.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64A2403E-C4F3-0F9D-E81E-FAF98A8D072E} (PUP.Optional.MultiPlug.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64A2403E-C4F3-0F9D-E81E-FAF98A8D072E} (PUP.Optional.MultiPlug.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{64A2403E-C4F3-0F9D-E81E-FAF98A8D072E} (PUP.Optional.MultiPlug.A) -> No action taken.
HKCR\CLSID\{EE4D0304-5399-B922-315D-A1062F61FBFB} (PUP.Optional.MultiPlug.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE4D0304-5399-B922-315D-A1062F61FBFB} (PUP.Optional.MultiPlug.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE4D0304-5399-B922-315D-A1062F61FBFB} (PUP.Optional.MultiPlug.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE4D0304-5399-B922-315D-A1062F61FBFB} (PUP.Optional.MultiPlug.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6BF9E1B-8967-A286-95CB-F9DA2AC1F72A} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714 (PUP.OPtional.Websearch) -> No action taken.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.SearchNewTab) -> No action taken.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.SearchNewTab) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bad: (c:\progra~1\savesh~1\sprote~1.dll) Good: () -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.OPtional.Websearch) -> Bad: (c:\progra~1\websea~1\sprote~1.dll) Good: () -> No action taken.
Folders Detected: 3
C:\Program Files\WebSearch (PUP.OPtional.Websearch) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SearchNewTab (PUP.Optional.SearchNewTab) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\data (PUP.Optional.SearchNewTab) -> No action taken.
Files Detected: 19
C:\Program Files\SaveShare\sprotector.dll (PUP.Optional.SProtect.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\savensshare\vc.dll (PUP.Optional.MultiPlug.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\19.dll (PUP.Optional.MultiPlug.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\savensshare\3g.dll (PUP.Optional.MultiPlugin.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\xS.dll (PUP.Optional.MultiPlugin.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{C1B361F2-969B-4C09-AEE2-DEB91A504304}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{C1B361F2-969B-4C09-AEE2-DEB91A504304}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\mir\Local Settings\Temp\_2QLr7Y1.exe.part (PUP.Optional.Installex) -> No action taken.
C:\Documents and Settings\mir\Local Settings\Temp\Q+6n3YqR.exe.part (PUP.Downloader.LoadMoney) -> No action taken.
C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\CDERSTUJ\USB-MultiBoot-10[1].zip (PUP.PSWTool.ProductKey) -> No action taken.
C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\CDERSTUJ\Cf[1].exe (PUP.Adware.MultiPlug) -> No action taken.
C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\CP23G5UJ\N5[1].exe (PUP.Adware.MultiPlug) -> No action taken.
C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\G5IJ8XAZ\search_defender_166[1].exe (PUP.Optional.SProtect.A) -> No action taken.
C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\K9ABCDER\OptimizerPro[1].exe (PUP.Optional.OptimizePro.A) -> No action taken.
C:\Program Files\WebSearch\sprotector.dll (PUP.OPtional.Websearch) -> No action taken.
C:\Program Files\WebSearch\uninstall.exe (PUP.OPtional.Websearch) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\19.tlb (PUP.Optional.SearchNewTab) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\settings.ini (PUP.Optional.SearchNewTab) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SearchNewTab\data\SearchNewTab.dat (PUP.Optional.SearchNewTab) -> No action taken.
(end)
Dopuna: 17 Avg 2013 13:17
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.25.2
Run by mir at 12:53:00 on 2013-08-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1165 [GMT 2:00]
.
.
============== Running Processes ================
.
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\windows\System32\alg.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\windows\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.searchesplace.info/?pid=512&r=2013/08/10&hid=1152767426&lg=EN&cc=AT&unqvl=30
mStart Page = hxxp://websearch.searchesplace.info/?pid=512&r=2013/08/10&hid=1152767426&lg=EN&cc=AT&unqvl=30
BHO: savensshare: {64A2403E-C4F3-0F9D-E81E-FAF98A8D072E} - c:\documents and settings\all users\application data\savensshare\vc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SearchNewTab: {EE4D0304-5399-B922-315D-A1062F61FBFB} - c:\documents and settings\all users\application data\searchnewtab\19.dll
EB: &Recherchieren: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchAp] c:\program files\launch manager\LaunchAp.exe
mRun: [HotkeyApp] c:\program files\launch manager\HotkeyApp.exe
mRun: [LMgrVolOSD] c:\program files\launch manager\OSD.exe
mRun: [LMgrOSD] c:\program files\launch manager\OSDCtrl.exe
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [CtrlVol] c:\program files\launch manager\CtrlVol.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349007435250
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 212.186.211.21 195.34.133.21
TCP: Interfaces\{2B11AB81-E419-4483-8E03-F5E6B1104DB0} : DHCPNameServer = 212.186.211.21 195.34.133.21
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\progra~1\savesh~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mir\application data\mozilla\firefox\profiles\0bumvhi6.default-1348952702484\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchesplace.info/?pid=512&r=2013/08/10&hid=1152767426&lg=EN&cc=AT&unqvl=30&l=1&q=
FF - prefs.js: browser.startup.homepage - about:blank|about:blank|about:blank
FF - prefs.js: keyword.URL - hxxp://search.newtabking.com/?t=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-07-28 11:07; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\mir\application data\mozilla\firefox\profiles\0bumvhi6.default-1348952702484\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-08-15 11:43; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\documents and settings\mir\application data\mozilla\firefox\profiles\0bumvhi6.default-1348952702484\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
.
============= SERVICES / DRIVERS ===============
.
S1 mailKmd;mailKmd; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz135;cpuz135;\??\c:\docume~1\mir\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\mir\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-7-11 12400]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2012-3-17 28160]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-7-11 155320]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Foxit Phantom.exe: print="c:\program files\foxit software\foxit phantom\Foxit Phantom.exe"/p "%1"
ShellExec: Foxit Phantom.exe: printto="c:\program files\foxit software\foxit phantom\Foxit Phantom.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2013-08-15 17:29:19 -------- d-----w- c:\documents and settings\mir\local settings\application data\Canon Easy-PhotoPrint EX
2013-08-10 19:24:52 74136 ----a-w- c:\program files\mozilla firefox\updated\breakpadinjector.dll
2013-08-10 19:24:52 263576 ----a-w- c:\program files\mozilla firefox\updated\browser\components\browsercomps.dll
2013-08-10 19:24:52 2106216 ----a-w- c:\program files\mozilla firefox\updated\D3DCompiler_43.dll
2013-08-10 19:24:52 19352 ----a-w- c:\program files\mozilla firefox\updated\AccessibleMarshal.dll
2013-08-10 19:24:52 116120 ----a-w- c:\program files\mozilla firefox\updated\crashreporter.exe
2013-08-10 18:46:44 -------- d-----w- c:\documents and settings\all users\application data\StarApp
2013-08-10 18:46:18 -------- d-----w- c:\documents and settings\all users\application data\SearchNewTab
2013-08-10 18:46:12 -------- d-----w- c:\program files\WebSearch
2013-08-10 18:45:48 -------- d-----w- c:\program files\Optimizer Pro
2013-08-10 18:45:06 -------- d-----w- c:\program files\SaveShare
2013-08-10 18:45:01 -------- d-----w- c:\documents and settings\all users\application data\savensshare
2013-08-10 18:44:12 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2013-08-10 16:04:30 -------- d-----w- c:\documents and settings\all users\application data\CanonIJ
2013-08-10 16:04:09 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJScan
2013-08-10 16:01:09 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJEGV
2013-08-10 15:55:09 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJEPPEX
2013-08-10 15:54:23 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJSolutionMenuEX
2013-08-10 15:54:22 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJEPPEX2
2013-08-10 15:54:22 -------- d--h--w- c:\documents and settings\all users\application data\CanonEPP
2013-08-10 15:54:14 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJMyPrinter
2013-08-10 15:52:09 -------- d-----w- c:\documents and settings\all users\application data\CanonIJPLM
2013-08-10 15:51:54 -------- d-----w- c:\documents and settings\all users\application data\Canon IJ Network Tool
2013-08-10 15:51:23 286720 ----a-w- c:\windows\system32\CNC_ATC.dll
2013-08-10 15:51:23 114688 ----a-w- c:\windows\system32\CNC_ATU.dll
2013-08-10 15:51:22 323584 ----a-w- c:\windows\system32\CNC_ATL.dll
2013-08-10 15:51:22 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2013-08-10 15:51:22 114688 ----a-w- c:\windows\system32\CNC_ATI.dll
2013-08-10 15:49:22 -------- d-----w- c:\program files\common files\CANON
2013-08-10 15:48:52 -------- d-----w- c:\documents and settings\all users\application data\CanonIJWSpt
2013-08-10 15:43:55 84992 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAT.DLL
2013-08-10 15:43:55 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAT.DLL
2013-08-10 15:43:54 311296 ----a-w- c:\windows\system32\CNMLMAT.DLL
2013-08-10 15:43:37 184320 ----a-w- c:\windows\system32\CNMIUAT.DLL
2013-08-10 15:43:10 366592 ----a-w- c:\windows\system32\CNMNPPM.DLL
2013-08-10 15:43:10 35840 ----a-w- c:\windows\system32\CNMNPUI.DLL
2013-08-10 15:43:10 -------- d-----w- c:\windows\system32\STRING
2013-08-10 14:26:22 -------- d-----w- c:\program files\Canon
2013-08-03 12:15:14 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-03 12:15:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-03 12:09:16 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-08-03 12:06:12 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-03 12:05:14 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2013-08-03 12:05:14 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2013-08-03 12:03:47 -------- d-----w- c:\program files\Bonjour
2013-07-18 17:03:38 -------- d-----w- c:\documents and settings\mir\local settings\application data\Adobe
.
==================== Find3M ====================
.
2013-08-03 12:27:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-03 12:27:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-03 12:14:47 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-03 12:14:47 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 12:53:55.39 ===============
Dopuna: 17 Avg 2013 13:18
mycity.rs/must-login.png
|
|
|
|
|
Poslao: 17 Avg 2013 14:53
|
offline
- Pridružio: 14 Avg 2010
- Poruke: 185
|
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by mir on 17.08.2013 at 14:21:40.81.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\mir\Desktop\zoek.exe [Script inserted]
==== System Restore Info ======================
17.08.2013 2:23:51 PM Zoek.exe System Restore Point Created Succesfully.
==== Files Recently Created / Modified ======================
====== C:\windows ====
====== C:\DOCUME~1\mir\LOCALS~1\Temp ====
2013-08-10 15:38:29 E07778D92D4081366C736F32854A3682 349592 ----a-r- C:\DOCUME~1\mir\LOCALS~1\Temp\uninstall.exe
2013-08-10 14:26:20 A6DE5049E20B7034BAC93FFD6CCC621A 850320 ------w- C:\DOCUME~1\mir\LOCALS~1\Temp\MSETUP4.EXE
2013-08-03 12:26:40 F3A7B33E88BCECEB60A4158248381C63 17737608 ----a-w- C:\DOCUME~1\mir\LOCALS~1\Temp\fp_pl_pfs_installer.exe
====== C:\windows\system32 =====
2013-08-10 15:51:23 BA8742F10E0737E814C166FCB1930698 114688 ----a-w- C:\windows\System32\CNC_ATU.dll
2013-08-10 15:51:23 907ABF5B73F1E7BA8D2E3B5358FA15F8 286720 ----a-w- C:\windows\System32\CNC_ATC.dll
2013-08-10 15:51:22 D16CF34B17899F90A8FCF2A3F77B4A27 15872 ----a-w- C:\windows\System32\CNHMCA.dll
2013-08-10 15:51:22 CFC7EF91A95CFB3E55B665E47BD25126 114688 ----a-w- C:\windows\System32\CNC_ATI.dll
2013-08-10 15:51:22 CC74C2C7F8CF4A4F57F1595EAA8D356F 323584 ----a-w- C:\windows\System32\CNC_ATL.dll
2013-08-10 15:51:22 70CCD087734EADF02573D246F84D8956 68096 ----a-w- C:\windows\System32\CNC1754D.TBL
2013-08-10 15:43:54 D4FDCC6B5E6DBE12333FD1B423924060 311296 ----a-w- C:\windows\System32\CNMLMAT.DLL
2013-08-10 15:43:37 7803CEF182BAE553533F2E90760638C6 184320 ----a-w- C:\windows\System32\CNMIUAT.DLL
2013-08-10 15:43:10 80621A595D8AC5A16BC0E91750301BC1 366592 ----a-w- C:\windows\System32\CNMNPPM.DLL
2013-08-10 15:43:10 368F1239338FA2804FD0948DFDD8AFA9 35840 ----a-w- C:\windows\System32\CNMNPUI.DLL
====== C:\windows\system32\drivers =====
2013-08-03 12:05:14 6E421CCC57059B0186C6259CA3B6DFC9 45056 ----a-w- C:\windows\System32\drivers\usbaapl.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
2013-08-10 18:45:48 -------- d-----w- C:\Program Files\Optimizer Pro
2013-08-10 18:45:06 -------- d-----w- C:\Program Files\SaveShare
2013-08-10 15:49:22 -------- d-----w- C:\Program Files\Common Files\CANON
2013-08-10 15:43:28 -------- d--h--w- C:\Program Files\CanonBJ
2013-08-10 14:26:22 -------- d-----w- C:\Program Files\Canon
2013-08-03 12:09:16 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
2013-08-03 12:05:30 -------- d-----w- C:\Program Files\Apple Software Update
2013-08-03 12:03:47 -------- d-----w- C:\Program Files\Bonjour
======= C: =====
====== C:\Documents and Settings\mir\Application Data ======
2013-08-15 17:29:19 -------- d-----w- C:\Documents and Settings\mir\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2013-08-10 18:46:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\StarApp
2013-08-10 18:45:01 -------- d-----w- C:\Documents and Settings\All Users\Application Data\savensshare
2013-08-10 18:44:12 -------- d-----w- C:\Documents and Settings\All Users\Application Data\InstallMate
2013-08-10 16:04:30 -------- d-----w- C:\Documents and Settings\All Users\Application Data\CanonIJ
2013-08-10 16:04:09 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\CanonIJScan
2013-08-10 16:01:09 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
2013-08-10 15:55:09 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
2013-08-10 15:54:23 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
2013-08-10 15:54:22 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
2013-08-10 15:54:22 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\CanonEPP
2013-08-10 15:54:15 -------- d-----w- C:\Documents and Settings\mir\Application Data\Canon
2013-08-10 15:54:14 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
2013-08-10 15:52:09 -------- d-----w- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2013-08-10 15:52:06 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG5300 series
2013-08-10 15:51:56 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\IJ Network Tool
2013-08-10 15:51:54 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
2013-08-10 15:51:49 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\IJ Network Scanner Selector EX
2013-08-10 15:49:35 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG5300 series User Registration
2013-08-10 15:48:59 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\Solution Menu EX
2013-08-10 15:48:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
2013-08-10 15:48:36 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint EX
2013-08-10 15:45:57 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\MP Navigator EX 5.0
2013-08-10 15:45:18 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\My Printer
2013-08-10 15:45:18 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2013-08-10 15:45:01 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG5300 series Manual
2013-08-10 15:44:10 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\CanonBJ
2013-08-03 15:36:33 -------- d-----w- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-08-03 12:06:12 -------- d-----w- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-18 17:03:38 -------- d-----w- C:\Documents and Settings\mir\Local Settings\Application Data\Adobe
====== C:\Documents and Settings\mir ======
====== C: exe-files ==
2013-08-17 12:19:11 A35576A433F4AEB0D48976A004657CB6 117656 ----a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2013-08-17 10:38:58 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\mir\My Documents\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-12 22:33:58 A23B66F7C3FDD5308FC729582A7C8101 31094527 ----a-r- C:\Documents and Settings\mir\My Documents\Downloads\PirateBrowser_0.6b.exe
2013-08-10 18:46:44 57E626878D667E65127D1725279B0965 12384 ----atw- C:\Documents and Settings\mir\Local Settings\Temp\{C1B361F2-969B-4C09-AEE2-DEB91A504304}\x86\regsvr32.exe
2013-08-10 18:46:44 157FE300857E06020BCB38A04D5B3B75 12896 ----atw- C:\Documents and Settings\mir\Local Settings\Temp\{C1B361F2-969B-4C09-AEE2-DEB91A504304}\x64\regsvr32.exe
2013-08-10 18:46:00 102A308197D8FF05CE2B775CF4BFF0C7 1538892 ----a-w- C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\K9ABCDER\search_defender_alternate_166[1].exe
2013-08-10 18:45:52 2AC7AC58859DD6CA8E67DA78F90994B6 307712 ----a-w- C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\CDERSTUJ\agent_setup[1].exe
2013-08-10 18:45:06 B42FF5F0D5E1B6331B9243CA6C78656E 494162 ----a-w- C:\Program Files\SaveShare\uninstall.exe
2013-08-10 15:52:44 CE1EE31FFF730CA975A5535D8A71AF61 138192 ----a-w- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
2013-08-10 15:52:44 82B11A7E6D34AF89C4B7C1D979D5F34B 90064 ----a-r- C:\Program Files\Canon\IJPLM\setup.exe
2013-08-10 15:52:44 376E1AA45DA9E1672A9E627EF34334AA 389584 ----a-w- C:\Program Files\Canon\IJPLM\ijplmui.exe
2013-08-10 15:51:55 652AA7E28743988B65B37B5BC8E3939C 116392 ----a-w- C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
2013-08-10 15:51:54 C4C213534A383CCFF12DDBC27A9B112C 721552 ----a-w- C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE
2013-08-10 15:51:49 5F7EE76129F9A591F22F99F95D97AC95 452016 ----a-w- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
2013-08-10 15:51:48 F6F85C764E5F93A381EFE06CBBA095BF 408008 ---ha-w- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSU.exe
2013-08-10 15:49:34 F931C0A1887AC7FF301045BD4E6B7B8D 70544 ------w- C:\Program Files\Canon\IJEREG\MG5300 series\UNINST.EXE
2013-08-10 15:49:34 768AEA8EC0EB63DD44D565E200BEBAC9 67472 ------w- C:\Program Files\Canon\IJEREG\MG5300 series\IJRMF.exe
2013-08-10 15:49:34 4D09C97401B27595A9CD1BBCAABD808E 423824 ------w- C:\Program Files\Canon\IJEREG\MG5300 series\IJEREG.exe
2013-08-10 15:49:31 70694A8314330B33F12C7838C1B0CC73 124336 ----a-w- C:\Program Files\Canon\Easy-WebPrint EX\ewpexdl.exe
2013-08-10 15:48:52 B0CB5F7717F2F0DF783E019B219FA440 408728 ----a-w- C:\Program Files\Canon\Solution Menu EX\CNSEULNC.EXE
2013-08-10 15:48:52 8334E5088E74401490001EF65E07CAC5 593032 ----a-w- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
2013-08-10 15:48:52 64F2AFD26BD2A7D6793DC55FAFEF6885 380056 ----a-w- C:\Program Files\Canon\Solution Menu EX\CNSEACNF.EXE
2013-08-10 15:48:52 5019EB558905DAE049B84A59DE4D9253 388232 ----a-w- C:\Program Files\Canon\Solution Menu EX\CNSELNCR.EXE
2013-08-10 15:48:52 00AB2B491C7037BB219BEB26FAD34C72 1612920 ----a-w- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
2013-08-10 15:48:46 A4CF9C89F51795A4BD5A579E0EA799FB 407696 ---ha-w- C:\Program Files\Canon\Solution Menu EX\uninst.exe
2013-08-10 15:48:36 DDFA730270C627C8FADEB4E2641B70CF 132520 ----a-w- C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe
2013-08-10 15:46:15 B527D573D454C5629EE039103B842184 4597152 ----a-w- C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE
2013-08-10 15:46:13 DBC3FAB938D87599F21F941FAE93DBCC 67160 ----a-w- C:\Program Files\Canon\Easy-PhotoPrint EX\CNELMAIN.EXE
2013-08-10 15:45:28 A2656102C16877280AE331BD7300F75B 1140120 ----a-w- C:\Program Files\Canon\MP Navigator EX 5.0\mpncopy.exe
2013-08-10 15:45:28 060F8B98AD886F4AEC9D9E2B2B6DA375 80280 ----a-w- C:\Program Files\Canon\MP Navigator EX 5.0\mpnmlif64.exe
2013-08-10 15:45:27 0F456892369C53C7882101A0BBC427E4 308640 ---ha-w- C:\Program Files\Canon\MP Navigator EX 5.0\Maint.exe
2013-08-10 15:45:27 005C2F73761226A4224248B178F95612 9541016 ----a-w- C:\Program Files\Canon\MP Navigator EX 5.0\mpnex50.exe
2013-08-10 15:45:18 DDFA730270C627C8FADEB4E2641B70CF 132520 ----a-w- C:\Program Files\Canon\MyPrinter\uninst.exe
2013-08-10 15:45:17 A386A4A853F61050AE293E1C0942412F 2270608 ----a-w- C:\Program Files\Canon\MyPrinter\BJMYDGN.EXE
2013-08-10 15:45:17 709B5F2CA68F8E61E0B4FAF40D49BE37 386376 ----a-w- C:\Program Files\Canon\MyPrinter\BJMYRST.EXE
2013-08-10 15:45:16 D49C6A597814433ED6C3BF7ECF2D27BD 2565520 ----a-w- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2013-08-10 15:45:01 E07778D92D4081366C736F32854A3682 349592 ----a-r- C:\Program Files\Canon\IJ Manual\CANON MG5300 SERIES\uninstall.exe
2013-08-10 15:44:45 7A9F29B8CAC078A3E45356BF347BB3AB 54704 ----a-w- C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmvdrv.exe
2013-08-10 15:44:43 EBBD4C4F1EDB5C599E66E787C5C623CE 2160032 ----a-w- C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe
2013-08-10 15:43:58 2E4A73CE64583710E0D42A46E28C8378 62064 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMVSAT.EXE
2013-08-10 15:43:58 2E4A73CE64583710E0D42A46E28C8378 62064 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMVSAT.EXE
2013-08-10 15:43:55 2F9B6E881D7DD1F389B48903C84E5742 20592 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMSEAT.EXE
2013-08-10 15:43:55 2F9B6E881D7DD1F389B48903C84E5742 20592 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSEAT.EXE
2013-08-10 15:43:50 212EC59058E314CA662EB8A5CC57B7A3 497824 ----a-r- C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\DELDRV.exe
2013-08-10 15:43:50 1911E414CC6FAA2E56231E2EA8E8EF71 55984 ------w- C:\Program Files\CanonBJ\IJPrinter\Canon MG5300 series\IJDIA3.exe
2013-08-10 15:38:29 E07778D92D4081366C736F32854A3682 349592 ----a-r- C:\Documents and Settings\mir\Local Settings\Temp\uninstall.exe
2013-08-10 14:26:20 A6DE5049E20B7034BAC93FFD6CCC621A 850320 ------w- C:\Documents and Settings\mir\Local Settings\Temp\MSETUP4.EXE
=== C: other files ==
2013-08-15 11:27:50 ECC235F678976D00B04FBF8C5FE86672 51461 ----a-r- C:\Documents and Settings\mir\Local Settings\Temp\43359-harold_and_maude__hr+en_.zip
2013-08-15 11:00:30 AB93DBE636ABDE2649B4BA4A04567C67 25026 ----a-r- C:\Documents and Settings\mir\Local Settings\Temp\20707-haroldandmaude.zip
2013-08-15 09:42:02 410DEF35ABED7E80B1B94279F1D2C74D 714654 ----a-w- C:\Documents and Settings\mir\Local Settings\Temp\tmp-ppk.xpi
2013-08-13 16:51:54 1F98ABE7F9F7617978A092EFB8EC3FCB 13416 ----a-r- C:\Documents and Settings\mir\Local Settings\Temp\168462-breaking.bad.s05e09.hdtv.x264asap.zip
2013-08-11 19:26:21 DE8EE160366E91DD268ED00F186B1E33 20329 ----a-w- C:\Documents and Settings\mir\My Documents\Downloads\BubbleBreaker.zip
2013-08-11 13:33:19 7BA019BD383E2755FEFB29C7E6E863A4 28501 ----a-r- C:\Documents and Settings\mir\Local Settings\Temp\1aa4f1272b5b42d9ef848b84448d3deb7a2767ea.zip
2013-08-10 18:00:49 8AC46287EE843262D23853BB1AE7CC91 4464618 ----a-r- C:\Documents and Settings\mir\Local Settings\Temp\boot-cd-iso.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-1004336348-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe"
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe"
"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe"
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe"
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe"
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"
"IJNetworkScannerSelectorEX"="C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sm56hlpr"
"hkey"="HKLM"
"command"="sm56hlpr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
==== Task Scheduler Jobs ======================
C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03.08.2013 02:27 PM]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- New Tab King - %ProfilePath%\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
- Dictionary ENDE - %ProfilePath%\extensions\dictlookup@arnhold.com.xpi
- Adobe Flash Player - %ProfilePath%\extensions\hoverst@facebook.com.xpi
- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- gTranslate - %ProfilePath%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
ProfilePath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default
- Deutsches Wrterbuch erweitert fr sterreich - %ProfilePath%\extensions\de-AT@dictionaries.addons.mozilla.org
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Undetermined - %ProfilePath%\extensions\503692276a18b@503692276a19c.info.xpi
- Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484
0C8597DBC74AAF5179471BA013E3C6B4 - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
68A131335A20B343923A2957EB1E413D - C:\windows\system32\npptools.dll - Microsoft® Windows® Operating System
Profilepath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
D8EBF6A12964A58C10914DA54E175538 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
6E9CE4DC2EAA92855480C9281D3AFFF5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
29F9D1A7D3D63FD2D10CE06901475888 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
CF758AC229C1F082F179B3F7D14EF78B - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
629F9B5B99B80679520623655E31B5D1 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
65CE2E25E04D7C750BF8B30B2D34DCD7 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
2F7480A40151EB2E483CF6524EDBA3F7 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
37A665C51402265827F5CA65D4728648 - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
D8EBF6A12964A58C10914DA54E175538 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
6E9CE4DC2EAA92855480C9281D3AFFF5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
29F9D1A7D3D63FD2D10CE06901475888 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
CF758AC229C1F082F179B3F7D14EF78B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
629F9B5B99B80679520623655E31B5D1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
65CE2E25E04D7C750BF8B30B2D34DCD7 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
2F7480A40151EB2E483CF6524EDBA3F7 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mpieaakhacmfleokhjcjnpcnmnmpfkid - C:\Program Files\fbphotozoom\fbphotozoom13.crx[10.03.2012 08:08 PM]
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.searchesplace.info/?pid=512&r=2013/08/10&hid=1152767426&lg=EN&cc=AT&unqvl=30"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.searchesplace.info/?pid=512&r=2013/08/10&hid=1152767426&lg=EN&cc=AT&unqvl=30"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} WebSearch Url="http://websearch.searchesplace.info/?l=1&q={searchTerms}&pid=512&r=2013/08/10&hid=1152767426&lg=EN&cc=AT&unqvl=30"
==== EOF on 17.08.2013 at 14:27:19.07 ======================
|
|
|
|
|
Poslao: 18 Avg 2013 10:53
|
offline
- Pridružio: 14 Avg 2010
- Poruke: 185
|
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by mir on 18.08.2013 at 10:42:05.26.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\mir\Desktop\zoek.exe [Script inserted]
==== Older Logs ======================
C:\zoek-results17.08.2013-0227-PM.log 22974 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1004336348-796845957-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484\prefs.js:
user_pref("browser.startup.homepage", "about:blank|");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("browser.search.defaulturl", "http://websearch.searchesplace.info/?pid=512&r=2013/08/10&hid=1152767426&lg=EN&cc=AT&unqvl=30&l=1&q=");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("keyword.URL", "http://search.newtabking.com/?t=1&q=");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default\prefs.js:
user_pref("browser.startup.homepage", "http://mysearch.avg.com/?cid={B60D68CB-8F41-4B41-B58E-752041F9F81A}&mid=&lang=en&ds=gm011&pr=sa&d=&v=&pid=safeguard&sg=&sap=hp");
user_pref("browser.search.defaultenginename", "AVG Secure Search");
user_pref("browser.search.selectedEngine", "AVG Secure Search");
user_pref("keyword.URL", "http://mysearch.avg.com/search?cid={B60D68CB-8F41-4B41-B58E-752041F9F81A}&mid=Unknown&lang=en&ds=gm011&pr=sa&d=2013-03-27 18:17:26&pid=safeguard&sg=&v=14.0.0.12&sap=ku&q=");
Added to C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484
user.js not found
---- Lines t9yiy@ge-oohe.net removed from prefs.js ----
---- Lines t9yiy@ge-oohe.net modified from prefs.js ----
---- Lines WebSearch removed from prefs.js ----
---- Lines WebSearch modified from prefs.js ----
---- Lines yahoo removed from prefs.js ----
---- Lines yahoo modified from prefs.js ----
---- Lines babylon removed from prefs.js ----
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
---- Lines babylon modified from prefs.js ----
---- Lines mysearch removed from prefs.js ----
---- Lines mysearch modified from prefs.js ----
---- Lines SweetIM removed from prefs.js ----
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
---- Lines SweetIM modified from prefs.js ----
---- Lines ilivid removed from prefs.js ----
---- Lines ilivid modified from prefs.js ----
---- Lines browser.startup.page removed from prefs.js ----
---- Lines browser.startup.page modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1046_.backup
ProfilePath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default
user.js not found
---- Lines t9yiy@ge-oohe.net removed from prefs.js ----
---- Lines t9yiy@ge-oohe.net modified from prefs.js ----
---- Lines WebSearch removed from prefs.js ----
---- Lines WebSearch modified from prefs.js ----
---- Lines yahoo removed from prefs.js ----
---- Lines yahoo modified from prefs.js ----
---- Lines babylon removed from prefs.js ----
---- Lines babylon modified from prefs.js ----
---- Lines mysearch removed from prefs.js ----
---- Lines mysearch modified from prefs.js ----
---- Lines SweetIM removed from prefs.js ----
---- Lines SweetIM modified from prefs.js ----
---- Lines ilivid removed from prefs.js ----
---- Lines ilivid modified from prefs.js ----
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- Lines browser.startup.page modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1046_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="www.google.com"
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]
"DefaultScope"="www.google.rs"
==== Deleting Files \ Folders ======================
"C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484\searchplugins\WebSearch.xml" deleted
"C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484\searchplugins\WebSearch.xml" deleted
"C:\Program Files\Optimizer Pro" deleted
"C:\Documents and Settings\All Users\Application Data\savensshare" deleted
"C:\Program Files\Optimizer Pro" deleted
"C:\Program Files\fbphotozoom" deleted
"C:\Documents and Settings\All Users\Application Data\InstallMate" deleted
"C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484\jetpack" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- New Tab King - %ProfilePath%\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
- Dictionary ENDE - %ProfilePath%\extensions\dictlookup@arnhold.com.xpi
- Adobe Flash Player - %ProfilePath%\extensions\hoverst@facebook.com.xpi
- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- gTranslate - %ProfilePath%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
ProfilePath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default
- Deutsches Wrterbuch erweitert fr sterreich - %ProfilePath%\extensions\de-AT@dictionaries.addons.mozilla.org
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Undetermined - %ProfilePath%\extensions\503692276a18b@503692276a19c.info.xpi
- Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484
0C8597DBC74AAF5179471BA013E3C6B4 - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
68A131335A20B343923A2957EB1E413D - C:\windows\system32\npptools.dll - Microsoft® Windows® Operating System
Profilepath: C:\Documents and Settings\mir\Application Data\Mozilla\Firefox\Profiles\btszqpyl.default
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
D8EBF6A12964A58C10914DA54E175538 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
6E9CE4DC2EAA92855480C9281D3AFFF5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
29F9D1A7D3D63FD2D10CE06901475888 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
CF758AC229C1F082F179B3F7D14EF78B - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
629F9B5B99B80679520623655E31B5D1 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
65CE2E25E04D7C750BF8B30B2D34DCD7 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
2F7480A40151EB2E483CF6524EDBA3F7 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
37A665C51402265827F5CA65D4728648 - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
D8EBF6A12964A58C10914DA54E175538 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
6E9CE4DC2EAA92855480C9281D3AFFF5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
29F9D1A7D3D63FD2D10CE06901475888 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
CF758AC229C1F082F179B3F7D14EF78B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
629F9B5B99B80679520623655E31B5D1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
65CE2E25E04D7C750BF8B30B2D34DCD7 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
2F7480A40151EB2E483CF6524EDBA3F7 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
68A131335A20B343923A2957EB1E413D - C:\WINDOWS\system32\npptools.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mpieaakhacmfleokhjcjnpcnmnmpfkid - C:\Program Files\fbphotozoom\fbphotozoom13.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\mir\Local Settings\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\DOCUME~1\mir\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\mir\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on 18.08.2013 at 10:49:15.39 ======================
|
|
|
|
|
Poslao: 18 Avg 2013 11:57
|
offline
- Pridružio: 14 Avg 2010
- Poruke: 185
|
ComboFix 13-08-16.03 - mir 18.08.2013 11:45:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1380 [GMT 2:00]
Running from: c:\documents and settings\mir\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\462624995323
c:\program files\SaveShare
c:\program files\SaveShare\uninstall.exe
c:\windows\system32\_004185_.tmp.dll
c:\windows\system32\_004186_.tmp.dll
c:\windows\system32\_004187_.tmp.dll
c:\windows\system32\_004188_.tmp.dll
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004236_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\9def98ae50ba1e33.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
.
.
((((((((((((((((((((((((( Files Created from 2013-07-18 to 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2013-08-18 08:47 . 2013-08-18 08:42 24064 ----a-w- c:\windows\zoek-delete.exe
2013-08-17 11:08 . 2013-08-10 19:47 74136 ----a-w- c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2013-08-17 11:08 . 2013-08-10 19:47 262552 ----a-w- c:\program files\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-08-17 11:08 . 2013-08-10 19:47 19352 ----a-w- c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-08-17 11:08 . 2013-08-10 19:47 116120 ----a-w- c:\program files\Mozilla Firefox\updated\crashreporter.exe
2013-08-17 11:08 . 2010-05-26 18:41 2106216 ----a-w- c:\program files\Mozilla Firefox\updated\D3DCompiler_43.dll
2013-08-15 17:29 . 2013-08-15 17:29 -------- d-----w- c:\documents and settings\mir\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2013-08-10 18:46 . 2013-08-10 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\StarApp
2013-08-10 16:04 . 2013-08-10 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2013-08-10 15:54 . 2013-08-10 15:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP
2013-08-10 15:54 . 2013-08-10 16:04 -------- d-----w- c:\documents and settings\mir\Application Data\Canon
2013-08-10 15:51 . 2013-08-10 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Canon IJ Network Tool
2013-08-10 15:51 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ATU.dll
2013-08-10 15:51 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ATC.dll
2013-08-10 15:51 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ATI.dll
2013-08-10 15:51 . 2011-03-30 10:54 323584 ----a-w- c:\windows\system32\CNC_ATL.dll
2013-08-10 15:51 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2013-08-10 15:49 . 2013-08-10 15:49 -------- d-----w- c:\program files\Common Files\CANON
2013-08-10 15:44 . 2013-08-10 15:44 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2013-08-10 15:43 . 2012-03-14 03:00 84992 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAT.DLL
2013-08-10 15:43 . 2012-03-14 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAT.DLL
2013-08-10 15:43 . 2012-03-14 03:00 311296 ----a-w- c:\windows\system32\CNMLMAT.DLL
2013-08-10 15:43 . 2013-08-10 15:43 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-08-10 15:43 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAT.DLL
2013-08-10 15:43 . 2013-08-10 15:43 -------- d-----w- c:\windows\system32\STRING
2013-08-10 15:43 . 2012-06-14 08:18 35840 ----a-w- c:\windows\system32\CNMNPUI.DLL
2013-08-10 15:43 . 2012-06-14 08:18 366592 ----a-w- c:\windows\system32\CNMNPPM.DLL
2013-08-10 14:26 . 2013-08-10 15:54 -------- d-----w- c:\program files\Canon
2013-08-03 12:15 . 2013-08-03 12:15 -------- d-----w- c:\program files\Common Files\Java
2013-08-03 12:15 . 2013-08-03 12:14 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-03 12:15 . 2013-08-03 12:14 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-03 12:09 . 2013-08-18 08:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-08-03 12:06 . 2013-08-03 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-03 12:05 . 2013-08-03 12:05 -------- d-----w- c:\program files\Apple Software Update
2013-08-03 12:05 . 2012-12-13 11:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2013-08-03 12:05 . 2012-12-13 11:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2013-08-03 12:03 . 2013-08-03 12:03 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-03 12:27 . 2012-04-01 09:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-03 12:27 . 2012-03-10 17:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-03 12:14 . 2012-07-08 18:04 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-03 12:14 . 2012-03-10 16:30 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-11-10 02:44 557056 ----a-w- c:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-01-20 18:23 761946 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S1 mailKmd;mailKmd; [x]
S3 cpuz135;cpuz135;\??\c:\docume~1\mir\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\mir\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11.07.2012 8:33 PM 12400]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [17.03.2012 8:36 PM 28160]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [11.07.2012 8:22 PM 155320]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06.05.2008 5:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:27]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-20 19:18]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-20 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - c:\documents and settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.newtabking.com/?t=1&q=
FF - ExtSQL: 2013-07-28 11:07; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\mir\Application Data\Mozilla\Firefox\Profiles\0bumvhi6.default-1348952702484\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SP_8e303e95 - c:\program files\SaveShare\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-18 11:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????\??????|x??|????q??|?j?wQj?w????????,??? ???????????????d??????|????????p?????@????????????????s???????s???sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?s,>???6@?8>?????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-08-18 11:55:35
ComboFix-quarantined-files.txt 2013-08-18 09:55
.
Pre-Run: 895,148,032 bytes free
Post-Run: 1,015,595,008 bytes free
.
- - End Of File - - B08E6116AB726068BCF1D735AD3CF951
8F558EB6672622401DA993E1E865C861
|
|
|
|
Poslao: 18 Avg 2013 12:01
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Sada je sve u redu, jel' tako?
|
|
|
|
Poslao: 18 Avg 2013 13:21
|
offline
- Pridružio: 14 Avg 2010
- Poruke: 185
|
da, da, mnogo brze.. i nema vise onog WebSearch-a..
nego mi nije jasno otkud to, ako samo uradih update forefox-a... nista drugo!
|
|
|
|
|