Nemoze da se ukloni

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Koristi avg anti virus i poceo je da mi izbacuje poruku o zarazenom fajlu koji nikako nemogu da uklonim. Ja ga izbrisem posle 5-6 minuta ponovo izlazi ista poruka koju vam prilazem da pogledate:

Sta dale da radim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

Postavi logove kako kaze uputstvo pa cemo videti sta dalje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

tacija ::Koristi avg anti virus i poceo je da mi izbacuje poruku o zarazenom fajlu koji nikako nemogu da uklonim. Ja ga izbrisem posle 5-6 minuta ponovo izlazi ista poruka koju vam prilazem da pogledate:

Sta dalje da radim?

• 5Ovo se svidja korisnicima: goran9888, diarno, ThePhilosopher, Ričard, zeljko f
  
  Registruj se da bi pohvalio/la poruku!

helen1 ::Zdravo,

Postavi logove kako kaze uputstvo pa cemo videti sta dalje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Problem sam opisao u gornjoj poruci . Koristim ADSL brzine 114. Evo trzenih izvestaja.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Juca at 17:34:01,70 on Mon 09/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.995 [GMT 2:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wuaucldt.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Documents and Settings\Juca\Desktop\utorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wally\Wally.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Internet Lock\ILSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Juca\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.bigseekpro.com/hypercam/{764716AD-6EF3-4A7C-A91B-F047E3057AAC}
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/hypercam/{764716AD-6EF3-4A7C-A91B-F047E3057AAC}
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: GigaSize Toolbar: {89de49c7-e350-4c8e-885b-a41f859b93c4} - c:\program files\gigasizetb\gigasizeDx.dll
BHO: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
BHO: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Big Fish Games Toolbar: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbar\bfg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: {E9FAB13D-4600-49E1-90D1-EE961C859D39} - No File
TB: GigaSize Toolbar: {89de49c7-e350-4c8e-885b-a41f859b93c4} - c:\program files\gigasizetb\gigasizeDx.dll
TB: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll
TB: Big Fish Games Toolbar: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbar\bfg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
uRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
uRun: [VisualTaskTips] c:\program files\visualtasktips\VisualTaskTips.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [µTorrent] "c:\documents and settings\juca\desktop\utorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Wally] c:\program files\wally\Wally.exe
uRun: [syncman] c:\documents and settings\juca\wuaucldt.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [PCTVRemote] c:\program files\pinnacle\pctv stereo\remote\Remoterm.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [GEST] "c:\program files\gigabyte\gest\run.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [syncman] c:\windows\system32\wuaucldt.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\common files\cloanto\software director\softdir.exe
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179}
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\juca\applic~1\mozilla\firefox\profiles\mfgjnbjj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\mfgjnbjj.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency.dll
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\mfgjnbjj.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\juca\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\juca\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\juca\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\juca\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-3-14 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-18 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-18 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-18 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-18 243024]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-25 234888]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-21 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [2008-12-17 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2008-12-17 139264]
R2 sensorsview;sensorsview;c:\windows\system32\drivers\sensorsview.sys [2007-8-17 4224]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2009-2-18 698368]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-14 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-3-14 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-3-14 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-3-14 26192]
R3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\gsvr.exe [2009-2-18 55816]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-8-10 3584]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2009-2-18 6400]
S0 Lbd;Lbd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-17 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-14 30104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\portabl programi\everest\kerneld.wnt [2010-8-2 7168]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-6-23 30192]

=============== Created Last 30 ================

2010-09-13 13:57:11 1 ----a-w- c:\documents and settings\juca\oashdihasidhasuidhiasdhiashdiuasdhasd
2010-09-12 13:50:46 577024 ----a-w- c:\windows\system32\ooooooooo
2010-09-12 13:50:45 188416 ----a-w- c:\windows\system32\cooper.mine
2010-09-12 13:31:02 65536 ----a-w- c:\windows\system32\wuaucldt.exe
2010-09-12 13:31:02 65536 ----a-w- c:\documents and settings\juca\wuaucldt.exe
2010-09-12 13:10:43 214404 ----a-w- C:\w.tmp
2010-09-12 13:10:38 286 ----a-w- C:\gb.exe
2010-09-12 13:10:32 154960 ----a-w- C:\z.tmp
2010-09-02 13:25:37 0 d-----w- c:\docume~1\juca\applic~1\Frogwares
2010-08-31 09:23:11 0 d-----w- c:\program files\Wally
2010-08-22 07:42:27 0 d-----w- c:\docume~1\juca\applic~1\BfgBar
2010-08-22 07:42:26 0 d-----w- c:\program files\BfgBar
2010-08-22 06:11:31 0 d-----w- c:\program files\bfgclient
2010-08-21 13:40:40 0 d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2010-08-18 15:26:18 0 d-sh--w- c:\docume~1\juca\applic~1\.#

==================== Find3M ====================

2010-09-13 15:19:27 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-09-13 10:25:48 16608 ----a-w- c:\windows\gdrv.sys
2010-09-13 10:23:52 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-07-17 17:20:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-17 17:20:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-22 06:42:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-17 12:30:19 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 17:34:36,40 ===============
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-09-13.02 - Juca 09/14/2010 10:13:25.24.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1342 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Juca\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\gb.exe
c:\windows\system32\cooper.mine
c:\windows\system32\wuaucldt.exe
C:\z.tmp

-- Previous Run --

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{5C051867-87F6-4126-ADE2-ED7CDB7D7EF2}\RP443\A0113168.sys

--------

.
((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-08 10:59 . 2010-09-08 10:59 53248 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE
2010-09-08 10:59 . 2010-09-08 10:59 53248 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE
2010-09-04 12:05 . 2010-09-04 12:05 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Blood Ties\40000047800002i\BloodTies.exe
2010-09-02 13:25 . 2010-09-02 13:25 -------- d-----w- c:\documents and settings\Juca\Application Data\Frogwares
2010-08-31 09:23 . 2010-08-31 09:23 -------- d-----w- c:\program files\Wally
2010-08-27 13:27 . 2010-08-27 13:27 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 15:33 . 2010-08-24 15:33 -------- d-----w- c:\program files\QuickTime
2010-08-22 07:42 . 2010-08-22 07:42 -------- d-----w- c:\documents and settings\Juca\Application Data\BfgBar
2010-08-22 07:42 . 2010-08-22 07:42 -------- d-----w- c:\program files\BfgBar
2010-08-22 06:11 . 2010-08-22 06:11 -------- d-----w- c:\program files\bfgclient
2010-08-21 13:40 . 2010-08-22 06:10 3965944 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-08-21 13:40 . 2010-08-22 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-08-17 01:38 . 2010-08-17 01:38 143392 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-heritage_s1_l1_gF5699T1L1_d1003180817.exe
2010-08-17 01:38 . 2010-08-17 01:38 143392 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-heritage_s1_l1_gF5699T1L1_d1003180817(2).exe
2010-08-17 01:38 . 2010-08-17 01:38 3908896 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 08:18 . 2010-02-28 16:39 16608 ----a-w- c:\windows\gdrv.sys
2010-09-14 08:04 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-09-14 08:04 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-09-14 07:19 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-09-13 21:11 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-09-13 15:47 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-09-12 15:02 . 2009-06-07 14:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon
2010-09-12 14:58 . 2009-03-06 14:01 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-09-12 14:56 . 2009-03-06 13:56 -------- d-----w- c:\program files\Canon
2010-09-12 13:16 . 2010-09-12 13:10 214404 ----a-w- C:\w.tmp
2010-09-12 05:56 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-11 16:53 . 2009-10-13 10:28 -------- d-----w- c:\program files\FolderHighlight
2010-09-10 15:24 . 2010-08-11 14:02 188152 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\FlashGot.exe
2010-09-07 05:29 . 2010-08-08 06:42 -------- d-----w- c:\program files\SensorsViewPro31
2010-09-04 09:19 . 2010-04-28 08:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 11:57 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-02 17:00 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-09-02 10:21 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-08-29 09:12 . 2010-05-02 13:00 -------- d-----w- c:\program files\SuperMP3Download
2010-08-28 05:38 . 2010-05-02 13:00 -------- d-----w- c:\program files\Hot_MP3
2010-08-27 13:35 . 2010-04-01 05:32 7 ----a-w- c:\windows\treeskp.sys
2010-08-27 13:35 . 2009-02-20 14:53 7 ----a-w- c:\windows\sbacknt.bin
2010-08-27 13:27 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2010-08-24 15:33 . 2009-12-11 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-15 15:44 . 2010-03-18 18:51 -------- d-----w- c:\documents and settings\Juca\Application Data\Big Fish Games
2010-08-13 08:51 . 2010-08-13 08:51 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-788b706a-n\msvcp71.dll
2010-08-13 08:51 . 2010-08-13 08:51 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-788b706a-n\jmc.dll
2010-08-13 08:51 . 2010-08-13 08:51 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-788b706a-n\msvcr71.dll
2010-08-13 08:51 . 2010-08-13 08:51 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38296207-n\decora-sse.dll
2010-08-13 08:51 . 2010-08-13 08:51 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38296207-n\decora-d3d.dll
2010-08-10 16:05 . 2010-08-08 11:03 -------- d-----w- c:\documents and settings\Juca\Application Data\Toolbar4
2010-08-10 12:40 . 2009-02-18 16:07 56432 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-09 15:31 . 2010-06-25 22:30 -------- d-----w- c:\program files\EvilLyrics
2010-08-08 21:39 . 2010-08-08 17:02 -------- d-----w- c:\program files\iColorFolder
2010-08-08 15:12 . 2010-04-06 15:45 -------- d-----w- c:\documents and settings\Juca\Application Data\gigasizetb
2010-08-08 11:03 . 2010-08-08 11:03 -------- d-----w- c:\program files\HyCam2
2010-08-08 05:14 . 2010-08-04 16:52 -------- d-----w- c:\program files\Simple Port Forwarding
2010-08-08 05:13 . 2010-02-18 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-06 14:34 . 2009-05-11 04:54 -------- d-----w- c:\program files\Unlocker
2010-08-06 14:26 . 2010-08-06 14:26 -------- d-----w- c:\documents and settings\Juca\Application Data\GRETECH
2010-08-06 14:24 . 2009-02-21 12:38 -------- d-----w- c:\program files\GRETECH
2010-08-06 13:50 . 2010-08-06 13:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-05 10:34 . 2010-08-05 10:34 -------- d-----w- c:\program files\Time Stopper
2010-08-05 10:04 . 2009-02-18 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-04 13:27 . 2010-08-04 13:26 5125664 ----a-w- c:\documents and settings\Juca\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2010-08-02 04:56 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-07-30 14:53 . 2010-07-30 14:53 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon Drivers Update Utility
2010-07-29 05:49 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-07-29 05:49 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-07-29 05:49 . 2009-08-19 10:11 -------- d-----w- c:\program files\mobile PhoneTools
2010-07-29 05:49 . 2009-09-14 08:53 -------- d-----w- c:\program files\kikin
2010-07-29 05:49 . 2009-08-19 10:12 -------- d-----w- c:\program files\LiveUpdate
2010-07-29 05:49 . 2010-06-06 05:02 -------- d-----w- c:\program files\HandBrake
2010-07-29 05:49 . 2009-10-26 13:50 -------- d-----w- c:\program files\360desktop
2010-07-29 05:49 . 2009-02-18 20:15 -------- d-----w- c:\program files\BSPlayer
2010-07-28 15:01 . 2010-07-28 15:01 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Smart Data Recovery v4.3\4000008000002i\Splash Screen.exe
2010-07-26 12:19 . 2010-07-20 13:22 -------- d-----w- c:\documents and settings\Juca\Application Data\dvdcss
2010-07-23 05:28 . 2010-03-06 13:57 -------- d-----w- c:\documents and settings\Juca\Application Data\Uniblue
2010-07-23 05:28 . 2010-07-23 05:28 -------- d-----w- c:\program files\Uniblue
2010-07-20 10:37 . 2010-07-20 10:37 -------- d-----w- c:\documents and settings\Juca\Application Data\Marine Aquarium 3
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-17 17:21 . 2010-03-18 07:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-17 17:21 . 2010-07-17 17:21 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-17 17:21 . 2010-07-17 17:21 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-17 17:21 . 2010-03-18 07:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-17 17:21 . 2010-03-18 07:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-17 17:21 . 2010-07-17 17:21 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-17 17:20 . 2009-02-19 09:04 -------- d-----w- c:\program files\Real
2010-07-17 17:20 . 2009-02-18 18:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-17 17:20 . 2009-02-18 18:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-17 17:19 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-07-17 03:00 . 2010-05-11 10:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 08:00 . 2010-08-06 13:49 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-29 09:45 . 2010-06-29 09:45 39936 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\ImageConverter Plus 7.1\40000018000002i\icp.exe
2010-06-28 13:28 . 2010-06-28 13:28 7168 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Natura Sound Therapy\10000001500003i\NAT.exe
2010-06-22 06:42 . 2010-02-18 14:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:42 . 2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 06:41 . 2010-03-14 11:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 06:41 . 2010-02-18 14:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-23 10:28 . 2010-06-23 10:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-05_06.01.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-14 08:06 . 2010-09-14 08:06 16384 c:\windows\temp\Perflib_Perfdata_67c.dat
- 2009-03-06 14:01 . 2010-06-01 12:58 65536 c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2009-03-06 14:01 . 2010-09-12 14:58 65536 c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
- 2009-03-06 14:01 . 2010-06-01 12:58 49152 c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut14_27BC537B086D42E19CB39D115FA043BF.exe
+ 2009-03-06 14:01 . 2010-09-12 14:58 49152 c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut14_27BC537B086D42E19CB39D115FA043BF.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-04-28 08:34 . 2010-09-04 05:24 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-04-28 08:34 . 2010-06-04 05:47 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-03-06 14:01 . 2010-09-12 14:58 7406 c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\ARPPRODUCTICON.exe
- 2009-03-06 14:01 . 2010-06-01 12:58 7406 c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\ARPPRODUCTICON.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-08-05 10:34 . 2010-08-05 10:34 472576 c:\windows\Time Stopper\uninstall.exe
+ 2010-08-06 13:49 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll
+ 2004-08-04 08:56 . 2004-08-04 08:56 151552 c:\windows\system32\scrrun.dll
- 2004-08-04 01:07 . 2004-08-04 01:07 151552 c:\windows\system32\scrrun.dll
+ 2010-08-22 10:05 . 2010-08-22 10:05 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe
+ 2010-08-27 13:27 . 2010-07-17 03:00 153376 c:\windows\system32\javaws.exe
- 2010-05-11 10:10 . 2010-04-12 15:29 153376 c:\windows\system32\javaws.exe
- 2010-05-11 10:10 . 2010-04-12 15:29 145184 c:\windows\system32\javaw.exe
+ 2010-08-27 13:27 . 2010-07-17 03:00 145184 c:\windows\system32\javaw.exe
- 2010-05-11 10:10 . 2010-04-12 15:29 145184 c:\windows\system32\java.exe
+ 2010-08-27 13:27 . 2010-07-17 03:00 145184 c:\windows\system32\java.exe
+ 2004-08-04 08:56 . 2004-08-04 08:56 151552 c:\windows\system32\dllcache\scrrun.dll
- 2004-08-04 01:07 . 2004-08-04 01:07 151552 c:\windows\system32\dllcache\scrrun.dll
+ 2010-08-06 13:24 . 2010-08-06 13:24 578560 c:\windows\Simple Port Forwarding\uninstall.exe
+ 2010-08-27 13:27 . 2010-08-27 13:27 180224 c:\windows\Installer\f3fd0f.msi
+ 2010-08-24 15:33 . 2010-08-24 15:33 807936 c:\windows\Installer\148e4ed.msi
+ 2009-03-06 14:01 . 2010-09-12 14:58 450560 c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe
- 2009-03-06 14:01 . 2010-06-01 12:58 450560 c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-02-19 11:21 . 2010-07-14 01:00 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-02-19 11:21 . 2010-08-11 10:23 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-01-27 01:07 . 2010-08-22 10:05 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-08-24 15:33 . 2010-08-24 15:33 9472000 c:\windows\Installer\148e47d.msi
+ 2010-07-26 15:02 . 2010-07-26 15:02 5519360 c:\windows\Installer\1113e1a.msp
+ 2009-02-21 06:35 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe
+ 2010-09-04 05:23 . 2010-09-04 05:23 20303872 c:\windows\Installer\31386.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
2010-06-07 04:29 2515552 ----a-w- c:\program files\Hot_MP3\tbHot1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [BU]
"µTorrent"="c:\documents and settings\Juca\Desktop\utorrent.exe" [2010-02-01 177152]
"Wally"="c:\program files\Wally\Wally.exe" [2010-01-02 10278581]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2009-03-12 236040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-17 202256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Juca\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2010-2-13 288328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2004-08-04 01:07 628224 ----a-w- c:\windows\system32\catsrvut.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"d:\\Portabl programi\\uTorrent_1.8.5.17091_Final_Portable\\App\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Nova mapa\\utorrent.exe"=
"c:\\Documents and Settings\\Juca\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54945:TCP"= 54945:TCP:tcp54945
"54945:UDP"= 54945:UDP:udp54945
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [3/14/2010 1:55 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/18/2010 4:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/18/2010 4:06 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/18/2010 4:06 PM 243024]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 8:42 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/22/2010 8:41 AM 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 8:41 AM 5897808]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [12/17/2008 9:03 AM 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet Lock\ILSvc.exe [12/17/2008 10:14 AM 139264]
R2 sensorsview;sensorsview;c:\windows\system32\drivers\sensorsview.sys [8/17/2007 6:00 PM 4224]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2/18/2009 9:28 PM 698368]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/14/2010 1:53 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/14/2010 1:53 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/14/2010 1:53 PM 26192]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S0 Lbd;Lbd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 7:19 PM 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\portabl programi\Everest\kerneld.wnt [8/2/2010 7:34 PM 7168]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/23/2010 12:27 PM 30192]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2009 10:12 AM 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]

2010-09-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-14 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-04 07:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/hypercam/{764716AD-6EF3-4A7C-A91B-F047E3057AAC}
mStart Page = hxxp://www.bigseekpro.com/hypercam/{764716AD-6EF3-4A7C-A91B-F047E3057AAC}
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\components\dtTransparency.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-syncman - c:\documents and settings\juca\wuaucldt.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
HKLM-Run-syncman - c:\windows\system32\wuaucldt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-14 10:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\portabl programi\Everest\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E1ED8F5-B610-42B3-CB1C-6DC38D7482B7}\InProcServer32*]
"oannkmjbhbedmpedefcpfifpponiib"=hex:69,61,66,6d,6b,61,70,62,6e,70,70,69,6a,64,
63,64,6a,6f,00,00
"nannenhlcnephdmcpadbdhfcbpdn"=hex:6a,61,6b,6d,66,6a,70,70,6d,68,66,6d,67,70,
65,64,66,66,65,6d,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5092)
c:\windows\system32\WININET.dll
c:\program files\VisualTaskTips\VttHooks.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Internet Explorer\mui\041a\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2010-09-14 10:21:08
ComboFix-quarantined-files.txt 2010-09-14 08:20
ComboFix2.txt 2010-08-06 08:43
ComboFix3.txt 2010-08-05 06:04

Pre-Run: 88,925,552,640 bytes free
Post-Run: 88,911,781,888 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - A35819142AF8FEFF7FC3721BE8A0A5D0

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\w.tmp

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0E1ED8F5-B610-42B3-CB1C-6DC38D7482B7}\InProcServer32*]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-09-13.02 - Juca 09/14/2010 12:05:47.25.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1072 [GMT 2:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Juca\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

FILE ::
"C:\w.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\w.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-08 10:59 . 2010-09-08 10:59 53248 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE
2010-09-08 10:59 . 2010-09-08 10:59 53248 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE
2010-09-04 12:05 . 2010-09-04 12:05 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Blood Ties\40000047800002i\BloodTies.exe
2010-09-02 13:25 . 2010-09-02 13:25 -------- d-----w- c:\documents and settings\Juca\Application Data\Frogwares
2010-08-31 09:23 . 2010-08-31 09:23 -------- d-----w- c:\program files\Wally
2010-08-27 13:27 . 2010-08-27 13:27 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 15:33 . 2010-08-24 15:33 -------- d-----w- c:\program files\QuickTime
2010-08-22 07:42 . 2010-08-22 07:42 -------- d-----w- c:\documents and settings\Juca\Application Data\BfgBar
2010-08-22 07:42 . 2010-08-22 07:42 -------- d-----w- c:\program files\BfgBar
2010-08-22 06:11 . 2010-08-22 06:11 -------- d-----w- c:\program files\bfgclient
2010-08-21 13:40 . 2010-08-22 06:10 3965944 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-08-21 13:40 . 2010-08-22 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-08-17 01:38 . 2010-08-17 01:38 143392 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-heritage_s1_l1_gF5699T1L1_d1003180817.exe
2010-08-17 01:38 . 2010-08-17 01:38 143392 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-heritage_s1_l1_gF5699T1L1_d1003180817(2).exe
2010-08-17 01:38 . 2010-08-17 01:38 3908896 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 10:13 . 2010-02-28 16:39 16608 ----a-w- c:\windows\gdrv.sys
2010-09-14 10:05 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-09-14 08:49 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-09-14 08:04 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-09-14 08:04 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-09-13 21:11 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-09-12 15:02 . 2009-06-07 14:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon
2010-09-12 14:58 . 2009-03-06 14:01 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-09-12 14:56 . 2009-03-06 13:56 -------- d-----w- c:\program files\Canon
2010-09-12 05:56 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-11 16:53 . 2009-10-13 10:28 -------- d-----w- c:\program files\FolderHighlight
2010-09-10 15:24 . 2010-08-11 14:02 188152 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\FlashGot.exe
2010-09-07 05:29 . 2010-08-08 06:42 -------- d-----w- c:\program files\SensorsViewPro31
2010-09-04 09:19 . 2010-04-28 08:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 11:57 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-02 17:00 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-09-02 10:21 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-08-29 09:12 . 2010-05-02 13:00 -------- d-----w- c:\program files\SuperMP3Download
2010-08-28 05:38 . 2010-05-02 13:00 -------- d-----w- c:\program files\Hot_MP3
2010-08-27 13:35 . 2010-04-01 05:32 7 ----a-w- c:\windows\treeskp.sys
2010-08-27 13:35 . 2009-02-20 14:53 7 ----a-w- c:\windows\sbacknt.bin
2010-08-27 13:27 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2010-08-24 15:33 . 2009-12-11 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-15 15:44 . 2010-03-18 18:51 -------- d-----w- c:\documents and settings\Juca\Application Data\Big Fish Games
2010-08-13 08:51 . 2010-08-13 08:51 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-788b706a-n\msvcp71.dll
2010-08-13 08:51 . 2010-08-13 08:51 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-788b706a-n\jmc.dll
2010-08-13 08:51 . 2010-08-13 08:51 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-788b706a-n\msvcr71.dll
2010-08-13 08:51 . 2010-08-13 08:51 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38296207-n\decora-sse.dll
2010-08-13 08:51 . 2010-08-13 08:51 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38296207-n\decora-d3d.dll
2010-08-10 16:05 . 2010-08-08 11:03 -------- d-----w- c:\documents and settings\Juca\Application Data\Toolbar4
2010-08-10 12:40 . 2009-02-18 16:07 56432 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-09 15:31 . 2010-06-25 22:30 -------- d-----w- c:\program files\EvilLyrics
2010-08-08 21:39 . 2010-08-08 17:02 -------- d-----w- c:\program files\iColorFolder
2010-08-08 15:12 . 2010-04-06 15:45 -------- d-----w- c:\documents and settings\Juca\Application Data\gigasizetb
2010-08-08 11:03 . 2010-08-08 11:03 -------- d-----w- c:\program files\HyCam2
2010-08-08 05:14 . 2010-08-04 16:52 -------- d-----w- c:\program files\Simple Port Forwarding
2010-08-08 05:13 . 2010-02-18 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-06 14:34 . 2009-05-11 04:54 -------- d-----w- c:\program files\Unlocker
2010-08-06 14:26 . 2010-08-06 14:26 -------- d-----w- c:\documents and settings\Juca\Application Data\GRETECH
2010-08-06 14:24 . 2009-02-21 12:38 -------- d-----w- c:\program files\GRETECH
2010-08-06 13:50 . 2010-08-06 13:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-05 10:34 . 2010-08-05 10:34 -------- d-----w- c:\program files\Time Stopper
2010-08-05 10:04 . 2009-02-18 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-04 13:27 . 2010-08-04 13:26 5125664 ----a-w- c:\documents and settings\Juca\Application Data\Uniblue\RegistryBooster\_temp\ub.exe
2010-08-02 04:56 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-07-30 14:53 . 2010-07-30 14:53 -------- d-----w- c:\documents and settings\Juca\Application Data\Canon Drivers Update Utility
2010-07-29 05:49 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-07-29 05:49 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-07-29 05:49 . 2009-08-19 10:11 -------- d-----w- c:\program files\mobile PhoneTools
2010-07-29 05:49 . 2009-09-14 08:53 -------- d-----w- c:\program files\kikin
2010-07-29 05:49 . 2009-08-19 10:12 -------- d-----w- c:\program files\LiveUpdate
2010-07-29 05:49 . 2010-06-06 05:02 -------- d-----w- c:\program files\HandBrake
2010-07-29 05:49 . 2009-10-26 13:50 -------- d-----w- c:\program files\360desktop
2010-07-29 05:49 . 2009-02-18 20:15 -------- d-----w- c:\program files\BSPlayer
2010-07-28 15:01 . 2010-07-28 15:01 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Smart Data Recovery v4.3\4000008000002i\Splash Screen.exe
2010-07-26 12:19 . 2010-07-20 13:22 -------- d-----w- c:\documents and settings\Juca\Application Data\dvdcss
2010-07-23 05:28 . 2010-03-06 13:57 -------- d-----w- c:\documents and settings\Juca\Application Data\Uniblue
2010-07-23 05:28 . 2010-07-23 05:28 -------- d-----w- c:\program files\Uniblue
2010-07-20 10:37 . 2010-07-20 10:37 -------- d-----w- c:\documents and settings\Juca\Application Data\Marine Aquarium 3
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-17 17:21 . 2010-07-17 17:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-17 17:21 . 2010-03-18 07:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-17 17:21 . 2010-07-17 17:21 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-17 17:21 . 2010-07-17 17:21 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-17 17:21 . 2010-03-18 07:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-17 17:21 . 2010-03-18 07:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-17 17:21 . 2010-07-17 17:21 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-17 17:20 . 2009-02-19 09:04 -------- d-----w- c:\program files\Real
2010-07-17 17:20 . 2009-02-18 18:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-17 17:20 . 2009-02-18 18:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-17 17:19 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-07-17 03:00 . 2010-05-11 10:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 08:00 . 2010-08-06 13:49 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-29 09:45 . 2010-06-29 09:45 39936 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\ImageConverter Plus 7.1\40000018000002i\icp.exe
2010-06-28 13:28 . 2010-06-28 13:28 7168 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Natura Sound Therapy\10000001500003i\NAT.exe
2010-06-22 06:42 . 2010-02-18 14:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:42 . 2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 06:41 . 2010-03-14 11:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 06:41 . 2010-02-18 14:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-23 10:28 . 2010-06-23 10:28 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
2010-06-07 04:29 2515552 ----a-w- c:\program files\Hot_MP3\tbHot1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [BU]
"µTorrent"="c:\documents and settings\Juca\Desktop\utorrent.exe" [2010-02-01 177152]
"Wally"="c:\program files\Wally\Wally.exe" [2010-01-02 10278581]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"GEST"="c:\program files\GIGABYTE\GEST\run.exe" [2009-03-12 236040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-17 202256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Juca\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]
Software Director Scheduler.lnk - c:\program files\Common Files\Cloanto\Software Director\softdir.exe [2010-2-13 288328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 06:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2004-08-04 01:07 628224 ----a-w- c:\windows\system32\catsrvut.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"d:\\Portabl programi\\uTorrent_1.8.5.17091_Final_Portable\\App\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Nova mapa\\utorrent.exe"=
"c:\\Documents and Settings\\Juca\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54945:TCP"= 54945:TCP:tcp54945
"54945:UDP"= 54945:UDP:udp54945
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [3/14/2010 1:55 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/18/2010 4:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/18/2010 4:06 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/18/2010 4:06 PM 243024]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 11:31 AM 234888]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 8:42 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/22/2010 8:41 AM 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 8:41 AM 5897808]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [12/17/2008 9:03 AM 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet Lock\ILSvc.exe [12/17/2008 10:14 AM 139264]
R2 sensorsview;sensorsview;c:\windows\system32\drivers\sensorsview.sys [8/17/2007 6:00 PM 4224]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2/18/2009 9:28 PM 698368]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/14/2010 1:53 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/14/2010 1:53 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/14/2010 1:53 PM 26192]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 7:43 PM 55816]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 9:28 PM 6400]
S0 Lbd;Lbd; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 7:19 PM 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/14/2010 1:53 PM 30104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\portabl programi\Everest\kerneld.wnt [8/2/2010 7:34 PM 7168]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/23/2010 12:27 PM 30192]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2009 10:12 AM 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 17:18]

2010-09-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-2077806209-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-14 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-04 07:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/hypercam/{764716AD-6EF3-4A7C-A91B-F047E3057AAC}
mStart Page = hxxp://www.bigseekpro.com/hypercam/{764716AD-6EF3-4A7C-A91B-F047E3057AAC}
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\components\dtTransparency.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\mfgjnbjj.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-14 12:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\portabl programi\Everest\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
Completion time: 2010-09-14 12:15:03
ComboFix-quarantined-files.txt 2010-09-14 10:15
ComboFix2.txt 2010-09-14 08:21
ComboFix3.txt 2010-08-06 08:43
ComboFix4.txt 2010-08-05 06:04

Pre-Run: 89,260,949,504 bytes free
Post-Run: 89,242,836,992 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - A23D3EB0826F8C63C34202FE59D60567

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ima li sad nekih problema, detekcije?