[ carllo @ 10.09.2010. 21:41 ] @
Windows 7 je u pitanju. AVG vrišti na c/windows/system32/wininit.exe kaže da je u pitanju Trojan Pachedi evo log'a_c.IWU Zna li neko kako mogu da ga uklonim. Uradio sam scan sa combofix-om: ComboFix 10-09-09.04 - Zaunergroup 10.09.2010 22:08:28.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.1913.831 [GMT 2:00] Running from: e:\nenad mladenovic\download\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Zaunergroup\AppData\Local\Windows Server c:\users\Zaunergroup\AppData\Local\Windows Server\flags.ini c:\users\Zaunergroup\AppData\Local\Windows Server\server.dat c:\users\Zaunergroup\AppData\Local\Windows Server\uses32.dat c:\windows\system32\muzapp.exe Infected copy of c:\windows\system32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe . ((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 ))))))))))))))))))))))))))))))) . 2010-09-10 20:29 . 2010-09-10 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-10 20:06 . 2010-09-10 20:06 -------- d-----w- C:\32788R22FWJFW 2010-09-10 19:38 . 2010-09-10 19:39 -------- d-----w- c:\program files\sigurnost 2010-09-10 13:38 . 2010-09-10 13:38 245760 ---ha-w- C:\SZKGFS.dat 2010-09-10 13:35 . 2010-09-10 13:35 -------- d-----w- c:\programdata\SITEguard 2010-09-10 13:34 . 2010-09-10 14:05 -------- d-----w- c:\programdata\STOPzilla! 2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\program files\Common Files\iS3 2010-09-10 13:22 . 2010-09-10 13:22 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\AdwareBot 2010-09-10 12:44 . 2010-09-10 12:57 -------- d-----w- c:\programdata\PC Tools 2010-09-10 12:41 . 2010-09-10 12:42 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\GetRightToGo 2010-09-10 10:24 . 2010-09-10 10:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-09-10 09:54 . 2010-09-10 09:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Malwarebytes 2010-09-10 09:53 . 2010-09-10 09:53 -------- d-----w- c:\programdata\Malwarebytes 2010-09-08 12:22 . 2010-09-08 12:23 -------- d-----w- c:\program files\QuickTime 2010-09-08 12:22 . 2010-09-08 12:22 -------- d-----w- c:\programdata\Apple Computer 2010-09-08 05:59 . 2010-09-08 06:02 -------- d-----w- c:\programdata\COMODO 2010-09-07 18:26 . 2010-09-07 18:26 -------- d-----w- c:\program files\COMODO 2010-09-07 18:25 . 2010-09-07 18:25 -------- d-----w- c:\programdata\Comodo Downloader 2010-09-07 17:07 . 2010-09-09 14:23 -------- d-----w- c:\users\Zaunergroup\AppData\Local\Corel 2010-09-07 17:02 . 2010-09-07 17:02 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Ulead Systems 2010-09-07 17:01 . 2010-09-07 17:01 -------- d-----w- c:\programdata\InterVideo 2010-09-07 17:00 . 2010-09-07 17:01 -------- d-----w- c:\programdata\Corel 2010-09-07 16:59 . 2010-09-07 16:59 -------- d-----w- c:\program files\Common Files\Protexis 2010-09-07 16:57 . 2010-09-07 16:59 -------- d-----w- c:\program files\Common Files\Corel 2010-09-07 16:56 . 2010-09-07 17:01 -------- d-----w- c:\programdata\Ulead Systems 2010-09-07 16:56 . 2010-09-07 16:56 -------- d-----w- c:\program files\Common Files\Ulead Systems 2010-09-07 16:56 . 2010-09-07 17:01 -------- d-----w- c:\program files\Corel 2010-09-07 16:15 . 2010-09-07 17:06 88 --sh--r- c:\programdata\0AE9149E78.sys 2010-09-07 16:15 . 2010-09-09 13:24 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-09-07 16:14 . 2010-09-07 17:02 -------- d--h--w- c:\windows\msdownld.tmp 2010-09-07 16:13 . 2010-09-08 05:59 -------- d-----w- c:\program files\Common Files\InstallShield 2010-09-07 16:10 . 2010-09-07 17:06 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Corel 2010-09-07 16:08 . 2010-09-07 16:08 -------- d-----w- c:\program files\Windows Media Components 2010-09-07 11:41 . 2010-09-07 11:41 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\MAGIX 2010-09-07 11:39 . 2010-09-07 11:53 -------- d-----w- c:\programdata\MAGIX 2010-09-07 11:39 . 2010-09-07 11:54 -------- d-----w- c:\program files\MAGIX 2010-09-07 11:39 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll 2010-09-07 11:39 . 2010-09-07 11:54 -------- d-----w- c:\windows\system32\MAGIX 2010-09-07 11:39 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll 2010-08-27 12:19 . 2010-08-27 12:19 -------- d-----w- c:\program files\MagicISO 2010-08-27 07:27 . 2010-08-27 07:27 -------- d-----w- c:\program files\EA Games 2010-08-27 07:26 . 2010-08-19 21:46 1312120 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe 2010-08-27 07:26 . 2010-08-19 21:46 724992 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll 2010-08-20 19:55 . 2010-08-20 19:55 -------- d-----w- c:\programdata\PC Suite 2010-08-20 19:54 . 2010-08-20 19:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\PC Suite 2010-08-20 19:51 . 2010-08-20 19:51 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Samsung 2010-08-20 19:51 . 2010-08-20 19:52 -------- d-----w- c:\programdata\Samsung 2010-08-20 19:51 . 2010-08-20 19:51 -------- d-----w- c:\program files\MarkAny 2010-08-20 19:51 . 2010-08-20 19:52 -------- d-----w- c:\program files\Samsung 2010-08-20 19:50 . 2010-08-20 19:51 -------- d-----w- c:\program files\Common Files\Samsung 2010-08-19 14:28 . 2010-08-18 15:13 52224 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll 2010-08-19 14:28 . 2010-08-18 15:13 101376 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-10 20:31 . 2010-04-26 14:21 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\uTorrent 2010-09-10 19:50 . 2010-07-15 08:55 -------- d-----w- c:\programdata\Babylon 2010-09-10 13:55 . 2010-07-15 08:55 -------- d-----w- c:\program files\myBabylon_English 2010-09-10 12:15 . 2010-01-13 08:53 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Media Player Classic 2010-09-10 08:07 . 2010-01-05 14:08 -------- d-----w- c:\programdata\avg9 2010-09-09 07:09 . 2010-07-15 08:55 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Babylon 2010-09-08 05:59 . 2010-04-26 14:21 -------- d-----w- c:\program files\uTorrent 2010-09-07 17:07 . 2010-01-10 00:28 79816 ----a-w- c:\users\Zaunergroup\AppData\Local\GDIPFONTCACHEV1.DAT 2010-09-07 16:13 . 2010-01-05 13:58 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-07 11:40 . 2010-09-07 11:40 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Yahoo! 2010-09-06 12:33 . 2010-01-13 13:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Skype 2010-08-20 19:52 . 2010-08-20 19:52 -------- d-----w- c:\program files\DIFX 2010-08-20 19:52 . 2010-08-20 19:51 -------- d-----w- c:\program files\PC Connectivity Solution 2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\program files\Common Files\Apple 2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\programdata\Apple 2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\program files\Apple Software Update 2010-08-06 13:54 . 2010-08-06 13:54 -------- d-----w- c:\program files\Common Files\Java 2010-08-06 13:53 . 2010-06-07 06:42 -------- d-----w- c:\program files\Java 2010-07-29 18:28 . 2010-07-29 18:28 -------- d-----w- c:\program files\Common Files\Skype 2010-07-29 14:06 . 2010-01-13 13:58 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\skypePM 2010-07-29 06:30 . 2010-08-11 05:22 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-11 05:22 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-29 05:27 . 2010-07-29 05:08 -------- d-----w- c:\program files\JetAudio 2010-07-29 05:10 . 2010-07-29 05:10 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\COWON 2010-07-29 05:08 . 2010-07-29 05:08 -------- d-----w- c:\program files\Common Files\COWON 2010-07-23 14:07 . 2010-07-23 14:07 -------- d-----w- c:\programdata\TP-LINK 2010-07-17 07:25 . 2010-01-05 14:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-17 07:25 . 2010-07-17 07:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-17 07:24 . 2010-01-05 14:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-17 03:00 . 2010-06-07 06:42 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-30 06:25 . 2010-08-11 05:22 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-22 02:47 . 2010-08-11 05:22 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-22 02:47 . 2010-08-11 05:22 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-22 02:47 . 2010-08-11 05:22 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-19 06:33 . 2010-08-11 05:22 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33 . 2010-08-11 05:22 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:23 . 2010-08-11 05:22 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 04:07 . 2010-08-11 05:22 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-06-16 05:48 . 2010-08-11 05:22 224256 ----a-w- c:\windows\system32\schannel.dll 2010-06-14 06:12 . 2010-08-11 05:23 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2010-09-10 13:55 2735200 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesTrayAgent"="c:\program files\Samsung\Kies\" [X] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-07 328568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R2 gupdate;?????? Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1500160] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912] R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-05-04 9241088] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648] R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-04-27 100224] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-25 1343400] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136] S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-01 95568] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-01 217088] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-01 18136] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-05-01 36640] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-09-10 c:\windows\Tasks\AWC AutoSweep.job - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-10 12:11] 2010-09-10 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-06-10 13:13] 2010-09-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-05 10:17] 2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:49] 2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/home?AF=55555 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: Translate with Di dictionary - FF - ProfilePath - c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=55555 FF - prefs.js: browser.search.selectedEngine - Search the web FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll FF - component: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\windows\system32\Wat\npWatWeb.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2656476887-671946441-1535801849-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:1b,ac,5a,f5,3b,ee,ae,85,a5,ff,fb,5b,b0,52,4f,b5,84,f3,eb,c0,d4,9c,29, 66,b0,0f,02,25,d6,ec,10,d7,9c,71,f3,59,7c,a4,67,a9,ce,9a,2f,77,70,a1,6a,6f,\ "??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\taskhost.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\sppsvc.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\conhost.exe c:\program files\AVG\AVG9\avgtray.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2010-09-10 22:35:47 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-10 20:35 Pre-Run: 11.720.196.096 bytes free Post-Run: 11.477.680.128 bytes free - - End Of File - - AAFE8F5046D4E28DA46FEC3546AFFAC9 |