ComboFix 09-01-13.04 - Administrator 2009-01-15 3:48:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.142 [GMT 1:00]
Running from: d:\zoran\download\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\cfaecd2_z.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GOOGLE_ONLINE_SERVICES
-------\Legacy_QANDR
-------\Legacy_SYMAVC32
-------\Service_symavc32
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.
2009-01-14 18:38 . 2009-01-14 18:38 0 --a------ c:\windows\mozver.dat
2009-01-14 17:28 . 2009-01-14 17:28 39 --a------ c:\windows\iltwain.ini
2009-01-14 12:27 . 2009-01-14 12:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-14 12:26 . 2009-01-14 12:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 12:26 . 2009-01-14 12:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 12:26 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 12:26 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-14 11:50 . 2009-01-14 11:50 <DIR> d-------- c:\program files\National Instruments
2009-01-14 11:50 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe
2009-01-14 11:49 . 2009-01-14 11:51 <DIR> d-------- c:\program files\Brads_free_simulations
2009-01-12 16:27 . 2009-01-12 16:33 <DIR> d-------- c:\program files\OOD2KFRE
2009-01-12 15:25 . 2009-01-12 15:25 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-12 01:14 . 2009-01-12 01:15 335 --a------ c:\windows\mozregistry.dat
2009-01-10 18:09 . 2009-01-10 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-09 17:44 . 2009-01-09 17:44 <DIR> d-------- c:\program files\Defraggler
2009-01-09 17:17 . 2009-01-09 17:17 <DIR> d-------- C:\ubuntu-backup
2009-01-07 06:05 . 2009-01-07 06:05 <DIR> d-------- C:\TEMP
2009-01-06 15:33 . 2009-01-06 15:33 <DIR> d--h----- c:\windows\PIF
2009-01-04 13:14 . 2009-01-04 13:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Software Informer
2009-01-04 01:59 . 2009-01-04 01:59 23 --a------ c:\windows\system32\abaaefcc3_z.ocx
2009-01-03 22:17 . 2009-01-03 22:17 106 --a------ c:\windows\wininit.ini
2009-01-03 14:34 . 2009-01-05 14:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-03 10:53 . 2009-01-03 10:57 <DIR> d-------- c:\program files\wyka_warzecha
2009-01-02 08:19 . 2009-01-02 08:19 <DIR> d-------- c:\documents and settings\Administrator\dwhelper
2009-01-01 15:58 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-01-01 15:58 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-01-01 15:58 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
2009-01-01 15:58 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-01-01 15:58 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-01 15:58 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
2009-01-01 15:58 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-01 15:58 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-01 15:58 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-01 09:47 . 2009-01-01 10:49 <DIR> d-------- c:\documents and settings\Administrator\.phet
2009-01-01 09:07 . 2009-01-01 08:59 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 20:38 . 2004-08-04 00:56 90,624 --a------ c:\windows\system32\kswdmcap.ax
2008-12-31 20:38 . 2004-08-04 00:56 90,624 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-31 20:38 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-31 20:38 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-31 20:38 . 2004-08-04 00:56 28,672 --a------ c:\windows\system32\vidcap.ax
2008-12-31 20:38 . 2004-08-04 00:56 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-12-31 20:38 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2008-12-31 20:38 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2008-12-31 20:37 . 2004-08-03 23:10 78,464 --a------ c:\windows\system32\drivers\usbvideo.sys
2008-12-31 20:37 . 2004-08-03 23:10 78,464 --a--c--- c:\windows\system32\dllcache\usbvideo.sys
2008-12-31 20:37 . 2004-08-04 00:56 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-31 20:37 . 2004-08-04 00:56 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-31 20:37 . 2004-08-04 00:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-31 20:37 . 2004-08-04 00:56 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-31 20:37 . 2004-08-04 00:56 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-31 20:37 . 2004-08-04 00:56 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-31 20:37 . 2004-08-04 00:56 20,992 --a------ c:\windows\system32\dshowext.ax
2008-12-31 20:37 . 2004-08-04 00:56 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-31 20:36 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-31 20:36 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-31 19:40 . 2008-12-31 19:45 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-12-31 19:37 . 2008-12-31 19:37 <DIR> d-------- c:\program files\Vimicro Corporation
2008-12-30 21:57 . 2008-12-30 21:57 <DIR> d-------- c:\program files\Avira
2008-12-30 21:39 . 2008-12-30 21:39 <DIR> d-------- c:\program files\SAGEM
2008-12-30 21:39 . 2008-12-30 21:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-12-30 21:39 . 2006-12-22 13:18 316,416 --a------ c:\windows\system32\unaddrv.x64.exe
2008-12-30 19:02 . 2009-01-15 03:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM
2008-12-30 19:02 . 2008-12-30 19:02 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-30 18:54 . 2009-01-15 03:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype
2008-12-30 18:53 . 2008-12-30 18:53 <DIR> d-------- c:\program files\Skype
2008-12-30 18:53 . 2008-12-30 18:53 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-30 18:52 . 2008-12-30 18:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-30 08:50 . 2008-12-30 08:50 <DIR> d-------- c:\program files\Tracker Software
2008-12-20 12:39 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 02:59 --------- d-----w c:\program files\DNA
2009-01-15 02:59 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA
2009-01-14 22:29 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-01-12 15:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 20:37 --------- d-----w c:\program files\Google
2009-01-09 22:18 --------- d-----w c:\program files\IObit
2009-01-05 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 11:32 --------- d-----w c:\program files\eMule
2009-01-04 23:01 --------- d-----w c:\program files\Desktop Taipei
2009-01-04 23:01 --------- d-----w c:\documents and settings\Administrator\Application Data\IObit
2009-01-04 23:01 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-01-04 12:02 --------- d-----w c:\program files\Moraff's MahJongg Freeware
2009-01-04 12:02 --------- d-----w c:\program files\Foxit
2009-01-04 12:02 --------- d-----w c:\program files\Cleaner 5 EZ
2009-01-04 12:02 --------- d-----w c:\program files\5star Free Lines
2009-01-04 12:02 --------- d-----w c:\documents and settings\Administrator\Application Data\DeepBurner
2009-01-01 14:58 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-01 07:58 --------- d-----w c:\program files\Java
2008-12-30 20:40 32 ----a-w c:\windows\system32\drivers\adidsl.cfg
2008-12-30 19:58 --------- d-----w c:\program files\Foxit Software
2008-12-26 00:24 --------- d-----w c:\program files\SpeedFan
2008-12-22 22:56 --------- d-----w c:\program files\CCleaner
2008-12-16 15:40 --------- d-----w c:\program files\Opera
2008-12-07 22:11 --------- d-----w c:\documents and settings\Administrator\Application Data\Video DVD Maker FREE
2008-12-03 22:52 147,192 ----a-w c:\windows\system32\guard32.dll
2008-12-03 22:52 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys
2008-12-03 18:22 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-22 03:47 --------- d-----w c:\documents and settings\Administrator\Application Data\Foxit
2008-12-17 21:59 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 21:59 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 21:59 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 21:59 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 21:59 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-05-07 18:22 23 --sha-w c:\windows\system32\bbfdedfbb_z.dll
2008-04-17 16:11 56 --sh--r c:\windows\system32\F6F0A56CFA.sys
2008-04-17 16:11 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2004-08-04 02:07 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2004-08-04 02:07 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}"= "c:\program files\Foxit\tbFoxi.dll" [2007-11-25 1498136]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-18 66912]
[HKEY_CLASSES_ROOT\clsid\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-18 19:14 66912 --------- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]
2007-11-25 15:48 1498136 --a------ c:\program files\Foxit\tbFoxi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}"= "c:\program files\Foxit\tbFoxi.dll" [2007-11-25 1498136]
[HKEY_CLASSES_ROOT\clsid\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}"= "c:\program files\Foxit\tbFoxi.dll" [2007-11-25 1498136]
[HKEY_CLASSES_ROOT\clsid\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-18 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-05 342848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-03 1797880]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-03 1797880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-30 1205840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODDRMBS\
0autocheck autochk *\
0smrgdf c:\program files\iolo\System Mechanic 4"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-06-10 20:10 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-05 06:03 342848 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:06 1667584 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 21:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-18 21:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-06-18 09:31 67584 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"gusvc"=3 (0x3)
"Google Online Services"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\kav\\kav7.0\\english\\setup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-07-22 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-07-22 31504]
R3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [2004-08-04 55936]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-12-30 104344]
S0 ltA63;ltA63; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [2004-08-04 55936]
S4 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-12-30 69656]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a5ddb75-535b-11dd-8635-0020e0c2c2d9}]
\Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
\Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86802fd4-0c82-11dd-a4fc-00e018998877}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94cbbe94-0be4-11dd-a52e-806d6172696f}]
\Shell\AutoRun\command - e:\bin\Assetup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
2009-01-14 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 08:58]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-ltA63.sys
SafeBoot-Pxe86.sys
SafeBoot-tcJ63.sys
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Compare Prices with &Dealio - c:\documents and settings\Administrator\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gmam9mjw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gmam9mjw.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-15 04:01:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-01-15 4:05:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-15 03:03:31
Pre-Run: 44.395.425.792 bytes free
Post-Run: 44,307,427,328 bytes free
304
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:44, on 15.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\bekap\My Documents\intro\PROVERA RACUNARA\ES2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Administrator\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 6811 bytes
Unapred zahvalan!
Spor racunar - cesta defragmentacija hard diska
