DDS (Ver_09-11-24.02) - NTFSx86
Run by Mirko at 22:34:23,70 on sub 28.11.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1003 [GMT 1:00]
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Documents and Settings\Mirko\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.burdafashion.com/en/index.html
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [VMSnap3] c:\windows\VMSnap3.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\
www.msi
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249243875515
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249244188765
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {D424A2FA-69AA-4D9B-9FD1-18365B1BB9B9} = 212.200.191.166,212.200.190.166
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mirko\applic~1\mozilla\firefox\profiles\nu4w05da.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\mirko\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-11-12 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-2 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-2 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-11-12 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-11-12 648456]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-8-3 428160]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-25 1684736]
S3 AsrCDDrv;AsrCDDrv;\??\c:\windows\system32\drivers\asrcddrv.sys --> c:\windows\system32\drivers\AsrCDDrv.sys [?]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\mirko\locals~1\temp\aticdsdr.sys --> c:\docume~1\mirko\locals~1\temp\ATICDSDr.sys [?]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
S3 cxbu0wdm;SmartBoard XX44;c:\windows\system32\drivers\cxbu0wdm.sys [2009-6-24 114304]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-4-14 14336]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2009-9-9 55176]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [2008-4-14 17920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
=============== Created Last 30 ================
2009-11-24 20:07:43 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-24 20:07:43 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-24 20:07:42 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-24 20:07:42 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-24 20:07:41 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-24 20:07:41 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-24 20:07:40 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-24 19:41:31 0 d-----w- c:\program files\SlySoft
2009-11-24 19:24:23 0 d-----w- c:\program files\Activision
2009-11-24 13:43:17 170736677 ----a-w- C:\ExpressionStudio_Trial_en.exe
2009-11-23 23:30:12 772329472 ----a-w- C:\VS2010B2EXP1.iso
2009-11-21 06:28:17 0 d-----w- c:\program files\PHP
2009-11-20 22:17:50 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2009-11-20 22:17:38 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2009-11-20 22:16:52 0 d-----w- c:\windows\system32\RsFx
2009-11-20 21:54:07 0 d-----w- c:\docume~1\alluse~1\applic~1\MySQL
2009-11-20 21:33:12 0 d-----w- c:\program files\IIS
2009-11-20 21:29:50 0 d-----w- c:\program files\MySQL
2009-11-20 21:29:28 0 d-----w- c:\program files\Microsoft SQL Server
2009-11-20 21:23:58 0 d-----w- c:\program files\Microsoft ASP.NET
2009-11-20 21:20:43 0 d-----w- C:\Inetpub
2009-11-19 20:01:11 0 d-----w- C:\OLIMPUS
2009-11-17 22:04:23 87608 ----a-w- c:\docume~1\mirko\applic~1\inst.exe
2009-11-17 22:04:23 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-17 22:04:23 47360 ----a-w- c:\docume~1\mirko\applic~1\pcouffin.sys
2009-11-17 22:04:13 0 d-----w- c:\program files\DVDFab 6
2009-11-17 18:25:26 644400 ----a-w- c:\windows\system32\mscomct2.ocx
2009-11-15 15:15:18 12288 ----a-w- c:\windows\system32\ksolay.ax
2009-11-15 15:15:15 63696 ----a-w- c:\windows\system32\dxdllreg.exe
2009-11-15 15:15:14 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll
2009-11-15 14:44:58 0 d-----w- c:\program files\Managed DirectX (0901)
2009-11-14 21:32:24 0 d-----w- c:\program files\BOINC
2009-11-12 21:22:31 0 d-----w- c:\windows\system32\log
2009-11-12 20:58:54 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-11-12 20:58:54 52624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-11-12 20:58:54 142864 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-12 20:58:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-11-12 20:58:26 0 d-----w- c:\program files\Trend Micro
2009-11-12 20:56:31 0 d-----w- C:\TrendMicro
2009-11-12 17:49:40 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-12 17:49:40 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-10 22:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-10 22:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-09 17:12:56 0 d-----w- c:\documents and settings\mirko\SecurityScans
2009-11-09 17:05:37 0 d-----w- C:\Windows Live Mail
2009-11-09 17:01:15 0 d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2009-11-09 01:22:13 290816 ----a-w- c:\windows\vncutil.exe
2009-11-09 01:22:12 122880 ----a-w- c:\windows\RtkAudioService.exe
2009-11-09 01:22:11 0 d-----w- c:\program files\Realtek
2009-11-09 01:22:05 831488 ------r- c:\windows\RtlExUpd.dll
2009-11-09 01:10:07 701440 ----a-w- c:\windows\system32\cohelper.dll
2009-11-09 01:10:07 5876 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-11-09 01:10:05 6789 ----a-w- c:\windows\system32\nvnrm.nvu
2009-11-09 01:10:05 485920 ----a-w- c:\windows\system32\nvunrm.exe
2009-11-09 01:04:06 0 d-----w- c:\program files\MSI
2009-11-08 20:40:35 10 ----a-w- c:\windows\WININIT.INI
2009-11-08 20:33:54 208896 ----a-w- c:\windows\system32\nvuide.exe
2009-11-08 20:33:54 1570 ------w- c:\windows\system32\nvide.nvu
2009-11-08 20:18:27 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2009-11-08 20:18:26 28160 ----a-w- c:\windows\system32\irmon.dll
2009-11-08 20:18:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2009-11-08 20:18:24 151552 ----a-w- c:\windows\system32\irftp.exe
2009-11-08 20:18:23 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-11-08 20:18:20 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2009-11-08 19:29:12 363008 ----a-w- c:\windows\system32\idecoiins.dll
2009-11-06 15:58:00 803584 ----a-w- c:\windows\boinc.scr
2009-11-05 18:48:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-04 22:57:25 0 d-----w- C:\MSI
2009-10-31 12:48:53 0 d-----w- C:\W7
2009-10-30 16:37:11 0 d-----w- c:\program files\Hard Disk Sentinel
2009-10-29 23:12:23 0 d-----w- C:\users
2009-10-29 22:42:18 0 d-----w- C:\S.T.A.L.K.E.R
2009-10-29 22:32:06 0 d-----w- C:\7
==================== Find3M ====================
2009-11-05 18:48:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 12:53:00 13440 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-08 13:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 13:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 16:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
============= FINISH: 22:34:52,31 ===============
Somborac