Windows 7 je u pitanju. AVG vrišti na c/windows/system32/wininit.exe kaže da je u pitanju Trojan Pachedi evo log'a_c.IWU Zna li neko kako mogu da ga uklonim. Uradio sam scan sa combofix-om:
ComboFix 10-09-09.04 - Zaunergroup 10.09.2010 22:08:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.1913.831 [GMT 2:00]
Running from: e:\nenad mladenovic\download\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Zaunergroup\AppData\Local\Windows Server
c:\users\Zaunergroup\AppData\Local\Windows Server\flags.ini
c:\users\Zaunergroup\AppData\Local\Windows Server\server.dat
c:\users\Zaunergroup\AppData\Local\Windows Server\uses32.dat
c:\windows\system32\muzapp.exe
Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.
2010-09-10 20:29 . 2010-09-10 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-10 20:06 . 2010-09-10 20:06 -------- d-----w- C:\32788R22FWJFW
2010-09-10 19:38 . 2010-09-10 19:39 -------- d-----w- c:\program files\sigurnost
2010-09-10 13:38 . 2010-09-10 13:38 245760 ---ha-w- C:\SZKGFS.dat
2010-09-10 13:35 . 2010-09-10 13:35 -------- d-----w- c:\programdata\SITEguard
2010-09-10 13:34 . 2010-09-10 14:05 -------- d-----w- c:\programdata\STOPzilla!
2010-09-10 13:34 . 2010-09-10 13:34 -------- d-----w- c:\program files\Common Files\iS3
2010-09-10 13:22 . 2010-09-10 13:22 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\AdwareBot
2010-09-10 12:44 . 2010-09-10 12:57 -------- d-----w- c:\programdata\PC Tools
2010-09-10 12:41 . 2010-09-10 12:42 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\GetRightToGo
2010-09-10 10:24 . 2010-09-10 10:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-10 09:54 . 2010-09-10 09:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Malwarebytes
2010-09-10 09:53 . 2010-09-10 09:53 -------- d-----w- c:\programdata\Malwarebytes
2010-09-08 12:22 . 2010-09-08 12:23 -------- d-----w- c:\program files\QuickTime
2010-09-08 12:22 . 2010-09-08 12:22 -------- d-----w- c:\programdata\Apple Computer
2010-09-08 05:59 . 2010-09-08 06:02 -------- d-----w- c:\programdata\COMODO
2010-09-07 18:26 . 2010-09-07 18:26 -------- d-----w- c:\program files\COMODO
2010-09-07 18:25 . 2010-09-07 18:25 -------- d-----w- c:\programdata\Comodo Downloader
2010-09-07 17:07 . 2010-09-09 14:23 -------- d-----w- c:\users\Zaunergroup\AppData\Local\Corel
2010-09-07 17:02 . 2010-09-07 17:02 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Ulead Systems
2010-09-07 17:01 . 2010-09-07 17:01 -------- d-----w- c:\programdata\InterVideo
2010-09-07 17:00 . 2010-09-07 17:01 -------- d-----w- c:\programdata\Corel
2010-09-07 16:59 . 2010-09-07 16:59 -------- d-----w- c:\program files\Common Files\Protexis
2010-09-07 16:57 . 2010-09-07 16:59 -------- d-----w- c:\program files\Common Files\Corel
2010-09-07 16:56 . 2010-09-07 17:01 -------- d-----w- c:\programdata\Ulead Systems
2010-09-07 16:56 . 2010-09-07 16:56 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-09-07 16:56 . 2010-09-07 17:01 -------- d-----w- c:\program files\Corel
2010-09-07 16:15 . 2010-09-07 17:06 88 --sh--r- c:\programdata\0AE9149E78.sys
2010-09-07 16:15 . 2010-09-09 13:24 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-09-07 16:14 . 2010-09-07 17:02 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-07 16:13 . 2010-09-08 05:59 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-07 16:10 . 2010-09-07 17:06 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Corel
2010-09-07 16:08 . 2010-09-07 16:08 -------- d-----w- c:\program files\Windows Media Components
2010-09-07 11:41 . 2010-09-07 11:41 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\MAGIX
2010-09-07 11:39 . 2010-09-07 11:53 -------- d-----w- c:\programdata\MAGIX
2010-09-07 11:39 . 2010-09-07 11:54 -------- d-----w- c:\program files\MAGIX
2010-09-07 11:39 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-09-07 11:39 . 2010-09-07 11:54 -------- d-----w- c:\windows\system32\MAGIX
2010-09-07 11:39 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2010-08-27 12:19 . 2010-08-27 12:19 -------- d-----w- c:\program files\MagicISO
2010-08-27 07:27 . 2010-08-27 07:27 -------- d-----w- c:\program files\EA Games
2010-08-27 07:26 . 2010-08-19 21:46 1312120 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-08-27 07:26 . 2010-08-19 21:46 724992 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-08-20 19:55 . 2010-08-20 19:55 -------- d-----w- c:\programdata\PC Suite
2010-08-20 19:54 . 2010-08-20 19:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\PC Suite
2010-08-20 19:51 . 2010-08-20 19:51 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Samsung
2010-08-20 19:51 . 2010-08-20 19:52 -------- d-----w- c:\programdata\Samsung
2010-08-20 19:51 . 2010-08-20 19:51 -------- d-----w- c:\program files\MarkAny
2010-08-20 19:51 . 2010-08-20 19:52 -------- d-----w- c:\program files\Samsung
2010-08-20 19:50 . 2010-08-20 19:51 -------- d-----w- c:\program files\Common Files\Samsung
2010-08-19 14:28 . 2010-08-18 15:13 52224 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-19 14:28 . 2010-08-18 15:13 101376 ----a-w- c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 20:31 . 2010-04-26 14:21 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\uTorrent
2010-09-10 19:50 . 2010-07-15 08:55 -------- d-----w- c:\programdata\Babylon
2010-09-10 13:55 . 2010-07-15 08:55 -------- d-----w- c:\program files\myBabylon_English
2010-09-10 12:15 . 2010-01-13 08:53 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Media Player Classic
2010-09-10 08:07 . 2010-01-05 14:08 -------- d-----w- c:\programdata\avg9
2010-09-09 07:09 . 2010-07-15 08:55 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Babylon
2010-09-08 05:59 . 2010-04-26 14:21 -------- d-----w- c:\program files\uTorrent
2010-09-07 17:07 . 2010-01-10 00:28 79816 ----a-w- c:\users\Zaunergroup\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 16:13 . 2010-01-05 13:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 11:40 . 2010-09-07 11:40 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Yahoo!
2010-09-06 12:33 . 2010-01-13 13:54 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\Skype
2010-08-20 19:52 . 2010-08-20 19:52 -------- d-----w- c:\program files\DIFX
2010-08-20 19:52 . 2010-08-20 19:51 -------- d-----w- c:\program files\PC Connectivity Solution
2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\program files\Common Files\Apple
2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\programdata\Apple
2010-08-08 09:15 . 2010-08-08 09:15 -------- d-----w- c:\program files\Apple Software Update
2010-08-06 13:54 . 2010-08-06 13:54 -------- d-----w- c:\program files\Common Files\Java
2010-08-06 13:53 . 2010-06-07 06:42 -------- d-----w- c:\program files\Java
2010-07-29 18:28 . 2010-07-29 18:28 -------- d-----w- c:\program files\Common Files\Skype
2010-07-29 14:06 . 2010-01-13 13:58 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\skypePM
2010-07-29 06:30 . 2010-08-11 05:22 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 05:22 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-29 05:27 . 2010-07-29 05:08 -------- d-----w- c:\program files\JetAudio
2010-07-29 05:10 . 2010-07-29 05:10 -------- d-----w- c:\users\Zaunergroup\AppData\Roaming\COWON
2010-07-29 05:08 . 2010-07-29 05:08 -------- d-----w- c:\program files\Common Files\COWON
2010-07-23 14:07 . 2010-07-23 14:07 -------- d-----w- c:\programdata\TP-LINK
2010-07-17 07:25 . 2010-01-05 14:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 07:25 . 2010-07-17 07:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 07:24 . 2010-01-05 14:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-17 03:00 . 2010-06-07 06:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25 . 2010-08-11 05:22 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-11 05:22 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 05:22 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 05:22 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 05:22 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 05:22 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 05:22 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 05:22 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 05:22 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 05:23 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-09-10 13:55 2735200 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-09-10 2735200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\" [X]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-07 328568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate;?????? Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-05-04 9241088]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-04-27 100224]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-25 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-01 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-01 217088]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-01 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-05-01 36640]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-09-10 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-10 12:11]
2010-09-10 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-06-10 13:13]
2010-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-05 10:17]
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:49]
2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=55555
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=55555
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Zaunergroup\AppData\Roaming\Mozilla\Firefox\Profiles\qpfa8te1.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2656476887-671946441-1535801849-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,ac,5a,f5,3b,ee,ae,85,a5,ff,fb,5b,b0,52,4f,b5,84,f3,eb,c0,d4,9c,29,
66,b0,0f,02,25,d6,ec,10,d7,9c,71,f3,59,7c,a4,67,a9,ce,9a,2f,77,70,a1,6a,6f,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\sppsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-10 22:35:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 20:35
Pre-Run: 11.720.196.096 bytes free
Post-Run: 11.477.680.128 bytes free
- - End Of File - - AAFE8F5046D4E28DA46FEC3546AFFAC9