[ alien111 @ 08.04.2012. 11:14 ] @
Pre par meseci sam se javljao na temi http://www.elitesecurity.org/t360944-1#3021769 i resio problem.
Od pre nekoliko dana imam problem da mi racunar brlja sa vremenom na racunaru, kad ga iskljucim i ponovo ukljucim posle par sati bude neko potpuno bezveze vreme na racunaru. To se ranije nije desavalo.

Evo saljem ti fajl, ne znam sta bi ovde mogao da bude deo koji pravi problem:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:30 AM, on 4/7/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
F:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oplmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Mobilni Internet\ModemListener.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\ThreatFire\TFTray.exe
F:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\djordje\Desktop\ccleaner\blbla\blabla.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?bab...c51c4e000000000000000ea6b4cad4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\apps\flashget\jccatch.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ModemListener] F:\Program Files\Mobilni Internet\ModemListener.exe start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ThreatFire] F:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [ClamWin] "F:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi sa FlashGet-om - C:\apps\flashget\jc_link.htm
O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - C:\apps\flashget\jc_all.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\apps\flashget\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\apps\flashget\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenLink License Manager (oplmgr) - OpenLink Software - C:\WINDOWS\system32\oplmgr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - F:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ThreatFire - PC Tools - F:\Program Files\ThreatFire\TFService.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - F:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
O23 - Service: OpenLink Virtuoso Server (Virtuoso) - OpenLink Software - F:\Program Files\OpenLink Software\Virtuoso 6.3\bin\virtuoso.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--
End of file - 9740 bytes


[Ovu poruku je menjao alien111 dana 08.04.2012. u 12:25 GMT+1]
[ Vodomar @ 08.04.2012. 12:17 ] @
http://www.kaspersky.com/antivirus-removal-tool-register skini kada ga otvoriš klikni na točkić u desnom uglu i štikliraj Computer ništa drugo ne diraj.Potom klikni na karticu Automatic Scan i počmi :) Start scanning
prodji ovu proceduru za babylon i za recfree toolbar ovde

korekcija vremena
[ alien111 @ 08.04.2012. 13:17 ] @
Sa prvog linka skinuo sam verziju 11, ima oko 129MB exe fajl, pokrenuo sam ga, ali je prilikom instalacije zakovao u jednom trenutku sa porukom "Please try to reboot your computer. Error message is Failed to exrtact the product into t:\tmp\254534\, error iz 193". I posle restartovanja se ponovilo isto, nisam uspeo da ga pokrenem i vidim tockic u desnom uglu.

Takođe, može li pomoć oko ovog log fajla iznad, šta je potrebno da čekiram da se reši.

Što se tiče sistemskog vremena to je koliko vidim link do upustva kako se vreme podešava, umem ja to, ali kad uključim računar ponovo recimo za 10 sati vreme loše pokazuje i mora ponovo da se podešava svaki put kad uključim računara. Ovaj problem nije bio do pre nekoliko dana, pa je to bio razlog da ponovo napravim ovaj log fajl za analizu kao na prethodnoj temi od pre par meseci.

[Ovu poruku je menjao alien111 dana 08.04.2012. u 14:28 GMT+1]
[ kristi1 @ 08.04.2012. 14:08 ] @
Pokreni ovaj alat da ocistis AVG iz sistema http://www.avg.com/ww-en/utilities
Takodje, taj ClamWin, saoodbrambeni modul mu je nula, sto znaci da ako je izlozen napadu nekog malware nije sposoban da odbrani samog sebe.

Vreme... zameni bateriju na ploci.
[ Vodomar @ 08.04.2012. 14:09 ] @
http://www.online-solutions.ru...ucts/osam-autorun-manager.html preuzmi,raspakuj pokreni osam.exe sačuvaj osam.html log na desktop i postavi ga ovde

[ Vodomar @ 08.04.2012. 14:24 ] @
Citat:
Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
[ valjan @ 08.04.2012. 14:58 ] @
Citat:
kristi1
Vreme... zameni bateriju na ploci.


E upravo to, ako vreme brljavi samo kad se računar upali nakon što je bio skroz ugašen neko vreme, onda je najčešće u pitanju baterija na ploči. Otvori kućište pa baci pogled na matičnu ploču, i videćeš bateriju veličine novčića, zapiši oznaku ili je ponesi, i možeš je kupiti maltene u svakoj prodavnici baterija, cena nije neka strašna (kada sam je poslednji put kupovao pre par godina bila je oko 120din, ne verujem da je sad preko 200).
[ alien111 @ 08.04.2012. 15:12 ] @
@kristi1 Pokrenuo sam taj program, nadam se da je uklonio AVG iz sistema, trebalo bi da promenim antivirus ali ti ostaci AVG nisu omogucili da se neki bolji antivirus instalira. Razmisljao sam da ako uspe uklanjanje AVG da izbrisem i ClamWin i instaliram neki bolji, ima li predloga koji da isntaliram?

@valjan, @kristi1 Hvala za informaciju u vezi sa baterijom

@Vodomar Evo osam.html, nisam nasao opciju da zakacim fajl kao atachment:
Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 15:53:28 on 08.04.2012
OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
AppInit DLLs
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
|||| "AppInit_DLLs" C:\WINDOWS\system32\wmfhotfix.dll File found, but it contains no detailed information
Control Panel Objects
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "SYMLIVE" "Symantec Corporation" C:\Program Files\Symantec\LiveUpdate\S32LUCP1.CPL File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "Aspi32" (Aspi32) "Adaptec" C:\WINDOWS\system32\drivers\Aspi32.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) "DT Soft Ltd" C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys File exists
"Driver for MagicISO SCSI Host Controller" (mcdbus) C:\WINDOWS\System32\DRIVERS\mcdbus.sys File not found
|||||| "FssFltr" (fssfltr) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys File exists
|||||| "GhostPciScanner" (GhPciScan) "Symantec Corporation" C:\apps\ghost\ghpciscan.sys File exists
|||||| "giveio" (giveio) C:\WINDOWS\System32\giveio.sys File found, but it contains no detailed information
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
|||||| "imagedrv" (imagedrv) "Ahead Software AG" C:\WINDOWS\System32\Drivers\imagedrv.sys File exists
|||||| "imagesrv" (imagesrv) "Ahead Software AG" C:\WINDOWS\System32\DRIVERS\imagesrv.sys File exists
|||||| "Intel(R) 536EP Modem" (Intels51) "Intel Corporation" C:\WINDOWS\System32\DRIVERS\Intels51.sys File exists
|||||| "Klif" (Klif) "Kaspersky Labs" C:\WINDOWS\System32\Drivers\klif.sys File exists
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
|||||| "MagicTune" (MagicTune) "Beyond Logic http://www.beyondlogic.org" C:\WINDOWS\system32\drivers\Porttalk.sys File exists
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PQNTDrv" (PQNTDrv) "PowerQuest Corporation" C:\WINDOWS\system32\drivers\PQNTDrv.sys File exists
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\DRIVERS\PxHelp20.sys File exists
|||||| "SANDRA" (SANDRA) "SiSoftware" f:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\Sandra.sys File exists
|||||| "Secdrv" (Secdrv) C:\WINDOWS\System32\DRIVERS\secdrv.sys File signed by Microsoft | File found, but it contains no detailed information
|||||| "speedfan" (speedfan) "Windows (R) 2000 DDK provider" C:\WINDOWS\System32\speedfan.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\WINDOWS\System32\Drivers\sptd.sys File exists
|||||| "TfFsMon" (TfFsMon) "PC Tools" C:\WINDOWS\System32\drivers\TfFsMon.sys File exists
|||||| "TfNetMon" (TfNetMon) "PC Tools" C:\WINDOWS\system32\drivers\TfNetMon.sys File exists
|||||| "TfSysMon" (TfSysMon) "PC Tools" C:\WINDOWS\System32\drivers\TfSysMon.sys File exists
|||||| "TVICHW32" (TVICHW32) "EnTech Taiwan" C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
"xwlwfd" (xwlwfd) C:\WINDOWS\System32\drivers\tpag.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} "CRLUpdate" "Microsoft Corporation" %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl File exists
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
HKLM\Software\Classes\Protocols\Handler
|| {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} "CTData Class" "Blabbers Communications Ltd" C:\Program Files\BrowserCompanion\tdataprotocol.dll File exists
|| {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} "CTData Class" "Blabbers Communications Ltd" C:\Program Files\BrowserCompanion\tdataprotocol.dll File exists
|| {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} "CTData Class" "Blabbers Communications Ltd" C:\Program Files\BrowserCompanion\tdataprotocol.dll File exists
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists
|||||| {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
{B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" F:\Program Files\7-Zip\7-zip.dll File exists
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
"CorelDRAW Shell Extension Component" File not found | COM-object registry key not found
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
{D545EBD1-BD92-11CF-8772-00A0C9039735} "Developer Studio Components" "Microsoft Corporation" C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" deskpan.dll File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" File not found | COM-object registry key not found
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office10\msohev.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL File exists
|||||| {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" "Microsoft Corporation" C:\WINDOWS\system32\wpdshext.dll File exists
|||||| {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" "Microsoft Corporation" C:\WINDOWS\system32\wpdshext.dll File exists
|||||| {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" "Microsoft Corporation" C:\WINDOWS\system32\Audiodev.dll File exists
|||||| {57C51AF9-DEF7-11D3-A801-00C04F163490} "PropPage Class" "Symantec Corporation" C:\apps\ghost\GhoShExt.dll File exists
{6B19FEC2-A45B-11CF-9045-00A0C9039735} "Registered ActiveX Controls" "Microsoft Corporation" C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" File not found | COM-object registry key not found
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists
|||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
|||||| {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" c:\apps\winrar\rarext.dll File found, but it contains no detailed information
|||| {5464D816-CF16-4784-B9F3-75C0DB52B499} "Yahoo! Mail Shell Extension" "Yahoo! Inc." C:\Program Files\Yahoo!\Common\YMMAPI.dll File exists
|||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
|||||| {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" "Microsoft Corporation" C:\WINDOWS\system32\WPDShServiceObj.dll File exists
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" File not found | COM-object registry key not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" File not found | COM-object registry key not found
{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"ITBarLayout" File not found | COM-object registry key not found
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" File not found | COM-object registry key not found
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" File not found | COM-object registry key not found
"{32099AAC-C132-4136-9E9A-4E364A424E17}" File not found | COM-object registry key not found
"{A057A204-BACC-4D26-9990-79A187E2698E}" File not found | COM-object registry key not found
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" File not found | COM-object registry key not found
"{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" File not found | COM-object registry key not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07"
http://java.sun.com/update/1.6...tall-1_6_0_07-windows-i586.cab C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll File not found
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6...tall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." F:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
|||| {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6...tall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." F:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31"
http://java.sun.com/update/1.6...tall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." F:\Program Files\Java\jre6\bin\npjpi160_31.dll File exists
Microsoft XML Parser for Java "Microsoft XML Parser for Java"
file://C:\WINDOWS\Java\classes\xmldso.cab File not found | COM-object registry key not found
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
http://fpdownload.macromedia.c...lashplayer/current/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx File exists
|||| {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool"
http://go.microsoft.com/fwlink/?linkid=39204 "Microsoft Corporation" C:\WINDOWS\system32\LegitCheckControl.DLL File exists
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}"
http://java.sun.com/update/1.5...tall-1_5_0_11-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}"
http://java.sun.com/update/1.6...tall-1_6_0_01-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}"
http://java.sun.com/update/1.6...tall-1_6_0_02-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}"
http://java.sun.com/update/1.6...tall-1_6_0_03-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}"
http://java.sun.com/update/1.6...tall-1_6_0_05-windows-i586.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{4528BBE0-4E08-11D5-AD55-00010333D0AD} "{4528BBE0-4E08-11D5-AD55-00010333D0AD}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "Blog This" "Microsoft Corporation" C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File exists
|||||| "Exec" "Microsoft Corporation" C:\WINDOWS\Network Diagnostic\xpnetdiag.exe File exists
|||| "FlashGet" "Amaze Soft" C:\apps\flashget\flashget.exe File exists
|||| "Messenger" "Microsoft Corporation" C:\Program Files\Messenger\msmsgs.exe File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{95B7759C-8C7F-4BF1-B163-73684A933233}" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
{00cbb66b-1d3b-46d3-9577-323a336acb50} "Chatvibes Browser Helper" " " C:\Program Files\BrowserCompanion\jsloader.dll File exists
{963B125B-8B21-49A2-A3A8-E37092276531} "Chatvibes Browser Helper Verifier" " " C:\Program Files\BrowserCompanion\updatebhoWin32.dll File exists
|||| {A5366673-E8CA-11D3-9CD9-0090271D075B} "IeCatch2 Class" "Amaze Soft" C:\apps\flashget\jccatch.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." F:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." F:\Program Files\Java\jre6\bin\ssv.dll File exists
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|| {C08DF07A-3E49-4E25-9AB0-D3882835F153} "QUICKfind BHO Object" C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll File found, but it contains no detailed information
|| {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" "Microsoft Corp." C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" File not found | COM-object registry key not found
{95B7759C-8C7F-4BF1-B163-73684A933233} "{95B7759C-8C7F-4BF1-B163-73684A933233}" File not found | COM-object registry key not found
Logon
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"DAEMON Tools Lite" "DT Soft Ltd" "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists
"Browser companion helper" "Blabbers Communications LTD" C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej File exists
"ClamWin" "alch" "F:\Program Files\ClamWin\bin\ClamTray.exe" --logon File exists
"ModemListener" F:\Program Files\Mobilni Internet\ModemListener.exe start File found, but it contains no detailed information
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "QuickTime Task" "Apple Computer, Inc." "F:\Program Files\QuickTime\qttask.exe" -atboottime File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists
|||||| "ThreatFire" "PC Tools" F:\Program Files\ThreatFire\TFTray.exe File exists
"vProt" "C:\Program Files\AVG Secure Search\vprot.exe" File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "Adobe LM Service" (Adobe LM Service) "Adobe Systems" C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe File exists
|||||| "Apache Tomcat" (Tomcat5) "Apache Software Foundation" F:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Autodata Limited License Service" (Autodata Limited License Service) "Autodata Limited" C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe File exists
|||||| "DeviceManager" (DeviceManager) C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe File found, but it contains no detailed information
|||||| "Extensible Authentication Protocol Service" (EapHost) "Microsoft Corporation" C:\WINDOWS\System32\eapsvc.dll File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||| "Google Update Service (gupdatem)" (gupdatem) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists
|||||| "Health Key and Certificate Management Service" (hkmsvc) "Microsoft Corporation" C:\WINDOWS\System32\kmsvc.dll File exists
"Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." F:\Program Files\Java\jre6\bin\jqs.exe File exists
|||||| "Macromedia Licensing Service" (Macromedia Licensing Service) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe File exists
|||||| "Network Access Protection Agent" (napagent) "Microsoft Corporation" C:\WINDOWS\System32\qagentrt.dll File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
"OpenLink License Manager" (oplmgr) "OpenLink Software" C:\WINDOWS\system32\oplmgr.exe File exists
"OpenLink Virtuoso Server" (Virtuoso) "OpenLink Software" F:\Program Files\OpenLink Software\Virtuoso 6.3\bin\virtuoso.exe File exists
|||||| "SeaPort" (SeaPort) "Microsoft Corp." C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe File exists
|||||| "Skype Updater" (SkypeUpdate) "Skype Technologies" F:\Program Files\Skype\Updater\Updater.exe File exists
|||||| "ThreatFire" (ThreatFire) "PC Tools" F:\Program Files\ThreatFire\TFService.exe File exists
"vToolbarUpdater" (vToolbarUpdater) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Live Family Safety Service" (fsssvc) "Microsoft Corporation" C:\Program Files\Windows Live\Family Safety\fsssvc.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
|||||| "Wired AutoConfig" (Dot3svc) "Microsoft Corporation" C:\WINDOWS\System32\dot3svc.dll File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
|||||| {B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" "Microsoft Corporation" C:\WINDOWS\system32\dot3gpclnt.dll File exists
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||||| "dimsntfy" "Microsoft Corporation" C:\WINDOWS\System32\dimsntfy.dll File exists
|||| "WgaLogon" "Microsoft Corporation" C:\WINDOWS\system32\WgaLogon.dll File exists

If You have questions or want to get some help, You can visit http://forum.online-solutions.ru
[ kristi1 @ 08.04.2012. 15:50 ] @
Instaliraj Avast, imas free verziju koja zadovoljava sasvim pristojno.
[ Vodomar @ 08.04.2012. 16:33 ] @
xp sp 2?! to prvo reši
uploaduj fajl ovde pa na forum daj link za download
avast je ok mada malo malo sa v.7 se čuje da brljavi.ako bude problema probaj aviru ili ad-aware
[ Aleksandar Maletic @ 08.04.2012. 16:42 ] @
Na sve ovo što su kolege preporučile imam samo nešto da dodam.
Preuzmi Disable Autorun/Autoplay, pokreni program, štikliraj sve opcije i potvrdi sa Ok. Restartuj računar.
Preuzmi i instaliraj MCShield, štitiće tvoj računar od malvera koji preti sa prenosivih memorijskih uređaja.
[ alien111 @ 08.04.2012. 19:26 ] @
Hvala na odgovorima do sada, a evo i fajla: http://www.2shared.com/document/byF4RSJk/osam.html
[ Vodomar @ 08.04.2012. 20:06 ] @
ovo je čisto.updateuj windows na sp3,reši hardverski problem,avast ili avira ili ad-aware.instaliraj i mbam jednom nedeljno odradi full scan sa njim i sa odabranim AV-om.Kada ubuduće instaliraš softver opredeli se za custom instal tako ćeš dobiti šansu da ne instaliraš i toolbar.u firefox obaveno postavi WOT,ne posećuj crvene sajtove i ne skidaj softver sa torrenta.
[ alien111 @ 08.04.2012. 20:17 ] @
Ok, hvala na odgovoru.
[ adjals @ 06.05.2012. 14:41 ] @
Pozz..za sve

nisam cesto ovde, ali trenutno mi je neophodan savet za sigurnu zastitu racunara i mala pomoc.
Trenutno koristim USB disk security i Eset NOd 32. Pre neki dan naletim na neki spayware, preko izlaznog linka na svom blogu, naravno sistem je odmah detektovao virus i upozorio, ali izgleda da ga nije uspeo unistiti. Ja sam sve izlazne linkove odmah obrisala sa bloga. Virus je izgleda onemogucio NOD32 tako da sada kada hocu da ga preinstaliram nece da prihvati instalciju a instalirala sam verziju sa softonic-a tj. sa ovog linka http://en.softonic.com/s/free-nod32-antivirus-2012-full-version
i sada mi izgleda taj virus onemogucio ESET Nod 32 posto mi MCaffe daje upozorenje da je u funkciji disabled ...tj. tacnije ovo pise po sceniranju .."Eset nod 32 antivirus 5.0 appears to be off or disabled, don`t leave your computer defenseless against the latest threats -turn your anty virus or anty-spayware software"- Mcaffe mi nudi opciju da kupim neki njihov software i da ga instaliram...

Pokusala sam da izvrsim update veryzije Eset Nod 32 pretpostavljam da nije najnovija i kada instaliram ponovo NOd 32 sa ovog linka

http://en.softonic.com/s/free-nod32-antivirus-2012-full-version


Ovo mi izbacuje U prvom prozoru:" You already have the latest vrersion installed"


i u drugom prozoru : "Installation has ben interrupted
The instalation of ESet Nod 32 has not been completed successfuly. They system has not been protected against computer threats. To install Wset Nod 32 on your computer please run installation again."

Ponovo sam isla na run i salje mi one smajlije da instaliram, to nisam cekirala i ponudi ti Hotspot Shield 2.53 za instalaciju-kada sam njega instalirala, pokazuje mi ikonicu sa upozorenjem da moye da dezorjentise sistem i da ga Microsoft ne preporucjuje da se instalacija prekine ? Za ovaj antivirus Hot Spot Shield 2.53 prvi put cujem ali mi ga je Eset Nod 32 ponudio da ga instaliram kao dodatni ( to je sa ovog linka na softonic-U), medjutim nisam ga instalirala. Da li treba i ovaj Hot SPot Shield 2.53 da instaliram?

Meni treba preporuka sta je najbolje u ovom slucaju da uradim i kakvu zastitiu da instaliram(napominjem da vec imam instaliran USB disk security version 6.1.0.432) posto mi instaliran ESET Nod 32 nije u funkciji, kako bih pronasla ovaj Spayware i unistila ga potpuno. A ovih dana je net pun nekih virusa...
Evo koji windows koristim ako je to bitno i
Verzija mog WIndowsa je Windows XP (5.1.2600 Servis pack 3 Build 2600
i nemam pojma jel ovo novija verzija ili nije.

A memorija mi je 512 MB celokupna i raspoloziva 29.49 MB
i virtuelna celokupna 2 GB i raspoloziva 1.96GB

Napomenucu jos ako je bitno da mi se pc znantno usporio i da mi stalno pokazuje upozorenje da mu je virtuelna memorija puna i tu mi treba savet koji je najbolji nacin da nateram windows da isprazni virtuelnu memoriju?




Hvala unapred na odgovoru.
[ Dashkes @ 06.05.2012. 16:15 ] @
Pozdrav adjals!
Preuzmite OSAM: Autorun Manager v5.0 i prikačite ovde html stranicu sa rezultatima.
[ adjals @ 06.05.2012. 22:32 ] @
Pozz, Dashkes

evo instalirala sam Osam Autorun manager i izvrsila skeniranje, i evo rezultata (valjda sam pravilno odradila ovo - fajl sto mi je Osam Autorun manger prilikom skeniranja dao opciju da ga sacuvam ,sacuvala sam ga i otvorila u Firefox-u i preko misa otvorila html za tu stranu i prekopirala i to je ovo)..Ako nije to to, samo mi reci tacno gde treba da idem da bih prikacila html stranu sa rezultatima.

<p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br>
<a href="http://www.online-solutions.ru/en/" target="_blank">http://www.online-solutions.ru/en/</a><br>
Saved at 22:57:28 on 06.05.2012</p>
<b>OS</b>: Windows XP Professional Service Pack 3 (Build 2600)<br>
<b>Default Browser</b>: Mozilla Corporation Firefox 12.0<br>
<br><b>Scanner Settings</b><br>
<input disabled="disabled" checked="checked" type="checkbox">Rootkits detection (hidden registry)<br>
<input disabled="disabled" checked="checked" type="checkbox">Rootkits detection (hidden files)<br>
<input disabled="disabled" checked="checked" type="checkbox">Retrieve files information<br>
<input disabled="disabled" checked="checked" type="checkbox">Check Microsoft signatures<br>
<br><b>Filters</b><br>
<input disabled="disabled" type="checkbox">Trusted entries<br>
<input disabled="disabled" type="checkbox">Empty entries<br>
<input disabled="disabled" checked="checked" type="checkbox">Hidden registry entries (rootkit activity)<br>
<input disabled="disabled" checked="checked" type="checkbox">Exclusively opened files<br>
<input disabled="disabled" checked="checked" type="checkbox">Not found files<br>
<input disabled="disabled" checked="checked" type="checkbox">Files without detailed information<br>
<input disabled="disabled" checked="checked" type="checkbox">Existing files<br>
<input disabled="disabled" type="checkbox">Non-startable services<br>
<input disabled="disabled" type="checkbox">Non-startable drivers<br>
<input disabled="disabled" checked="checked" type="checkbox">Active entries<br>
<input disabled="disabled" checked="checked" type="checkbox">Disabled entries<br>
<br>
<table border="1" cellpadding="0" cellspacing="0">
<tbody><tr>
<th class="cap" width="20">&nbsp;</th>
<th class="cap">Risk</th>
<th class="cap">Name</th>
<th class="cap">Publisher</th>
<th class="cap">Full Path</th>
<th class="cap">Status</th>
</tr>
<tr>
<td class="group" colspan="6">Common</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\Tasks</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"FreeFileViewerUpdateChecker.job"</td>
<td>"Bitberry Software"</td>
<td>C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"ProgramUpdateCheck.job"</td>
<td>"Trusted Software ApS"</td>
<td>C:\Program Files\File Type Assistant\tsassist.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="nodetails">"Scheduled Update for Ask Toolbar.job"</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Program Files\Ask.com\UpdateTask.exe</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Adobe Flash Player Updater.job"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job"</td>
<td>"Google Inc."</td>
<td>C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job"</td>
<td>"Google Inc."</td>
<td>C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Control Panel Objects</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\system32</td>
</tr>
<tr>
<td class="nodetails"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"ALSNDMGR.CPL"</td>
<td class="nodetails"></td>
<td class="nodetails">C:\WINDOWS\system32\ALSNDMGR.CPL</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"FlashPlayerCPLApp.cpl"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\WINDOWS\system32\FlashPlayerCPLApp.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"infocardcpl.cpl"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\infocardcpl.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"wuaucpl.cpl"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\wuaucpl.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Nero BurnRights 10"</td>
<td>"Nero AG"</td>
<td>C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Pando"</td>
<td>"Pando Networks"</td>
<td>C:\Program Files\Pando Networks\Media Booster\PMB.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"SMAX3CP"</td>
<td>"Analog Devices, Inc."</td>
<td>C:\Program Files\Analog Devices\SoundMAX\SMax3CP.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Drivers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Anchorfree HSS Adapter" (taphss)</td>
<td>"AnchorFree Inc"</td>
<td>C:\WINDOWS\System32\DRIVERS\taphss.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Aspi32" (Aspi32)</td>
<td>"Adaptec"</td>
<td>C:\WINDOWS\system32\drivers\Aspi32.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Changer" (Changer)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\Changer.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"ehdrv" (ehdrv)</td>
<td>"ESET"</td>
<td>C:\WINDOWS\System32\DRIVERS\ehdrv.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"i2omgmt" (i2omgmt)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\i2omgmt.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"ISO DVD/CD-ROM Device Driver" (ISODrive)</td>
<td>"EZB Systems, Inc."</td>
<td>C:\Program Files\UltraISO\drivers\ISODrive.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"lbrtfdc" (lbrtfdc)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\lbrtfdc.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PCIDump" (PCIDump)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PCIDump.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDCOMP" (PDCOMP)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDCOMP.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDFRAME" (PDFRAME)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDFRAME.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDRELI" (PDRELI)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDRELI.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDRFRAME" (PDRFRAME)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDRFRAME.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"PxHelp20" (PxHelp20)</td>
<td>"Sonic Solutions"</td>
<td>C:\WINDOWS\System32\Drivers\PxHelp20.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"SASDIFSV" (SASDIFSV)</td>
<td>"SUPERAdBlocker.com and SUPERAntiSpyware.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"SASKUTIL" (SASKUTIL)</td>
<td>"SUPERAdBlocker.com and SUPERAntiSpyware.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Service for Realtek AC97 Audio (WDM)" (ALCXWDM)</td>
<td>"Realtek Semiconductor Corp."</td>
<td>C:\WINDOWS\System32\drivers\ALCXWDM.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"VIA AGP Filter" (viaagp1)</td>
<td>"VIA Technologies, Inc."</td>
<td>C:\WINDOWS\System32\DRIVERS\viaagp1.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"WDICA" (WDICA)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\WDICA.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="group" colspan="6">Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td>
<td>"Adobe Systems, Inc."</td>
<td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Filter</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{807553E5-5146-11D5-A672-00B0D022E945} "text/xml"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Handler</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class"</td>
<td>"Skype Technologies"</td>
<td>C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler"</td>
<td>"McAfee, Inc."</td>
<td>c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler"</td>
<td>"McAfee, Inc."</td>
<td>c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol"</td>
<td>"Skype Technologies S.A."</td>
<td>C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{4D25FB7A-8902-4291-960E-9ADA051CFBBF} "tbr"</td>
<td>"Crawler.com"</td>
<td>C:\PROGRA~1\Crawler\ctbr.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class"</td>
<td>"SuperAdBlocker.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SASSEH.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"</td>
<td>"Igor Pavlov"</td>
<td>C:\Program Files\7-Zip\7-zip.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\wuaucpl.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{E30BB957-3B17-43E6-8F4C-8F01BFED6F0F} "FileExtToggleExt Class"</td>
<td></td>
<td>C:\WINDOWS\system32\ShellExt\FILEEX~1.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{8A56567E-A333-4843-B6E1-C3A262E41D8C} "HashPage Class"</td>
<td>"Beeblebrox.org"</td>
<td>C:\WINDOWS\system32\ShellExt\HashTab.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{B1883831-F0D8-4453-8245-EEAAD866DD6E} "HashTab Context Menu"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{A5026724-3344-4658-94AE-0908507D892C} "HiddenFilesToggleExt Class"</td>
<td></td>
<td>C:\WINDOWS\system32\ShellExt\HIDDEN~1.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{A1A07B07-F70D-482e-B0E8-B6178E73B094} "hksshlex Class"</td>
<td>"Big-O Software"</td>
<td>C:\PROGRA~1\hkSFV\hkshlex.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Microsoft Office\OFFICE11\msohev.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\dfshim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\dfshim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class"</td>
<td>"EZB Systems, Inc."</td>
<td>C:\Program Files\UltraISO\isoshell.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td class="nodetails">{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension"</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Program Files\Unlocker\UnlockerCOM.dll</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR"</td>
<td>"Alexander Roshal"</td>
<td>C:\Program Files\WinRAR\rarext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Internet Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td><binary data=""> "&amp;Crawler Toolbar"</binary></td>
<td>"Crawler.com"</td>
<td>C:\PROGRA~1\Crawler\ctbr.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td><binary data=""> "Ask Toolbar"</binary></td>
<td>"Ask"</td>
<td>C:\Program Files\Ask.com\GenericAskToolbar.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">ITBar7Height "ITBar7Height"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound"><binary data=""> "ITBar7Layout"</binary></td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td><binary data=""> "TheGiftBar Toolbar"</binary></td>
<td>"Conduit Ltd."</td>
<td>C:\Program Files\TheGiftBar\prxtbTheG.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} "&amp;Crawler Toolbar Helper"</td>
<td>"Crawler.com"</td>
<td>C:\PROGRA~1\Crawler\ctbr.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar"</td>
<td>"McAfee, Inc."</td>
<td>c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{efc46a17-82ed-46ea-b94a-a08c86bb4fbe} "TheGiftBar Toolbar"</td>
<td>"Conduit Ltd."</td>
<td>C:\Program Files\TheGiftBar\prxtbTheG.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class"</td>
<td>"Ask"</td>
<td>C:\Program Files\Ask.com\GenericAskToolbar.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{73848533-39E1-49F1-9363-28054268C094} "FileInterface Class"<br>https://online.bancaintesabeog...etailDLL/FSINT9.dll</td>
<td></td>
<td>C:\WINDOWS\Downloaded Program Files\FSINT9.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{76326493-E84F-4D4B-939C-1E07B50037F2} "ProxyModule Class"<br>https://online.bancaintesabeog...ailDLL/SGCMSCCD.DLL</td>
<td></td>
<td>C:\WINDOWS\Downloaded Program Files\SGCMSCCD.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Messenger"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Messenger\msmsgs.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call"</td>
<td>"Skype Technologies S.A."</td>
<td>C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td><binary data=""> "&amp;Crawler Toolbar"</binary></td>
<td>"Crawler.com"</td>
<td>C:\PROGRA~1\Crawler\ctbr.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td><binary data=""> "Ask Toolbar"</binary></td>
<td>"Ask"</td>
<td>C:\Program Files\Ask.com\GenericAskToolbar.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar"</td>
<td>"McAfee, Inc."</td>
<td>c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{efc46a17-82ed-46ea-b94a-a08c86bb4fbe} "TheGiftBar Toolbar"</td>
<td>"Conduit Ltd."</td>
<td>C:\Program Files\TheGiftBar\prxtbTheG.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} "&amp;Crawler Toolbar Helper"</td>
<td>"Crawler.com"</td>
<td>C:\PROGRA~1\Crawler\ctbr.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar"</td>
<td>"Ask"</td>
<td>C:\Program Files\Ask.com\GenericAskToolbar.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{11111111-1111-1111-1111-110011221158} "I Want This"</td>
<td>"215 Apps"</td>
<td>C:\Program Files\I Want This\I Want This.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO"</td>
<td>"McAfee, Inc."</td>
<td>c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper"</td>
<td>"Skype Technologies S.A."</td>
<td>C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{efc46a17-82ed-46ea-b94a-a08c86bb4fbe} "TheGiftBar Toolbar"</td>
<td>"Conduit Ltd."</td>
<td>C:\Program Files\TheGiftBar\prxtbTheG.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Logon</td>
</tr>
<tr>
<td class="reg" colspan="6">%AllUsersProfile%\Start Menu\Programs\Startup</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"McAfee Security Scan Plus.lnk"</td>
<td>"McAfee, Inc."</td>
<td>C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe</td>
<td>Shortcut exists | File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">%UserProfile%\Start Menu\Programs\Startup</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Dropbox.lnk"</td>
<td>"Dropbox, Inc."</td>
<td>C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe</td>
<td>Shortcut exists | File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"chromium"</td>
<td>"Google Inc."</td>
<td>C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe --no-startup-window</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Google Update"</td>
<td>"Google Inc."</td>
<td>"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Hotlist-1st-Product-Alerts"</td>
<td>"iDeveloperNetwork Ltd."</td>
<td>C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX44.234\Hotlist-1st-Product-Alerts.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"MSMSGS"</td>
<td>"Microsoft Corporation"</td>
<td>"C:\Program Files\Messenger\msmsgs.exe" /background</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Skype"</td>
<td>"Skype Technologies S.A."</td>
<td>"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"SUPERAntiSpyware"</td>
<td>"SUPERAntiSpyware.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Adobe ARM"</td>
<td>"Adobe Systems Incorporated"</td>
<td>"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"ApnUpdater"</td>
<td>"Ask"</td>
<td>"C:\Program Files\Ask.com\Updater\Updater.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"egui"</td>
<td>"ESET"</td>
<td>"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Smapp"</td>
<td>"Analog Devices, Inc."</td>
<td>C:\Program Files\Analog Devices\SoundMAX\SMTray.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"SweetIM"</td>
<td>"SweetIM Technologies Ltd."</td>
<td>C:\Program Files\SweetIM\Messenger\SweetIM.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"USB Antivirus"</td>
<td>"Zbshareware Lab"</td>
<td>C:\Program Files\USB Disk Security\USBGuard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"USB Security"</td>
<td>"Zbshareware Lab"</td>
<td>C:\Program Files\USB Disk Security\USBGuard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"WinampAgent"</td>
<td>"Nullsoft, Inc."</td>
<td>"C:\Program Files\Winamp\winampa.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Print Monitors</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Microsoft Document Imaging Writer Monitor"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mdimon.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Services</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc)</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"ASP.NET State Service" (aspnet_state)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Automatic Updates" (wuauserv)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\wuauserv.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"ESET Service" (ekrn)</td>
<td>"ESET"</td>
<td>C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Google Updater Service" (gusvc)</td>
<td>"Google"</td>
<td>C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"McAfee Security Scan Component Host Service" (McComponentHostService)</td>
<td>"McAfee, Inc."</td>
<td>C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service)</td>
<td>"McAfee, Inc."</td>
<td>c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Mozilla Maintenance Service" (MozillaMaintenance)</td>
<td>"Mozilla Foundation"</td>
<td>C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Office Source Engine" (ose)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"SAS Core Service" (!SASCORE)</td>
<td>"SUPERAntiSpyware.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SASCORE.EXE</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Skype Updater" (SkypeUpdate)</td>
<td>"Skype Technologies"</td>
<td>C:\Program Files\Skype\Updater\Updater.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"SoundMAX Agent Service" (SoundMAX Agent Service (default))</td>
<td>"Analog Devices, Inc."</td>
<td>C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Windows CardSpace" (idsvc)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Winlogon</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Control Panel\IOProcs</td>
</tr>
<tr>
<td class="notfound"><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"MVB"</td>
<td class="notfound"></td>
<td class="notfound">mvfs32.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify</td>
</tr>
<tr>
<td><input disabled="disabled" checked="checked" type="checkbox"></td>
<td class="rs rt">||||||</td>
<td>"!SASWinLogon"</td>
<td>"SUPERAntiSpyware.com"</td>
<td>C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL</td>
<td>File exists</td>
</tr>
</tbody></table>
<p>If You have questions or want to get some help, You can visit <a href="http://forum.online-solutions.ru" target="_blank">http://forum.online-solutions.ru</a></p>
<div id="hide-button" style="background: url(&quot;http://207.150.202.194/chat/jscss/up_1.png&quot;) no-repeat scroll 0% 0% transparent; height: 19px; width: 49px; position: fixed; top: auto; margin-left: -24px; left: 50%; bottom: 0px; z-index: 32768; display: none;"></div><script type="text/javascript">document.getElementById("hide-button").onclick = function(){var show_evt = document.createEvent("Events");show_evt.initEvent("showhidetoolbar",true,false);this.dispatchEvent(show_evt);};</script>
[ Dashkes @ 07.05.2012. 09:48 ] @
Sve je odlično! :)


Deštiklirajte sledeće stavke -
1. "Scheduled Update for Ask Toolbar.job" C:\Program Files\Ask.com\UpdateTask.exe
2. "Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys
3. "i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys
4. "lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys
5. "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys
6. {4D25FB7A-8902-4291-960E-9ADA051CFBBF} "tbr" "Crawler.com" C:\PROGRA~1\Crawler\ctbr.dll
7. {8A56567E-A333-4843-B6E1-C3A262E41D8C} "HashPage Class" "Beeblebrox.org" C:\WINDOWS\system32\ShellExt\HashTab.dll
8. {A5026724-3344-4658-94AE-0908507D892C} "HiddenFilesToggleExt Class" C:\WINDOWS\system32\ShellExt\HIDDEN~1.DLL
9. {A1A07B07-F70D-482e-B0E8-B6178E73B094} "hksshlex Class" "Big-O Software" C:\PROGRA~1\hkSFV\hkshlex.dll
10. "&Crawler Toolbar" "Crawler.com" C:\PROGRA~1\Crawler\ctbr.dll
11. "Ask Toolbar" "Ask" C:\Program Files\Ask.com\GenericAskToolbar.dll
12. "TheGiftBar Toolbar" "Conduit Ltd." C:\Program Files\TheGiftBar\prxtbTheG.dll
13. {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} "&Crawler Toolbar Helper" "Crawler.com" C:\PROGRA~1\Crawler\ctbr.dll
14. {efc46a17-82ed-46ea-b94a-a08c86bb4fbe} "TheGiftBar Toolbar" "Conduit Ltd." C:\Program Files\TheGiftBar\prxtbTheG.dll
15. {00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" "Ask" C:\Program Files\Ask.com\GenericAskToolbar.dll
16. "&Crawler Toolbar" "Crawler.com" C:\PROGRA~1\Crawler\ctbr.dll
17. "Ask Toolbar" "Ask" C:\Program Files\Ask.com\GenericAskToolbar.dll
18. {efc46a17-82ed-46ea-b94a-a08c86bb4fbe} "TheGiftBar Toolbar" "Conduit Ltd." C:\Program Files\TheGiftBar\prxtbTheG.dll
19. {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} "&Crawler Toolbar Helper" "Crawler.com" C:\PROGRA~1\Crawler\ctbr.dll
20. {D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" "Ask" C:\Program Files\Ask.com\GenericAskToolbar.dll
21. {11111111-1111-1111-1111-110011221158} "I Want This" "215 Apps" C:\Program Files\I Want This\I Want This.dll
22. {efc46a17-82ed-46ea-b94a-a08c86bb4fbe} "TheGiftBar Toolbar" "Conduit Ltd." C:\Program Files\TheGiftBar\prxtbTheG.dll
23. "Hotlist-1st-Product-Alerts" "iDeveloperNetwork Ltd." C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX44.234\Hotlist-1st-Product-Alerts.exe
24. "ApnUpdater" "Ask" "C:\Program Files\Ask.com\Updater\Updater.exe"
25. "SweetIM" "SweetIM Technologies Ltd." C:\Program Files\SweetIM\Messenger\SweetIM.exe
i kliknite na Apply. Nakon toga restartujte računar.

• Preuzmite i instalirajte program Malwarebytes` Anti-Malware
• Pokrenite ga i izvršite update(Update > Check for Updates) i po završetku potvrdite sa OK.
• Posle update-a odaberite Scanner, označite Perform full scan i pritisnite Scan.
• Kada se skeniranje završi pritisnite OK, pa Show Results da vidite izveštaj.
• Proverite da li su svi pronađeni fajlovi štiklirani(ako nisu, odaberite ih), pritisnite Remove Selected i potvrdite sa OK.
• Program će vas upitati da restartujete računar i Vi to potvrdite.
• Takođe posle ukljanjanje malware-a sa računara dobićete log fajl(izveštaj) koji možete iskopirati ovde.
[ adjals @ 07.05.2012. 12:30 ] @
Odradila sam sve kako si mi objasnio, nije bilo komplikovano, nekih 47 detektovanih objekata je bili i evo prikacenog izvestaja koji sam dobila. i to je to. Da li ima potrebe jos nesto da mu odradim, i koji je najbolji antivirus da mu instaliram uz UDB Disk security, posto je i ESET Nod32 -datoteka bila inficirana i sada mi je izbrisana, ostala mi je samo ikonica za Nod na desktopu.

Samo jos jednu napomenu - juce sam instalirala i Super Anty Spayware 5.0.1148 i tu je bilo preko 400 objekata zarazeno, i to sam odradila po instrukcijama koje sistem daje, i mislim da je ok. Bio je i jedan Trojanac i ostalo Spayware i jos neki virusi. Jel tu ne treba nista vise oko Super Anty Spaware da se nesto ponovo skenira ili nesto drugo odradi.

Sada mi trenutno pc radi brze, i mnogo manje se cuje onaj zvuk, kao kada vrsimo defragmentaciju, ali mi jos uvek izbacuje onu zutu ikonicu sa znakom uzvika na kojoj pise Virtual Memory minimum Too Low,i kada se ukljuci, treba mu dosta vremena da pokrene browser al dobro to cu vec na forumu za to, verovatno ima nesto jos da se odradi oko toga, ja ono sto sam znala oko virtuelne memorije, sam odradila.

I imam pitanje da li smem ove programe koji su uklonjeni, kao npr. neke software koji mi trebaju da ih preuzmem i instaliram ponovo, da li nisu oni ostali negde zarazeni na linku sa kog sam ih preuzela?


Hvala ti puno, na pomoci...


Malwarebytes Anti-Malware (Proba) 1.61.0.1400
www.malwarebytes.org

Verzija baze: v2012.05.07.01

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 6.0.2900.5512
Administrator :: NN-B33A0C856812 [administrator]

Zaštita: Omogućena

7.5.2012 12:05:16
mbam-log-2012-05-07 (12-52-55).txt

Način skeniranja: Kompletno skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 217496
Proteklo vreme 44 minuta(e), 38 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 28
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Nikakva akcija nije poduzeta.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Nikakva akcija nije poduzeta.
HKCU\SOFTWARE\Aasppapmmxkvs (Malware.Trace) -> Nikakva akcija nije poduzeta.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> Nikakva akcija nije poduzeta.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Nikakva akcija nije poduzeta.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Nikakva akcija nije poduzeta.

Detektovane vrednosti u registru: 3
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Podatak: e759db7c20fffd1252ec581c8c9b23d8 -> Nikakva akcija nije poduzeta.
HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Podatak: 149 -> Nikakva akcija nije poduzeta.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Podatak: 215 Apps -> Nikakva akcija nije poduzeta.

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 3
C:\Program Files\I Want This (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.

Detektovane datoteke: 13
C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\Local Settings\Temp\7zO15D.tmp\MassTrafficInstantFreeBacklinks.exe (HackTool.Agent) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for MassTrafficInstantFreeBacklinks.zip\MassTrafficInstantFreeBacklinks.exe (HackTool.Agent) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\My Documents\Downloads\SoftonicDownloader_for_eset-nod32-antivirus.exe (PUP.ToolbarDownloader) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\My Documents\Downloads\SoftonicDownloader_for_usb-disk-security.exe (PUP.ToolbarDownloader) -> Nikakva akcija nije poduzeta.
C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Nikakva akcija nije poduzeta.
C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Nikakva akcija nije poduzeta.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Nikakva akcija nije poduzeta.
C:\System Volume Information\_restore{68D79994-5797-4965-B54A-6E53E2930B96}\RP64\A0011758.exe (PUP.BundleInstaller.BT) -> Nikakva akcija nije poduzeta.
C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.
C:\Documents and Settings\Administrator\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Nikakva akcija nije poduzeta.

(kraj)
[ Dashkes @ 07.05.2012. 12:55 ] @
Nažalost, niste ništa izbrisali MBAM-om, u logu možete videti "Nikakva akcija nije poduzeta."
Morate ponovo skenirati disk i čekirati sve objekte i izbrisati.

Što se tiče SUPERAntiSpyware-a, ja bih ga izbrisao i držao samo MBAM.
Ja koristim Dr.Web naprimer.
Od besplatnih alternativa preporučujem ili Outpost Security Suite FREE ili Lavasoft Ad-Aware Free Antivirus+.

Za skidanje softvera koristite FileHippo sajt.

Ne bi bilo loše da skenirate računar još jednom alatkom -
Preuzmite program Dr.Web CureIt!.

• Posle preuzimanja restartujte računar u Safe Mode-u (dok se pali računar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode).
• Kada se učita Safe Mode pokrenite Dr.Web CureIt!.
• Kad se upali odaberite Start. On će automatski početi da skenira računar. Pustiti da skenira (to je Express Scan).
• Kada završi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning (izgleda kao Play dugme).

Pokažite log (zapakujte u ".rar" arhivu i upload-ujte) CureIt!-a koji se nalazi u C:\Documents and Settings\USERNAME\DoctorWeb\
[ Vodomar @ 07.05.2012. 14:46 ] @
@adjals ćao!

ovo je primer čistog mbam loga (Malwarebytes)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ZZZZZZZ :: EEEEEEE-PC [administrator]

10.4.2012 11:56:45
mbam-log-2012-04-10 (11-56-45).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313620
Time elapsed: 27 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

što znači da kada očistite sa ovim programom "viškove" ponovite skeniranje sve dok ne dobijete rezultat kao moj.Naravno ispoštujte do kraja proceduru koju Vam je kolega preporučio.
Drugo,kada budete prelazili na drugi antivirus morate deinstalirati ESET tj. njegove zaostatke.ESET ima posebnu alatku koja se pokreće iz safe moda.
Treće da li ažurirate Windows?Kako je moguće da još imate Internet Explorer 6? Molim instalirajte IE8.
Zašto mbam prijavljuje FAT32 sistem?<to nije pitanje za vas već za kolege>
srećno :)
[ adjals @ 08.05.2012. 12:38 ] @

Cao i pozz..
Skenirala sam ponovo preko Malware bytes i rezultat je ok. Instalirala sam DRWeb Cureit i skenirala sam jednom i posle ponovo kompletno skeniranje. Bilo je nekih Trojanaca, Adware ..neki su izleceni, a ono sto nije moglo da se izleci npr. Trojan MulDrop i Siggen izbrisala sam ih..Posle ponovnog skeniranja preko DRWeb ostalo je nesto sto mi nije jasno tj. na disku C onaj SwetIm sto mi je instaliran preko Eset-a pa pokazuje u iyvestaju pogresna putanja...Pokusala sam da nadjem putanju i da je skeniram, ali bezusepesno...Pa mi reci jel to ok..ili moram i dalje da nadjem tu putanju i da je skeniram da proverim ima li zaraye....Napomena: imam li kakve veze sa tim ono sto sam odcekirala u Malware bytes (bila je stavka i za SweetIM, da ybog toga ne moye da nadje putanju i ovaj SweetIm?

Evo sada cu pokusati da denistaliram ESet Nod 32, skinula sam aplikaciju, i pokusala da udjem u safe mode, ali nije hteo pc da mi prihvati, samo izlista i ponovo izbaci onaj prozor gde ponudi ulazak u safe mode, i normalni windows. Jel moze da se izvrsi deistalacija u normalnom widnowsu, jel kada kliknem na download Eset uninslal .exe i izaberem run da bih ga instalirala , otvori mi mali prozorcic u safe mode, jel mogu preko ovog prozora da odradim, deinstalciju? Pokusala sam ali pokazuje error na kraju.

Ovo mi stoji u safe modu, kada pokusam da se ulogujem i samo izlista stranu i ponovo vrati na pocetnu, i kada opet idem na safe mode i enter, isto
"We apologize for the inconvenience, but windows did not start successfully . A recent hardware or software change might have caused this . If your computer stopped responding restarted unexpectedly, or was automatically shut down to protect your files and folders, choose last known Good Configuration to revert to the most recent settings that worked. If a previous startup attempt was interrupted due to a power failure or because the power or reset buttos was pressed, or if you aren`t sure what caused the problem chose start windows normaly."

Napravila sam DrWeb Cureit u zip formatu, ali kako da ga upload-ujem ovde nemam opciju za upload?
A izvestaj mi je za Malware bytes ok...samo iygleda nije ga memorisao, pa skeinracu ponovo i prikacicu ga za koji trenutak
[ Dashkes @ 08.05.2012. 12:49 ] @
Upload-ujte ovde pa prikačite link.
Sve mi više liči da je taj ESET falš. Videćemo po logu sada. :)
[ adjals @ 08.05.2012. 13:21 ] @
Evo izvestaja za Malware Bytes
Sve je ok....Jel treba one stavke sto su u karantinu da izbrisem i odstranim potpuno ima nekih 48?
I Evo saljem zip fajl Drweb Cureit....
Malwarebytes Anti-Malware (Proba) 1.61.0.1400
www.malwarebytes.org

Verzija baze: v2012.05.08.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: NN-B33A0C856812 [administrator]

Zaštita: Omogućena

8.5.2012 13:39:07
mbam-log-2012-05-08 (13-39-07).txt

Način skeniranja: Kompletno skeniranje
Omogućene opcije skeniranja: Memorija | Automatsko pokretanje | Registar | Datotečni sistem | Heuristika/Dodatno | Heuristika/Shuriken | PUP | PUM
Onemogućene opcije skeniranja: P2P
Skeniranih objekata 218110
Proteklo vreme 37 minuta(e), 45 sekundi

Detektovani procesi u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani moduli u memoriji: 0
(Maliciozne stavke nisu pronađene)

Detektovani ključevi u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane vrednosti u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovani podaci u registru: 0
(Maliciozne stavke nisu pronađene)

Detektovane fascikle: 0
(Maliciozne stavke nisu pronađene)

Detektovane datoteke: 0
(Maliciozne stavke nisu pronađene)

(kraj)
[ adjals @ 08.05.2012. 13:25 ] @
I evo linka za DrWeb CureIt zip format.,..
Ovde ima ona stavka oko SweetIm koju nisam mogla naci i koja mi je sumnjiva....

http://ge.tt/2c3dTNH/v/0?c
[ adjals @ 08.05.2012. 13:30 ] @
Moguce. ko zna, mada mi je Eset Nod32 instalirao decko koji mi je menjao napajanje i uradio kompletnu reinstalaciju program, ne verujem da je namerno instalirao fals antivirus, mada ko zna....Sve je moguce..
[ kristi1 @ 08.05.2012. 13:34 ] @
Uradi ovako:

Preuzmi OTL na desktop http://oldtimer.geekstogo.com/OTL.exe

Dvoklikom pokreni OTL;

Klikni Run Scan;

Po završetku skeniranja, izveštaj ce se otvoriti u Notepad-u.

Prilozi log.
[ adjals @ 08.05.2012. 14:01 ] @



Evo ovog izvestaja, za OTL.exe. Sorrz ya ovaj explorer 6, sada cu instalirati 8, inace ne koristim explorer pa nisam ni obratila paznju.


OTL logfile created on: 8.5.2012 14:42:44 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

511,53 Mb Total Physical Memory | 55,98 Mb Available Physical Memory | 10,94% Memory free
1,16 Gb Paging File | 0,12 Gb Available in Paging File | 10,10% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 9,32 Gb Free Space | 47,73% Space Free | Partition Type: NTFS
Drive D: | 38,13 Gb Total Space | 23,50 Gb Free Space | 61,63% Space Free | Partition Type: FAT32
Drive E: | 18,65 Gb Total Space | 12,38 Gb Free Space | 66,36% Space Free | Partition Type: NTFS

Computer Name: NN-B33A0C856812 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.05.08 14:41:45 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012.05.01 18:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.05.01 12:18:01 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012.04.28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012.02.16 14:53:22 | 000,635,808 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012.01.13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2003.05.05 09:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.12.31 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.09.20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.05.08 14:35:12 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.08 14:35:10 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.06 16:38:27 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.06 16:38:26 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.04.28 04:07:01 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012.04.28 04:06:59 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012.04.28 04:05:34 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012.04.28 04:05:33 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012.04.28 04:05:32 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012.04.28 03:09:18 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2002.12.31 14:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2002.12.31 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.05.05 14:44:32 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.24 21:48:54 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2002.09.20 17:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.26 23:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011.08.09 15:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011.08.04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.11 12:59:18 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2010.01.29 12:40:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.10.26 08:33:40 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008.09.24 12:40:22 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008.04.14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.06.18 14:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.05.03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.07.02 10:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002.12.31 14:00:00 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/sear...searchTerms}&crg=4.0003002

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/...=aus&qkw=%s&tbid=60049
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-zw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 70 B5 CE 36 00 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={...c=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redir...6F-0BA5-4330-B3AC-7539279C2851
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/...w={searchTerms}&tbid=60049
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/Resu...rchSource=4&ctid=CT3156285
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/sear...searchTerms}&crg=4.0003002
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "AlphaMarket Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AlphaMarket Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2922774&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://search.conduit.com/Resu...2774&SearchSource=2&q="
FF - prefs.js..network.proxy.backup.ftp: "79.9.190.134"
FF - prefs.js..network.proxy.backup.ftp_port: 8090
FF - prefs.js..network.proxy.backup.socks: "79.9.190.134"
FF - prefs.js..network.proxy.backup.socks_port: 8090
FF - prefs.js..network.proxy.backup.ssl: "79.9.190.134"
FF - prefs.js..network.proxy.backup.ssl_port: 8090
FF - prefs.js..network.proxy.ftp: "79.9.190.134"
FF - prefs.js..network.proxy.ftp_port: 8090
FF - prefs.js..network.proxy.http: "79.9.190.134"
FF - prefs.js..network.proxy.http_port: 8090
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "79.9.190.134"
FF - prefs.js..network.proxy.socks_port: 8090
FF - prefs.js..network.proxy.ssl: "79.9.190.134"
FF - prefs.js..network.proxy.ssl_port: 8090
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/Resu...chSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2922774&SearchSource=13"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2012.05.06 14:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.03.24 21:52:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 21:48:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 23:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2002.01.01 02:41:25 | 000,000,000 | ---D | M]

[2002.01.01 02:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012.05.06 15:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions
[2012.05.06 01:59:15 | 000,000,000 | ---D | M] (AlphaMarket Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\{018da686-db92-473a-bacb-fe006e046644}
[2012.04.06 00:38:47 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2012.04.22 12:22:16 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.26 21:15:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.04.24 21:49:12 | 000,000,000 | ---D | M] (TheGiftBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\{efc46a17-82ed-46ea-b94a-a08c86bb4fbe}
[2012.05.06 15:50:50 | 000,000,000 | ---D | M] ("I Want This") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\[email protected]
[2012.04.19 17:31:23 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\[email protected]
[2012.05.06 15:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\staged
[2012.04.28 14:31:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\[email protected]
[2012.04.28 14:31:23 | 000,002,324 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\searchplugins\askcom.xml
[2012.01.31 18:13:32 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\searchplugins\conduit.xml
[2012.05.06 14:15:06 | 000,003,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\searchplugins\sweetim.xml
[2012.03.12 13:16:36 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\searchplugins\web-search-powered-by-google.xml
[2012.05.03 17:57:53 | 000,002,103 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\searchplugins\wot-safe-search.xml
[2012.05.05 14:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.10 19:54:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.30 22:33:33 | 000,048,215 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PUNTJ7Q9.DEFAULT\EXTENSIONS\{3E9BB2A7-62CA-4EFA-A4E6-F6F6168A652D}.XPI
[2012.03.09 06:51:05 | 000,413,408 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PUNTJ7Q9.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012.04.22 12:35:47 | 000,075,325 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PUNTJ7Q9.DEFAULT\EXTENSIONS\[email protected]
[2012.03.12 13:11:47 | 000,207,020 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PUNTJ7Q9.DEFAULT\EXTENSIONS\[email protected]
[2012.04.04 15:32:37 | 000,024,227 | R--- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PUNTJ7Q9.DEFAULT\EXTENSIONS\[email protected]
[2012.03.12 13:24:56 | 000,075,861 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PUNTJ7Q9.DEFAULT\EXTENSIONS\[email protected]
[2012.05.06 14:45:44 | 000,000,000 | ---D | M] (Crawler Toolbar) -- C:\PROGRAM FILES\CRAWLER\FIREFOX
[2012.03.24 21:52:18 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.04.24 21:48:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.17 19:21:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.bak
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012.03.17 19:21:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Resu...chSource=49&ctid=CT3156285
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Translate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: SEO Webmaster = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aecgdcflhcipeadlanejdjkegbckcllk\1.0_0\
CHR - Extension: Text URL Linker = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd\1.2.3_0\
CHR - Extension: Website and SEO Analysis = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajkomeiemllejmopbbjjngpmmikfedad\1.1.2_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.13_0\
CHR - Extension: Webpage Screenshot = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.8.3_0\
CHR - Extension: Alexa Traffic Rank = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1.1.0_0\
CHR - Extension: Weebly - Website Builder = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb\1.0.4_0\
CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: Screen Shot = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\deododdhljppcmgjcjocekbekbnaeibl\0.1_0\
CHR - Extension: SEO Site Tools = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\diahigjngdnkdgajdbpjdeomopbpkjjc\2.91_0\
CHR - Extension: PageRank Detector = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehmpbkffphncmdoohmjhmcngghekgbnf\2.4.1_0\
CHR - Extension: AddToAny - Share, Bookmark = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche\2.2.2_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: Create Link = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gcmghdmnkfdbncmnmlkkglmnnhagajbm\0.1.0_0\
CHR - Extension: Andrew@ChromeFans = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\4.7.6_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: TheGiftBar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlekgbnpliiooolaecbflcnddofbpaae\2.3.4.2_0\
CHR - Extension: WordPress Stats = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkplpbeijhlpnlccijpjpggabgmbopg\2.0.7_0\
CHR - Extension: Copy Link Text = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lhdokmjpoambonhlpgcodobebebjdeil\0.5.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Spark@PageRankStatus = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog\1.0.2_0\
CHR - Extension: Google Input Tools (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab\1.2.1.0_0\
CHR - Extension: AutoPager Chrome = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.7.1.4_0\
CHR - Extension: SEO Button by Tarry = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nngpnhamefdgmpehoffkbabfihlmdlhk\1.2.8.2_0\
CHR - Extension: SEO for Chrome = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: Traffic Rank = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oipgijiceofkdddeceikmdjledafnehk\1.0_0\
CHR - Extension: Google Quick Scroll = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\1.82_0\
CHR - Extension: Black & Gray = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\opngpggidjbhmmlapgcmcedfgblofagi\1.1.2_0\
CHR - Extension: WebStore developer = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdehhmojflfecajmhhcgjbfkcilnnbml\1.0.2.1_0\
CHR - Extension: Blog This! = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk\0.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: PageRank = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc\2.1.2_0\
CHR - Extension: Website SEO Analysis and Reviews = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pogddddicfmodhknddnpmpamknembkhb\1.2_0\
CHR - Extension: Google Translate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: SEO Webmaster = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aecgdcflhcipeadlanejdjkegbckcllk\1.0_0\
CHR - Extension: Text URL Linker = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd\1.2.3_0\
CHR - Extension: Website and SEO Analysis = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajkomeiemllejmopbbjjngpmmikfedad\1.1.2_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.13_0\
CHR - Extension: Webpage Screenshot = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.8.3_0\
CHR - Extension: Alexa Traffic Rank = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1.1.0_0\
CHR - Extension: Weebly - Website Builder = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb\1.0.4_0\
CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: Screen Shot = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\deododdhljppcmgjcjocekbekbnaeibl\0.1_0\
CHR - Extension: SEO Site Tools = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\diahigjngdnkdgajdbpjdeomopbpkjjc\2.91_0\
CHR - Extension: PageRank Detector = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehmpbkffphncmdoohmjhmcngghekgbnf\2.4.1_0\
CHR - Extension: AddToAny - Share, Bookmark = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche\2.2.2_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: Create Link = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gcmghdmnkfdbncmnmlkkglmnnhagajbm\0.1.0_0\
CHR - Extension: Andrew@ChromeFans = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\4.7.6_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: TheGiftBar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlekgbnpliiooolaecbflcnddofbpaae\2.3.4.2_0\
CHR - Extension: WordPress Stats = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfkplpbeijhlpnlccijpjpggabgmbopg\2.0.7_0\
CHR - Extension: Copy Link Text = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lhdokmjpoambonhlpgcodobebebjdeil\0.5.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Spark@PageRankStatus = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog\1.0.2_0\
CHR - Extension: Google Input Tools (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab\1.2.1.0_0\
CHR - Extension: AutoPager Chrome = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.7.1.4_0\
CHR - Extension: SEO Button by Tarry = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nngpnhamefdgmpehoffkbabfihlmdlhk\1.2.8.2_0\
CHR - Extension: SEO for Chrome = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: Traffic Rank = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oipgijiceofkdddeceikmdjledafnehk\1.0_0\
CHR - Extension: Google Quick Scroll = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\1.82_0\
CHR - Extension: Black & Gray = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\opngpggidjbhmmlapgcmcedfgblofagi\1.1.2_0\
CHR - Extension: WebStore developer = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdehhmojflfecajmhhcgjbfkcilnnbml\1.0.2.1_0\
CHR - Extension: Blog This! = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk\0.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: PageRank = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc\2.1.2_0\
CHR - Extension: Website SEO Analysis and Reviews = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pogddddicfmodhknddnpmpamknembkhb\1.2_0\

O1 HOSTS File: ([2012.04.05 02:48:14 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [chromium] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 159
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancaintesabeograd.com ([online] https in Trusted sites)
O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} https://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll (FileInterface Class)
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL (ProxyModule Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D6A7446-5E3A-4114-A70D-F547B419083B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.01.01 01:34:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ef055801-fe4a-11d5-bddc-00112f3399d1}\Shell\aUtoPlaY\cOmmAnD - "" = G:\spwgr.pif
O33 - MountPoints2\{ef055801-fe4a-11d5-bddc-00112f3399d1}\Shell\AutoRun\command - "" = G:\spwgr.pif
O33 - MountPoints2\{ef055801-fe4a-11d5-bddc-00112f3399d1}\Shell\eXpLore\CommaNd - "" = G:\spwgr.pif
O33 - MountPoints2\{ef055801-fe4a-11d5-bddc-00112f3399d1}\Shell\Open\Command - "" = G:\spwgr.pif
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.05.08 14:42:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.05.07 21:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
[2012.05.07 12:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.05.07 12:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.07 12:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.05.07 12:00:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.07 12:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.06 16:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012.05.06 16:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012.05.06 16:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012.05.06 16:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.06 14:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Zbshareware Lab
[2012.05.06 14:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.05.06 14:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2012.05.06 14:13:04 | 001,263,344 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\Desktop\eset_nod32_antivirus_live_installer.exe
[2012.05.06 11:04:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012.05.05 10:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\AbiWord Word Processor
[2012.05.04 22:23:31 | 000,110,592 | ---- | C] (InstantDigitalProducts.com) -- C:\Documents and Settings\Administrator\Desktop\ArticleRewriter.exe
[2012.05.02 11:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FreeFileViewer
[2012.05.02 11:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
[2012.05.02 11:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012.05.02 11:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.05.02 11:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GRETECH
[2012.04.30 21:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Article Submitter 4Pro
[2012.04.30 21:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Article Submitter 4Pro
[2012.04.28 12:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hotlist-Search Buzz
[2012.04.28 12:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hotlist-Search Buzz
[2012.04.26 03:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Arthur_A._Evseev_(artevse
[2012.04.26 03:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Article Tool Chest
[2012.04.26 03:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\ArticleToolChest
[2012.04.25 18:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hotlist-Theme-Buzz
[2012.04.25 18:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Hotlist-Theme-Buzz
[2012.04.25 17:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ubot
[2012.04.25 17:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Xenocode
[2012.04.24 21:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.24 21:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.04.21 11:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy Auto Spinner
[2012.04.21 11:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Auto Spinner
[2012.04.21 11:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spin Writer Pro
[2012.04.21 11:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spin Writer Pro
[2012.04.20 20:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FileTypeAssistant
[2012.04.20 20:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Free Text Pad
[2012.04.20 20:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Free Text Pad
[2012.04.20 20:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2012.04.20 20:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2012.04.20 19:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012.04.20 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.04.19 18:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AbiSuite
[2012.04.19 18:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\AbiWord
[2012.04.19 13:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Article sender
[2012.04.19 13:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Article sender
[2012.04.19 13:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Easy Homepage Creator V.2.0 DEMO
[2012.04.19 13:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Homepage Creator V.2.0 DEMO
[2012.04.19 13:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mresreg
[2012.04.19 13:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Meine HomepageFIX2012 Seiten
[2012.04.19 13:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Mein HomepageFIX2012 Backup
[2012.04.19 13:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HomepageFIX2012
[2012.04.19 13:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IN-MEDIAKG
[2012.04.19 13:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Meine HomepageFIX2012 Projekte
[2012.04.19 13:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\HomepageFIX2012
[2012.04.19 13:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\mresreg
[2012.04.18 17:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\tinySpell
[2012.04.18 17:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\tinySpell
[2012.04.10 19:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012.04.10 19:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012.04.10 19:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.05.08 14:44:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.08 14:41:45 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.05.08 14:32:41 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012.05.08 14:32:33 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2012.05.08 14:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.08 14:32:19 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.08 14:23:03 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
[2012.05.08 12:23:09 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
[2012.05.07 12:00:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.05.07 12:00:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.06 19:48:33 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.bak
[2012.05.06 16:32:43 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.06 14:50:26 | 000,441,392 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.06 14:50:26 | 000,071,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.06 14:28:08 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\USB Disk Security.lnk
[2012.05.06 14:28:08 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk
[2012.05.06 14:13:14 | 001,263,344 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\Desktop\eset_nod32_antivirus_live_installer.exe
[2012.05.06 11:28:35 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Auto Spinner.lnk
[2012.05.06 11:27:46 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spin Writer Pro.lnk
[2012.05.05 14:44:32 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.05 14:44:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.05.05 13:48:15 | 005,966,984 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HSS-2.52-install-plain-380-mi2.exe
[2012.05.05 13:36:20 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.05.05 13:33:37 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.05.05 11:59:45 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.02 13:40:17 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.02 11:43:32 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.02 11:36:14 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2012.05.02 11:36:14 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FreeFileViewer.lnk
[2012.05.01 12:22:19 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012.05.01 12:22:19 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.04.30 22:32:28 | 000,000,099 | ---- | M] () -- C:\WINDOWS\ANS2000.INI
[2012.04.30 22:32:25 | 000,000,020 | -H-- | M] () -- C:\WINDOWS\akebook.ini
[2012.04.30 22:32:25 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\a3kebook.ini
[2012.04.30 21:12:15 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Article Submitter 4Pro .lnk
[2012.04.30 21:12:15 | 000,001,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Article Submitter 4Pro .lnk
[2012.04.30 01:25:27 | 001,767,541 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Article-Backup-2012-04-30_01-25-23-.zip
[2012.04.30 01:09:45 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Hotlist-Search Buzz.lnk
[2012.04.30 01:09:45 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hotlist-Search Buzz.lnk
[2012.04.26 03:47:31 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Article Tool Chest.lnk
[2012.04.26 03:47:31 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Article Tool Chest.lnk
[2012.04.26 02:42:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.04.26 02:42:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.04.25 18:32:18 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Hotlist-Theme-Buzz.lnk
[2012.04.25 18:32:18 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hotlist-Theme-Buzz.lnk
[2012.04.25 18:31:03 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to 7z920.exe.lnk
[2012.04.25 17:46:16 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2012.04.25 17:46:16 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012.04.22 20:10:35 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2003.lnk
[2012.04.20 20:11:07 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Free Text Pad.lnk
[2012.04.19 18:55:48 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to abiword-setup-2.9.2.lnk
[2012.04.19 14:01:58 | 000,000,206 | ---- | M] () -- C:\WINDOWS\EurekaLog.ini
[2012.04.19 13:42:31 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Article sender.lnk
[2012.04.19 13:14:35 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Easy Homepage Creator DEMO.lnk
[2012.04.19 13:12:12 | 000,000,991 | ---- | M] () -- C:\WINDOWS\page.ini
[2012.04.19 13:12:12 | 000,000,140 | ---- | M] () -- C:\WINDOWS\page.kon
[2012.04.19 13:08:49 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HomepageFIX 2012.lnk
[2012.04.17 18:21:36 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New WinRAR archive.rar
[2012.04.16 13:33:58 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk
[2012.04.15 11:57:59 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012.04.09 11:16:10 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.08 23:29:35 | 000,001,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012.04.08 23:29:35 | 000,001,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.05.07 12:00:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.05.07 12:00:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.06 16:32:43 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.06 14:28:08 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\USB Disk Security.lnk
[2012.05.05 13:47:20 | 005,966,984 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HSS-2.52-install-plain-380-mi2.exe
[2012.05.02 11:36:22 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012.05.01 12:18:10 | 000,001,052 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
[2012.05.01 12:18:06 | 000,001,000 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
[2012.04.30 22:32:25 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2012.04.30 22:32:25 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2012.04.30 22:32:25 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2012.04.30 21:12:15 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Article Submitter 4Pro .lnk
[2012.04.30 21:12:15 | 000,001,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Article Submitter 4Pro .lnk
[2012.04.30 01:25:26 | 001,767,541 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Article-Backup-2012-04-30_01-25-23-.zip
[2012.04.28 12:29:25 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Hotlist-Search Buzz.lnk
[2012.04.28 12:29:25 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hotlist-Search Buzz.lnk
[2012.04.26 03:47:31 | 000,000,728 | ----
[ kristi1 @ 08.05.2012. 14:31 ] @
Deinstaliraj:

McAfee Security Scan
USB Disk Security

Da sam na tvom mestu, ja bih i taj Google Chrome kompletno izbrisao i instalirao ponovo, znaci deinstalacija i brisanje njegovog foldera. ne znma tacno gde se nalazi, ne koristim ga. Ako neko ima informaciju neka javi, znaci kompletno brisanje Chrome.

Umesto USB Disk Security-a koji nista ne stiti, osim sto jede memoriju, instaliraj ovaj program http://amf.mycity.rs/mcshield/


Idemo dalje:


Pokreni OTL

U beli okvir prozora gde piše Custom Scans/Fixes iskopiraj sledeci tekst:

Code:
:OTL
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/sear...searchTerms}&crg=4.0003002
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redir...6F-0BA5-4330-B3AC-7539279C2851
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/Resu...rchSource=4&ctid=CT3156285
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/sear...searchTerms}&crg=4.0003002
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "AlphaMarket Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AlphaMarket Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2922774&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/Resu...2774&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/Resu...chSource=3&q={searchTerms}"
[2012.05.06 01:59:15 | 000,000,000 | ---D | M] (AlphaMarket Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\{018da686-db92-473a-bacb-fe006e046644}
[2012.04.24 21:49:12 | 000,000,000 | ---D | M] (TheGiftBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\{efc46a17-82ed-46ea-b94a-a08c86bb4fbe}
[2012.04.28 14:31:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\extensions\[email protected]
[2012.01.31 18:13:32 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\searchplugins\conduit.xml
[2012.05.06 14:15:06 | 000,003,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\searchplugins\sweetim.xml
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Resu...chSource=49&ctid=CT3156285
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O33 - MountPoints2\{ef055801-fe4a-11d5-bddc-00112f3399d1}\Shell\aUtoPlaY\cOmmAnD - "" = G:\spwgr.pif
O33 - MountPoints2\{ef055801-fe4a-11d5-bddc-00112f3399d1}\Shell\AutoRun\command - "" = G:\spwgr.pif
O33 - MountPoints2\{ef055801-fe4a-11d5-bddc-00112f3399d1}\Shell\eXpLore\CommaNd - "" = G:\spwgr.pif
O33 - MountPoints2\{ef055801-fe4a-11d5-bddc-00112f3399d1}\Shell\Open\Command - "" = G:\spwgr.pif

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]


Klikni taster Run Fix;

Log koji dobiješ iskopiraj ovde u poruci.
[ adjals @ 08.05.2012. 16:02 ] @
Sada cu ovo odraditi, ali pokusavam da deinstaliram USB Disk security. Isla sam preko Control Panela pa Add or remove program and windows components i pronasla USB Disk Security i isla na remove ali ne prihvata, po kliku na remove ostaje ponovo u Add or remove program and windows components.

Ovo mi izlazi obavestenje.

" uninstall has detected that USB DIsk security is currently runing. Please close all instancess of it now , then click ok to continue, or Cencel to exit."

Ima li USB Disk security moyda isto neku apllikaciju za deinstalciju?

MC Shield sam instalirala.
[ Aleksandar Maletic @ 08.05.2012. 16:36 ] @
USB Disk Security nije hteo da se deinstalira jer je i dalje aktivan među procesima.
Prisni Ctrl+Shift+Esc, kada ti se otvori Task Manager selektuj karticu Processes.
Pronađi na listi proces, selektuj ga i klikni na End Process. Sada pokušaj da deinstaliraš program ponovo.
[ kristi1 @ 08.05.2012. 16:51 ] @
Imas ga i u startup-u, tu ga iskljuci.
[ adjals @ 08.05.2012. 19:53 ] @
U start-u nece isla sam na Uninstall i klik pojavila mi se ikonica sa pitanjem

Are you sure you want to completely remove USB disk security and all of its component?

kliknula sam yes

i onda je izasla drugi prozor u kome stoji tekst i zuti znak opasnosti

" uninstall has detected that USB Disk security is currently runing. Please close all instancess of it now , then click ok to continue, or Cencel to exit."

Kliknula sam ok, ali ne reaguje samo zatreperi a na censel reaguje
[ adjals @ 08.05.2012. 20:03 ] @
U task menageru...postoji USBGuard.exe stavka jel to treba da se oznaci i ide na End process? Zauzima samo 770 k memorije nesto mnogo malo,pa nisam sigurna jel je to USB DIsk security da ne iskljucim nesto pogresno?
[ Vodomar @ 08.05.2012. 20:32 ] @
da gasi to
[ adjals @ 08.05.2012. 20:49 ] @
Ovaj proyor mi izlazi sa zutim ynakom opasnosti kada oynacim USBGuard.exe i kliknem na end process

WARNING: Terminating a process can cause udnesired results induding loss of data and system instability. The process will not bi given the chance to save its state or data before it is terminated.
Are you sure you want to terminate the process?
i stoji ponudjena oopcija yes ili no


Jel ovo treba da se pojavi ili je neki problem?
[ adjals @ 08.05.2012. 20:58 ] @
Iskljucila sam USB DIsk Security nista se nije desilo, nikkavo obavestenje mi nije iyaslo, ynaci da je sve ok.
Sada mi racunar stiti ovaj MC Shield. Sada cu pokrenuti OTL. i ubaciti onaj tekst.
[ Vodomar @ 08.05.2012. 21:18 ] @
Molim te trenutno nemoj ništa da instaliraš samo očisti komp i deinstaliraj te programe.Posebno ukloni USB disk i ESET.Vidi da li ti sada radi ESET-ov link za deinstalaciju iz start menija ili kontrol panela - ako ne radi vidi da li možeš sada ući u safe mod.
kada sve to deinstaliraš(usb,eset,mcafee...) prati kako ti se ponaša komp.tvoji problemi ne potiču od nekog jakog malware-a koliko od kombinacije neuskladjenog softvera na mašini i nepažljivog surfovanja.zato polako sa instaliranjem programa-prati kako ti reaguje komp.







[Ovu poruku je menjao Vodomar dana 08.05.2012. u 22:37 GMT+1]
[ Obavestenje @ 08.05.2012. 22:56 ] @
Probaj da skeniras kompjuter sa Kaspersky TDSSKiller a instalacija je besplatna.
[ adjals @ 08.05.2012. 23:59 ] @
Eset , Mcaffe i UsbDisk security je instaliran pre jedno mesec, mesec ipo dana kada sam menjala napajanje na racunaru, i instalirao ih je decko koji mi je menjao napajanje i completno vrsio reinstalaciju celog programa. I kada mi je stigao racunar posle popravke, instaliran je bio Chrome i SKype koji nije hteo raditi, ali nisam pridavala tome znacaj, zato sto sam smatrala da je verovatno nije dovrsio lepo instalaciju, pa sam
to obrisala i instalirala ponovo Chrome i SKype.

Probala sam malo pre da Pokrenem OTL i ubacila sam onaj tekst, ali dosta dugo skeniranje vrsi, preko 2h i na kraju se pojavi Not responding i ne moye da odradi do kraja skeniranje.
Da li da odradim ovo skeniranje, i koliko ono otprilike moye da traje?

Ok. USB Disk sam dinstalirala, Nod ne moze iz Control panela i Start menija, kada se klikne na Uninstall ne reaguje uopste. Znaci i Mcafe da deinstaliram.
[ adjals @ 09.05.2012. 00:06 ] @
Imam samo pitanje oko Mcaffe-a. Deinstalirala sam McCafe Security Scan Plus i postoji instaliran i Mcaffe site advisor, da li treba i njega da deinstaliram?

Prilikom dinstalacije pc se noramlno ponasa, nikakve upozoravajuci prozorcici nisu izasli, osim sto se cuje malo jaci zvuk dok odradjuje deinstalaciju, ono kao kada vrsimo defragmentaciju.


[ adjals @ 09.05.2012. 00:52 ] @
Probala sam ponovo ucu u safe mod, ali nece. Ostao je znaci Eset nedeinstaliran, ovo drugo sam deinstalriala USB Disksecurity i Mcaffe i to i MCcafe Scan Security i mccafe site advisor.
Sada sam se ulogovala preko Firefox-a do sada i ipak mislim da je u pitanju virus. Zato sto mi sada browser ne koci kao sto je kocio, i cak i tastatura bolje kuca, ne zaglavljuju tipke.
Dok sam deinstalirala Mcaffe site advisor, tj, kada sam kliknula na remove taster u Add or remove programs and windows components, Malwarebytes je pokazao obavestenje da je uspesno blokiran pristup potencijalno malicioznoj adresi 64.135.77.30 Tip. odlazna.
I evo dok sam ulogovana sada uporno izlazi to obavestenje.
Pokusacu sada da obrisem i Chrome i Firefox i da ih ponovo instaliram, za svaki slucaj.
[ valjan @ 09.05.2012. 02:41 ] @
ESET je komercijalni antivirus, odnosno nema ga u besplatnoj varijanti, postoji samo probna verzija koja traje 30 dana, i nakon toga moraš da ga platiš ili ukloniš sa računara. Momak koji ti ga je instalirao je najverovatnije ubacio neku krekovanu verziju, a krekovan antivirus je uglavnom veoma loš antivirus. Ili je on dobra duša pa te častio sa oko 30€ koliko košta licenca za godinu dana, ili ti je to uračunao u cenu ako si mu platila za popravku.

Elem, kod ESETa je specifično to da su neki od tih krekova ponekad veoma teški za uklanjanje, da on sam ume da ostavi "repove" svuda po sistemu, i da kad ga virus onesposobi, nekad ume da bude muka za uklanjanje. Postoji ručna metoda uz pomoć njihovog uninstallera, ali ti je za to potreban safe mode, a ti kažeš da ne možeš ući u safe mode. Preporučujem da otvoriš command prompt, i kucaš "sfc /scannow", i time će Windows proveriti da li su svi njegovi bitni sistemski fajlovi u redu, i zameniće one neispravne i dopuniti one koje nedostaju. Kada sfc završi, pokušaj ponovo da pokreneš računar u safe modu.

Preporučujem i da probaš da ukloniš ESET i na način opisan u ovom njihovom uputstvu, ali ako je krekovan i oštećen od strane malwarea, mislim da je slaba vajda od toga.

Preporučujem ti da se svakako rešiš tog ESETa, pa ili ga preuzmi i kupi direktno od proizvođača, ili instaliraj neko besplatno rešenje, pogledaj malo po ovom forumu šta se preporučuje.
[ kristi1 @ 09.05.2012. 08:40 ] @
Probaj da deinstaliras taj Eset ovim alatom http://www.appremover.com/

Deštriklirati Enable anonymous usage statistic

Klikni Next, izaberi sada prvu opciju, sacekaj da se zavrsi skeniranje, izaberi Eset i ukloni ga, klikom na Next;
Ukoliko se ne pojavi Eset, onda se vrati na pocetni prozor programa, klikni na Next, izaberi drugu opciju (Clean Up a Failed Uninstall), potvrdi sa Continue, idi na Next, sacekaj da se zavrsi skeniranje izaberi Eset i ukloni ga klikom na Next.



Zatim:


Preuzmi ComboFix sa sledece adrese na Desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Pokreni Combofix iskljucivo sa desktopa (I Agree)
Na svaki popup prozor klikci Yes \ Ok

Kad zavrsi skeniranje izbacice ti log na desktop

Kopiraj mi log ovde


Ne pokreci ni jedan drugi program dok Combofix radi!!!
[ adjals @ 09.05.2012. 13:06 ] @
Pozz za sve...

Sada cu pokusati da odradim ovu deinstalaciju ESET-a kako ste mi predlozili.
A evo sta mi se sada desilo kada sam ukljucila pc. Ponovo mi se pojavio DIsk USB security, ikonica u dnu ekrana ono gde obicno stoje paralelno sa start ikonom, a sinoc sam ga deinstalirala. Ponovo izvrsim deinstalaciju, i sada je valjda ok, ali izgleda da sa paljenjem i restartovanjem se ponovo pojavljuje, posle cu proveriti kada odradim deisnstalaciju ESET-a i kada restartujem pc, da li ce se pojaviljivati ponovo.
Sinoc sam pc jos jednom pred gasenje skenirala Malwarebytes i ok je bio izvestaj.
[ adjals @ 09.05.2012. 14:06 ] @
Evo upravo sam odradila, pa evo iyvestaja.

Instalirala sam Appremover-destiklirala kockicu sa Enable anonymzs usage statistic, kliknula na next, i izabrala opciju Remove security application i pocelo je skeniranje , kada se zavrsilo skeniranje i pisalo 100% completed, isla sam na next , i ovo je pisalo u prozoru:
Select the security application that zou want to uninstall

i samo je stajao od ponudjenih: vendor: Malware bytes corporation
product: Malware anti-malware

nije bilo nigde ESEt-a

usla sam na dnu skroz stajao je jedan zeleni plus, za pronalayak jos aplikacija i kliknula sam na njega i samo je dodao MC Shield i to je to...
Valjda je ok, ynaci da je ESET deinstalirana. Valjda sam ovo ok odradila.


Potom sam ppreuzela Combo fix i pokrenula ga sa desktopa i izaslo mi je ono I agree, kliknula na to i izasao je veci prozorcic brzo zeleni tekst i izasao veci prozor...i sacekala sam da odradi skeniranje. Svi programi su mi bili zatvoreni. posel 10-tak minuta. izasao je jedna pop up prozor i kliknula sam yes, i negde pred kraj izasao je porzor u kom je pisalo WIndows File protection
ali nije bilo opcije za klik xes ili ok vec valjda retry, censel, nisam stigla da procitam sta pise u prozoru,ali letimicno onos to sam videla cini mi se da je trazio instalacioni cd windowsa nisam sigurna, zato sto se posle pojavio drugi pa treci prozor na koje sam kliknula yes, i ovaj prozor je nestao...
Onda mi je pisalo na onovm vecem prvobitno otvorenom prozoru

Preparing log report
Do not run any rpograms until ccombofix has finished

i posle toga da sacekam izvestaj

I evo tog izvestaja.


Ovde stoji neka stavka infected, pa pretpostavljam da ovo nije ok....Jel treba ponovo da odradim ovo?


Jel treba da brisem ESET i iz Program File na C: ?

ComboFix 12-05-09.01 - Administrator 09.05.2012 14:31:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.512.299 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Administrator\Application Data\ubot
c:\progra~1\EASYAU~1\EASYsp~1.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\msssc.dll
D:\install.exe
.
c:\windows\system32\msgsvc.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-08 15:08 . 2012-05-08 15:08 -------- d-----w- C:\_OTL
2012-05-08 14:18 . 2012-05-09 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-05-08 14:18 . 2012-05-08 14:18 -------- d-----w- c:\program files\MCShield
2012-05-08 13:11 . 2011-08-16 10:32 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-07 19:38 . 2012-05-08 09:17 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-06 14:34 . 2012-05-06 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-05-06 14:32 . 2012-05-06 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-06 14:32 . 2012-05-06 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-06 12:29 . 2012-05-06 12:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zbshareware Lab
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\program files\SweetIM
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-05-02 09:43 . 2012-05-04 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeFileViewer
2012-05-02 09:34 . 2012-05-02 09:34 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-05-02 09:28 . 2012-05-02 09:28 -------- d-----w- c:\program files\MSECache
2012-05-02 09:21 . 2012-05-02 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2012-04-30 19:12 . 2012-04-30 19:12 -------- d-----w- c:\program files\Article Submitter 4Pro
2012-04-28 10:29 . 2012-04-29 23:10 -------- d-----w- c:\program files\Hotlist-Search Buzz
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Arthur_A._Evseev_(artevse
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\program files\ArticleToolChest
2012-04-25 16:32 . 2012-04-26 08:55 -------- d-----w- c:\program files\Hotlist-Theme-Buzz
2012-04-25 15:50 . 2012-04-25 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode
2012-04-24 19:48 . 2012-04-24 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 19:48 . 2012-04-24 19:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 19:48 . 2012-04-24 19:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 09:49 . 2012-05-09 12:38 -------- d-----w- c:\program files\Easy Auto Spinner
2012-04-21 09:45 . 2012-05-06 09:28 -------- d-----w- c:\program files\Spin Writer Pro
2012-04-20 18:15 . 2012-04-20 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FileTypeAssistant
2012-04-20 18:11 . 2012-04-20 18:11 -------- d-----w- c:\program files\Free Text Pad
2012-04-20 18:05 . 2012-05-02 09:36 -------- d-----w- c:\program files\File Type Assistant
2012-04-20 18:04 . 2012-05-02 09:36 -------- d-----w- c:\program files\FreeFileViewer
2012-04-20 17:48 . 2012-04-20 17:48 -------- d-----w- c:\program files\7-Zip
2012-04-19 16:53 . 2012-05-05 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AbiSuite
2012-04-19 16:52 . 2012-05-05 08:20 -------- d-----w- c:\program files\AbiWord
2012-04-19 11:42 . 2012-04-22 19:34 -------- d-----w- c:\program files\Article sender
2012-04-19 11:14 . 2012-04-19 11:27 -------- d-----w- c:\program files\Easy Homepage Creator V.2.0 DEMO
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\mresreg
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\IN-MEDIAKG
2012-04-19 11:08 . 2012-04-19 11:12 -------- d-----w- c:\program files\HomepageFIX2012
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\program files\mresreg
2012-04-18 15:53 . 2012-04-30 20:17 -------- d-----w- c:\program files\tinySpell
2012-04-18 15:53 . 2012-04-18 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\tinySpell
2012-04-10 17:52 . 2012-05-09 11:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-04-10 17:52 . 2012-04-10 17:52 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 12:44 . 2012-03-30 16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:44 . 2012-03-09 05:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-01 10:58 . 2002-12-31 12:00 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-12-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-12-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-24 19:48 . 2002-01-01 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"chromium"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\MSHTA.exe"=
"c:\\WINDOWS\\system32\\DfrgFat.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58718:TCP"= 58718:TCP:Pando Media Booster
"58718:UDP"= 58718:UDP:Pando Media Booster
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 10:20 103112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2012 12:00 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2012 12:00 22344]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 13:03 974944]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 18:16 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.4.2012 21:48 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASPI32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2002-12-31 12:00 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:44]
.
2012-05-09 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-20 12:24]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
.
2012-05-09 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-20 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60049
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AlphaMarket Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2922774&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2922774&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 14:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1788223648-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-05-09 14:42:50
ComboFix-quarantined-files.txt 2012-05-09 12:42
.
Pre-Run: 9.653.587.968 bytes free
Post-Run: 10.442.141.696 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AA7FBE85277567E9AC11927A74458D95




[ kristi1 @ 09.05.2012. 15:57 ] @
Mada ovo ne radim, obrisacu ti Eset ovim alatom posto vidim da imas problema sa njegovim uklanjanjem. Inace ne radim tako.
Ubuduce vodi racuna ko ti petlja po kompjuteru. Imas besplatne antivir programe i ukoliko nemas para, ili ne zelis da kupujes antivirus tu su besplatne aplikacije.
Na kraju cu da ti predlozim sta da instaliras i dacu ti link za preuzimanje.

Idemo ovako, pazljivo isprati uputstvo.


Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Code:



Folder::
c:\program files\SweetIM
c:\program files\ESET

File::
c:\windows\system32\drivers\ehdrv.sys
c:\windows\system32\drivers\epfwtdir.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"=-

Driver::
ehdrv
epfwtdir
ekrn

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2922774&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2922774&SearchSource=2&q=






Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop




Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix.

Doci ce do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)
Posalji ComboFix log na uvid.


Vazna napomena

Combofix mora da se nalazi na Desktopu (radnoj povrsini), to sam ti vec naglasio u prvom uputstvu.
Ti si ga pokrenula odavde:

c:\documents and settings\Administrator\My Documents\Downloads


Prebaci ga na Desktop, tu mora da bude.

[Ovu poruku je menjao kristi1 dana 09.05.2012. u 17:10 GMT+1]

[Ovu poruku je menjao kristi1 dana 09.05.2012. u 17:11 GMT+1]
[ adjals @ 09.05.2012. 20:54 ] @

Ok, hvala ti puno..EsetNOd32 stvarno zadaje probleme....Ranije sam koristila Avast i potpuno je ok bio i stitio mi je pc, nisam imala problema, ali nisam do sada imala obicaj da kupujem antivirusne programe, jel racunam da su i ove besplatne verzije efikasne.....

Uradila sam ovako kako si mi napisao za ovaj prvi deo, izgleda da sam Combo kada sam preuzimala prvi put memorisala na Download i onda mi automatski se pokretao odatle, sada sam ga prebacila na Desktop, ali opet ne stoji C:/Desktop ,

Ubacila sam onaj tekst, iskorpirala u Notepad-u, memorisala kao CFScript.txt u desktop-u, i potom otvorila desktop i misem prevuka CFScript.txt preko Combofix , zatim mi se otvorio pop up prozor u gde sam kliknula RUN i pokrenuo se Combo,, al me sada nije mi otvorio ono da prihvatim uslove (I agree), otvorio se samo prozor u kome je izlistao neki tekst zeleni, pa malo veci prozor u kome je pisalo da sacekam i ne otvaram ni jedan program...potom se racunar restartovao i ponovo mi se otvorio isti prozor u kome je pisalo da sacekam dok se ne izbaci izvestaj..

Jel ok, ovo kako sam odradila? Nije mi jasno samo ovo zasto ne stoji da se Combo nalazi na c:/Desktop nego stoji c:/Documents and setings/Administrator/Desktop

Kada sam skidala tj. preuzimala Combo isla sam na link, pa se otvorio popup prozor gde treba da ga smestim i kliknula sam na Desktop , pa na save.

Jel ok ovaj izvestaj, jel se izbrisao ili da odradim ponovo...Meni sumnjivo, da sam dobro odradila, stoji mi opet ESET u start-u kada odtvorim all programs.....

Evo izvestaja za Combo

I danas sam odradila jos odjednom scan sa AntySpayWire i u prvom skeniranju je bilo 85 inficiranih fajlova od sa Adware, od toga dva Trojan Agent/Gen-Poison, pa sam ih odstranila u karantin, i ponovo iyvrslila kompletno sceniranje pa je onda bilo 7 inficiranih fajlova od toga 2 opet Trojan Agent/Gen-Poison ali na drugoj lokaciji. Pa sam i njih odstranila u karantin.
Ako treba izyvestaj ovaj posle skeniranja da prikacimm, sacuvala sam ga.

Malwarebytes, sam sinoc ukljucivala i njime skenirala sve je bilo cisto, i MC Shield kada se ukljuuci pc pokazuje da nema inficiranih fajlova, sa AntySpyWire pokazuje ove trojance i Adware. Pa mi ni to nije jasno...verovatno negde se kriju..



ComboFix 12-05-09.01 - Administrator 09.05.2012 20:47:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.512.317 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\drivers\ehdrv.sys"
"c:\windows\system32\drivers\epfwtdir.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET
c:\program files\ESET\ESET NOD32 Antivirus\callmsi.exe
c:\program files\ESET\ESET NOD32 Antivirus\DMON.dll
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
c:\program files\ESET\ESET NOD32 Antivirus\ecls.exe
c:\program files\ESET\ESET NOD32 Antivirus\ecmd.exe
c:\program files\ESET\ESET NOD32 Antivirus\eeclnt.exe
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\program files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiDmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiHips.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiProductRcd.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiScan.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnDmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnHips.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
c:\program files\ESET\ESET NOD32 Antivirus\em000_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em001_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em002_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em003_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em004_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em005_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em006_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em009_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em015_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em017_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em018_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em019_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em022_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOE.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgTbEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eset.chm
c:\program files\ESET\ESET NOD32 Antivirus\eula.rtf
c:\program files\ESET\ESET NOD32 Antivirus\mfc80u.dll
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\chrome.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\Components\eplgTb.dll
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\install.rdf
c:\program files\ESET\ESET NOD32 Antivirus\msvcp80.dll
c:\program files\ESET\ESET NOD32 Antivirus\msvcr80.dll
c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll
c:\program files\ESET\ESET NOD32 Antivirus\SysInspector.exe
c:\program files\ESET\ESET NOD32 Antivirus\SysRescue.exe
c:\program files\ESET\ESET NOD32 Antivirus\updater.dll
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\windows\system32\drivers\ehdrv.sys
c:\windows\system32\drivers\epfwtdir.sys
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EHDRV
-------\Legacy_EKRN
-------\Legacy_EPFWTDIR
-------\Service_ehdrv
-------\Service_ekrn
-------\Service_epfwtdir
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-08 15:08 . 2012-05-08 15:08 -------- d-----w- C:\_OTL
2012-05-08 14:18 . 2012-05-09 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-05-08 14:18 . 2012-05-08 14:18 -------- d-----w- c:\program files\MCShield
2012-05-08 13:11 . 2011-08-16 10:32 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-07 19:38 . 2012-05-08 09:17 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-06 14:34 . 2012-05-06 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-05-06 14:32 . 2012-05-06 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-06 14:32 . 2012-05-06 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-06 12:29 . 2012-05-06 12:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zbshareware Lab
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-05-02 09:43 . 2012-05-04 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeFileViewer
2012-05-02 09:34 . 2012-05-02 09:34 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-05-02 09:28 . 2012-05-02 09:28 -------- d-----w- c:\program files\MSECache
2012-05-02 09:21 . 2012-05-02 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2012-04-30 19:12 . 2012-04-30 19:12 -------- d-----w- c:\program files\Article Submitter 4Pro
2012-04-28 10:29 . 2012-04-29 23:10 -------- d-----w- c:\program files\Hotlist-Search Buzz
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Arthur_A._Evseev_(artevse
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\program files\ArticleToolChest
2012-04-25 16:32 . 2012-04-26 08:55 -------- d-----w- c:\program files\Hotlist-Theme-Buzz
2012-04-25 15:50 . 2012-04-25 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode
2012-04-24 19:48 . 2012-04-24 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 19:48 . 2012-04-24 19:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 19:48 . 2012-04-24 19:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 09:49 . 2012-05-09 12:38 -------- d-----w- c:\program files\Easy Auto Spinner
2012-04-21 09:45 . 2012-05-06 09:28 -------- d-----w- c:\program files\Spin Writer Pro
2012-04-20 18:15 . 2012-04-20 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FileTypeAssistant
2012-04-20 18:11 . 2012-04-20 18:11 -------- d-----w- c:\program files\Free Text Pad
2012-04-20 18:05 . 2012-05-02 09:36 -------- d-----w- c:\program files\File Type Assistant
2012-04-20 18:04 . 2012-05-02 09:36 -------- d-----w- c:\program files\FreeFileViewer
2012-04-20 17:48 . 2012-04-20 17:48 -------- d-----w- c:\program files\7-Zip
2012-04-19 16:53 . 2012-05-05 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AbiSuite
2012-04-19 16:52 . 2012-05-05 08:20 -------- d-----w- c:\program files\AbiWord
2012-04-19 11:42 . 2012-04-22 19:34 -------- d-----w- c:\program files\Article sender
2012-04-19 11:14 . 2012-04-19 11:27 -------- d-----w- c:\program files\Easy Homepage Creator V.2.0 DEMO
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\mresreg
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\IN-MEDIAKG
2012-04-19 11:08 . 2012-04-19 11:12 -------- d-----w- c:\program files\HomepageFIX2012
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\program files\mresreg
2012-04-18 15:53 . 2012-04-30 20:17 -------- d-----w- c:\program files\tinySpell
2012-04-18 15:53 . 2012-04-18 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\tinySpell
2012-04-10 17:52 . 2012-05-09 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-04-10 17:52 . 2012-04-10 17:52 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 12:44 . 2012-03-30 16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:44 . 2012-03-09 05:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-01 10:58 . 2002-12-31 12:00 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-12-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-12-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-24 19:48 . 2002-01-01 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"chromium"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\MSHTA.exe"=
"c:\\WINDOWS\\system32\\DfrgFat.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58718:TCP"= 58718:TCP:Pando Media Booster
"58718:UDP"= 58718:UDP:Pando Media Booster
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2012 12:00 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2012 12:00 22344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 18:16 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.4.2012 21:48 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASPI32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2002-12-31 12:00 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:44]
.
2012-05-09 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-20 12:24]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
.
2012-05-09 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-20 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60049
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AlphaMarket Customized Web Search
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 20:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1788223648-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2012-05-09 21:07:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 19:07
ComboFix2.txt 2012-05-09 12:42
.
Pre-Run: 10.294.603.776 bytes free
Post-Run: 10.406.715.392 bytes free
.
- - End Of File - - 974F10CF601DAF4348A4FD08878F35C1
[ kristi1 @ 09.05.2012. 22:13 ] @
Odlicno, racunar je cist. Odradicemo jos jednu skriptu, koja ce brzo da zavrsi.

Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Code:



SkipFix::

SecCenter::
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}



Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop




Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe



Nakon zavrsetka rada Combofixa, sledi deinstalacija.


Start > Run > kopiraj Combofix /Uninstall enter i potvrdi sa OK.



Instaliraj zatim Avast antivirus, preuzmi Odavde

Posle instalacije imaces opciju da registrujes Antivirus online, znaci samo popunis podatke koji se traze i imas licencu za 1 god.
[ kristi1 @ 09.05.2012. 22:19 ] @
Moguce da je nesto detektovano u System Restore, posle deinstalacije Combofixa resetovace se i System restore i to je to.
Ili je taj alat detektovao coockies, sto inace takvi i slicni programi znaju da detektuju kao malware, a u stvari to nisu.

Uglavnom, CF log ne pokazuje znakove nijedne infekcije.
[ Vodomar @ 09.05.2012. 22:24 ] @
probaj jos jednom da odes u safe mod i vidi da li možeš da udješ u njega.
[ adjals @ 10.05.2012. 09:16 ] @
Ok, odradila sam ovo, s tim , kada u RUN ukucam Combofix/uninstall i kliknem ok izbacuje mi popup prozor za instalaciju Combofix, sto verovatno znaci da je deinstaliran Combofix, jer mi se ne nalazi ni u instaliranim programima, ni u Task Manager-u, a nema gi ni u Control panel-u u Add or remove programs and Wondows components.

Valjda je ok ovaj izvestaj..

Sada cu instalirati Avast i pokusacu, pre toga da proverim da li mogu uci u Safe Mod, zbog ovog ESET, koji jos uvek stoji u instaliranim programima.


Da li posle instalacije Avasta da deisntaliram i obrisem MC Shield? I da li ima potrebe da mi po instalaciji AVAST-a ostanu instalirani i SuperAntySpyWare, MalwaryBytes (njemu probni period je jos 11 dana posle verovatno treba placena licena), OTL. exe ili i njih da deinstaliram, posto cu imati AVAST.

Pital bih te samo posto trenutno koristim Wise registry cleaner, da li mi je on ok ili je bolje da instaliram CCCleaner? Sta je po tvom misljenju bolje?

Evo izvestaja za ovu drugu scriptu.

ComboFix 12-05-09.01 - Administrator 10.05.2012 9:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.512.272 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-08 15:08 . 2012-05-08 15:08 -------- d-----w- C:\_OTL
2012-05-08 14:18 . 2012-05-10 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-05-08 14:18 . 2012-05-08 14:18 -------- d-----w- c:\program files\MCShield
2012-05-08 13:11 . 2011-08-16 10:32 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-07 19:38 . 2012-05-08 09:17 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-06 14:34 . 2012-05-06 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-05-06 14:32 . 2012-05-06 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-06 14:32 . 2012-05-06 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-06 12:29 . 2012-05-06 12:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zbshareware Lab
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-05-02 09:43 . 2012-05-04 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeFileViewer
2012-05-02 09:34 . 2012-05-02 09:34 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-05-02 09:28 . 2012-05-02 09:28 -------- d-----w- c:\program files\MSECache
2012-05-02 09:21 . 2012-05-02 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2012-04-30 19:12 . 2012-04-30 19:12 -------- d-----w- c:\program files\Article Submitter 4Pro
2012-04-28 10:29 . 2012-04-29 23:10 -------- d-----w- c:\program files\Hotlist-Search Buzz
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Arthur_A._Evseev_(artevse
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\program files\ArticleToolChest
2012-04-25 16:32 . 2012-04-26 08:55 -------- d-----w- c:\program files\Hotlist-Theme-Buzz
2012-04-25 15:50 . 2012-04-25 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode
2012-04-24 19:48 . 2012-04-24 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 19:48 . 2012-04-24 19:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 19:48 . 2012-04-24 19:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 09:49 . 2012-05-09 12:38 -------- d-----w- c:\program files\Easy Auto Spinner
2012-04-21 09:45 . 2012-05-06 09:28 -------- d-----w- c:\program files\Spin Writer Pro
2012-04-20 18:15 . 2012-04-20 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FileTypeAssistant
2012-04-20 18:11 . 2012-04-20 18:11 -------- d-----w- c:\program files\Free Text Pad
2012-04-20 18:05 . 2012-05-02 09:36 -------- d-----w- c:\program files\File Type Assistant
2012-04-20 18:04 . 2012-05-02 09:36 -------- d-----w- c:\program files\FreeFileViewer
2012-04-20 17:48 . 2012-04-20 17:48 -------- d-----w- c:\program files\7-Zip
2012-04-19 16:53 . 2012-05-05 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AbiSuite
2012-04-19 16:52 . 2012-05-05 08:20 -------- d-----w- c:\program files\AbiWord
2012-04-19 11:42 . 2012-04-22 19:34 -------- d-----w- c:\program files\Article sender
2012-04-19 11:14 . 2012-04-19 11:27 -------- d-----w- c:\program files\Easy Homepage Creator V.2.0 DEMO
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\mresreg
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\IN-MEDIAKG
2012-04-19 11:08 . 2012-04-19 11:12 -------- d-----w- c:\program files\HomepageFIX2012
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\program files\mresreg
2012-04-18 15:53 . 2012-04-30 20:17 -------- d-----w- c:\program files\tinySpell
2012-04-18 15:53 . 2012-04-18 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\tinySpell
2012-04-10 17:52 . 2012-05-10 07:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-04-10 17:52 . 2012-04-10 17:52 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 12:44 . 2012-03-30 16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:44 . 2012-03-09 05:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12 . 2002-12-31 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2002-12-31 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-01 10:58 . 2002-12-31 12:00 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-12-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-12-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-24 19:48 . 2002-01-01 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"chromium"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\MSHTA.exe"=
"c:\\WINDOWS\\system32\\DfrgFat.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58718:TCP"= 58718:TCP:Pando Media Booster
"58718:UDP"= 58718:UDP:Pando Media Booster
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASPI32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2002-12-31 12:00 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:44]
.
2012-05-10 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-20 12:24]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
.
2012-05-10 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-20 20:19]
.
2012-05-09 c:\windows\Tasks\User_Feed_Synchronization-{80B1D5B1-CFF6-4D54-9AA7-DFA2FF18D756}.job
- c:\windows\system32\msfeedssync.exe [2002-12-31 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60049
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AlphaMarket Customized Web Search
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 09:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1788223648-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2844)
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2012-05-10 09:50:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 07:50
ComboFix2.txt 2012-05-09 19:07
ComboFix3.txt 2012-05-09 12:42
.
Pre-Run: 10.076.094.464 bytes free
Post-Run: 10.146.459.648 bytes free
.
- - End Of File - - 4A17972687699DCC450729ED50B854F4
[ kristi1 @ 10.05.2012. 10:37 ] @
Ovo ti je pravilo problem, CF je u zadnjem skeniranju zamenio inficirani fajl cistim.

Code:
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll 



Wise registry cleaner obrisi, a CCleaner zadrzi, dovoljan je kao registry cistac.

Eset nije aktivan, udji u Safe Mode i pokreni ovaj alat da pocisti odtatke ukoliko ih ima.

http://kb.eset.com/esetkb/inde..._US&searchid=1254657447620


Takodje na kraju pokreni OTL i klikni na CleanUp.
[ adjals @ 10.05.2012. 11:50 ] @
Znaci sada je to ok, taj osteceni fajl koji je pravio problem je zamenjen i ne mora se vrsiti reinstalacija celog Windowsa, pretpostavljam.


Primetila sam na izvestaju da ESET nije aktivan.

Pokusala sam malopre da udjem u Safe Mod, kako bih odatle pokrenula Uninstall ESet ali, usla sam, ali kada sam kliknula dvaput na ikonu UninstallESET otvorio mi je prozor u kom je ovo pisalo, evo izvestaja...


>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[05/10/12 11:31:27] C:\Documents and Settings\Administrator\Desktop\ESETUninstaller.exe 4.0.15.5
[05/10/12 11:31:27] Input arguments:
[05/10/12 11:31:29] Online (PC booted from fixed disk) mode detected.

[05/10/12 11:31:29] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n):

I nisam mogla nista da odradim zato sto je blokirala i tastatura i mis. Samo sam izvrsila restart i po izvrsenom restartu izasao mi je ovaj izvestaj.

Pokusala sam pre toga da preko Start-a deinstaliram i sada mi otvara pop up prozor u kome je ona mala slicica sa lupom i stoji sledeci tekst:

Windows cannot open this file

File: callmsi.exe.vir

To open this file , windows needs to know what program created it. Windows can go online to look up automatically, or you can manually select from a list of programs on your computer.

What do you want to do?

- Use the web service to find the appropriate program
-Select the program from a list.

Izabrala sam select the program from a list, ali ne mogu ga naci kada mi otvori pop up prozor sa programima. Nema ga ni u programs files.
Jedino stoji u start-u kada se otvore all programs.
[ Vodomar @ 10.05.2012. 12:09 ] @
pokusaj jos jednom da udjes u safe mod.dupli klik na Uninstaller sacekaj malo pa na prvi upit odgovori sa y onda kad iskenira gledaj redni broj tvog ESET av trebao bi da bude po 1.Opet unesi 1 pa sacekaj i na treci upit opet odgovori sa y.Samo polako
[ kristi1 @ 10.05.2012. 12:17 ] @
U principu nema potrebe to da radis jer smo ga uklonili iz sistema potpuno. U All programs ga mozes izbrisati, ali ni ne moras, nebitno je.
Takodje nema potrebe za reinstalacijom sistema.
Pretpostavljam da sistem sada funkcionise dobro. Ostaje samo da instaliras Avast.
[ kristi1 @ 10.05.2012. 12:30 ] @
Fajl callmsi.exe je Esetov modul. Lokacija mu je C:\Program Files\eset\eset nod32 antivirus

Iz nekog razloga, dodata mu je extenzija vir i zato ne funkcionise. Obrisi tu extenziju tako da ostane samo callmsi.exe, onda ce da funkcionise.
Ili obrisi ceo folder.
[ adjals @ 11.05.2012. 21:06 ] @
Pokusala, sam, al nece. Ne moze nista da se odradi,uspem da udjem u safe mode, ali opet blokira tastatura, i to kad se klikne dvoklik na ESET Uninstall ikonicu, samo se otvori onaj prozor sa onim textom i na kraju odgovor y ili n , i tu blokira, i mis i tastatura. Ne znam zbog cega, nije mi jasno. Ako je ok sve, ne bi trebalo da blokira. Citala sam ono upustvo za deinstalaciju na onom linku sto si mi napisao i tamo stoji da aktivacija ESETuninstall kada se vrsi u safe mode moye da izazove neki poremacej trenutni sistema i da treba biti oprezan, jedino ako nije to to. Ali bi to rebalo malo kasnije da se normalizuje. Prvi put kada sam pokusala da deistaliram ESET ovako ostavila sam ga u safe mode bar jedno 15-tak minuta, sto bi mu valjda bilo dovoljno sda se noramliyuje sistem, ali nista i dalje je ostala blokirana i tastatura i mis.
[ Vodomar @ 11.05.2012. 21:16 ] @
Pa možda je do tog Uninstallera.Bitno je da možeš da udješ u safe mod u suprotnom to bi bio velik problem.Da li se sada komp generalno ponaša bolje nakon uklonjenog ESET-a u normalnom okruženju?
[ adjals @ 11.05.2012. 21:30 ] @
Ok, funkcionise, samo sto povremeno uspori, kada ga ukljucujem, dok se pokrene, ali verovatno zbog pune virtuelne memorije, sto cu morati da sredim, I povremeno zakoci kada otvorim facebook, to mi se redovno desava, verovatno je facebook pun virusa zbog onih silnih aplikacija i igrica koje se otvaraju po pola sata bukvalno..Avast sam instalirala, ali mi stoji da mu licenca istice za 20 dana, i treba da se kupi, a kada sam ga instalirala, registrovala sam onu free verziju. Al valjda je ok, trebalo bi godinu dana da vazi.
Opet mi stalno isbacuje, i AVAST i Malwarebytes, kada otvorim npr.yahoo mail i jos jedno dva prozora da je uspesno blokiran pristup potencijalno malicioznoj adresi 64 135 77 30 tip odlayna i to mi non stop izbacuje. A strane koje sam otvorila i koje posecjujem su ok, tj. yahoo i jos dva sajta koji nisu na WOT crnoj listi. Pa mi nije jasno zbog cega to pokazuje ako su sajtovi koje posecujem sigurni.

Izgleda da je bi inficiran i neki deo vezan za Microsoft office picture manager,kada hocu da ga otvorim, sistem mi je trazio da ga ponovo instaliram ,posto mi je trebao danas da ubacim neki fajl, i kada sam pokusala instalaciju, otvorio mi se prozor sa sledecim tekstom

The instruction at 0xoo430037 referenced memory at 0x00430037. The memory could not be read.
Click on OK to terminate the program
Click on Cansel the debug program


I nije mogla da se izvrsi instalcija. Verovatno je i to osteceno, tj. neki fajl.Ne znam koji je tacno fajl, ali pokusacu da ga pronadjem...Ovo drugo pretpostavljam da sve funkcionise ok, nisam stigla sve da isprobam..
Hvala puno i tebi Kristi i svima koji su mi pomogli da se resim ovih virusnih stetocina..


[ Vodomar @ 11.05.2012. 21:44 ] @
Ti si umesto free Malwarebytesa aktivirala trial pa i on "radi" u pozadini.Njega deinstaliraj a odradi i full skeniranje sa avastom prethodno ga ručno updateuj da budeš sigurna da skeniraš sa poslednjiom verzijom zapisa.Da li si deinstalirala Google?Da li se to sa fejsom dogadja i kad ideš preko Explorera?
[ Vodomar @ 11.05.2012. 22:34 ] @
512mb RAM-a je za današnje uslove preskromno svakako bi trebalo planirati kupovinu novog hardvera ako ne i PC-ja.Otud i usporenja.

http://support.microsoft.com/kb/307886/sr-cs
[ adjals @ 11.05.2012. 23:51 ] @
Ok, MalwareBytes, nisam jos deisntalirala, ostavila sam ga da proverim da li ce Avast pokazivati upozorenja kada naidje neki virus, koje i Malwarebytes pokazuje, deinstaliracu ga, ionako jos malo mu istice ova probna verzija, pa s obzirom da je Avas ok, nema potrebe da drzim malwarebytes, da ne zauzima memoriju.
A Google Chrome, sobzirom da ga koristim u zadnje vreme cesce samo sam ga preinstalirala,ali opredelicu se za jedan ili Google Chorme ili Firefox, mada je Ova najnovija verzija Chrome izuzetno dobra i ima ekstra dodatke, a Iexplorer, njega pa uopste ne koristim, osim kada bas ima neko instalrianje programa , pa se otvara preko njega, po mom misljenju je skroz nefunkcionalan. Sada sam isprobala da otvorim FB preko Iexplorera, i za nekih 5-10 minuta koliko sam bila na fb da proverim kako se ponasa na Iexploreru, ok je nije kocio, sasvim noramlno.
A skeniranje sa Avastom sam odradila po instaliranju, i on automatski po ukljucenju daje izvestaj, ali odradicu full skeniranje...
[ adjals @ 12.05.2012. 00:29 ] @
Znam da je malo ram memorije pa zbog toga i dolaze usporenja, ali pc je kupljen bas poodavno,pa je u vreme kada je kupljen bio jedan od jacih, s tim da je do pre godinu dve vrsio potrebe, ali sada definitivno mi treba vise memorije. Ja generalno mogu da mu dodam 2 gb mislim da je to maksimum koji se moze dodati na ovu maticnu plocu koju ima, i koja je nedavno promenjena. On ima relativno dobar hard disk,a da kupujem posebno hard disk neki jaci, pa da mu ugradjujem, i plus ram memorija, ne isplati se tj. popravke dodju nesto malo ispod prosecnih cena pc, sa sasvim solidnom memorijom. Tako da cu videti u neko skorije vreme da nabavim jedan pc sa jakom konfiguracijom.

THnx, za link, ovde je to lepo objasnjeno: Znam za ovaj postupak, ali mi nisu bile jasne neke stavke, tj. kod ukucavanja recommended memorije (koja kod mene iznosi 766MB) u Custom size tj. Initial size memory to je ok ukuca se isto 766mb, a u maximum size mb tu bi trebalo da bude 2 puta vise, znaci otprilike nekih 1500mb, bar sam ja to tako shvatila, ne bi trebalo staviti neku bezveznu cifru.
Kod mene disk c je samo imao virtuelnu memoriju a d i e nisu, pa bi tebalo da im to promenim. Tako da ce i to dosta ubrzati rad..
Isto vodim racuna da mi free space na diskovima bude u srazmeri, kako ne bi jedan bio suvise prenatrpan a druga dva prazna.
[ Vodomar @ 12.05.2012. 01:30 ] @
http://windows.microsoft.com/s...Preventing-low-memory-problems (ovo je za win7 ali čisto informativno)

Pa probaj i sa Firefoxom ali i pazi da ima što manje dodataka jer i oni jedu memoriju.takodje i broj otvorenih tabova mora biti što manji.Fejs je zahtevan sam po sebi.Memoriju možeš pratiti u Task Menadžeru.Kada instaliraš novi program trudi se da biraš Advanced ili Custom tip instalacije umesto Standardnog jer ćeš tako dobiti mogućnost da deštikliraš ono što nećeš da instaliraš a što sajtovi trpaju u svoje instalere:toolbare,ili druge proizvode npr. CCleaner nudi Chrome,Adobe Flash Player McAfee Scan Plus.
Instaliraj ili sa sajta proizvođača softvera ili sa poznatih sajtova za download softvera koji nemaju još svoje instalere Softpedia,FileHippo,DownloadCrew.
Zato polako instaliraj i pažljivo čitaj pre kliktanja jer si tako na svoj komp natovarila i softver koji je beskoristan a jede resurse.
Za fejs pogledaj ovaj video.Opozovi sve aplikacije koje ne koristiš.Preporučujem da instaliraš ovu aplikaciju.
Obavezno deinstaliraj sve što ne koristiš.Ono što zadržiš - redovno ažuriraj.Windows pogotovu.
[ adjals @ 13.05.2012. 16:58 ] @
Thnx, puno za linkove, proucila sam ovaj za virtuelnu memoriju, i prema onom upustvu za Windows XP sam postupila i sada je ok, ne pokazjuje mi vise onaj prozor Memory to Low.
Juce sam ponovo skenirala racunar, i Avast-om i MalwareBytes i AntySpyWare, Avast je pronasao par problematicnih stavki, koje sam uklonila, i AntySpyWare je identifikovao 48 Adware Tracking Cookie, sto sam takodje odstranila u karantin i unisteni su i odmah posle skeniranja restartovala sistem. MalwareBytes, nije nasao nijedan maliciozni virus. Jedino kada otvorim tacnije fajl koji se nalazi na
c:/Program Files/Microsoft office/office 11/1033/setup.CHM
c:/Program Files/Common Files/...../OSE:EXE

pokazuje mi Avast da je sumnjivi program i da ga smestim u SANDBOX i odatle otvorim.

Ovo mi je onemogucilo Miicrosoft Office Picture Manager, koga uopste ne mogu da otvorim, kada hocu da ga otvorim , pokrece mi ponovo instalciju Microsoft office profesional edition 2003 i tu zaglavi sa ovim gore navedenim sumnjivim stvarima, i ne moze da odradi do kraja instalciju.
Da li tu mozda treba neki dodatak za Microsoft office da se preinstalira, da bi se resilo ovo, tj, ovaj office 11 ili sta vec?
[ Vodomar @ 13.05.2012. 20:25 ] @
http://support.microsoft.com/kb/971179
Iskreno,nemam a ni ne koristim Office tako da tu nisam od pomoći.2003 je stara verzija a aktuelna je 2010.Ako softver nije kupljen onda je verovatno i modifikovan i to alarmira avast.Savetujem da jednostavno deinstaliraš sve što ti je taj tip stavio na mašinu i da ti ubuduće niko ne instalira softver pogotovu AV jer je mnogo problema poteklo od ilegalnog Eseta.Office je generalno na meti napadača a ako je ilegalan pa još i ne ažuriran imaš švajcarski sir od svoje odbrane. Dakle, savetujem ti da deinstaliraš Office preko kontrol panela a ako ne radi idi na gornji link.A onda ili kupi legalni Office 2010 ili pređi na besplatni Libreoffice.Svake nedelje odradi full skeniranje sa avastom a kada deinstaliraš malwarebytes preuzmi opet taj program ali free verziju i ne aktiviraj trial te takodje odradi full skeniranje jednom nedeljno i sa njim.Sve ostalo što ti je instalirano redovno ažuriraj to je veoma bitno.Izvinjavam se zbog grešaka nisam za kompom. Ok pozdravljam te i pametno surfuj :-)