PC Cleaner Pro 2012

PC Cleaner Pro 2012

offline
  • Miroljub Čeperković
  • mašinska
  • Pridružio: 20 Mar 2012
  • Poruke: 2181
  • Gde živiš: Vrnjačka Banja

PC Cleaner Pro 2012 sam skinuo sa njihovog sajta pre 3 dana i instalirao skenirao sa njim komp kad mi je tražio ključ deinstalirao sam ga sa CCliner posle toga uključio McAfee Security Scan Plus on mi je detektovao više antivirus programa instalirao Spybot-a nije ga detektovao deinstalirao kasperski instalirao Aviru ona ga je našla nije ga deinstalirala, na netu sam potražio i našao TrojanKiller-a on ga je našao i njega deinstalirao što mi je tražio ključ. Posle toga sam potražio vašu pomoć. Koristim telenor internet 10gb.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by korisnik at 18:28:43 on 2012-07-19
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1536.443 [GMT 2:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\ouc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Telenor Internet\Telenor Internet.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\mcafee\sitead~1\saUpd.exe
C:\Documents and Settings\korisnik\Desktop\knubkx41.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
ustart page = https://www.google.rs/
mstart page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?sourceid=ie7&q=%s
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FastestTubeBHO Class: {3e532ce8-c6d9-4a10-8ace-4348c96e8b6a} - c:\program files\fastesttube\1.3.7\WombatBHO.dll
BHO: Ask Toolbar: {5714e6d7-246d-4f1c-aa4d-2f401fe6cb0a} - c:\program files\asktoolbar3\asktoolbar3X.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live pomagač za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\korisnik\application data\flashgetbho\FlashGetBHO.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: GretechBHO Class: {f0181c6e-9218-4792-9f3c-e8df52b2f1ac} - c:\program files\gretech\gompicker\GomPickerBHO.dll
TB: Ask Toolbar: {5714e6d7-246d-4f1c-aa4d-2f401fe6cb0a} - c:\program files\asktoolbar3\asktoolbar3X.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll"
TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
TB: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {C7DDDD27-F303-42A5-B979-51559F7DC0F0} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\korisnik\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [NPSStartup]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.271\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Dodaj u Zaštitu od reklama - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Download all links by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallurl.htm
IE: Download by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgeturl.htm
IE: I&zvezi u Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: P&ošalji u OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Preuzimanje označenog s FDM-om - file://c:\program files\free download manager\dlselected.htm
IE: Preuzimanje videa s FDM-om - file://c:\program files\free download manager\dlfvideo.htm
IE: Preuzmi s FDM - file://c:\program files\free download manager\dllink.htm
IE: Preuzmi sve s FDM - file://c:\program files\free download manager\dlall.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1336216379608
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 217.65.192.101 217.65.192.102
TCP: Interfaces\{C53C7543-167B-4250-804A-0E5FC0814DBC} : DhcpNameServer = 217.65.192.101 217.65.192.102
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\lz7l7uaz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.rs/webhp?hl=sr&tab=ww
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B29c4814c-0514-4cd3-a680-66ff1f9b0da6%7D&mid=5581f70dbf6c4bbb9cae790f8ea6be99-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=hk011&v=11.1.0.7&lang=en&pr=sa&d=2012-06-25%2016%3A58%3A42&sap=ku&q=
FF - plugin: c:\documents and settings\korisnik\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\korisnik\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\netscape6\nprpplugin.dll
FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=112548
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.BabylonToolbar_i.hardId - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15505
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:08:35
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyF08FYIY&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.incredibar_i.instlDay - 15506
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:18:09
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyF08FYIY
FF - user.js: extensions.incredibar_i.upn2n - 92261588391311692
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 26
FF - user.js: extentions.y2layers.installId - 1f1d6b8a-f407-485c-93e6-251733627d83
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 82854830;82854830;c:\windows\system32\drivers\82854830.sys [2012-6-26 133208]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-7-18 565552]
R2 AVP;Kaspersky Anti-Virus usluga;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-7-18 95232]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-13 242240]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-7-13 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-7-13 73216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 usbet;USB 2.0 WebCAM;c:\windows\system32\drivers\ETdrv.sys [2012-6-22 165632]
S2 Telenor Internet. RunOuc;Telenor Internet. OUC;c:\program files\telenor internet\updatedog\ouc.exe [2012-7-13 246112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208]
S3 esihdrv;esihdrv;\??\c:\docume~1\korisnik\locals~1\temp\esihdrv.sys --> c:\docume~1\korisnik\locals~1\temp\esihdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-7-13 102784]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-5-27 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-5 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-5 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.271\McCHSvc.exe [2012-3-13 237272]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-12 113120]
S3 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-4-9 3063968]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-18 18:41:48 -------- dc----w- c:\program files\SpeedFan
2012-07-18 06:36:42 -------- dc----w- c:\program files\common files\McAfee
2012-07-18 06:36:18 -------- dc----w- c:\program files\McAfee
2012-07-18 04:44:19 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-07-18 04:44:19 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-07-18 04:42:14 -------- dc----w- c:\program files\Kaspersky Lab
2012-07-18 04:08:00 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\FileTypeAssistant
2012-07-18 03:58:58 -------- dc----w- c:\documents and settings\korisnik\application data\FreeFileViewer
2012-07-18 03:58:52 -------- dc----w- c:\program files\File Type Assistant
2012-07-18 03:58:37 -------- dc----w- c:\program files\FreeFileViewer
2012-07-18 00:27:03 -------- dc----w- c:\program files\Spybot - Search & Destroy
2012-07-18 00:27:03 -------- dc----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-07-17 20:00:43 -------- dc----w- c:\program files\Microsoft ASP.NET
2012-07-17 18:41:42 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\Help
2012-07-17 14:26:52 -------- dc----w- c:\documents and settings\korisnik\application data\Free Download Manager
2012-07-17 01:02:47 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-17 00:34:29 -------- dc----w- c:\documents and settings\korisnik\application data\PC Cleaners
2012-07-17 00:34:15 -------- dc----w- c:\documents and settings\korisnik\application data\PCPro
2012-07-17 00:34:01 -------- dc----w- c:\documents and settings\all users\application data\PC1Data
2012-07-17 00:26:11 -------- dc----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-07-17 00:25:52 -------- dc----w- c:\program files\McAfee Security Scan
2012-07-16 23:49:24 -------- dc----w- c:\program files\SlimCleaner
2012-07-16 22:24:40 -------- dc----w- c:\program files\Bing Bar Installer
2012-07-15 16:27:28 2991616 -c--a-w- c:\program files\openofficeorg33.msi
2012-07-14 19:17:53 -------- dc----w- c:\documents and settings\korisnik\application data\FlashgetSetup
2012-07-14 19:17:43 -------- dc----w- c:\documents and settings\korisnik\application data\FlashGetBHO
2012-07-14 19:17:38 -------- dc----w- c:\program files\FlashGet Network
2012-07-14 19:17:38 -------- dc----w- c:\documents and settings\korisnik\application data\FlashGet
2012-07-14 17:52:11 -------- d-----w- c:\windows\nview
2012-07-13 22:32:31 -------- d-----w- c:\windows\PIF
2012-07-13 19:44:13 -------- d-----w- c:\windows\Logs
2012-07-13 19:31:40 -------- dc----w- c:\program files\Free Download Manager
2012-07-13 19:04:58 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-07-13 11:14:54 -------- dc----w- c:\documents and settings\korisnik\application data\FastestTube
2012-07-13 06:38:03 -------- dc----w- c:\program files\Winamp Detect
2012-07-13 06:14:25 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-13 01:20:38 -------- dc----w- c:\program files\DAEMON Tools Lite
2012-07-13 01:04:44 90368 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-07-13 01:04:44 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-07-13 01:04:44 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-07-13 01:04:44 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-07-13 01:04:44 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-07-13 01:04:44 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-07-13 01:04:44 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-07-13 01:04:44 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-07-13 01:04:44 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-07-13 01:04:44 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-07-13 01:04:44 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-07-13 01:04:09 -------- dc----w- c:\program files\Telenor Internet
2012-07-12 20:53:12 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\FastestTube
2012-07-11 22:07:46 770384 -c--a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-11 22:07:46 624608 -c--a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-07-11 22:07:46 43488 -c--a-w- c:\program files\mozilla firefox\mozglue.dll
2012-07-11 22:07:46 421200 -c--a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-11 22:07:46 157608 -c--a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-07-11 22:07:46 113120 -c--a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-07-10 19:44:11 -------- dc----w- c:\program files\Defraggler
2012-07-09 13:50:12 -------- dc----w- c:\program files\DLLSuite
2012-07-09 13:14:44 -------- dc----w- c:\documents and settings\korisnik\application data\OpenOffice.org
2012-07-09 13:11:26 -------- dc----w- c:\program files\OpenOffice.org 3
2012-07-09 13:05:25 -------- dc----w- c:\program files\readmes
2012-07-09 13:05:25 -------- dc----w- c:\program files\licenses
2012-07-09 13:05:23 -------- dc----w- c:\program files\redist
2012-07-09 10:48:36 -------- dc----w- c:\documents and settings\korisnik\application data\PeaZip
2012-07-09 10:47:44 -------- dc----w- c:\program files\PeaZip
2012-07-07 23:23:38 -------- d-----w- c:\windows\$hf_mig$
2012-07-07 19:12:23 -------- dc----w- c:\program files\Inkscape
2012-07-07 18:00:19 -------- d-----w- c:\windows\setup.pss
2012-07-07 17:59:57 -------- d-----w- c:\windows\setupupd
2012-07-07 14:02:47 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
2012-07-07 13:17:27 -------- d-sh--w- C:\found.000
2012-07-06 09:03:51 -------- dc----w- c:\program files\CCleaner
2012-07-06 07:24:59 -------- d-----w- c:\windows\system32\appmgmt
2012-07-05 17:56:17 87608 -c--a-w- c:\documents and settings\korisnik\application data\inst.exe
2012-07-05 17:56:17 47360 -c--a-w- c:\documents and settings\korisnik\application data\pcouffin.sys
2012-07-04 13:27:12 -------- d-----w- c:\windows\system32\wbem\mof\good
2012-07-04 13:27:12 -------- d-----w- c:\windows\system32\wbem\mof\bad
2012-07-04 07:54:16 -------- d-----w- c:\windows\system32\wbem\Logs
2012-07-03 18:27:47 757760 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2012-07-03 18:27:47 69715 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2012-07-03 18:27:47 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2012-07-03 18:27:47 274432 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2012-07-03 18:27:47 204800 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2012-07-03 18:27:46 200836 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2012-07-03 18:27:45 331908 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-07-03 18:23:24 -------- dc----w- c:\program files\HUAWEI Modem Driver
2012-07-03 17:14:39 -------- dc----w- c:\documents and settings\korisnik\application data\Easeware
2012-07-03 14:23:38 -------- dc----w- c:\documents and settings\korisnik\application data\Qualys
2012-07-03 06:44:55 -------- dc----w- c:\documents and settings\korisnik\AppData
2012-07-02 18:18:19 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\Microsoft Help
2012-07-02 16:16:01 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\MicrosoftStore
2012-07-02 12:57:28 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\DolphinFutures
2012-07-02 12:57:17 -------- dc----w- c:\program files\Dolphin Futures
2012-07-01 18:48:28 -------- dc----w- c:\documents and settings\all users\application data\Tarma Installer
2012-07-01 18:00:22 -------- dc----w- c:\documents and settings\all users\application data\FileCure
2012-07-01 17:37:19 0 ------r- c:\windows\system32\NTIDIB4.dll
2012-07-01 17:37:19 0 ------r- c:\windows\system32\NTIBUN5.dll
2012-07-01 17:37:19 0 ------r- c:\windows\system32\NTIBUN4.dll
2012-07-01 16:50:19 65536 -c--a-r- c:\documents and settings\korisnik\application data\microsoft\installer\{f428d0fb-765d-40eb-bdd8-a1e7f5c597fa}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-07-01 14:34:01 174592 ----a-w- c:\windows\system32\framedyn.dll
2012-06-29 20:50:44 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2012-06-29 20:50:44 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2012-06-29 20:50:44 465920 ------w- c:\windows\system32\imapi2fs.dll
2012-06-29 20:50:43 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2012-06-29 20:50:43 317952 ------w- c:\windows\system32\imapi2.dll
2012-06-29 20:34:18 -------- dc----w- c:\program files\Update
2012-06-29 20:34:17 -------- dc----w- c:\program files\Common
2012-06-26 18:16:58 110992 -c--a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-06-26 18:16:55 147856 -c--a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-06-26 16:45:51 133208 ----a-w- c:\windows\system32\drivers\82854830.sys
2012-06-26 10:02:49 -------- dc----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-06-25 08:13:36 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\APN
2012-06-25 06:42:24 -------- dc----w- c:\documents and settings\korisnik\application data\inkscape
2012-06-24 17:04:22 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\Sun
2012-06-24 15:38:16 -------- dc----w- c:\program files\Oracle
2012-06-24 13:45:50 -------- dc----w- c:\documents and settings\korisnik\application data\BITS
2012-06-24 11:13:52 -------- dc----w- c:\documents and settings\all users\application data\Astroburn Pro
2012-06-24 02:04:52 -------- dc----w- c:\program files\StartNow Toolbar
2012-06-23 20:36:10 178688 ----a-w- c:\windows\system32\unrar.dll
2012-06-23 20:19:31 -------- dc----w- C:\output media
2012-06-22 18:07:15 -------- d-----w- c:\windows\speech
2012-06-22 17:56:40 -------- d-----w- c:\windows\Lhsp
2012-06-22 17:07:50 81920 ------w- c:\windows\system32\ieencode.dll
2012-06-22 17:07:03 19569 ----a-w- c:\windows\000006_.tmp
2012-06-22 08:36:28 176128 ----a-w- c:\windows\system32\Etprop.ax
2012-06-22 08:36:28 165632 ----a-w- c:\windows\system32\drivers\ETdrv.sys
2012-06-22 08:36:27 -------- dc----w- c:\program files\ETRON
2012-06-21 06:59:45 -------- dc----w- c:\documents and settings\all users\application data\WinZipEC
.
==================== Find3M ====================
.
2012-07-19 03:12:49 4273976 ----a-w- c:\windows\uninst.exe
2012-07-13 22:51:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 22:51:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 01:20:45 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-13 01:04:25 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-07-13 01:04:25 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-07-13 01:04:25 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-01 15:13:08 159608 ----a-w- c:\windows\system32\mfevtps.exe.1089.deleteme
2012-06-01 15:12:43 159608 ----a-w- c:\windows\system32\mfevtps.exe.91c1.deleteme
2012-06-01 14:55:24 14664 ----a-w- c:\windows\stinger.sys
2012-06-01 14:54:02 159608 ----a-w- c:\windows\system32\mfevtps.exe.d5c4.deleteme
2012-06-01 14:25:48 159608 ----a-w- c:\windows\system32\mfevtps.exe.42c3.deleteme
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-20 15:56:31 44 ----a-w- c:\windows\system32\msssc.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-12 06:54:17 1409 ----a-w- c:\windows\QTFont.for
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 22:10:44 10 ----a-w- c:\windows\system32\Mlkf.dll
2012-05-04 17:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29:22 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 17:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:31:47,96 ===============


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Pozdrav, Mikulino.



Arrow
- Preuzmi ESET Uninstaller na Desktop.
- Pokreni računar u Safe Mod-u.
- Isprati uputstvo za deinstalaciju sa sledećeg linka: http://kb.eset.com/esetkb/index?page=content&i.....4657447620



Arrow Da li koristiš trial, plaćenu ili krekovanu verzuju Kasperskog? Ukoliko je ova treća predlažem ti da je deinstaliraš iz Add/Remove Programs, a zatim i pomoću ovog Uninstallera: http://support.kaspersky.com/faq/?qid=208279463

Nakon toga instaliraj neko od besplatnih rešenaj: Avira, Avast, MSE, Panda, AVG...



Arrow Idi u Control Panel - Add/Remove Programs ideinstaliraj sledeće:
Ask Toolbar
StartNow Toolbar

- Nakon deinstalacije restartuj računar.



Arrow Preuzmite program OTL sa donjeg linka na Desktop:


OTL download
Kliknite dati link - u prozoru koji se otvori, kliknite Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.


Dvoklikom pokrenite OTL;

kliknite Run Scan;

po završetku skeniranja, izveštaji (koji će biti automatski sačuvani na Desktop-u kao OTL.Txt i Extras.txt) će se otvoriti u Notepad-u


Sadržaj izveštaja OTL.Txt iskopirajte u poruku na forumu, a izveštaj Extras.Txt priložite uz poruku korišćenjem opcije Prikači fajl.




Ivance95 (AMF Tim)

offline
  • Miroljub Čeperković
  • mašinska
  • Pridružio: 20 Mar 2012
  • Poruke: 2181
  • Gde živiš: Vrnjačka Banja

Napisano: 20 Jul 2012 17:35

Zdravo hvala na pomoći preuzeo sam ESETUninstaler i uradio po uputstvu
https://www.mycity.rs/must-login.png
nije ga uklonio,.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by korisnik at 16:53:07 on 2012-07-20
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1536.873 [GMT 2:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Microsoft\BingBar\7.1.382.0\BBSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\All Users\Application Data\Telenor Internet\OnlineUpdate\ouc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Telenor Internet\Telenor Internet.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\korisnik\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
ustart page = https://www.google.rs/
mstart page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?sourceid=ie7&q=%s
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FastestTubeBHO Class: {3e532ce8-c6d9-4a10-8ace-4348c96e8b6a} - c:\program files\fastesttube\1.3.7\WombatBHO.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live pomagač za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\korisnik\application data\flashgetbho\FlashGetBHO.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: GretechBHO Class: {f0181c6e-9218-4792-9f3c-e8df52b2f1ac} - c:\program files\gretech\gompicker\GomPickerBHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll"
TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
TB: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {C7DDDD27-F303-42A5-B979-51559F7DC0F0} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\korisnik\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [smapp] c:\program files\analog devices\soundmax\SMTray.exe
mRun: [NPSStartup]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.271\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Dodaj u Zaštitu od reklama - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Download all links by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallurl.htm
IE: Download by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgeturl.htm
IE: I&zvezi u Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: P&ošalji u OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Preuzimanje označenog s FDM-om - file://c:\program files\free download manager\dlselected.htm
IE: Preuzimanje videa s FDM-om - file://c:\program files\free download manager\dlfvideo.htm
IE: Preuzmi s FDM - file://c:\program files\free download manager\dllink.htm
IE: Preuzmi sve s FDM - file://c:\program files\free download manager\dlall.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1336216379608
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 217.65.192.101 217.65.192.102
TCP: Interfaces\{C53C7543-167B-4250-804A-0E5FC0814DBC} : DhcpNameServer = 217.65.192.101 217.65.192.102
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\lz7l7uaz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.rs/webhp?hl=sr&tab=ww
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B29c4814c-0514-4cd3-a680-66ff1f9b0da6%7D&mid=5581f70dbf6c4bbb9cae790f8ea6be99-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=hk011&v=11.1.0.7&lang=en&pr=sa&d=2012-06-25%2016%3A58%3A42&sap=ku&q=
FF - plugin: c:\documents and settings\korisnik\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\korisnik\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\netscape6\nprpplugin.dll
FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=112548
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.BabylonToolbar_i.hardId - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15505
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:08:35
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyF08FYIY&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.incredibar_i.instlDay - 15506
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:18:09
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyF08FYIY
FF - user.js: extensions.incredibar_i.upn2n - 92261588391311692
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 26
FF - user.js: extentions.y2layers.installId - 1f1d6b8a-f407-485c-93e6-251733627d83
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 82854830;82854830;c:\windows\system32\drivers\82854830.sys [2012-6-26 133208]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-7-18 565552]
R2 AVP;Kaspersky Anti-Virus usluga;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-7-18 95232]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-13 242240]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-7-13 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-7-13 73216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 usbet;USB 2.0 WebCAM;c:\windows\system32\drivers\ETdrv.sys [2012-6-22 165632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Telenor Internet. RunOuc;Telenor Internet. OUC;c:\program files\telenor internet\updatedog\ouc.exe [2012-7-13 246112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208]
S3 EsetUninstaller;ESET Uninstaller Service;c:\windows\esetuninstaller.0.exe -service --> c:\windows\ESETUninstaller.0.exe -Service [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\korisnik\locals~1\temp\esihdrv.sys --> c:\docume~1\korisnik\locals~1\temp\esihdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-7-13 102784]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-5-27 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-5 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-5 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.271\McCHSvc.exe [2012-3-13 237272]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-12 113120]
S3 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-4-9 3063968]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-20 13:07:01 -------- d-----w- c:\windows\system32\wbem\mof\good
2012-07-20 13:07:01 -------- d-----w- c:\windows\system32\wbem\mof\bad
2012-07-20 12:58:02 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\VS Revo Group
2012-07-20 12:04:27 -------- d-----w- c:\windows\system32\wbem\Logs
2012-07-20 11:35:41 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\SlimWare Utilities Inc
2012-07-20 11:17:18 -------- dc----w- c:\documents and settings\all users\application data\PC1Data
2012-07-20 10:53:06 638976 ----a-w- c:\windows\ESETUninstaller.exe
2012-07-18 18:41:48 -------- dc----w- c:\program files\SpeedFan
2012-07-18 06:36:42 -------- dc----w- c:\program files\common files\McAfee
2012-07-18 06:36:18 -------- dc----w- c:\program files\McAfee
2012-07-18 04:44:19 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-07-18 04:44:19 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-07-18 04:42:14 -------- dc----w- c:\program files\Kaspersky Lab
2012-07-18 04:08:00 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\FileTypeAssistant
2012-07-18 03:58:58 -------- dc----w- c:\documents and settings\korisnik\application data\FreeFileViewer
2012-07-18 03:58:52 -------- dc----w- c:\program files\File Type Assistant
2012-07-18 03:58:37 -------- dc----w- c:\program files\FreeFileViewer
2012-07-18 00:27:03 -------- dc----w- c:\program files\Spybot - Search & Destroy
2012-07-17 20:00:43 -------- dc----w- c:\program files\Microsoft ASP.NET
2012-07-17 18:41:42 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\Help
2012-07-17 14:26:52 -------- dc----w- c:\documents and settings\korisnik\application data\Free Download Manager
2012-07-17 01:02:47 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-17 00:34:29 -------- dc----w- c:\documents and settings\korisnik\application data\PC Cleaners
2012-07-17 00:34:15 -------- dc----w- c:\documents and settings\korisnik\application data\PCPro
2012-07-17 00:26:11 -------- dc----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-07-17 00:25:52 -------- dc----w- c:\program files\McAfee Security Scan
2012-07-16 23:49:24 -------- dc----w- c:\program files\SlimCleaner
2012-07-16 22:24:40 -------- dc----w- c:\program files\Bing Bar Installer
2012-07-15 16:27:28 2991616 -c--a-w- c:\program files\openofficeorg33.msi
2012-07-14 19:17:53 -------- dc----w- c:\documents and settings\korisnik\application data\FlashgetSetup
2012-07-14 19:17:43 -------- dc----w- c:\documents and settings\korisnik\application data\FlashGetBHO
2012-07-14 19:17:38 -------- dc----w- c:\program files\FlashGet Network
2012-07-14 19:17:38 -------- dc----w- c:\documents and settings\korisnik\application data\FlashGet
2012-07-14 17:52:11 -------- d-----w- c:\windows\nview
2012-07-13 19:31:40 -------- dc----w- c:\program files\Free Download Manager
2012-07-13 19:04:58 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-07-13 11:14:54 -------- dc----w- c:\documents and settings\korisnik\application data\FastestTube
2012-07-13 06:38:03 -------- dc----w- c:\program files\Winamp Detect
2012-07-13 06:14:25 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-13 01:20:38 -------- dc----w- c:\program files\DAEMON Tools Lite
2012-07-13 01:04:44 90368 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-07-13 01:04:44 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-07-13 01:04:44 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-07-13 01:04:44 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-07-13 01:04:44 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-07-13 01:04:44 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-07-13 01:04:44 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-07-13 01:04:44 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-07-13 01:04:44 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-07-13 01:04:44 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-07-13 01:04:44 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-07-13 01:04:09 -------- dc----w- c:\program files\Telenor Internet
2012-07-12 20:53:12 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\FastestTube
2012-07-11 22:07:46 770384 -c--a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-11 22:07:46 624608 -c--a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-07-11 22:07:46 43488 -c--a-w- c:\program files\mozilla firefox\mozglue.dll
2012-07-11 22:07:46 421200 -c--a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-11 22:07:46 157608 -c--a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-07-11 22:07:46 113120 -c--a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-07-10 19:44:11 -------- dc----w- c:\program files\Defraggler
2012-07-09 13:50:12 -------- dc----w- c:\program files\DLLSuite
2012-07-09 13:14:44 -------- dc----w- c:\documents and settings\korisnik\application data\OpenOffice.org
2012-07-09 13:11:26 -------- dc----w- c:\program files\OpenOffice.org 3
2012-07-09 13:05:25 -------- dc----w- c:\program files\readmes
2012-07-09 13:05:25 -------- dc----w- c:\program files\licenses
2012-07-09 13:05:23 -------- dc----w- c:\program files\redist
2012-07-09 10:48:36 -------- dc----w- c:\documents and settings\korisnik\application data\PeaZip
2012-07-09 10:47:44 -------- dc----w- c:\program files\PeaZip
2012-07-07 23:23:38 -------- d-----w- c:\windows\$hf_mig$
2012-07-07 19:12:23 -------- dc----w- c:\program files\Inkscape
2012-07-07 17:59:57 -------- d-----w- c:\windows\setupupd
2012-07-07 13:17:27 -------- d-sh--w- C:\found.000
2012-07-06 09:03:51 -------- dc----w- c:\program files\CCleaner
2012-07-05 17:56:17 87608 -c--a-w- c:\documents and settings\korisnik\application data\inst.exe
2012-07-05 17:56:17 47360 -c--a-w- c:\documents and settings\korisnik\application data\pcouffin.sys
2012-07-03 18:27:47 757760 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2012-07-03 18:27:47 69715 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2012-07-03 18:27:47 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2012-07-03 18:27:47 274432 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2012-07-03 18:27:47 204800 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2012-07-03 18:27:46 200836 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2012-07-03 18:27:45 331908 -c--a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-07-03 18:23:24 -------- dc----w- c:\program files\HUAWEI Modem Driver
2012-07-03 17:14:39 -------- dc----w- c:\documents and settings\korisnik\application data\Easeware
2012-07-03 14:23:38 -------- dc----w- c:\documents and settings\korisnik\application data\Qualys
2012-07-03 06:44:55 -------- dc-h--w- c:\documents and settings\korisnik\AppData
2012-07-02 18:18:19 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\Microsoft Help
2012-07-02 16:16:01 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\MicrosoftStore
2012-07-02 12:57:28 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\DolphinFutures
2012-07-02 12:57:17 -------- dc----w- c:\program files\Dolphin Futures
2012-07-01 18:48:28 -------- dc----w- c:\documents and settings\all users\application data\Tarma Installer
2012-07-01 18:00:22 -------- dc----w- c:\documents and settings\all users\application data\FileCure
2012-07-01 17:37:19 0 ------r- c:\windows\system32\NTIDIB4.dll
2012-07-01 17:37:19 0 ------r- c:\windows\system32\NTIBUN5.dll
2012-07-01 17:37:19 0 ------r- c:\windows\system32\NTIBUN4.dll
2012-07-01 16:50:19 65536 -c--a-r- c:\documents and settings\korisnik\application data\microsoft\installer\{f428d0fb-765d-40eb-bdd8-a1e7f5c597fa}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-07-01 14:34:01 174592 ----a-w- c:\windows\system32\framedyn.dll
2012-06-29 20:50:44 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2012-06-29 20:50:44 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2012-06-29 20:50:44 465920 ------w- c:\windows\system32\imapi2fs.dll
2012-06-29 20:50:43 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2012-06-29 20:50:43 317952 ------w- c:\windows\system32\imapi2.dll
2012-06-29 20:34:18 -------- dc----w- c:\program files\Update
2012-06-29 20:34:17 -------- dc----w- c:\program files\Common
2012-06-26 18:16:58 110992 -c--a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-06-26 18:16:55 147856 -c--a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-06-26 16:45:51 133208 ----a-w- c:\windows\system32\drivers\82854830.sys
2012-06-26 10:02:49 -------- dc----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-06-25 08:13:36 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\APN
2012-06-25 06:42:24 -------- dc----w- c:\documents and settings\korisnik\application data\inkscape
2012-06-24 17:04:22 -------- dc----w- c:\documents and settings\korisnik\local settings\application data\Sun
2012-06-24 15:38:16 -------- dc----w- c:\program files\Oracle
2012-06-24 13:45:50 -------- dc----w- c:\documents and settings\korisnik\application data\BITS
2012-06-24 11:13:52 -------- dc----w- c:\documents and settings\all users\application data\Astroburn Pro
2012-06-23 20:36:10 178688 ----a-w- c:\windows\system32\unrar.dll
2012-06-23 20:19:31 -------- dc----w- C:\output media
2012-06-22 18:07:15 -------- d-----w- c:\windows\speech
2012-06-22 17:56:40 -------- d-----w- c:\windows\Lhsp
2012-06-22 17:07:50 81920 ------w- c:\windows\system32\ieencode.dll
2012-06-22 17:07:03 19569 ----a-w- c:\windows\000006_.tmp
2012-06-22 08:36:28 176128 ----a-w- c:\windows\system32\Etprop.ax
2012-06-22 08:36:28 165632 ----a-w- c:\windows\system32\drivers\ETdrv.sys
2012-06-22 08:36:27 -------- dc----w- c:\program files\ETRON
2012-06-21 06:59:45 -------- dc----w- c:\documents and settings\all users\application data\WinZipEC
.
==================== Find3M ====================
.
2012-07-19 03:12:49 4273976 ----a-w- c:\windows\uninst.exe
2012-07-13 22:51:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 22:51:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 01:20:45 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-13 01:04:25 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-07-13 01:04:25 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-07-13 01:04:25 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-01 15:13:08 159608 ----a-w- c:\windows\system32\mfevtps.exe.1089.deleteme
2012-06-01 15:12:43 159608 ----a-w- c:\windows\system32\mfevtps.exe.91c1.deleteme
2012-06-01 14:55:24 14664 ----a-w- c:\windows\stinger.sys
2012-06-01 14:54:02 159608 ----a-w- c:\windows\system32\mfevtps.exe.d5c4.deleteme
2012-06-01 14:25:48 159608 ----a-w- c:\windows\system32\mfevtps.exe.42c3.deleteme
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-20 15:56:31 44 ----a-w- c:\windows\system32\msssc.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-12 06:54:17 1409 ----a-w- c:\windows\QTFont.for
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 22:10:44 10 ----a-w- c:\windows\system32\Mlkf.dll
2012-05-04 17:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29:22 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 17:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 16:57:48,39 ===============

koristim kasperski na srpskom sa licencom od telenora,
deinstalirao sam toolbar-ove, OTl ne radi na mom kompu,
nije obrisan ni sa slimcleanreom, šta dalje

Dopuna: 20 Jul 2012 17:36

Zaboravih ovo
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem desnom uglu ekrana i izaberi Pause Protection.

U prozoru koji se otvori, izaberi By User Request (ili Pause).




Arrow Preimenuj ikonicu OTL-a u "MyCity" (bez navodnika), pokreni ga i postavi mi izveštaj (OTL.txt).




Arrow Ukoliko to ne radi isprati sledeće uputstvo, u suprotnom preskoči ovaj korak.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.






Ivance95 (AMF Tim)

offline
  • Miroljub Čeperković
  • mašinska
  • Pridružio: 20 Mar 2012
  • Poruke: 2181
  • Gde živiš: Vrnjačka Banja

Napisano: 21 Jul 2012 11:27

Izveštaj:ComboFix 12-07-20.02 - korisnik 21.07.2012 10:44:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1536.946 [GMT 2:00]
Running from: c:\documents and settings\korisnik\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\korisnik\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\korisnik\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\All Users\Documents\NTIBUN4.dll
c:\documents and settings\All Users\Documents\NTIBUN5.dll
c:\documents and settings\korisnik\Local Settings\Temp\sfamcc00001.dll
c:\documents and settings\korisnik\Local Settings\Temp\sfareca00001.dll
c:\program files\Common\cookies.txt
c:\windows\regopt.log
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\fldlckun.exe
c:\windows\system32\Mlkf.dll
c:\windows\system32\msssc.dll
c:\windows\system32\NTIBUN4.dll
c:\windows\system32\NTIBUN5.dll
c:\windows\system32\NTIDIB4.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 06:12 . 2012-07-21 06:12 -------- dc----w- c:\documents and settings\Default User
2012-07-21 05:54 . 2012-07-21 05:54 -------- d--h--w- c:\windows\PIF
2012-07-20 13:07 . 2012-07-20 13:07 -------- d-----w- c:\windows\system32\wbem\mof\good
2012-07-20 13:07 . 2012-07-20 13:07 -------- d-----w- c:\windows\system32\wbem\mof\bad
2012-07-20 12:58 . 2012-07-20 12:58 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\VS Revo Group
2012-07-20 12:04 . 2012-07-21 06:35 -------- d-----w- c:\windows\system32\wbem\Logs
2012-07-20 11:35 . 2012-07-20 11:35 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\SlimWare Utilities Inc
2012-07-20 11:17 . 2012-07-20 11:17 -------- dc----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-07-20 10:53 . 2012-07-20 10:18 638976 ----a-w- c:\windows\ESETUninstaller.exe
2012-07-18 18:41 . 2012-07-20 19:37 -------- dc----w- c:\program files\SpeedFan
2012-07-18 06:36 . 2012-07-18 06:36 -------- dc----w- c:\program files\Common Files\McAfee
2012-07-18 06:36 . 2012-07-19 23:23 -------- dc----w- c:\program files\McAfee
2012-07-18 04:44 . 2012-07-18 22:47 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-07-18 04:44 . 2012-07-18 22:47 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-07-18 04:42 . 2012-07-18 04:42 -------- dc----w- c:\program files\Kaspersky Lab
2012-07-18 04:08 . 2012-07-18 04:09 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\FileTypeAssistant
2012-07-18 03:58 . 2012-07-18 04:44 -------- dc----w- c:\documents and settings\korisnik\Application Data\FreeFileViewer
2012-07-18 03:58 . 2012-07-18 03:58 -------- dc----w- c:\program files\File Type Assistant
2012-07-18 03:58 . 2012-07-18 03:58 -------- dc----w- c:\program files\FreeFileViewer
2012-07-18 00:02 . 2012-07-18 00:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-07-17 18:41 . 2012-07-17 18:41 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\Help
2012-07-17 18:38 . 2012-07-17 18:38 -------- dc----w- c:\program files\Microsoft.NET
2012-07-17 14:26 . 2012-07-21 05:23 -------- dc----w- c:\documents and settings\korisnik\Application Data\Free Download Manager
2012-07-17 01:02 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-17 00:34 . 2012-07-20 17:16 -------- dc----w- c:\documents and settings\korisnik\Application Data\PCPro
2012-07-17 00:26 . 2012-07-17 00:26 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2012-07-17 00:25 . 2012-07-17 00:25 -------- dc----w- c:\program files\McAfee Security Scan
2012-07-16 23:49 . 2012-07-20 13:28 -------- dc----w- c:\program files\SlimCleaner
2012-07-16 22:24 . 2012-07-17 01:13 -------- dc----w- c:\program files\Bing Bar Installer
2012-07-15 20:34 . 2012-07-15 20:46 -------- dc----w- c:\documents and settings\korisnik\Application Data\Gretech
2012-07-15 16:27 . 2011-01-18 22:06 2991616 -c--a-w- c:\program files\openofficeorg33.msi
2012-07-14 19:17 . 2012-07-14 19:17 -------- dc----w- c:\documents and settings\korisnik\Application Data\FlashgetSetup
2012-07-14 19:17 . 2012-07-14 19:17 -------- dc----w- c:\program files\FlashGet Network
2012-07-14 19:17 . 2012-07-14 19:17 -------- dc----w- c:\documents and settings\korisnik\Application Data\FlashGet
2012-07-14 17:52 . 2012-07-14 17:52 -------- d-----w- c:\windows\nview
2012-07-13 19:31 . 2012-07-17 14:26 -------- dc----w- c:\program files\Free Download Manager
2012-07-13 19:04 . 2012-06-03 08:44 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-07-13 19:04 . 2012-07-13 19:04 -------- dc----w- c:\program files\CDBurnerXP
2012-07-13 11:14 . 2012-07-13 20:34 -------- dc----w- c:\documents and settings\korisnik\Application Data\FastestTube
2012-07-13 06:38 . 2012-07-13 06:38 -------- dc----w- c:\program files\Winamp Detect
2012-07-13 06:37 . 2012-07-16 18:53 -------- dc----w- c:\documents and settings\korisnik\Application Data\Winamp
2012-07-13 06:14 . 2012-07-13 06:17 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-13 01:20 . 2012-07-13 06:14 -------- dc----w- c:\program files\DAEMON Tools Lite
2012-07-13 01:04 . 2012-07-13 01:04 90368 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-07-13 01:04 . 2012-07-13 01:04 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-07-13 01:04 . 2012-07-13 01:04 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-07-13 01:04 . 2012-07-13 01:04 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-07-13 01:04 . 2012-07-13 01:04 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-07-13 01:04 . 2012-07-13 01:04 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-07-13 01:04 . 2012-07-13 01:04 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-07-13 01:04 . 2012-07-13 01:04 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-07-13 01:04 . 2012-07-13 01:04 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-07-13 01:04 . 2012-07-13 01:04 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-07-13 01:04 . 2012-07-13 01:04 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-07-13 01:04 . 2012-07-13 01:05 -------- dc----w- c:\program files\Telenor Internet
2012-07-12 20:53 . 2012-07-12 20:53 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\FastestTube
2012-07-11 22:07 . 2012-06-14 22:17 43488 -c--a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-07-11 22:07 . 2012-06-14 22:17 157608 -c--a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-11 22:07 . 2012-06-14 22:17 113120 -c--a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-07-11 22:07 . 2012-06-14 22:17 624608 -c--a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-07-11 22:07 . 2012-06-14 22:16 770384 -c--a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-11 22:07 . 2012-06-14 22:16 421200 -c--a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-10 19:44 . 2012-07-10 19:44 -------- dc----w- c:\program files\Defraggler
2012-07-09 13:50 . 2012-07-09 13:50 -------- dc----w- c:\program files\DLLSuite
2012-07-09 13:14 . 2012-07-09 13:14 -------- dc----w- c:\documents and settings\korisnik\Application Data\OpenOffice.org
2012-07-09 13:11 . 2012-07-20 17:01 -------- dc----w- c:\program files\OpenOffice.org 3
2012-07-09 13:05 . 2012-07-09 13:05 -------- dc----w- c:\program files\readmes
2012-07-09 13:05 . 2012-07-09 13:05 -------- dc----w- c:\program files\licenses
2012-07-09 13:05 . 2012-07-09 13:05 -------- dc----w- c:\program files\redist
2012-07-09 12:56 . 2012-07-09 15:17 -------- dc----w- c:\documents and settings\korisnik\Application Data\Apple Computer
2012-07-09 11:35 . 2012-07-09 11:35 -------- dc----w- c:\program files\Recuva
2012-07-09 10:48 . 2012-07-09 10:52 -------- dc----w- c:\documents and settings\korisnik\Application Data\PeaZip
2012-07-09 10:47 . 2012-07-09 10:47 -------- dc----w- c:\program files\PeaZip
2012-07-08 06:13 . 2012-07-08 06:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Macrovision
2012-07-07 23:23 . 2012-07-19 06:18 -------- d-----w- c:\windows\$hf_mig$
2012-07-07 19:12 . 2012-07-07 19:14 -------- dc----w- c:\program files\Inkscape
2012-07-07 13:17 . 2012-07-07 13:17 -------- d-----w- C:\found.000
2012-07-06 09:03 . 2012-07-09 13:43 -------- dc----w- c:\program files\CCleaner
2012-07-05 17:56 . 2012-07-05 17:56 87608 -c--a-w- c:\documents and settings\korisnik\Application Data\inst.exe
2012-07-05 17:56 . 2012-07-05 17:56 47360 -c--a-w- c:\documents and settings\korisnik\Application Data\pcouffin.sys
2012-07-03 18:27 . 2006-02-07 13:45 757760 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-07-03 18:27 . 2006-02-07 13:40 204800 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-07-03 18:27 . 2006-02-07 13:40 69715 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-07-03 18:27 . 2006-02-07 13:40 274432 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-07-03 18:27 . 2005-11-13 21:19 5632 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-07-03 18:27 . 2012-07-03 18:27 200836 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-07-03 18:27 . 2012-07-03 18:27 331908 -c--a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-07-03 18:23 . 2012-07-03 18:23 -------- dc----w- c:\program files\HUAWEI Modem Driver
2012-07-03 17:14 . 2012-07-03 17:14 -------- dc----w- c:\documents and settings\korisnik\Application Data\Easeware
2012-07-03 14:42 . 2012-07-16 23:56 -------- dc----w- c:\documents and settings\korisnik\Application Data\vlc
2012-07-03 14:23 . 2012-07-03 14:23 -------- dc----w- c:\documents and settings\korisnik\Application Data\Qualys
2012-07-03 06:44 . 2012-07-03 06:44 -------- dc-h--w- c:\documents and settings\korisnik\AppData
2012-07-03 04:06 . 2012-07-03 04:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-02 18:18 . 2012-07-02 18:18 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\Microsoft Help
2012-07-02 18:17 . 2012-07-08 15:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2012-07-02 16:16 . 2012-07-02 16:16 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\MicrosoftStore
2012-07-02 12:57 . 2012-07-02 12:57 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\DolphinFutures
2012-07-02 12:57 . 2012-07-02 12:57 -------- dc----w- c:\program files\Dolphin Futures
2012-07-01 18:48 . 2012-07-13 18:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-07-01 18:00 . 2012-07-01 18:00 -------- dc----w- c:\documents and settings\All Users\Application Data\FileCure
2012-07-01 16:50 . 2012-07-01 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-07-01 16:50 . 2012-07-01 16:50 65536 -c--a-r- c:\documents and settings\korisnik\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-07-01 14:34 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2012-07-01 14:31 . 2012-07-01 14:31 -------- dc----w- c:\program files\DIFX
2012-06-29 20:50 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2012-06-29 20:50 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2012-06-29 20:50 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2012-06-29 20:50 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2012-06-29 20:50 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2012-06-26 18:16 . 2011-04-24 21:13 110992 -c--a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-06-26 18:16 . 2011-04-24 21:13 147856 -c--a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-06-26 16:45 . 2012-06-26 16:44 133208 ----a-w- c:\windows\system32\drivers\82854830.sys
2012-06-26 10:02 . 2012-07-21 08:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-06-25 08:13 . 2012-06-25 08:13 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\APN
2012-06-25 07:44 . 2012-06-25 07:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-06-25 06:42 . 2012-07-07 19:15 -------- dc----w- c:\documents and settings\korisnik\Application Data\inkscape
2012-06-24 17:04 . 2012-06-24 17:04 -------- dc----w- c:\documents and settings\korisnik\Local Settings\Application Data\Sun
2012-06-24 15:39 . 2012-06-24 15:39 -------- dc----w- c:\program files\Common Files\Java
2012-06-24 15:38 . 2012-06-24 15:38 -------- dc----w- c:\program files\Oracle
2012-06-24 15:38 . 2012-06-24 15:38 -------- dc----w- c:\documents and settings\korisnik\Application Data\Oracle
2012-06-24 13:45 . 2012-07-15 18:40 -------- dc----w- c:\documents and settings\korisnik\Application Data\BITS
2012-06-24 11:13 . 2012-06-24 11:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Astroburn Pro
2012-06-23 20:36 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
2012-06-23 20:19 . 2012-06-24 02:33 -------- dc----w- C:\output media
2012-06-22 18:07 . 2012-06-22 18:07 -------- d-----w- c:\windows\speech
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 03:12 . 2012-05-14 11:56 4273976 ----a-w- c:\windows\uninst.exe
2012-07-13 22:51 . 2012-05-05 11:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 22:51 . 2012-05-05 11:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 01:20 . 2012-05-06 16:01 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-13 01:04 . 2012-05-05 12:53 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-07-13 01:04 . 2012-05-05 12:53 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-07-13 01:04 . 2012-05-05 12:53 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2012-05-06 12:41 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2012-05-05 11:13 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-05-05 19:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2012-05-05 19:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-05-05 19:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2012-05-05 11:13 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2012-05-05 19:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-05-05 19:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2012-05-05 11:13 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2012-05-05 11:13 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-05-05 11:13 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2012-05-05 19:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-05-05 19:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2012-05-06 12:41 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2012-05-06 12:41 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-01 15:13 . 2012-06-01 15:12 159608 ----a-w- c:\windows\system32\mfevtps.exe.1089.deleteme
2012-06-01 15:12 . 2012-06-01 15:12 159608 ----a-w- c:\windows\system32\mfevtps.exe.91c1.deleteme
2012-06-01 14:55 . 2012-05-13 03:43 14664 ----a-w- c:\windows\stinger.sys
2012-06-01 14:54 . 2012-06-01 14:54 159608 ----a-w- c:\windows\system32\mfevtps.exe.d5c4.deleteme
2012-06-01 14:25 . 2012-06-01 14:25 159608 ----a-w- c:\windows\system32\mfevtps.exe.42c3.deleteme
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-14 18:43 . 2012-05-14 18:43 8072272 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE
2012-05-12 06:54 . 2012-05-12 06:54 1409 ----a-w- c:\windows\QTFont.for
2012-05-11 14:42 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 17:29 . 2012-06-13 22:19 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29 . 2012-06-13 22:19 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 17:29 . 2012-05-05 14:00 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2012-05-05 19:38 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 22:19 . 2012-07-11 22:02 85472 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-07 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EsetUninstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\korisnik\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\tsassist.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:Windows Remote Management
.
R0 82854830;82854830;c:\windows\system32\drivers\82854830.sys [26.6.2012 18:45 133208]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [4.3.2011 13:23 11352]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.382.0\BBSvc.EXE [16.4.2012 17:49 193616]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13.7.2012 8:14 242240]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [13.7.2012 3:04 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [13.7.2012 3:04 73216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.3.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 20:27 19472]
R3 usbet;USB 2.0 WebCAM;c:\windows\system32\drivers\ETdrv.sys [22.6.2012 10:36 165632]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14.3.2011 17:27 271712]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [18.7.2012 8:36 95232]
S2 Telenor Internet. RunOuc;Telenor Internet. OUC;c:\program files\Telenor Internet\UpdateDog\ouc.exe [13.7.2012 3:04 246112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.5.2012 13:47 250056]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.382.0\SeaPort.EXE [16.4.2012 17:49 240208]
S3 EsetUninstaller;ESET Uninstaller Service;c:\windows\ESETUninstaller.0.exe -Service --> c:\windows\ESETUninstaller.0.exe -Service [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\korisnik\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\korisnik\LOCALS~1\Temp\esihdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [13.7.2012 3:04 102784]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.5.2012 12:46 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.5.2012 15:02 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5.5.2012 15:02 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.271\McCHSvc.exe [13.3.2012 18:17 237272]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [12.7.2012 0:07 113120]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys --> c:\windows\system32\Drivers\pcouffin.sys [?]
S3 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.4.2012 11:20 3063968]
S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 22:51]
.
2012-07-21 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-07-18 12:24]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-220523388-839522115-1003Core.job
- c:\documents and settings\korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-05 18:37]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-220523388-839522115-1003UA.job
- c:\documents and settings\korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-05 18:37]
.
2012-07-21 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-07-18 20:19]
.
2012-07-21 c:\windows\Tasks\User_Feed_Synchronization-{CA924EF5-7128-4FA4-8043-A8216ADAFD24}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
ustart page = https://www.google.rs/
mstart page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?sourceid=ie7&q=%s
IE: Dodaj u Zaštitu od reklama - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Download all links by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: I&zvezi u Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: P&ošalji u OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Preuzimanje označenog s FDM-om - file://c:\program files\Free Download Manager\dlselected.htm
IE: Preuzimanje videa s FDM-om - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Preuzmi s FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve s FDM - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\lz7l7uaz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.rs/webhp?hl=sr&tab=ww
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B29c4814c-0514-4cd3-a680-66ff1f9b0da6%7D&mid=5581f70dbf6c4bbb9cae790f8ea6be99-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=hk011&v=11.1.0.7&lang=en&pr=sa&d=2012-06-25%2016%3A58%3A42&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=112548
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.BabylonToolbar_i.hardId - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15505
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:08
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyF08FYIY&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.incredibar_i.instlDay - 15506
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:18
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyF08FYIY
FF - user.js: extensions.incredibar_i.upn2n - 92261588391311692
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 26
FF - user.js: extentions.y2layers.installId - 1f1d6b8a-f407-485c-93e6-251733627d83
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-NPSStartup - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 10:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-220523388-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1536)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.HRV
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
c:\windows\system32\nvshell.dll
.
Completion time: 2012-07-21 10:55:51
ComboFix-quarantined-files.txt 2012-07-21 08:55
.
Pre-Run: 12.407.603.200 bytes free
Post-Run: 12.471.853.056 bytes free
.
- - End Of File - - A619840A881D1537BC76A00F40A452F6

https://www.mycity.rs/must-login.png

Dopuna: 21 Jul 2012 11:51

Zaboravio sam da pitam kako da deinstaliram ComboFix

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow ComboFix ćemo deinstalirati kada završimo sa čišćenjem.




Arrow Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\documents and settings\All Users\Application Data\PC1Data
c:\documents and settings\korisnik\Application Data\PCPro

Firefox::
FF - ProfilePath - c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\lz7l7uaz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=112548
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.BabylonToolbar_i.hardId - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15505
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:08
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyF08FYIY&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - f471f6a3000000000000001e101fa75c
FF - user.js: extensions.incredibar_i.instlDay - 15506
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:18
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyF08FYIY
FF - user.js: extensions.incredibar_i.upn2n - 92261588391311692
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 26


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Ivance95 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 756 korisnika na forumu :: 4 registrovanih, 3 sakrivenih i 749 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Dežurni pod palubom, koom0001, Koridor, saputnik plavetnila