MyCity » Ambulanta -> Arhiva Ambulante » Problem nakon podizanja sistema

Problem nakon podizanja sistema

Napisano na dan: 6.12.2009

Strana:
1
2

Problem nakon podizanja sistema

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Coler master Poslao: 06 Dec 2009 16:52 Idi na vrh
offline Coler master Zaslužni građanin Pridružio: 26 Dec 2007 Poruke: 612 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Kao što naslov kaže moj problem je taj da se nakon dizanja sistema računar sam konektuje na google pretraživač i ide na uvek različite adrese,evo i mog OTL https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

dr_Bora Poslao: 06 Dec 2009 18:36 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Isprati uputstvo za 32-bitni Windows.

Profil

Coler master Poslao: 06 Dec 2009 22:00 Idi na vrh
offline Coler master Zaslužni građanin Pridružio: 26 Dec 2007 Poruke: 612 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 06 Dec 2009 20:46 DDS (Ver_09-12-01.01) - NTFSx86 Run by Mandic at 20:43:15.18 on 06/12/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1418 [GMT 1:00] AV: avast! antivirus 4.8.1368 [VPS 091206-1] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Mandic\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://mystart.incredimail.com/ uSearch Page = uSearch Bar = mDefault_Page_URL = hxxp://www.yahoo.com/ mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/http://www.yahoo.com mStart Page = hxxp://home.sweetim.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/eng/avast_4_professional.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll uURLSearchHooks: H - No File mWinlogon: Taskman=c:\recycler\s-1-5-21-8485835088-0993659945-974422983-2933\nissan.exe uWinlogon: Shell=c:\recycler\s-1-5-21-8485835088-0993659945-974422983-2933\nissan.exe,explorer.exe,c:\recycler\s-1-5-21-7363789880-3115145510-067250181-5173\cht2009.exe BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [BootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\BootSkin.exe" /StartupJobs mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\docume~1\mandic\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe StartupFolder: c:\docume~1\mandic\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe StartupFolder: c:\docume~1\mandic\startm~1\programs\startup\y'zsha~1.lnk - c:\windows\bricopacks\vista inspirat 2\yzshadow\YzShadow.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mandic\applic~1\mozilla\firefox\profiles\qqdhikh1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/sr/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=S2PrLFhGmjrzwyi7dApY4g&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\documents and settings\mandic\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-10 114768] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-10 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-10 138680] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-7 54752] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-10 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-10 352920] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408] S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2009-1-30 8192] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\mandic\locals~1\temp\vdi34.tmp --> c:\docume~1\mandic\locals~1\temp\VDI34.tmp [?] =============== Created Last 30 ================ 2009-11-24 23:49:04 0 d-----w- c:\docume~1\mandic\applic~1\Tor 2009-11-24 23:49:03 0 d-----w- c:\program files\Vidalia Bundle 2009-11-24 20:44:15 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-11-24 20:44:14 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-11-24 20:44:14 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-11-24 20:44:13 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-11-24 20:44:13 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-11-24 20:44:12 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-11-24 20:44:12 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-11-24 20:13:58 0 d-----w- c:\program files\Activision 2009-11-23 21:08:57 0 d-----w- c:\program files\Vstplugins 2009-11-23 21:08:49 0 d-----w- c:\program files\Sony 2009-11-23 21:08:21 0 d-----w- c:\program files\Sony Setup 2009-11-22 11:04:45 0 d-----w- c:\program files\SopCast 2009-11-14 10:31:56 0 d-----w- c:\program files\Vimeo Uploader 2009-11-10 22:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2009-11-10 22:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts 2009-11-09 14:56:53 0 d-----w- C:\vcs5core 2009-11-08 16:24:47 0 d-----w- c:\docume~1\mandic\applic~1\MPEG Streamclip 2009-11-08 15:51:05 0 d-----w- C:\vcs5BGEffects 2009-11-08 15:50:10 0 d-----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-11-07 17:01:13 0 d-----w- c:\documents and settings\mandic\Tracing 2009-11-07 16:57:54 0 d-----w- c:\program files\Microsoft Office Outlook Connector 2009-11-07 16:57:43 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-11-07 16:56:36 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-11-07 16:55:10 0 d-----w- c:\program files\Microsoft 2009-11-07 16:54:52 0 d-----w- c:\program files\Windows Live SkyDrive 2009-11-07 16:40:18 0 d-----w- c:\program files\common files\Windows Live ==================== Find3M ==================== 2009-10-24 12:40:28 28672 ----a-w- c:\windows\system32\f3PSSavr.scr 2009-10-13 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-09-14 08:36:28 758018 ----a-w- c:\windows\system32\xvidcore.dll 2006-06-24 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe ============= FINISH: 20:43:24.43 =============== https://www.mycity.rs/must-login.png Dopuna: 06 Dec 2009 21:53 https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Dopuna: 06 Dec 2009 22:00 Inače zeza me i ispražnjivanje korpe,stalno prijavljije da nešto ne može da se iprazni iako kada uđem u njoj nema ništa,kada sam odčekirao skriveni fajlovi bio je isti slučaj,možda se iz ovoga što sam poslao meže nešto odraditi,hvala.

Profil

dr_Bora Poslao: 06 Dec 2009 22:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vidljivi su tragovi nekih infekcija. Videćemo šta može da se uradi. Pažljivo isprati sledeće uputstvo. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Coler master Poslao: 06 Dec 2009 23:33 Idi na vrh
offline Coler master Zaslužni građanin Pridružio: 26 Dec 2007 Poruke: 612 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo izveštaja i od combo fixa ComboFix 09-12-06.07 - Mandic 06/12/2009 23:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1457 [GMT 1:00] Running from: c:\documents and settings\Mandic\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 091206-1] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\Mandic\Application Data\Desktopicon c:\documents and settings\Mandic\Application Data\Desktopicon\config.ini c:\documents and settings\Mandic\Application Data\Desktopicon\eBayShortcuts.exe c:\documents and settings\Mandic\Application Data\FunWebProducts c:\documents and settings\Mandic\Application Data\FunWebProducts\Data\Mandic\avatar.dat c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\config.ini c:\program files\Dealio Toolbar\DealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\separator.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SearchSettingsKit.exe c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\00F6C547.urr c:\program files\FunWebProducts\Shared\00FE6742.dat c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL c:\program files\Search Settings c:\program files\Search Settings\kb128\SearchSettings.dll c:\program files\Search Settings\kb128\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\recycler\S-1-5-21-3819336069-7640369166-365150907-3337 c:\recycler\S-1-5-21-6884413928-1726280799-383457496-4751 c:\recycler\S-1-5-21-7363789880-3115145510-067250181-5173 c:\recycler\S-1-5-21-8485835088-0993659945-974422983-2933 c:\recycler\S-1-5-21-9999503957-0607780891-941765445-1004 c:\windows\n.tmp c:\windows\system32\f3PSSavr.scr Infected copy of c:\windows\system32\midimap.dll was found and disinfected Restored copy from - c:\windows\VistaMizer\old\midimap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 ))))))))))))))))))))))))))))))) . 2009-12-02 16:16 . 2009-12-02 16:17 -------- d-----w- c:\program files\QuickTime 2009-12-02 16:16 . 2009-12-02 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-11-24 23:49 . 2009-11-27 00:22 -------- d-----w- c:\documents and settings\Mandic\Application Data\Tor 2009-11-24 23:49 . 2009-11-27 00:22 -------- d-----w- c:\documents and settings\Mandic\Application Data\Vidalia 2009-11-24 23:49 . 2009-11-24 23:49 -------- d-----w- c:\program files\Vidalia Bundle 2009-11-24 20:44 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-11-24 20:44 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-11-24 20:44 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-11-24 20:44 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-11-24 20:44 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-11-24 20:44 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-11-24 20:44 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-11-24 20:13 . 2009-11-24 20:13 -------- d-----w- c:\program files\Activision 2009-11-23 21:08 . 2009-11-23 21:08 -------- d-----w- c:\program files\Vstplugins 2009-11-23 21:08 . 2009-11-23 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-11-23 21:08 . 2009-11-23 21:08 -------- d-----w- c:\program files\Sony 2009-11-23 21:08 . 2009-11-23 21:08 -------- d-----w- c:\program files\Sony Setup 2009-11-22 11:04 . 2009-11-22 11:34 -------- d-----w- c:\program files\SopCast 2009-11-19 22:49 . 2009-11-19 22:59 -------- d-----w- c:\documents and settings\Mandic\Application Data\Publish Providers 2009-11-14 10:31 . 2009-11-14 10:31 -------- d-----w- c:\program files\Vimeo Uploader 2009-11-09 23:06 . 2009-11-22 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-11-09 14:56 . 2009-11-09 15:03 -------- d-----w- C:\vcs5core 2009-11-08 16:24 . 2009-11-08 16:24 -------- d-----w- c:\documents and settings\Mandic\Application Data\MPEG Streamclip 2009-11-08 15:51 . 2009-11-11 18:35 -------- d-----w- C:\vcs5BGEffects 2009-11-08 15:50 . 2009-11-21 20:08 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-11-08 11:20 . 2009-11-23 21:12 -------- d-----w- c:\documents and settings\Mandic\Local Settings\Application Data\Sony 2009-11-08 11:20 . 2009-11-23 21:12 -------- d-----w- c:\documents and settings\Mandic\Application Data\Sony 2009-11-07 17:01 . 2009-12-06 11:45 -------- d-----w- c:\documents and settings\Mandic\Tracing 2009-11-07 16:58 . 2009-11-07 16:58 -------- d-----w- c:\program files\Microsoft Silverlight 2009-11-07 16:57 . 2009-11-07 16:57 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-11-07 16:57 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-11-07 16:57 . 2009-11-07 16:57 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-11-07 16:56 . 2009-11-07 16:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-11-07 16:55 . 2009-11-07 16:58 -------- d-----w- c:\program files\Microsoft 2009-11-07 16:54 . 2009-11-07 16:54 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-07 16:40 . 2009-11-07 16:40 -------- d-----w- c:\program files\Common Files\Windows Live . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-06 22:23 . 2009-03-12 19:59 117760 ----a-w- c:\documents and settings\Mandic\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-06 20:56 . 2008-10-10 21:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-05 19:45 . 2009-01-23 13:58 -------- d-----w- c:\documents and settings\Mandic\Application Data\uTorrent 2009-11-24 23:54 . 2008-10-10 18:18 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2008-10-10 18:18 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2008-10-10 18:18 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-10-10 18:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-10-10 18:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2008-10-10 18:18 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2008-10-10 18:18 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2008-10-10 18:18 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2008-10-10 18:18 97480 ----a-w- c:\windows\system32\AVASTSS.scr 2009-11-22 22:51 . 2009-08-03 20:23 -------- d-----w- c:\program files\vSoft 2009-11-15 13:20 . 2009-10-28 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2009-11-14 10:31 . 2009-09-18 15:15 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-11-14 10:31 . 2009-09-18 15:15 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-11-07 16:57 . 2008-10-11 16:04 -------- d-----w- c:\program files\Windows Live 2009-11-05 14:59 . 2009-10-21 18:23 -------- d-----w- c:\program files\iWisoft Flash SWF to Video Converter 2009-11-04 18:01 . 2008-10-03 07:58 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-04 18:00 . 2008-10-03 08:23 -------- d-----w- c:\program files\CyberLink 2009-11-04 18:00 . 2009-10-28 23:06 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe 2009-11-04 18:00 . 2009-11-04 18:00 -------- d-----w- c:\program files\SmartSound Software 2009-11-04 17:58 . 2009-10-30 16:19 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe 2009-11-04 16:33 . 2009-11-04 16:33 -------- d-----w- c:\program files\Common Files\Apple 2009-11-04 16:33 . 2009-11-04 16:33 -------- d-----w- c:\program files\Apple Software Update 2009-11-04 16:33 . 2009-11-04 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-11-04 15:53 . 2009-04-20 20:21 -------- d-----w- c:\documents and settings\Mandic\Application Data\TeamViewer 2009-11-04 15:28 . 2008-10-11 08:12 -------- d-----w- c:\documents and settings\Mandic\Application Data\BSplayer PRO 2009-11-03 19:19 . 2009-04-20 20:21 -------- d-----w- c:\program files\TeamViewer 2009-11-01 17:17 . 2008-10-10 21:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-01 16:04 . 2009-11-01 16:04 -------- d-----w- c:\documents and settings\Mandic\Application Data\360desktop 2009-10-30 23:52 . 2009-10-30 23:52 -------- d-----w- c:\documents and settings\Mandic\Application Data\Apple Computer 2009-10-29 14:21 . 2009-10-29 14:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink 2009-10-28 23:15 . 2008-10-03 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-10-28 23:12 . 2008-12-07 13:03 -------- d-----w- c:\documents and settings\Mandic\Application Data\CyberLink 2009-10-28 23:10 . 2008-10-03 07:45 77208 ----a-w- c:\documents and settings\Mandic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-25 17:30 . 2009-10-25 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith 2009-10-24 20:21 . 2009-10-24 20:21 -------- d-----w- c:\program files\Fun Web Products 2009-10-24 17:16 . 2009-10-24 17:16 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2009-10-24 17:16 . 2009-10-24 17:16 -------- d-----w- c:\program files\TechSmith 2009-10-23 12:00 . 2009-10-23 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-10-21 18:19 . 2009-10-21 18:09 -------- d-----w- c:\documents and settings\Mandic\Application Data\Eltima Software 2009-10-21 12:49 . 2009-10-21 12:49 -------- d-----w- c:\program files\Xilisoft 2009-10-21 12:35 . 2009-10-21 12:16 -------- d-----w- c:\program files\Real Alternative 2009-10-21 12:25 . 2008-10-11 08:37 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-21 07:52 . 2009-06-10 13:13 -------- d-----w- c:\program files\Garena 2009-10-13 18:00 . 2009-10-21 12:25 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-09-14 08:36 . 2009-10-21 12:25 758018 ----a-w- c:\windows\system32\xvidcore.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 25088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] c:\documents and settings\Mandic\Start Menu\Programs\Startup\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "Magentic"=c:\progra~1\Magentic\bin\Magentic.exe /c "RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H "Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet "ctfmon.exe"=c:\windows\system32\ctfmon.exe "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet "MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WinampAgent"="c:\program files\Winamp\winampa.exe" "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033 "Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" -r "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\Mandic\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"= "c:\\Program Files\\Capcom\\Bionic Commando\\bionic_commando.exe"= "c:\\Program Files\\Capcom\\Bionic Commando\\Support\\CAP1-0101.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/10/2008 21:02 717296] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/10/2008 19:22 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 10:01 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 10:01 72944] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/10/2008 19:22 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [07/11/2009 17:57 54752] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 10:01 7408] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [30/01/2009 21:07 8192] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Mandic\LOCALS~1\Temp\VDI34.tmp --> c:\docume~1\Mandic\LOCALS~1\Temp\VDI34.tmp [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uStart Page = hxxp://mystart.incredimail.com/ mStart Page = hxxp://home.sweetim.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/eng/avast_4_professional.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\documents and settings\Mandic\Application Data\Mozilla\Firefox\Profiles\qqdhikh1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/sr/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=S2PrLFhGmjrzwyi7dApY4g&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\documents and settings\Mandic\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe AddRemove-Easy-PhotoPrint - c:\program files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini AddRemove-Easy-PrintToolBox - c:\program files\Canon\Easy-PrintToolBox\uninst.exe uninst.ini AddRemove-MediaNavigation.CDLabelPrint - c:\program files\Canon\CD-LabelPrint\Uninstal.exe Canon.CDLabelPrint.Application AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-06 23:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x89DE41F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb80fcfc3 \Driver\ACPI -> ACPI.sys @ 0xb7e3fcb8 \Driver\atapi -> sfsync02.sys @ 0xb80c98b4 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c ParseProcedure -> ntkrnlpa.exe @ 0x8058146a NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7cdeba0 PacketIndicateHandler -> NDIS.sys @ 0xb7cebb21 SendHandler -> NDIS.sys @ 0xb7cc987b user & kernel MBR OK ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Mandic\LOCALS~1\Temp\VDI34.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-1390067357-2147167427-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D08336D-B457-EBC3-1FF4-A3BCB1C72D8F}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "panppaicpjnmmoppjmdppdhendahgkdj"=hex:6a,61,6b,67,6f,61,66,66,6e,66,70,69,6a, 6c,63,66,6e,70,65,6c,00,7f "oahancomoilngjcgkcapbndhoojpmk"=hex:6a,61,6b,67,6f,61,66,66,6e,66,70,69,6a,6c, 63,66,6e,70,65,6c,00,7f [HKEY_USERS\S-1-5-21-839522115-1390067357-2147167427-1003\Software\SecuROM\License information] "datasecu"=hex:7d,30,6a,81,60,1e,24,04,2a,8e,85,ee,e1,13,2a,5d,77,95,cf,9c,37, 19,f9,54,72,98,d5,f8,07,d3,74,5f,b1,39,6a,e9,a6,4d,fe,5b,1b,8a,0f,94,c5,d8,\ "rkeysecu"=hex:15,29,29,60,41,81,cd,b4,c9,9e,93,41,c3,0e,69,92 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\sfc_os.dll c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\documents and settings\Mandic\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'explorer.exe'(2888-) c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\ntshrui.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\TUProgSt.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE . ************************************************************************** . Completion time: 2009-12-06 23:27 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-06 22:27 Pre-Run: 6,550,351,872 bytes free Post-Run: 6,477,574,144 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - BC67D0EDBDC5C4B9D9C9BDAD7DDD4A30

Profil

dr_Bora Poslao: 07 Dec 2009 17:28 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll Folder:: c:\program files\Fun Web Products DDS:: IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 Firefox:: FF - ProfilePath - c:\documents and settings\Mandic\Application Data\Mozilla\Firefox\Profiles\qqdhikh1.default\ FF - prefs.js: keyword.URL - FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll RegNull:: [HKEY_USERS\S-1-5-21-839522115-1390067357-2147167427-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D08336D-B457-EBC3-1FF4-A3BCB1C72D8F}*] Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MyWebSearch Email Plugin"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "MyWebSearch Email Plugin"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Coler master Poslao: 07 Dec 2009 19:20 Idi na vrh
offline Coler master Zaslužni građanin Pridružio: 26 Dec 2007 Poruke: 612 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 07 Dec 2009 19:18 Ako sam te dobro razumeo ovaj text treba u Notepadu da upamtim i dam mu naziv CFScript,to samo prenesem na combofix,da li da otvaram ili ne combo,i opet uradim skeniranje ili čišćenje to me buni,ako radim skeniranje jel opet text koji mi izbaci da upamtim i okačim ovde. Dopuna: 07 Dec 2009 19:20 I da li da opet isključim anti virus i sve ono,kao da ponovo skeniram komp ili nije potrebno.

Profil

dr_Bora Poslao: 07 Dec 2009 20:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskopiraš sve što se nalazi unutar Kod polja u Notepad i to snimiš kao CFScript (daš mu takvo ime). Taj file koji si snimio prevučeš na ikonicu ComboFix-a i pustiš ga na njega - time će se program pokrenuti. Na kraju rada ćeš dobiti log koji treba ovde da iskopiraš. Isključi zaštitni softver.

Profil

Coler master Poslao: 07 Dec 2009 20:25 Idi na vrh
offline Coler master Zaslužni građanin Pridružio: 26 Dec 2007 Poruke: 612 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ok odrađeno,jel to to ili ima i dalje. https://www.mycity.rs/must-login.png ComboFix 09-12-06.A3 - Mandic 07/12/2009 19:57.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1457 [GMT 1:00] Running from: c:\documents and settings\Mandic\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mandic\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 091207-0] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Fun Web Products c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 ))))))))))))))))))))))))))))))) . 2009-12-02 16:16 . 2009-12-02 16:17 -------- d-----w- c:\program files\QuickTime 2009-12-02 16:16 . 2009-12-02 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-11-24 23:49 . 2009-11-27 00:22 -------- d-----w- c:\documents and settings\Mandic\Application Data\Tor 2009-11-24 23:49 . 2009-11-27 00:22 -------- d-----w- c:\documents and settings\Mandic\Application Data\Vidalia 2009-11-24 23:49 . 2009-11-24 23:49 -------- d-----w- c:\program files\Vidalia Bundle 2009-11-24 20:44 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-11-24 20:44 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-11-24 20:44 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-11-24 20:44 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-11-24 20:44 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-11-24 20:44 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-11-24 20:44 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-11-24 20:13 . 2009-11-24 20:13 -------- d-----w- c:\program files\Activision 2009-11-23 21:08 . 2009-11-23 21:08 -------- d-----w- c:\program files\Vstplugins 2009-11-23 21:08 . 2009-11-23 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-11-23 21:08 . 2009-11-23 21:08 -------- d-----w- c:\program files\Sony 2009-11-23 21:08 . 2009-11-23 21:08 -------- d-----w- c:\program files\Sony Setup 2009-11-22 11:04 . 2009-11-22 11:34 -------- d-----w- c:\program files\SopCast 2009-11-19 22:49 . 2009-11-19 22:59 -------- d-----w- c:\documents and settings\Mandic\Application Data\Publish Providers 2009-11-14 10:31 . 2009-11-14 10:31 -------- d-----w- c:\program files\Vimeo Uploader 2009-11-09 23:06 . 2009-11-22 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-11-09 14:56 . 2009-11-09 15:03 -------- d-----w- C:\vcs5core 2009-11-08 16:24 . 2009-11-08 16:24 -------- d-----w- c:\documents and settings\Mandic\Application Data\MPEG Streamclip 2009-11-08 15:51 . 2009-11-11 18:35 -------- d-----w- C:\vcs5BGEffects 2009-11-08 15:50 . 2009-11-21 20:08 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-11-08 11:20 . 2009-11-23 21:12 -------- d-----w- c:\documents and settings\Mandic\Local Settings\Application Data\Sony 2009-11-08 11:20 . 2009-11-23 21:12 -------- d-----w- c:\documents and settings\Mandic\Application Data\Sony . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-07 18:55 . 2009-03-12 19:59 117760 ----a-w- c:\documents and settings\Mandic\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-06 22:38 . 2008-10-10 21:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-05 19:45 . 2009-01-23 13:58 -------- d-----w- c:\documents and settings\Mandic\Application Data\uTorrent 2009-11-24 23:54 . 2008-10-10 18:18 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:51 . 2008-10-10 18:18 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-24 23:50 . 2008-10-10 18:18 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-24 23:50 . 2008-10-10 18:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-10-10 18:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2008-10-10 18:18 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2008-10-10 18:18 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2008-10-10 18:18 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-24 23:47 . 2008-10-10 18:18 97480 ----a-w- c:\windows\system32\AVASTSS.scr 2009-11-22 22:51 . 2009-08-03 20:23 -------- d-----w- c:\program files\vSoft 2009-11-15 13:20 . 2009-10-28 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2009-11-14 10:31 . 2009-09-18 15:15 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-11-14 10:31 . 2009-09-18 15:15 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-11-07 16:58 . 2009-11-07 16:58 -------- d-----w- c:\program files\Microsoft Silverlight 2009-11-07 16:58 . 2009-11-07 16:55 -------- d-----w- c:\program files\Microsoft 2009-11-07 16:57 . 2009-11-07 16:57 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-11-07 16:57 . 2008-10-11 16:04 -------- d-----w- c:\program files\Windows Live 2009-11-07 16:57 . 2009-11-07 16:57 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-11-07 16:56 . 2009-11-07 16:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-11-07 16:54 . 2009-11-07 16:54 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-07 16:40 . 2009-11-07 16:40 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-05 14:59 . 2009-10-21 18:23 -------- d-----w- c:\program files\iWisoft Flash SWF to Video Converter 2009-11-04 18:01 . 2008-10-03 07:58 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-04 18:00 . 2008-10-03 08:23 -------- d-----w- c:\program files\CyberLink 2009-11-04 18:00 . 2009-10-28 23:06 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe 2009-11-04 18:00 . 2009-11-04 18:00 -------- d-----w- c:\program files\SmartSound Software 2009-11-04 17:58 . 2009-10-30 16:19 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe 2009-11-04 16:33 . 2009-11-04 16:33 -------- d-----w- c:\program files\Common Files\Apple 2009-11-04 16:33 . 2009-11-04 16:33 -------- d-----w- c:\program files\Apple Software Update 2009-11-04 16:33 . 2009-11-04 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-11-04 15:53 . 2009-04-20 20:21 -------- d-----w- c:\documents and settings\Mandic\Application Data\TeamViewer 2009-11-04 15:28 . 2008-10-11 08:12 -------- d-----w- c:\documents and settings\Mandic\Application Data\BSplayer PRO 2009-11-03 19:19 . 2009-04-20 20:21 -------- d-----w- c:\program files\TeamViewer 2009-11-01 17:17 . 2008-10-10 21:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-01 16:04 . 2009-11-01 16:04 -------- d-----w- c:\documents and settings\Mandic\Application Data\360desktop 2009-10-30 23:52 . 2009-10-30 23:52 -------- d-----w- c:\documents and settings\Mandic\Application Data\Apple Computer 2009-10-29 14:21 . 2009-10-29 14:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\CyberLink 2009-10-28 23:15 . 2008-10-03 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-10-28 23:12 . 2008-12-07 13:03 -------- d-----w- c:\documents and settings\Mandic\Application Data\CyberLink 2009-10-28 23:10 . 2008-10-03 07:45 77208 ----a-w- c:\documents and settings\Mandic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-25 17:30 . 2009-10-25 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith 2009-10-24 17:16 . 2009-10-24 17:16 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2009-10-24 17:16 . 2009-10-24 17:16 -------- d-----w- c:\program files\TechSmith 2009-10-23 12:00 . 2009-10-23 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-10-21 18:19 . 2009-10-21 18:09 -------- d-----w- c:\documents and settings\Mandic\Application Data\Eltima Software 2009-10-21 12:49 . 2009-10-21 12:49 -------- d-----w- c:\program files\Xilisoft 2009-10-21 12:35 . 2009-10-21 12:16 -------- d-----w- c:\program files\Real Alternative 2009-10-21 12:25 . 2008-10-11 08:37 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-21 07:52 . 2009-06-10 13:13 -------- d-----w- c:\program files\Garena 2009-10-13 18:00 . 2009-10-21 12:25 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-09-14 08:36 . 2009-10-21 12:25 758018 ----a-w- c:\windows\system32\xvidcore.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-06_22.23.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-07 18:55 . 2009-12-07 18:55 16384 c:\windows\Temp\Perflib_Perfdata_7e0.dat + 2009-12-07 18:55 . 2009-12-07 18:55 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat + 2001-08-23 14:00 . 2009-12-07 19:00 59788 c:\windows\system32\perfc009.dat - 2001-08-23 14:00 . 2009-12-06 22:21 59788 c:\windows\system32\perfc009.dat + 2001-08-23 14:00 . 2009-12-07 19:00 395532 c:\windows\system32\perfh009.dat - 2001-08-23 14:00 . 2009-12-06 22:21 395532 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] c:\documents and settings\Mandic\Start Menu\Programs\Startup\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "Magentic"=c:\progra~1\Magentic\bin\Magentic.exe /c "RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H "Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet "ctfmon.exe"=c:\windows\system32\ctfmon.exe "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WinampAgent"="c:\program files\Winamp\winampa.exe" "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033 "Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" -r "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\Mandic\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"= "c:\\Program Files\\Capcom\\Bionic Commando\\bionic_commando.exe"= "c:\\Program Files\\Capcom\\Bionic Commando\\Support\\CAP1-0101.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/10/2008 19:22 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 10:01 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 10:01 72944] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/10/2008 19:22 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [07/11/2009 17:57 54752] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/10/2008 21:02 717296] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [30/01/2009 21:07 8192] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Mandic\LOCALS~1\Temp\VDI34.tmp --> c:\docume~1\Mandic\LOCALS~1\Temp\VDI34.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 10:01 7408] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uStart Page = hxxp://mystart.incredimail.com/ mStart Page = hxxp://home.sweetim.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/eng/avast_4_professional.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\documents and settings\Mandic\Application Data\Mozilla\Firefox\Profiles\qqdhikh1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/sr/ FF - plugin: c:\documents and settings\Mandic\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - AddRemove-Easy-WebPrint - c:\windows\IsUninst.exe -fc:\program files\Canon\Easy-WebPrint\Uninst.isu AddRemove-Morton Benson English-Serbian Dictionary - c:\windows\IsUninst.exe -fc:\program files\Morton Benson\Uninst.isu AddRemove-Morton Benson SerboCroatian-English Dictionary - c:\windows\IsUninst.exe -fc:\program files\Morton Benson\Uninst.isu AddRemove-Oxford Advanced Genie - c:\windows\IsUninst.exe -fc:\program files\Oxford\GAS001OU\Uninst.isu ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-07 20:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\Mandic\LOCALS~1\Temp\VDI34.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-1390067357-2147167427-1003\Software\SecuROM\License information*] "datasecu"=hex:7d,30,6a,81,60,1e,24,04,2a,8e,85,ee,e1,13,2a,5d,77,95,cf,9c,37, 19,f9,54,72,98,d5,f8,07,d3,74,5f,b1,39,6a,e9,a6,4d,fe,5b,1b,8a,0f,94,c5,d8,\ "rkeysecu"=hex:15,29,29,60,41,81,cd,b4,c9,9e,93,41,c3,0e,69,92 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\sfc_os.dll c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\documents and settings\Mandic\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll . Completion time: 2009-12-07 20:03 ComboFix-quarantined-files.txt 2009-12-07 19:03 Pre-Run: 6,416,875,520 bytes free Post-Run: 6,407,438,336 bytes free - - End Of File - - EDD4C321466067AA3C718076F3E46C19

Profil

dr_Bora Poslao: 07 Dec 2009 20:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je to, bar što se tiče malware-a. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem nakon podizanja sistema

Ko je trenutno na forumu

Ukupno su 1055 korisnika na forumu :: 53 registrovanih, 6 sakrivenih i 996 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, Alibaba1981, bladesu, Bluper, bobomicek, Bobrock1, brundo65, cavatina, ccoogg123, Denaya, DENIRO, djboj, Dogma21, dragoljub11987, DragoslavS, Duh sa sekirom, Fog of War, Frunze, HrcAk47, ILGromovnik, JimmyNapoli, Joja, Još malo pa deda, kunktator, kuntalo, Magistar78, Marko Marković, marsovac 2, mean_machine, Metanoja, mkukoleca, mnn2, mrav pesadinac, nebidrag, nenad81, nick79, nuke92, ozzy, Panter, Prometeus, Raso75, raykan, royst33, sabros, samsung, Simon simonović, stegonosa, TBF1D, Tila Painen, vargas, vathra, voja64

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by