MyCity » Ambulanta -> Arhiva Ambulante » Superantispyware mi detektovao virus PUP.MyWebsearch

Superantispyware mi detektovao virus PUP.MyWebsearch

Napisano na dan: 14.4.2013

Strana:
1
2

Superantispyware mi detektovao virus PUP.MyWebsearch

Sledeća strana

Pagination

Odgovori

Strana:
1
2

njuskalo75 Poslao: 14 Apr 2013 17:13 Idi na vrh
offline njuskalo75 Ugledni građanin Dalibor Pridružio: 03 Feb 2011 Poruke: 445 Gde živiš: Nemačka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Superantispyware mi je detektovao virus PUP.MyWebsearch danas i nemogu da ga uklonim sa sistema DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2 Run by Dalibor at 17:00:12 on 2013-04-14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.162 [GMT 2:00] . AV: Panda Cloud Antivirus Enabled/Updated {5AD27692-540A-464E-B625-78275FA38393} FW: Cloud Antivirus Firewall Disabled . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^HJ^xdm238^YY^rs&ptb=33BF75C7-66CC-49DD-A3A1-3FB9EDC53722 mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [VMSnap3] c:\windows\VMSnap3.EXE mRun: [Domino] c:\windows\Domino.EXE mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\dalibor\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{9F4E3ED5-5E40-425C-BD51-990C50442851} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dalibor\application data\mozilla\firefox\profiles\6e0jhsd5.default\ FF - prefs.js: browser.search.selectedEngine - My Web Search FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=33BF75C7-66CC-49DD-A3A1-3FB9EDC53722&n=77fc92a3&p2=^HJ^xdm238^YY^rs FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=33BF75C7-66CC-49DD-A3A1-3FB9EDC53722&n=77fc92a3&ind=2013041315&p2=^HJ^xdm238^YY^rs&searchfor= FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: !HIDDEN! 2013-04-13 14:59; speedanalysis@SpeedAnalysis.com; c:\documents and settings\dalibor\application data\mozilla\extensions\speedanalysis@SpeedAnalysis.com . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a84fa357000000000000001d92472bc2&q= FF - user.js: extensions.BabylonToolbar.id - a84fa357000000000000001d92472bc2 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15808 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10 FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1015:01:18 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - uninst FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=121182 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar.rvrt - false FF - user.js: extensions.BabylonToolbar.newTab - false . ============= SERVICES / DRIVERS =============== . R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-11-26 82728] R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-11-26 119080] R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-1-9 95584] R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-11-26 123944] R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-11-26 94632] R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-11-26 105640] R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-11-26 286888] R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-11-26 159528] R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-11-26 108200] R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-11-28 218024] R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-11-26 93096] R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2012-11-9 178728] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608] R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-1-27 140512] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-11-9 149288] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-11-9 102184] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-11-9 114216] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-11-9 123560] R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-1-27 37088] R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2013-4-13 46672] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2013-4-3 428160] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216] S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [2012-10-22 38824] S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?] S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2012-11-26 51496] . =============== Created Last 30 ================ . 2013-04-13 13:34:56 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2013-04-13 13:00:43 -------- d-----w- c:\documents and settings\dalibor\application data\PerformerSoft 2013-04-13 13:00:34 18096 ----a-w- c:\windows\system32\roboot.exe 2013-04-13 13:00:08 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2013-04-13 13:00:07 -------- d-----w- c:\documents and settings\dalibor\application data\Babylon 2013-04-13 12:59:18 -------- d-----w- c:\documents and settings\dalibor\application data\SpeedanAlysis 2013-04-13 12:59:04 -------- d-----w- c:\documents and settings\dalibor\application data\File Scout 2013-04-10 06:57:19 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2013-04-10 06:57:18 -------- d-----w- c:\program files\Hitman Pro 3.5 2013-04-10 06:57:11 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro 2013-04-09 11:15:19 -------- d-----w- C:\extensions 2013-04-09 11:13:27 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\ACD Systems 2013-04-09 11:13:27 -------- d-----w- c:\documents and settings\dalibor\application data\ACD Systems 2013-04-09 11:12:15 -------- d-----w- c:\documents and settings\all users\application data\ACD Systems 2013-04-09 11:12:08 -------- d-----w- c:\program files\common files\ACD Systems 2013-04-09 11:12:08 -------- d-----w- c:\program files\ACD Systems 2013-04-09 11:03:39 5888 ------w- c:\windows\system32\drivers\imagedrv.sys 2013-04-09 11:03:39 127488 ------w- c:\windows\system32\drivers\imagesrv.sys 2013-04-09 11:03:13 364544 ------w- c:\windows\system32\TwnLib4.dll 2013-04-09 11:03:12 471040 ------w- c:\windows\system32\ImagXRA7.dll 2013-04-09 11:03:12 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2013-04-09 11:03:11 476320 ------w- c:\windows\system32\ImagXpr7.dll 2013-04-09 11:03:11 262144 ------w- c:\windows\system32\ImagXR7.dll 2013-04-09 11:03:11 1568768 ------w- c:\windows\system32\ImagX7.dll 2013-04-09 11:03:10 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2013-04-08 17:46:51 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Identities 2013-04-08 16:50:50 -------- d-----w- c:\program files\Maxthon3 2013-04-06 06:46:11 -------- d-----w- c:\program files\FastStone Capture 2013-04-06 06:39:32 -------- d-----w- c:\program files\Defraggler 2013-04-05 07:31:04 5632 ----a-w- c:\windows\system32\ptpusb.dll 2013-04-05 07:31:03 159232 ----a-w- c:\windows\system32\ptpusd.dll 2013-04-05 07:31:03 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2013-04-05 07:31:03 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2013-04-04 13:00:48 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-04-04 13:00:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-04-04 13:00:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-04-04 13:00:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-04-04 13:00:45 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-04-04 13:00:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-04-04 13:00:44 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-04-04 13:00:41 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-04-04 12:50:54 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-04-04 12:50:11 -------- d-----w- c:\windows\ie8updates 2013-04-04 12:49:27 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll 2013-04-04 12:48:54 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll 2013-04-04 12:48:53 265728 -c----w- c:\windows\system32\dllcache\http.sys 2013-04-04 12:48:53 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll 2013-04-04 12:44:51 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2013-04-04 12:38:50 -------- d-----w- c:\documents and settings\all users\application data\IObit 2013-04-04 12:32:57 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Yahoo 2013-04-04 12:17:58 -------- d-----w- c:\program files\Instant CD & DVD Burner 2013-04-04 12:16:21 -------- d-----w- c:\program files\MSECache 2013-04-04 12:14:15 -------- d-----w- C:\audiograbber 2013-04-04 12:12:43 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Adobe 2013-04-04 12:11:54 -------- d-----w- c:\program files\GRETECH 2013-04-04 12:09:22 -------- d-----w- c:\windows\Word 2 PDF 2013-04-04 12:09:22 -------- d-----w- c:\program files\Word 2 PDF 2013-04-04 11:58:57 -------- d-----w- c:\documents and settings\dalibor\application data\OpenCandy 2013-04-04 11:58:52 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2013-04-04 11:58:51 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2013-04-04 11:58:47 -------- d-----w- c:\windows\Logs 2013-04-04 11:58:41 -------- d-----w- c:\program files\Winamp Detect 2013-04-04 11:58:18 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe 2013-04-04 11:58:18 47616 ----a-w- c:\program files\windows media player\msoobci.dll 2013-04-04 11:57:52 -------- d-----w- c:\windows\RegisteredPackages 2013-04-04 11:52:35 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Sun 2013-04-04 11:41:37 -------- d-----w- c:\documents and settings\dalibor\application data\SUPERAntiSpyware.com 2013-04-04 11:41:05 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-04-04 11:41:05 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2013-04-04 11:38:57 -------- d-----w- c:\documents and settings\dalibor\application data\IObit 2013-04-04 11:38:52 -------- d-----w- c:\program files\IObit 2013-04-04 11:35:28 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-04 11:35:28 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-04 11:35:28 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-04 11:35:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-04 11:30:55 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan 2013-04-04 11:30:50 -------- d-----w- c:\program files\McAfee Security Scan 2013-04-04 11:30:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 11:30:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-04 09:19:20 -------- d-sh--w- c:\documents and settings\dalibor\IETldCache 2013-04-04 09:00:37 -------- dc-h--w- c:\windows\ie8 2013-04-04 08:36:35 -------- d-----w- c:\windows\system32\appmgmt 2013-04-04 08:28:30 -------- d-----w- c:\documents and settings\dalibor\application data\FastStone 2013-04-04 08:27:39 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Downloaded Installations 2013-04-04 06:11:54 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-04-04 06:11:28 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-04-04 06:11:18 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2013-04-04 06:10:43 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2013-04-04 06:10:34 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2013-04-04 06:10:12 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2013-04-04 06:10:12 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2013-04-04 06:10:03 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2013-04-04 06:09:36 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2013-04-04 06:09:23 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2013-04-04 06:09:22 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-04-04 06:09:22 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-04-04 06:09:18 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2013-04-04 06:08:23 536576 -c----w- c:\windows\system32\dllcache\msado15.dll 2013-04-04 06:07:38 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2013-04-04 06:07:37 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2013-04-04 06:07:37 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2013-04-04 06:07:37 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2013-04-04 06:07:37 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2013-04-04 06:07:37 110592 -c----w- c:\windows\system32\dllcache\services.exe 2013-04-04 06:07:36 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2013-04-04 06:07:30 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2013-04-04 06:05:53 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2013-04-04 06:05:15 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll 2013-04-04 06:04:41 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2013-04-04 06:04:39 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2013-04-03 22:54:45 -------- d-----w- c:\windows\system32\PreInstall 2013-04-03 22:54:43 -------- d--h--w- c:\windows\$hf_mig$ 2013-04-03 22:49:41 -------- d-----w- c:\program files\Yahoo! 2013-04-03 22:09:27 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2013-04-03 22:08:41 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2013-04-03 22:07:57 74240 ----a-w- c:\windows\system32\usbui.dll 2013-04-03 22:07:22 -------- d-----r- c:\program files\Skype 2013-04-03 22:05:49 -------- d-----w- C:\Documents and Settings . ==================== Find3M ==================== . 2013-04-03 20:54:56 315392 ----a-w- c:\windows\HideWin.exe 2013-03-25 20:39:46 4546560 ----a-w- c:\windows\system32\GPhotos.scr 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll . ============= FINISH: 17:01:00,90 =============== https://www.mycity.rs/must-login.png

Profil

magna86 Poslao: 14 Apr 2013 17:29 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	2Ovo se svidja korisnicima: njuskalo75, mcrule Registruj se da bi pohvalio/la poruku! Pozdrav, Preuzmi Junkware Removal Tool ( JRT ) i sacuvaj ga na desktop. zatvori browser i ostale pokrenute programe; Jel potrebno navesti napomenu za duzinu scana? Da postavim ovaj PG ili nema potrebe za tim? Privremeno deaktiviraj zastitni softver (Uputstvo); dvoklikom na ikonicu ( )pokreni program JRT; Kod obavestenja "press any key" pritisnuti bilo koji taster i alat ce zapoceti skeniranje. Napomena: u ovisnosti od sistemske specifikacije vreme skeniranja u nekim slucajevima moze da potraje. Kada zavrsi otvorice se log sa izvestajem koji ce biti sacuvan na desktopu pod nazivom JRT.txt Kopiraj sadrzaj tog loga u temu. **************************** Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop Dvoklikom pokreni program. Klikni na dugme [Delete] i pricekaj da program zavrsi. Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu. Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt **************************** > Ponovo pokreni DDS i postavi svez DDS.txt log na uvid.

Profil

njuskalo75 Poslao: 14 Apr 2013 17:53 Idi na vrh
offline njuskalo75 Ugledni građanin Dalibor Pridružio: 03 Feb 2011 Poruke: 445 Gde živiš: Nemačka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.3 (04.05.2013:1) OS: Microsoft Windows XP x86 Ran by Dalibor on ned 14.04.2013 at 17:33:45,71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1177238915-1677128483-725345543-1003\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\babylon Failed to delete: [Registry Key] hkey_current_user\software\datamngr Failed to delete: [Registry Key] hkey_local_machine\software\datamngr Successfully deleted: [Registry Key] hkey_current_user\software\performersoft llc Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe" Successfully deleted: [File] C:\WINDOWS\prefetch\BABYLONTOOLBAR4FFX.EXE-0E42DD66.pf Successfully deleted: [File] C:\WINDOWS\prefetch\BABYLONTOOLBAR4IE.EXE-32ABF3CC.pf Successfully deleted: [File] C:\WINDOWS\prefetch\BABYLONTOOLBARSRV.EXE-321ADE0A.pf Successfully deleted: [File] C:\WINDOWS\prefetch\MYBABYLONTB.EXE-062DF470.pf ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon" Successfully deleted: [Folder] "C:\Documents and Settings\Dalibor\Application Data\babylon" Successfully deleted: [Folder] "C:\Documents and Settings\Dalibor\Application Data\blekko" Successfully deleted: [Folder] "C:\Documents and Settings\Dalibor\Application Data\file scout" Successfully deleted: [Folder] "C:\Documents and Settings\Dalibor\Application Data\opencandy" Successfully deleted: [Folder] "C:\Documents and Settings\Dalibor\Application Data\performersoft" ~~~ FireFox Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] C:\Documents and Settings\Dalibor\Application Data\mozilla\firefox\profiles\6e0jhsd5.default\user.js Successfully deleted: [File] C:\Documents and Settings\Dalibor\Application Data\mozilla\firefox\profiles\6e0jhsd5.default\invalidprefs.js Successfully deleted: [File] C:\Documents and Settings\Dalibor\Application Data\mozilla\firefox\profiles\6e0jhsd5.default\searchplugins\my-web-search.xml Successfully deleted the following from C:\Documents and Settings\Dalibor\Application Data\mozilla\firefox\profiles\6e0jhsd5.default\prefs.js user_pref("browser.search.defaultenginename", "My Web Search"); user_pref("browser.search.selectedEngine", "My Web Search"); user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=33BF75C7-66CC-49DD-A3A1-3FB9EDC53722&n=77fc92a3&p2=^HJ^xdm238^YY^rs"); user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.ffxUnstlRst", true); user_pref("extensions.BabylonToolbar.id", "a84fa357000000000000001d92472bc2"); user_pref("extensions.BabylonToolbar.instlDay", "15808"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.newTab", false); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.rvrt", "false"); user_pref("extensions.BabylonToolbar.smplGrp", "none"); user_pref("extensions.BabylonToolbar.tlbrId", "uninst"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a84fa357000000000000001d92472bc2&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10"); user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1015:01:18"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=121182"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.mywebsearch.prevDefaultEngine", "Google"); user_pref("extensions.mywebsearch.prevKwdEnabled", true); user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=33BF75C7-66CC-49DD-A3A1-3FB9EDC53722&n=77fc92a3&ind=201304131 user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=33BF75C7-66CC-49DD-A3A1-3FB9EDC53722&n=77fc92a3&p2=^HJ^xdm238^YY^rs user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true); user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", 58928459); user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1); user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", ""); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013041315"); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm238^YY^rs"); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", ""); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "33BF75C7-66CC-49DD-A3A1-3FB9EDC53722"); user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1365858384630"); user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true); user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true); user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true); user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true); user_pref("extensions.toolbar.mindspark.hp.enabled", true); user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com"); user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com"); user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=33BF75C7-66CC-49DD-A3A1-3FB9EDC53722&n=77fc92a3&ind=2013041315&p2=^HJ^xdm238^YY^rs& ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ned 14.04.2013 at 17:42:55,34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2 Run by Dalibor at 17:49:27 on 2013-04-14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.340 [GMT 2:00] . AV: Panda Cloud Antivirus Enabled/Updated {5AD27692-540A-464E-B625-78275FA38393} FW: Cloud Antivirus Firewall Disabled . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe C:\Program Files\Skype\Updater\Updater.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\Program Files\Maxthon3\Bin\Maxthon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [VMSnap3] c:\windows\VMSnap3.EXE mRun: [Domino] c:\windows\Domino.EXE mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\dalibor\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{9F4E3ED5-5E40-425C-BD51-990C50442851} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dalibor\application data\mozilla\firefox\profiles\6e0jhsd5.default\ FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: !HIDDEN! 2013-04-13 14:59; speedanalysis@SpeedAnalysis.com; c:\documents and settings\dalibor\application data\mozilla\extensions\speedanalysis@SpeedAnalysis.com . ============= SERVICES / DRIVERS =============== . R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-11-26 82728] R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-11-26 119080] R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-1-9 95584] R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-11-26 123944] R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-11-26 94632] R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-11-26 105640] R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-11-26 286888] R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-11-26 159528] R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-11-26 108200] R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-11-28 218024] R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-11-26 93096] R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2012-11-9 178728] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608] R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-1-27 140512] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-11-9 149288] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-11-9 102184] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-11-9 114216] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-11-9 123560] R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-1-27 37088] R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2013-4-13 46672] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2013-4-3 428160] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216] S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [2012-10-22 38824] S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?] S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2012-11-26 51496] . =============== Created Last 30 ================ . 2013-04-14 15:33:44 -------- d-----w- c:\windows\ERUNT 2013-04-14 15:33:35 -------- d-----w- C:\JRT 2013-04-13 13:34:56 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2013-04-10 06:57:19 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2013-04-10 06:57:18 -------- d-----w- c:\program files\Hitman Pro 3.5 2013-04-10 06:57:11 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro 2013-04-09 11:15:19 -------- d-----w- C:\extensions 2013-04-09 11:13:27 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\ACD Systems 2013-04-09 11:13:27 -------- d-----w- c:\documents and settings\dalibor\application data\ACD Systems 2013-04-09 11:12:15 -------- d-----w- c:\documents and settings\all users\application data\ACD Systems 2013-04-09 11:12:08 -------- d-----w- c:\program files\common files\ACD Systems 2013-04-09 11:12:08 -------- d-----w- c:\program files\ACD Systems 2013-04-09 11:03:39 5888 ------w- c:\windows\system32\drivers\imagedrv.sys 2013-04-09 11:03:39 127488 ------w- c:\windows\system32\drivers\imagesrv.sys 2013-04-09 11:03:13 364544 ------w- c:\windows\system32\TwnLib4.dll 2013-04-09 11:03:12 471040 ------w- c:\windows\system32\ImagXRA7.dll 2013-04-09 11:03:12 106496 ----a-w- c:\windows\system32\TwnLib20.dll 2013-04-09 11:03:11 476320 ------w- c:\windows\system32\ImagXpr7.dll 2013-04-09 11:03:11 262144 ------w- c:\windows\system32\ImagXR7.dll 2013-04-09 11:03:11 1568768 ------w- c:\windows\system32\ImagX7.dll 2013-04-09 11:03:10 155648 ----a-w- c:\windows\system32\NeroCheck.exe 2013-04-08 17:46:51 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Identities 2013-04-08 16:50:50 -------- d-----w- c:\program files\Maxthon3 2013-04-06 06:46:11 -------- d-----w- c:\program files\FastStone Capture 2013-04-06 06:39:32 -------- d-----w- c:\program files\Defraggler 2013-04-05 07:31:04 5632 ----a-w- c:\windows\system32\ptpusb.dll 2013-04-05 07:31:03 159232 ----a-w- c:\windows\system32\ptpusd.dll 2013-04-05 07:31:03 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2013-04-05 07:31:03 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2013-04-04 13:00:48 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-04-04 13:00:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-04-04 13:00:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-04-04 13:00:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-04-04 13:00:45 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-04-04 13:00:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-04-04 13:00:44 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-04-04 13:00:41 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-04-04 12:50:54 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-04-04 12:50:11 -------- d-----w- c:\windows\ie8updates 2013-04-04 12:49:27 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll 2013-04-04 12:48:54 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll 2013-04-04 12:48:53 265728 -c----w- c:\windows\system32\dllcache\http.sys 2013-04-04 12:48:53 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll 2013-04-04 12:44:51 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2013-04-04 12:38:50 -------- d-----w- c:\documents and settings\all users\application data\IObit 2013-04-04 12:32:57 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Yahoo 2013-04-04 12:17:58 -------- d-----w- c:\program files\Instant CD & DVD Burner 2013-04-04 12:16:21 -------- d-----w- c:\program files\MSECache 2013-04-04 12:14:15 -------- d-----w- C:\audiograbber 2013-04-04 12:12:43 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Adobe 2013-04-04 12:11:54 -------- d-----w- c:\program files\GRETECH 2013-04-04 12:09:22 -------- d-----w- c:\windows\Word 2 PDF 2013-04-04 12:09:22 -------- d-----w- c:\program files\Word 2 PDF 2013-04-04 11:58:52 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2013-04-04 11:58:51 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2013-04-04 11:58:47 -------- d-----w- c:\windows\Logs 2013-04-04 11:58:41 -------- d-----w- c:\program files\Winamp Detect 2013-04-04 11:58:18 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe 2013-04-04 11:58:18 47616 ----a-w- c:\program files\windows media player\msoobci.dll 2013-04-04 11:57:52 -------- d-----w- c:\windows\RegisteredPackages 2013-04-04 11:52:35 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Sun 2013-04-04 11:41:37 -------- d-----w- c:\documents and settings\dalibor\application data\SUPERAntiSpyware.com 2013-04-04 11:41:05 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-04-04 11:41:05 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2013-04-04 11:38:57 -------- d-----w- c:\documents and settings\dalibor\application data\IObit 2013-04-04 11:38:52 -------- d-----w- c:\program files\IObit 2013-04-04 11:35:28 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-04 11:35:28 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-04 11:35:28 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-04 11:35:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-04 11:30:55 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan 2013-04-04 11:30:50 -------- d-----w- c:\program files\McAfee Security Scan 2013-04-04 11:30:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 11:30:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-04 09:19:20 -------- d-sh--w- c:\documents and settings\dalibor\IETldCache 2013-04-04 09:00:37 -------- dc-h--w- c:\windows\ie8 2013-04-04 08:36:35 -------- d-----w- c:\windows\system32\appmgmt 2013-04-04 08:28:30 -------- d-----w- c:\documents and settings\dalibor\application data\FastStone 2013-04-04 08:27:39 -------- d-----w- c:\documents and settings\dalibor\local settings\application data\Downloaded Installations 2013-04-04 06:11:54 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-04-04 06:11:28 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-04-04 06:11:18 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2013-04-04 06:10:43 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2013-04-04 06:10:34 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2013-04-04 06:10:12 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2013-04-04 06:10:12 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2013-04-04 06:10:03 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2013-04-04 06:09:36 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2013-04-04 06:09:23 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2013-04-04 06:09:22 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-04-04 06:09:22 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-04-04 06:09:18 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2013-04-04 06:08:23 536576 -c----w- c:\windows\system32\dllcache\msado15.dll 2013-04-04 06:07:38 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2013-04-04 06:07:37 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2013-04-04 06:07:37 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2013-04-04 06:07:37 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2013-04-04 06:07:37 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2013-04-04 06:07:37 110592 -c----w- c:\windows\system32\dllcache\services.exe 2013-04-04 06:07:36 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2013-04-04 06:07:30 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2013-04-04 06:05:53 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2013-04-04 06:05:15 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll 2013-04-04 06:04:41 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2013-04-04 06:04:39 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2013-04-03 22:54:45 -------- d-----w- c:\windows\system32\PreInstall 2013-04-03 22:54:43 -------- d--h--w- c:\windows\$hf_mig$ 2013-04-03 22:49:41 -------- d-----w- c:\program files\Yahoo! 2013-04-03 22:09:27 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2013-04-03 22:08:41 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2013-04-03 22:07:57 74240 ----a-w- c:\windows\system32\usbui.dll 2013-04-03 22:07:22 -------- d-----r- c:\program files\Skype 2013-04-03 22:05:49 -------- d-----w- C:\Documents and Settings . ==================== Find3M ==================== . 2013-04-03 20:54:56 315392 ----a-w- c:\windows\HideWin.exe 2013-03-25 20:39:46 4546560 ----a-w- c:\windows\system32\GPhotos.scr 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll . ============= FINISH: 17:50:23,73 ===============

Profil

magna86 Poslao: 14 Apr 2013 18:19 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	4Ovo se svidja korisnicima: TwinHeadedEagle, njuskalo75, NIx Car, mcrule Registruj se da bi pohvalio/la poruku! Ok, idemo dalje; Korak#1 Otvori Notepad i kopiraj sljedeći tekst: `@ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting Folders>>log.txt FOR %%i in ( "c:\program files\IObit" "c:\documents and settings\all users\application data\IObit") DO ( IF EXIST %%i ( RD /S /Q %%i IF EXIST %%i ( ECHO %%i not deleted>>log.txt ) ELSE ( ECHO %%i deleted successfully>>log.txt) ) ELSE ( ECHO %%i not found>>log.txt)) START NOTEPAD.EXE log.txt DEL %0` Snimi ga na Desktop pod imenom fix.bat Obrati pažnju na ekstenziju .bat Pokreni fix.bat i kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u. ******************************* Korak#2 Idemo na dodatnu antirootkit proveru: Preuzmite program GMER sa donjeg linka na Desktop: GMER download Kliknite dati link; Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save. Dvoklikom pokrenite GMER. Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No; kliknite Scan i sačekajte da skeniranje bude završeno; kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1); kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan; po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2); Priložite oba izveštaja uz poruku korišćenjem opcije Prikači fajl.

Profil

njuskalo75 Poslao: 15 Apr 2013 08:58 Idi na vrh
offline njuskalo75 Ugledni građanin Dalibor Pridružio: 03 Feb 2011 Poruke: 445 Gde živiš: Nemačka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako moze da mi pojasnis malo bolje ovaj prvi korak u upustvu,nemogu da se snadjem! Hvala !

Profil

magna86 Poslao: 15 Apr 2013 12:40 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	3Ovo se svidja korisnicima: g[h]ost, njuskalo75, mcrule Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Bilo je potrebno je da napravis batch file, evo ja sam ga napravio umesto tebe. https://www.mycity.rs/must-login.png Pokreni ga dvoklikom, cmd prozor ce bljesnuti i otvoriti notepad sa izvestajem. Kopiraj taj izvestaj ovde. ako se ne snadjes, preskoci taj korak, predji na gmer > Potom postavi mi Gmer1 i Gmer2 izvestaje.

Profil

njuskalo75 Poslao: 15 Apr 2013 17:00 Idi na vrh
offline njuskalo75 Ugledni građanin Dalibor Pridružio: 03 Feb 2011 Poruke: 445 Gde živiš: Nemačka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deleting Folders "c:\program files\IObit" deleted successfully "c:\documents and settings\all users\application data\IObit" deleted successfully Gmer sa pokretao i nemogu da do kraja iskeniram iskljucivao sam i antivirus ali nevredi

Profil

magna86 Poslao: 15 Apr 2013 18:27 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	4Ovo se svidja korisnicima: g[h]ost, njuskalo75, ThePhilosopher, mcrule Registruj se da bi pohvalio/la poruku! Po fotki ja vidim da je Gmer zavrsio skeniranje. Klikni Save > sacuvaj izvestaj kao Gmer1 log na Desktop. Kakav god da je log, samo ga prosledi. Odradi i Gmer2 log i okaci te logove ... Daj 'bwe', nije to nista tesko.

Profil

njuskalo75 Poslao: 16 Apr 2013 10:15 Idi na vrh
offline njuskalo75 Ugledni građanin Dalibor Pridružio: 03 Feb 2011 Poruke: 445 Gde živiš: Nemačka	1Ovo se svidja korisniku: mcrule Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo snasao sam se i prilazem logove Gmer1 i Gmer2 https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

magna86 Poslao: 16 Apr 2013 19:45 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	2Ovo se svidja korisnicima: njuskalo75, mcrule Registruj se da bi pohvalio/la poruku! To je to, ne vidim aktivan malware. Tvoj sistem je cist ... Rucno obrisi koriscene programe ( JRT; DDS; Gmer). Ponovo pokreni AdwCleaner Klikni na dugme [Uninstall] i pricekaj da se postupak uninstallacije zavrsi. ---- ---- ---- ---- ---- ---- ---- ---- ---- Proveri da li su tvoje aplikacije ažurirane, preko Secunia Online Scannera: Poseti ovaj sajt: Online Software Inspector (OSI) Klikni na dugme Start Scanner. Dozvoli pokretanje Jave i po potrebi pričekaj Status/Currently proces. Klikni na dugme Start da bi započeo analizu. Vreme skeniranja ne bi trebalo da traje duže od jedne minute. Kada se završi analiza, ispod sekcije Programs / Result: izlistaće se neažurirane aplikacije kao i download linkovi za preuzimanje ažurnih verzija. Preuzmi i instaliraj navedena ažuriranja/aplikacije. ---- ---- ---- ---- ---- ---- ---- ---- ---- Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja. Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u. Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Superantispyware mi detektovao virus PUP.MyWebsearch

Ko je trenutno na forumu

Ukupno su 931 korisnika na forumu :: 33 registrovanih, 5 sakrivenih i 893 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ajo baba, Areal84, arsa, banebeograd, Ben Roj, bokisha253, darkangel, Dorcolac, Dovla, DPera, dragan_mig31, ikan, jackreacher011011, janbo, Još malo pa deda, mercedesamg, Mi lao shu, Milija.00, milos97, mnn2, nebkv, Neutral-M, Parker, raptorsi, ruma, S2M, shlauf, stegonosa, suton, Tila Painen, UAV operator, Zoca, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by