Lose mi radi sistem !

Lose mi radi sistem !

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 434
  • Gde živiš: EU

Napisano: 28 Jun 2012 14:06

Evo nalazim se kod brata pa sam mu sada iskenirao racunar,dosta mu lose radi sistem,koristi varlijes internet.
Ja sam ga detaljno rasklopio i ocistio od prasine tako da bi sto se te stavke tice trebao bolje ponasati e sada dali ima kakve infekcije vi cete pogledati Wink


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Dejan at 13:47:58 on 2012-06-28
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.285 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\OpenOffice.org 1.9.125\program\soffice.exe
C:\Program Files\OpenOffice.org 1.9.125\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=111434&tt=171011_prot~171011_prot&babsrc=HP_ss&mntrId=546e289900000000000000fd07a2dfd9
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - Ask Toolbar BHO
uRun: [Facebook Update] "c:\documents and settings\dejan\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\documents and settings\dejan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dejan\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 1.9.125\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{D97DB9A8-24DE-4604-964B-EE0E360AC6DD} : NameServer = 10.5.0.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dejan\application data\mozilla\firefox\profiles\f4tmaagw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=546e289900000000000000fd07a2dfd9&tlver=1.5.3.17&instlRef=sst&affID=111434&tt=171011_prot~171011_prot&q=
FF - component: c:\documents and settings\dejan\application data\mozilla\firefox\profiles\f4tmaagw.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - plugin: c:\documents and settings\dejan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dejan\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dejan\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\dejan\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=171011_prot~171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 546e289900000000000000fd07a2dfd9
FF - user.js: extensions.BabylonToolbar_i.hardId - 546e289900000000000000fd07a2dfd9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15434
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:40:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-5 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-5 66616]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S4 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [2008-9-8 72478]
.
=============== Created Last 30 ================
.
2012-06-20 19:55:25 -------- d-sha-r- C:\cmdcons
2012-06-20 19:52:22 98816 ----a-w- c:\windows\sed.exe
2012-06-20 19:52:22 518144 ----a-w- c:\windows\SWREG.exe
2012-06-20 19:52:22 256000 ----a-w- c:\windows\PEV.exe
2012-06-20 19:52:22 208896 ----a-w- c:\windows\MBR.exe
2012-06-20 16:43:20 -------- d-----w- c:\documents and settings\dejan\application data\SUPERAntiSpyware.com
2012-06-20 16:43:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-20 16:43:13 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-06-13 09:43:23 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 20:44:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
.
============= FINISH: 13:48:42,14 ===============




https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 28 Jun 2012 14:22

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Pozdrav, njuskalo75

Iz logova se vidi da si pokretao ComboFix

Exclamation ComboFix nije dijagnosticki alat kao ovi iz uputstva. To je jako mocan alat, koji nepravilnim rukovanjem, moze unistiti operativni sistem ili pak obrisati sve padatke sa hard diska. Pokrece se iskljucivo uz predlog, nadleznost i detaljno uputstvo helpera koji je expert u toj oblasti i zna sta radi.

Za ubuduce, ne pokreci ComboFix na svoju ruku!!!

Arrow Korak 1. Otidji u My Computer -> Local Disk C, i kopiraj ComboFix.txt u temu...


Arrow Korak 2.

Idi u Start -> Control Panel -> Add/Remove Programs i deinstaliraj sledece programe ukoliko ih ima:

Ask Toolbar
Babylon Toolbar
Facemoods

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 434
  • Gde živiš: EU

Evo sta je skenirao combo fih a ovo nista nisam nasao u kontrol panelu sto je napisano da deinstaliram



ComboFix 12-06-28.01 - Dejan 28.06.2012 15:55:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1023.363 [GMT 2:00]
Running from: c:\documents and settings\Dejan\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dejan\Application Data\facemoods.com
c:\windows\system32\SETD5.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 13:18 . 2012-06-28 13:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-06-28 13:10 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-28 13:02 . 2010-11-03 16:15 359016 ----a-w- c:\windows\vncutil.exe
2012-06-28 13:02 . 2012-05-10 15:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-06-28 13:02 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-06-28 13:02 . 2010-11-03 16:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-06-28 13:02 . 2012-05-11 12:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-06-28 13:02 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-06-28 13:02 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-06-28 12:46 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-06-28 12:31 . 2012-06-28 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-06-28 12:27 . 2012-06-28 12:27 -------- d-----w- c:\documents and settings\Dejan\Local Settings\Application Data\Yahoo
2012-06-28 12:27 . 2012-06-28 12:27 -------- d-----w- c:\program files\Yahoo!
2012-06-28 12:26 . 2011-12-16 15:21 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-06-28 12:26 . 2012-06-28 12:31 -------- d-----w- c:\documents and settings\Dejan\Application Data\IObit
2012-06-28 12:26 . 2010-11-26 16:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-06-28 12:25 . 2012-06-28 12:31 -------- d-----w- c:\program files\IObit
2012-06-28 12:13 . 2012-06-28 12:15 -------- d-----w- c:\program files\SpeedFan
2012-06-20 19:25 . 2012-06-20 19:25 -------- d-----w- c:\program files\Common Files\Skype
2012-06-20 16:43 . 2012-06-20 16:43 -------- d-----w- c:\documents and settings\Dejan\Application Data\SUPERAntiSpyware.com
2012-06-20 16:43 . 2012-06-20 16:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-20 16:43 . 2012-06-20 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-13 09:43 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 14:54 . 2008-09-08 17:48 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-06 12:00 . 2008-09-08 17:48 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-02 13:19 . 2009-08-07 05:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-07 05:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-08 17:37 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-08 17:37 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-08 17:37 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-07 05:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-08 17:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-08 17:37 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-07-18 20:10 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-03 22:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-07 05:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-08 17:37 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-08 17:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-03 22:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06 . 2008-09-08 17:48 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-05-16 15:08 . 2004-08-03 22:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-03 21:17 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-03 22:56 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-03 20:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-03 21:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-04 08:15 . 2008-09-08 17:48 1493608 ----a-w- c:\windows\RtlUpd.exe
2012-05-02 13:46 . 2008-09-08 17:35 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 20:44 . 2012-04-04 20:44 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-21 18:34 . 2011-07-01 06:57 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Dejan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-03-08 137536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 3905408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Dejan\Start Menu\Programs\Startup\
OpenOffice.org 1.9.125.lnk - c:\program files\OpenOffice.org 1.9.125\program\quickstart.exe [2005-8-19 61440]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-11-3 1339392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-06 06:12 136176 ----atw- c:\documents and settings\Dejan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"c:\\Documents and Settings\\Dejan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Dejan\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [28.6.2012 14:26 14776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [28.6.2012 14:31 913792]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5.9.2011 14:14 136360]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [28.6.2012 14:31 821592]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [28.6.2012 14:31 246816]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [28.6.2012 14:31 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [28.6.2012 14:31 16208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.6.2012 15:02 1691480]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S4 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [8.9.2008 20:22 72478]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FILEMONITOR
*NewlyCreated* - REGFILTER
*NewlyCreated* - URLFILTER
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 03:57]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-152049171-725345543-1003Core.job
- c:\documents and settings\Dejan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-08 18:02]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-152049171-725345543-1003UA.job
- c:\documents and settings\Dejan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-08 18:02]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 03:44]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 03:44]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-725345543-1003Core.job
- c:\documents and settings\Dejan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-06 06:12]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-725345543-1003UA.job
- c:\documents and settings\Dejan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-06 06:12]
.
2012-06-28 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2012-06-28 12:26]
.
2012-06-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a1681fba-9fde-476d-97ec-25b43dee6337.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-06-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d4e9701d-653f-4748-a917-73e721195a2c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{D97DB9A8-24DE-4604-964B-EE0E360AC6DD}: NameServer = 10.5.0.100
FF - ProfilePath - c:\documents and settings\Dejan\Application Data\Mozilla\Firefox\Profiles\f4tmaagw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=546e289900000000000000fd07a2dfd9&tlver=1.5.3.17&instlRef=sst&affID=111434&tt=171011_prot~171011_prot&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434&tt=171011_prot~171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 546e289900000000000000fd07a2dfd9
FF - user.js: extensions.BabylonToolbar_i.hardId - 546e289900000000000000fd07a2dfd9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15434
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
MSConfigStartUp-CursorXP - c:\program files\CursorXP\CursorXP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 16:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="85B0DBD52E6B64184BFE0DF222880A066E37CF8AF3B4CC44F83FD2570D6BAE023C03CBD42777C779FED35230F024CBE907D7FD55F37053A7E9956B80D5E284B735FD7DE65FD7FC06E112F56D607995999595DFECD4AEF26ABACF498CE5ACE5BE64E248A2368F989604A7D6B27B8314AEE723776BED010E88170C324404178892F2D7D9A17D4447CAAA62268942E28608009A1BEA0DA397C2DECBC2766995B8733DE8B3817DC2C604D0766B01A95C434B96F7F68B73709B1D26726A70C33BD269D282A86370786D68FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B9808A6A0AC4980AC7933442C377DAE177CEC8C336FA417D72B937572FE58F374DEF3B24763DCC70B5B615A3AA995BC8A80B207913630B49137F24FF25FDBA3D0B39B899651083E1183E3DD094E45F1B0F1232D7E2DA3B8C8353946B53AAB3052EE12E8695C6885E301B318D20D7735F5A758C5BD213696456FA23EA8E2F2B8B8725872F879368ADC68B00B3CA018606C0D36CD7C3227B4F1C633D0A07E6051E62FAEFCE074B1307863FD68499A9641CB9D60F647D637EEDC2DAF4BD407A60365311F94A26CA0C9D72F0499E15D69996C6E402410D52D923AA9A3B05FCAFA47DF92F1F5A252C7A1401DF0B8D5A1879FCCA303EEAFCD5265E0595C3540E91A12A6833994A76F75F21A12B115D572EEFD8EF99AA25E2E731BC96AEBC25CDB42C32DC8C51760DCF67073077DB3F63020D1F7BDBAC1BBBB62E0959F2877F869B4378B3BAF575A0AA1BEFA0ACACAB28D1FAE73D1DDFE4911765587D02CA3C2313A367D4652640D394CF508BC5546E513F3980D2BBFC4ED98070B056956CD48251B8164EA4D014E82522491531EC4D21E2D8A77D6632EF394730A1AE8482FFD0A284E413C82235C4E94CAB518E91C9EDA5A738AF00D8B8A199BCCF46166B5BA7933C23EE31AF457DCF5DC35673FD153501034BCAD45E1428FE7C169FB5E8139E112FB271E7E56C1C1DD4573B2EAA1DC5567232F5059E992B33FCBED729B6A1A05208A6A395FD88662B860FB807E7C8D94FC89A1B5DB10571810C31D94D0F760F83D719D1C2FC2F07AF47FF967CC841B8EF0A5FACB9F74CB9FCCF236C5F4E773A6C8A8F7BD260FB1988767BE976D111E97E72B4493C0EC95846B1A9B7CC12C1E4DAD9D542A3F6CDC9E6751BE513D2F94570B3F2D2498803851E36AD4C5356B90FC53AEB402B83DEA44106993E85C1D5F49077A06294CEBA0E9358B8CBE91FC5D1C2930BB799698391482D179C82FCEC4BC0C6C45DDBE211C016018911CDCF0FD65A26AB1599F4806ECC01FD1ED5EEBEDD54F96841798C2DBA06BA05625E185CA65361A02FCDE4A7701535BA26954CF678C09EF023AC8"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-06-28 16:04:02
ComboFix-quarantined-files.txt 2012-06-28 14:04
.
Pre-Run: 15.343.812.608 bytes free
Post-Run: 15.505.563.648 bytes free
.
- - End Of File - - 96A3BA3F7856C2995A5C2A246EA5A539




https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Ponovo pokreni DDS, dobices dva izvestaja, DDS.txt i Attach.txt koji ce biti sacuvani na radnoj povrsini...

Dostavi mi Attach.txt

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 434
  • Gde živiš: EU

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Arrow Korak 1:


Idi u Start -> Control Panel -> Add/Remove Programs i deinstaliraj sledece programe:

Adobe Flash Player 10 ActiveX - zastarela verzija, preuzmi novu sa http://get.adobe.com/flashplayer/
Adobe Flash Player 10 Plugin - zastarela verzija, preuzmi novu sa http://get.adobe.com/flashplayer/
Adobe Reader 7.0.5 - zastarela verzija, preuzmi novu sa http://get.adobe.com/reader/
Advanced SystemCare 5 - verovatno uzrok usporavanja racunara
IObit Malware Fighter - nepouzdan program
Java(TM) 6 Update 26 - zastarela verzija, preuzmi novu sa http://java.com/en/download/index.jsp



Arrow Korak 2:


Arrow Preuzmi program OTL sa donjeg linka na Desktop:

OTL download
Klikni na dati link i u prozoru koji se otvori, klikni na dugme Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati datoteku, odaberi Desktop i klikni na dugme Save.

Dvoklikom pokreni OTL;

klikni na dugme Run Scan;

po završetku skeniranja, izveštaj će se otvoriti u programu Notepad (napomena: izveštaj će automatski biti sačuvan na Desktopu kao OTL.Txt) .


Priloži izveštaj OTL.Txt uz poruku korišćenjem opcije Prikači fajl.

TwinHeadedEagle (AMF Tim)

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 434
  • Gde živiš: EU

OTL logfile created on: 28.6.2012 17:58:30 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Dejan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

1023,29 Mb Total Physical Memory | 519,36 Mb Available Physical Memory | 50,75% Memory free
2,41 Gb Paging File | 1,74 Gb Available in Paging File | 72,49% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 15,03 Gb Free Space | 51,29% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 73,53 Gb Free Space | 61,41% Space Free | Partition Type: NTFS

Computer Name: DEJAN-2BDC08C64 | User Name: Dejan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.28 17:56:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dejan\My Documents\Downloads\OTL.exe
PRC - [2012.06.07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012.05.28 15:56:36 | 000,288,128 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012.05.26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012.05.09 16:28:52 | 004,464,472 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012.01.04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011.09.05 14:57:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.04.21 19:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 19:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 19:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.04.24 22:14:34 | 001,339,392 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2008.04.14 17:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.19 02:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2005.08.19 16:31:28 | 000,565,248 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 1.9.125\program\soffice.bin
PRC - [2005.08.19 16:31:26 | 000,434,176 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 1.9.125\program\soffice.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012.06.07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012.05.24 10:45:42 | 000,138,112 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2012.05.03 15:40:50 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012.05.03 15:40:50 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll
MOD - [2012.04.28 13:17:38 | 001,217,880 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2011.08.19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011.07.21 04:40:24 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.06.23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2011.05.29 07:24:30 | 000,073,600 | ---- | M] () -- C:\WINDOWS\system32\ezGOSvc.dll
MOD - [2011.04.21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011.04.21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011.04.21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2010.11.26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
MOD - [2008.03.19 02:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
MOD - [2008.03.19 02:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
MOD - [2008.01.09 00:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll
MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2006.07.13 02:36:36 | 001,167,360 | ---- | M] () -- C:\Program Files\RALINK\Common\acAuth.dll
MOD - [2005.10.07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005.05.17 12:05:52 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 1.9.125\program\libxml2.dll
MOD - [2004.09.22 07:35:12 | 000,069,632 | ---- | M] () -- C:\Program Files\FarStone\VirtualDrive\VDExt900.dll
MOD - [2004.09.05 08:28:46 | 000,053,248 | ---- | M] () -- C:\Program Files\FarStone\VirtualDrive\BurnInterFace.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011.09.05 14:57:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.05.29 07:24:30 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011.04.21 19:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys -- (RegFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Dejan\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Unknown (-1) | Unknown (-1) | Unknown] -- -- (IMFservice)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dejan\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\av5flt.sys -- (AvFlt)
DRV - [2012.06.19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.09.05 14:57:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.09.05 14:57:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010.11.26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010.06.18 03:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.18 03:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.03.25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.07.29 04:10:18 | 000,483,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2007.06.06 16:52:00 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.12.21 12:31:31 | 001,036,928 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2006.12.21 12:31:31 | 000,702,592 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006.12.21 12:31:31 | 000,219,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005.08.29 04:55:08 | 000,030,221 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2004.09.22 11:46:26 | 000,037,409 | ---- | M] (FarStone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV - [2004.09.08 05:37:56 | 000,072,478 | ---- | M] (FarStone Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (FVDSCSI)
DRV - [2003.08.07 00:46:12 | 000,010,899 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{E6DBDE98-5221-4F8B-B5C9-67758BF78BF3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=546e289900000000000000fd07a2dfd9&tlver=1.5.3.17&instlRef=sst&affID=111434&tt=171011_prot~171011_prot&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Dejan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dejan\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dejan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 20:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.28 14:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.12.26 08:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dejan\Application Data\Mozilla\Extensions
[2012.06.05 14:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dejan\Application Data\Mozilla\Firefox\Profiles\f4tmaagw.default\extensions
[2012.04.04 21:36:22 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Dejan\Application Data\Mozilla\Firefox\Profiles\f4tmaagw.default\extensions\ffxtlbr@babylon.com
[2010.12.31 10:09:02 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Dejan\Application Data\Mozilla\Firefox\Profiles\f4tmaagw.default\extensions\ffxtlbr@Facemoods.com
[2011.12.29 21:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.09.05 16:27:59 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.12.26 07:00:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.03.21 20:34:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 16:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012.04.04 22:40:05 | 000,002,366 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.16 17:45:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.03.10 17:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.16 17:45:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Dejan\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Dejan\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Dejan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - Extension: Click to call with Skype = C:\Documents and Settings\Dejan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2012.06.28 16:00:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Dejan\Start Menu\Programs\Startup\OpenOffice.org 1.9.125.lnk = C:\Program Files\OpenOffice.org 1.9.125\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Dejan\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fce.....vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D97DB9A8-24DE-4604-964B-EE0E360AC6DD}: NameServer = 10.5.0.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dejan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dejan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.08 19:39:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.28 17:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012.06.28 17:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012.06.28 16:04:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.06.28 15:53:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.06.28 15:53:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.06.28 15:53:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.06.28 15:53:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.06.28 15:02:43 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012.06.28 15:02:42 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012.06.28 15:02:42 | 000,065,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2012.06.28 15:02:42 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2012.06.28 15:02:34 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2012.06.28 15:02:32 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012.06.28 14:46:13 | 000,021,376 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2012.06.28 14:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012.06.28 14:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\My Documents\My Widgets
[2012.06.28 14:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Local Settings\Application Data\Yahoo
[2012.06.28 14:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Widgets
[2012.06.28 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012.06.28 14:26:11 | 000,029,016 | ---- | C] (IObit) -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2012.06.28 14:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\IObit
[2012.06.28 14:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2012.06.28 14:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012.06.28 14:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Start Menu\Programs\SpeedFan
[2012.06.28 14:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012.06.28 14:11:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dejan\Recent
[2012.06.28 13:39:59 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.06.20 21:55:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.06.20 21:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.06.20 21:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012.06.20 18:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\Application Data\SUPERAntiSpyware.com
[2012.06.20 18:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012.06.20 18:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012.06.20 18:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.13 11:43:23 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.06.01 14:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\My Documents\SKOLSKI DANI
[2012.06.01 14:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dejan\My Documents\PRICE D-D
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.28 18:01:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.28 17:14:01 | 000,001,020 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-725345543-1003UA.job
[2012.06.28 17:07:41 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012.06.28 17:07:08 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-152049171-725345543-1003UA.job
[2012.06.28 17:06:05 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.28 17:06:04 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012.06.28 17:06:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.28 17:05:56 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 16:00:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.06.28 15:34:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.06.28 15:28:45 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.06.28 15:28:43 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.06.28 15:28:43 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.06.28 14:49:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.28 14:31:29 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\Advanced SystemCare 5.lnk
[2012.06.28 14:28:03 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\Dejan\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2012.06.28 14:26:05 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2012.06.28 14:13:14 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\SpeedFan.lnk
[2012.06.28 14:13:12 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012.06.28 10:43:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d4e9701d-653f-4748-a917-73e721195a2c.job
[2012.06.28 08:07:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-152049171-725345543-1003Core.job
[2012.06.28 07:05:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.27 15:57:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.06.27 11:14:00 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-152049171-725345543-1003Core.job
[2012.06.27 02:00:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a1681fba-9fde-476d-97ec-25b43dee6337.job
[2012.06.22 07:04:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.06.20 21:55:29 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2012.06.20 18:43:17 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012.06.19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2012.06.14 06:59:08 | 000,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 01:23:53 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012.06.13 22:05:46 | 000,055,573 | ---- | M] () -- C:\Documents and Settings\Dejan\Desktop\DRAGANA.jpg
[2012.06.02 15:47:38 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.02 15:47:38 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012.06.02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012.05.31 15:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.28 17:00:58 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012.06.28 15:53:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.06.28 15:53:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.06.28 15:53:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.06.28 15:53:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.06.28 15:53:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.06.28 15:10:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012.06.28 15:02:35 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.06.28 14:48:27 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012.06.28 14:48:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.06.28 14:31:29 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\Advanced SystemCare 5.lnk
[2012.06.28 14:28:03 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\Dejan\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2012.06.28 14:26:48 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012.06.28 14:26:09 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012.06.28 14:26:05 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Dejan\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2012.06.28 14:13:14 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Dejan\Desktop\SpeedFan.lnk
[2012.06.28 14:13:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012.06.20 21:55:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.06.20 21:25:37 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.06.20 18:43:22 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d4e9701d-653f-4748-a917-73e721195a2c.job
[2012.06.20 18:43:21 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a1681fba-9fde-476d-97ec-25b43dee6337.job
[2012.06.20 18:43:17 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012.04.22 07:55:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2012.04.22 07:25:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.19 14:13:01 | 000,073,600 | ---- | C] () -- C:\WINDOWS\System32\ezGOSvc.dll
[2010.12.19 01:33:19 | 000,015,596 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.11.06 06:13:38 | 000,001,978 | ---- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini
[2010.11.06 06:05:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.11.03 10:44:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2661.bin
[2010.11.03 10:44:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561s.bin
[2010.11.03 10:44:05 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\rt2561.bin
[2008.09.10 18:15:03 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\Dejan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.08 20:51:32 | 000,016,680 | ---- | C] () -- C:\Documents and Settings\Dejan\UpdateLog.GDZ

< End of report >




https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Arrow Korak 1

Ponovo pokreni program OTL dvoklikom na ikonu.

U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:

:OTL
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=546e289900000000000000fd07a2dfd9&tlver=1.5.3.17&instlRef=sst&affID=111434&tt=171011_prot~171011_prot&q="
[2012.04.04 21:36:22 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Dejan\Application Data\Mozilla\Firefox\Profiles\f4tmaagw.default\extensions\ffxtlbr@babylon.com
[2010.12.31 10:09:02 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Dejan\Application Data\Mozilla\Firefox\Profiles\f4tmaagw.default\extensions\ffxtlbr@Facemoods.com
[2012.04.04 22:40:05 | 000,002,366 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.03.10 17:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found. 

:COMMANDS
[EMPTYTEMP]



Klikni taster Run Fix;

Izvještaj koji dobiješ iskopiraj ovde u poruci.



Arrow Korak 2

Ponovo pokreni OTL, klikni na Run Scan i postavi novi OTL izvještaj.

Ko je trenutno na forumu
 

Ukupno su 863 korisnika na forumu :: 44 registrovanih, 4 sakrivenih i 815 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., deepinthenight, djonsule, DM1994, dolinalima, Dorcolac2, dragoljub11987, Filip Marinković, flash12, goxin, hak1, ILGromovnik, ivance95, kasalovic1996, Kubovac, ladro, LUDI2, madza2, mandicdamir245, Marko Marković, MikeHammer, Milan A. Nikolic, milekNS, miodrag3, Overkill, Panter, Parker, pavlo2, pein, Predrag Macura, RADOVAN.S, rikirubio, rovac, Sirius, slonic_tonic, sombrero, SsssssNOVI, topalovicdj, vathra, VJ, Vlada78, voja64, Warhawk, zoidbergs