Virus preko MSN-a??!! HELP

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zarazio sam se virusom preko MSNa... Tacnije od druga sam dobio neki link preko MSN-a i kliknuo, i automatski sam i ja postao zarazen. Evo hihackthis log file-a:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:48, on 20.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Di recnik\Di.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\ASUS Digital VCR\Schedule.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\VCSExpress.exe
C:\Documents and Settings\ACa\Desktop\ne ljuti se covece\ne ljuti se covece\bin\Debug\ne ljuti se covece.vshost.exe
C:\Documents and Settings\ACa\Desktop\New Folder\789456.exe
C:\WINDOWS\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Di dictionary] "C:\Program Files\Di recnik\Di.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUSDVCRAgent] C:\Program Files\ASUS\ASUS Digital VCR\Schedule.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?bbb5564814ae4b2494586b76a2d248de
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?bbb5564814ae4b2494586b76a2d248de
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8669 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

* Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-01-19.05 - ACa 2009-01-20 23:56:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.587 [GMT 1:00]
Running from: C:\Documents and Settings\ACa\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\trkwks.dll
.
---- Previous Run -------
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Cache\00769925
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images\007630D6.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0076979E.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\007745FF.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\007A437F.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00764D95
C:\Program Files\MyWebSearch\bar\Cache\00765323.bin
C:\Program Files\MyWebSearch\bar\Cache\00765620.bin
C:\Program Files\MyWebSearch\bar\Cache\00766BEB.bin
C:\Program Files\MyWebSearch\bar\Cache\007673DA.bin
C:\Program Files\MyWebSearch\bar\Cache\009712DD.bin
C:\Program Files\MyWebSearch\bar\Cache\00971704.bin
C:\Program Files\MyWebSearch\bar\Cache\0097C46A.bin
C:\Program Files\MyWebSearch\bar\Cache\0097C70A.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\trkwks.dll
I:\RECYCLER\RECYCLER.exe

----- File Replicators -----

C:\Documents and Settings\ACa\Desktop\knjigaCsh.01\000\000\bin\Debug\000.vshost.exe
C:\Documents and Settings\ACa\Desktop\knjigaCsh.01\000\000\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\Desktop\knjigaCsh.01\002\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\Desktop\knjigaCsh.01\003\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\Desktop\knjigaCsh.01\004\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\Desktop\knjigaCsh.02\008\WindowsFormsApplication1\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\Desktop\ne ljuti se covece\ne ljuti se covece\bin\Debug\ne ljuti se covece.vshost.exe
C:\Documents and Settings\ACa\Desktop\ne ljuti se covece\ne ljuti se covece\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\001\1\bin\Debug\1.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\001\1\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\002\2\bin\Debug\2.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\002\2\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\003\003\bin\Debug\003.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\003\003\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\004\004\bin\Debug\004.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\004\004\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\005\5\bin\Debug\005.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\005\5\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\006\006\bin\Debug\006.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\006\006\bin\Debug\WindowsFormsApplication1.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\007\Brojanje\bin\Debug\007.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\008\008\Zmaj\bin\Debug\008.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\008\008\Zmaj\bin\Debug\Zmaj.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\010\WindowsFormsApplication2\WindowsFormsApplication2\bin\Debug\WindowsFormsApplication2.vshost.exe
C:\Documents and Settings\ACa\My Documents\Visual Studio 2008\Projects\011\WindowsFormsApplication1\WindowsFormsApplication1\bin\Debug\011.vshost.exe
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vshost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-20 14:17 . 2009-01-20 14:20 <DIR> d-------- C:\Documents and Settings\ACa\Tracing
2009-01-20 03:38 . 2009-01-20 14:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2009-01-20 02:58 . 2009-01-20 02:58 <DIR> d-------- C:\Program Files\Windows Live Favorites
2009-01-20 02:57 . 2008-10-16 14:06 268,648 --a------ C:\WINDOWS\system32\mucltui.dll
2009-01-20 02:57 . 2008-10-16 14:06 208,744 --a------ C:\WINDOWS\system32\muweb.dll
2009-01-20 02:57 . 2008-10-16 14:06 27,496 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2009-01-20 02:56 . 2008-10-16 14:09 43,544 --a------ C:\WINDOWS\system32\wups2.dll
2009-01-20 02:56 . 2008-10-16 14:09 31,768 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2009-01-20 02:56 . 2008-10-16 14:07 23,576 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2009-01-20 02:56 . 2008-10-16 14:07 23,576 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2009-01-20 02:56 . 2008-10-16 14:07 18,456 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2009-01-20 00:19 . 2009-01-20 00:19 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\MSNInstaller
2009-01-19 16:17 . 2009-01-20 00:27 <DIR> d-------- C:\Program Files\Passware
2009-01-19 16:01 . 2009-01-20 14:16 <DIR> d-------- C:\Program Files\Windows Live
2009-01-19 15:55 . 2009-01-19 15:55 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2009-01-19 03:00 . 2009-01-19 03:00 36 --a------ C:\WINDOWS\usdthank.ini
2009-01-19 03:00 . 2009-01-19 03:00 31 --a------ C:\WINDOWS\idc.ini
2009-01-18 14:17 . 2009-01-18 14:18 <DIR> d-------- C:\GAMES
2009-01-18 12:13 . 2009-01-18 12:13 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2009-01-18 12:13 . 2009-01-18 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-01-18 12:13 . 2009-01-18 12:13 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2009-01-18 12:13 . 2009-01-18 12:13 12,464 --a------ C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2009-01-18 12:07 . 2009-01-18 12:18 <DIR> d-------- C:\Program Files\BoontyGames
2009-01-17 21:51 . 2009-01-17 21:51 <DIR> d-------- C:\Program Files\Idoru
2009-01-17 14:55 . 2009-01-17 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-01-17 14:39 . 2009-01-17 14:39 <DIR> d-------- C:\Program Files\Ubisoft
2009-01-17 14:38 . 2009-01-17 14:38 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\DAEMON Tools Pro
2009-01-17 14:38 . 2009-01-17 14:38 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\DAEMON Tools
2009-01-17 14:37 . 2009-01-17 14:37 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2009-01-17 14:37 . 2009-01-17 14:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2009-01-17 14:37 . 2009-01-17 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-01-17 14:34 . 2009-01-17 14:39 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\DAEMON Tools Lite
2009-01-15 15:36 . 2009-01-15 15:39 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2009-01-15 15:36 . 2009-01-20 14:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-15 15:36 . 2009-01-15 15:36 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\URSoft
2009-01-15 13:53 . 2009-01-15 13:53 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\2K Sports
2009-01-15 13:26 . 2009-01-15 13:41 <DIR> d-------- C:\Program Files\NBA 2K9
2009-01-13 16:12 . 2009-01-13 19:53 <DIR> d-------- C:\Program Files\ePSXe
2009-01-13 16:12 . 2009-01-13 18:58 1,382 --a------ C:\WINDOWS\kaillera.ini
2009-01-13 12:00 . 2009-01-13 18:51 <DIR> d-------- C:\PES 2009
2009-01-12 23:35 . 2009-01-12 23:35 19,789 --a------ C:\WINDOWS\system32\TuneUpDefragService_20090112-223551.dmp
2009-01-12 15:50 . 2009-01-12 15:50 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\TuneUp Software
2009-01-12 15:50 . 2009-01-12 15:50 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2009-01-12 15:50 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2009-01-12 15:49 . 2009-01-12 15:50 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2009-01-12 15:49 . 2009-01-12 15:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-12 15:49 . 2009-01-12 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-01-12 12:52 . 2009-01-20 18:20 <DIR> d-------- C:\Downloads
2009-01-12 12:38 . 2009-01-12 12:42 <DIR> d-------- C:\Program Files\Valve
2009-01-10 17:50 . 2006-03-10 15:33 96,352 --a------ C:\WINDOWS\system32\drivers\k310mdm.sys
2009-01-10 17:50 . 2006-03-10 15:33 60,800 --a------ C:\WINDOWS\system32\drivers\k310bus.sys
2009-01-10 17:50 . 2006-03-10 15:33 9,264 --a------ C:\WINDOWS\system32\drivers\k310mdfl.sys
2009-01-10 17:50 . 2006-03-10 15:33 6,208 --a------ C:\WINDOWS\system32\drivers\k310cmnt.sys
2009-01-10 17:50 . 2006-03-10 15:33 6,208 --a------ C:\WINDOWS\system32\drivers\k310cm.sys
2009-01-10 17:50 . 2006-03-10 15:33 5,840 --a------ C:\WINDOWS\system32\drivers\k310whnt.sys
2009-01-10 17:50 . 2006-03-10 15:33 5,840 --a------ C:\WINDOWS\system32\drivers\k310wh.sys
2009-01-09 21:23 . 2009-01-09 21:23 249,856 --------- C:\WINDOWS\Setup1.exe
2009-01-09 21:23 . 2009-01-09 21:23 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2009-01-09 20:25 . 2009-01-09 20:25 <DIR> d-------- C:\Program Files\Nice Prosper
2009-01-09 20:25 . 2009-01-09 20:25 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\Internet Saving Optimizer
2009-01-09 20:24 . 2009-01-09 20:24 <DIR> d-------- C:\Program Files\System Search Dispatcher
2009-01-09 20:24 . 2009-01-09 20:24 <DIR> d-------- C:\Program Files\Internet Saving Optimizer
2009-01-09 20:23 . 2009-01-09 20:23 <DIR> d-------- C:\Program Files\DoubleD
2009-01-09 18:47 . 2009-01-09 18:47 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\ESET
2009-01-09 18:44 . 2009-01-09 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2009-01-09 17:15 . 2009-01-09 17:15 <DIR> d---s---- C:\Documents and Settings\ACa\UserData
2009-01-08 16:16 . 2009-01-19 03:38 <DIR> d-------- C:\Program Files\Chromadrome 2
2009-01-06 15:31 . 2009-01-06 15:31 <DIR> d-------- C:\Documents and Settings\ACa\Application Data\Red Alert 3
2008-12-21 23:07 . 2008-12-21 23:07 <DIR> d-------- C:\Program Files\ASUS
2008-12-21 23:07 . 2008-12-21 23:07 <DIR> d-------- C:\Documents and Settings\ACa\WINDOWS
2008-12-21 22:06 . 2008-12-21 22:06 <DIR> d-------- C:\Documents and Settings\ACa\Contacts
2008-12-21 22:05 . 2008-12-21 22:05 <DIR> d-------- C:\Program Files\Real
2008-12-21 22:05 . 2008-12-21 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-12-21 22:04 . 2009-01-20 02:58 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-12-21 22:03 . 2009-01-20 14:36 <DIR> d-------- C:\Program Files\MSN Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 20:49 --------- d-----w C:\Documents and Settings\ACa\Application Data\Wildfire
2009-01-17 13:34 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2009-01-15 14:39 --------- d-----w C:\Program Files\VirtualDJ
2009-01-13 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-10 12:25 --------- d-----w C:\Documents and Settings\ACa\Application Data\BSplayer PRO
2009-01-10 12:20 --------- d-----w C:\Program Files\Eset
2009-01-09 16:23 --------- d-----w C:\Program Files\Opera
2009-01-07 21:49 --------- d-----w C:\Documents and Settings\ACa\Application Data\Datalayer
2008-12-19 16:51 --------- d-----w C:\Program Files\TechSmith
2008-12-19 16:51 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-12-19 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-11-30 14:14 --------- d-----w C:\Program Files\Santa Claus in Trouble
2008-11-25 18:59 --------- d-----w C:\Program Files\Di recnik
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00F5B5BA-E3C2-4b70-BF51-42A557914FAD}]
2008-12-22 12:12 835584 --a------ C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"ASUSDVCRAgent"="C:\Program Files\ASUS\ASUS Digital VCR\Schedule.exe" [2002-05-30 14:56 1043968]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-29 11:40 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2005-07-06 11:22 61440]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 11:36 229376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 00:41 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"Di dictionary"="C:\Program Files\Di recnik\Di.exe" [2007-03-16 20:45 518656]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 07:45 90112 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 00:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"C:\\PES 2009\\PureWrestling.Net.Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\system32\drivers\3xHybrid.sys [2008-09-20 15:42:49 799744]
R4 ekrn;Eset Service;C:\Program Files\Eset\ESET Smart Security\ekrn.exe [2007-12-21 08:21:16 468224]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\drivers\k310bus.sys [2009-01-10 17:50:05 60800]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\k310mdfl.sys [2009-01-10 17:50:05 9264]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\k310mdm.sys [2009-01-10 17:50:05 96352]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 12:54:14 97136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea014b76-872a-11dd-9391-001731b6bd80}]
\Shell\AutoRun\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]

2009-01-20 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-01-20 C:\WINDOWS\Tasks\PMCS_Wakeup633680171506250000.job
- C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [2005-07-06 21:48]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?bbb5564814ae4b2494586b76a2d248de
IE: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?bbb5564814ae4b2494586b76a2d248de
IE: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
IE: Translate with Di dictionary -
.