Lazni antivirus virus

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Djete se igralo nekih igrica na netu pa je prilikom klikanja kliknuo na nesto sto nije trebalo i eto, problem. Avira je od tada automatski iskljucena i ne moze da se aktivira. Nisam sigurna sta je sve radjeno (nije moj kompjuter) ali koliko shvatam, otklonjena je zastita sa ciljem da se ponovo instalira, medjutim sistem to ne dozvoljava. Ne znam tacno ni kakav se prozor pojavljuje prilikom upozorenja ali se 'nudi' neka zastita koja izgleda sumljivo i prozor ne moze da se zatvori.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:04 AM, on 5/2/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&.....p;M=T-1628
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&.....p;M=T-1628
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&.....p;M=T-1628
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&.....p;M=T-1628
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [xaqebvys] C:\Users\bato\AppData\Local\kfnotsppf\sovcngmtssd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 8317 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.

Nisi ispratila uputstvo za otvaranje teme u Ambulanti :

-> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html


Zamolio bih te da postupis po uputstvu, okacis potrebne log-ove, kako bi mogli sto efikasnije da pomognemo.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by bato at 14:04:00.70 on Sun 05/02/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2429.1899 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bato\Downloads\pr6432.exe
C:\Users\bato\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [xaqebvys] c:\users\bato\appdata\local\kfnotsppf\sovcngmtssd.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\users\bato\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\bato\appdata\roaming\mozilla\firefox\profiles\6en45dpj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-26 30192]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2010-05-02 16:44:01 0 d-----w- c:\program files\Trend Micro
2010-04-14 21:13:16 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 21:13:16 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 21:13:16 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 21:13:11 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 21:13:10 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 21:13:08 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 21:13:00 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 21:13:00 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 21:12:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 21:12:55 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 21:12:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 14:29:40 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 14:29:31 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-04-29 14:46:59 97420 ----a-w- c:\windows\fonts\leelawdb.ttf
2010-03-13 19:01:58 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-03-13 19:01:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-13 19:01:57 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-13 19:01:56 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-01-15 02:11:00 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-15 01:11:30 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-15 01:10:18 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 14:06:54.67 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

hvala i izvoli. nadam se da je sada sve tu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sada je sve tu.


Idemo dalje:

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-05-04.01 - bato 05/04/2010 17:23:17.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2429.1913 [GMT -5:00]
Running from: c:\users\bato\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1819276629-3356792198-2940103775-500
c:\users\bato\AppData\Local\kfnotsppf
c:\users\bato\AppData\Local\kfnotsppf\sovcngmtssd.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 22:20 . 2010-05-04 22:21 -------- d-----w- C:\32788R22FWJFW
2010-05-03 13:30 . 2010-05-03 13:30 2504 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC13B.tmp.exe
2010-05-03 01:14 . 2010-05-03 01:14 680 ----a-w- c:\users\bato\AppData\Local\d3d9caps.dat
2010-05-02 19:33 . 2010-05-02 19:33 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-02 16:44 . 2010-05-02 16:44 -------- d-----w- c:\program files\Trend Micro
2010-05-02 02:08 . 2010-05-02 02:08 2504 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9F69.tmp.exe
2010-04-14 21:13 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 21:13 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 21:13 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 21:13 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 21:13 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 21:13 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 21:12 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 21:12 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 21:12 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 14:29 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 14:29 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 22:14 . 2008-10-13 00:07 -------- d-----w- c:\users\bato\AppData\Roaming\Skype
2010-05-04 17:45 . 2008-10-13 00:08 -------- d-----w- c:\users\bato\AppData\Roaming\skypePM
2010-05-02 15:12 . 2010-01-16 19:37 1925088 ----a-w- c:\users\bato\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-04-17 17:58 . 2008-10-13 01:52 -------- d-----w- c:\program files\Windows Live
2010-04-15 13:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-15 12:57 . 2008-02-27 02:16 -------- d-----w- c:\programdata\Microsoft Help
2010-03-13 19:02 . 2010-03-13 19:00 -------- d-----w- c:\users\bato\AppData\Roaming\Logitech
2010-03-13 19:02 . 2010-03-13 19:02 -------- d-----w- c:\users\bato\AppData\Roaming\Leadertech
2010-03-13 19:02 . 2010-03-13 19:02 53248 ----a-r- c:\users\bato\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-03-13 19:02 . 2010-03-13 19:00 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-03-13 19:02 . 2010-03-13 19:00 -------- d-----w- c:\programdata\Logishrd
2010-03-13 19:01 . 2010-03-13 19:01 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-03-13 19:00 . 2010-03-13 19:00 -------- d-----w- c:\program files\Logitech
2010-03-13 19:00 . 2010-03-13 19:00 -------- d-----w- c:\users\bato\AppData\Roaming\Logishrd
2010-02-25 16:04 . 2008-10-12 23:55 70744 ----a-w- c:\users\bato\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-03 12:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 22:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 22:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 22:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 22:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 14:36 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 14:36 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 14:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-10 21:45 . 2008-12-12 23:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-30 638976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-10 30192]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\bato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-2-26 2342912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,c1,eb,b9,85,95,ca,01

R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-10 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2008-10-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\bato\AppData\Roaming\Mozilla\Firefox\Profiles\6en45dpj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-xaqebvys - c:\users\bato\AppData\Local\kfnotsppf\sovcngmtssd.exe
HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 17:30
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-05-04 17:32:04
ComboFix-quarantined-files.txt 2010-05-04 22:32

Pre-Run: 175,235,928,064 bytes free
Post-Run: 175,135,383,552 bytes free

- - End Of File - - 20B6EE9A32FF556BDFF2EDA6600568AE

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-05-05.04 - bato 05/05/2010 19:23:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2429.1553 [GMT -5:00]
Running from: c:\users\bato\Downloads\ComboFix.exe
Command switches used :: c:\users\bato\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-03 13:30 . 2010-05-03 13:30 2504 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC13B.tmp.exe
2010-05-03 01:14 . 2010-05-03 01:14 680 ----a-w- c:\users\bato\AppData\Local\d3d9caps.dat
2010-05-02 19:33 . 2010-05-02 19:33 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-02 16:44 . 2010-05-02 16:44 -------- d-----w- c:\program files\Trend Micro
2010-05-02 02:08 . 2010-05-02 02:08 2504 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9F69.tmp.exe
2010-04-14 21:13 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 21:13 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 21:13 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 21:13 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 21:13 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 21:13 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 21:12 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 21:12 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 21:12 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 14:29 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 14:29 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 00:10 . 2008-10-13 00:07 -------- d-----w- c:\users\bato\AppData\Roaming\Skype
2010-05-05 21:07 . 2008-10-13 00:08 -------- d-----w- c:\users\bato\AppData\Roaming\skypePM
2010-05-04 22:48 . 2010-05-04 22:48 -------- d-----w- c:\users\bato\AppData\Roaming\Avira
2010-02-25 16:04 . 2008-10-12 23:55 70744 ----a-w- c:\users\bato\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-03 12:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 22:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 22:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 22:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 22:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 14:36 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 14:36 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 14:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-16 19:24 . 2010-01-15 02:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-10 21:45 . 2008-12-12 23:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-30 638976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-10 30192]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\bato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-2-26 2342912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,c1,eb,b9,85,95,ca,01

R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-10 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2008-10-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1628
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\bato\AppData\Roaming\Mozilla\Firefox\Profiles\6en45dpj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319576&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 19:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-05-05 21:16:03
ComboFix-quarantined-files.txt 2010-05-06 02:15
ComboFix2.txt 2010-05-04 22:32

Pre-Run: 176,091,107,328 bytes free
Post-Run: 176,096,530,432 bytes free

- - End Of File - - 1CC3C6C6B436CA120B27721CA62FDEF9

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje racunara?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

stanje se popravilo odmah nakon combofix-a. oni sumljivi prozori su prestali da iskacu, cak smo opet skinuli i isntalirali aviru, sada i ona radi kako treba. koliko mi mozemo da primjetimo, sve se vratilo na normalu.

ako je to To, zelim da se zahvalim na pomoci i da prenesem blagoslove (zelje za dug i zdrav zivot) od vlasnika kompjutera.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Drago mi je da smo uspeli i hvala na lepim zeljama.

Ostao je jos jedan korak koji trebas uraditi, a to je:

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.