Cudan problem - nema pristupa gmail-u, facebook-u, upload kontrolisan...

1

Cudan problem - nema pristupa gmail-u, facebook-u, upload kontrolisan...

offline
  • Pridružio: 05 Maj 2012
  • Poruke: 14

Pozdrav svima!
Vec nekoliko dana me muci cudan problem sa internetom.
Tacnije, izludjuje me GUZ - Glavom U Zid
Prikacen sam na internet preko access pointa (koji radi u client modu) i rutera (oba uredjaja su TP Link).
Sve je radilo uredno do pre neki dan. Prvo nisam mogao da se ulogujem na yahoo mail, zatim na facebook, zatim gmail, pa nisam mogao da otvorim Isohunt...
Primetio sam da mogu da napravim bar jedan korak/klik na tim sajtovima ako prethodno ocistim cash/cookies.
Zatim je postalo nemoguce da se bilo sta na tim sajtovima otvori, pogleda... Klikovi jednostavno ne rade.
Ovo se desava uvek, bez obzira na browser (mozilla, explorer, g-chrome, Opera...).
Onda sam primetio da uopste ne mogu sa saljem mejlove (outlook). Mogu da ih primam.
Takodje, u yahoo messenger-u ne mogu da posaljem nijedan fajl (samo do 1kb velicine).
Probao sam da pingujem google, yahoo, gmail... Ping je ok. Ali trace route ne radi uopste.
Zakljucio sam da je svaki kontinuirani saobracaj od mene ka internetu sveden na kratke klikove (kao npr slanje fajla od 1kb) ali bilo sta sto traje - ne prolazi.
Vrlo indikativno je da uopste vise ne mogu da izmerim upload speed na speedtest-u.
Ping je oko 40-50, download 2MB (to je moja ugovorena brzina protoka), Upload speed - nula.
Evo sta sam radio:
Resetovao sam (preko reset tastera) i access point i ruter.
Procesljao sam i ocistio PC antivirusom (ESET NOD V4). Imam instaliran Malwarebytes Anti-Malware, i nekoliko puta sam skenirao. Ne nalazi nista.
Koristio sam i Kasperski TDSS killer, Combo Fix, ESET Online Scanner, Mini Tool Box, Farbar Service Scanner, AVP Tool, aswMBR, OTL, Stinger...
Sve sto su mi preporucili sa malwarebytes foruma sam probao, ali nista nije dalo rezultat - problem je jos uvek ovde.
Iskljucivao sam antivirus, anti-malware, windows firewall... Nista ne pomaze.
Radio sam repair moje mrezne konekcije, probao winsock fix...
Prikljucivao sam komsijin laptop na isti kabl do rutera - internet radi bez problema.
Nema problema sa slanjem, otvaranem stranica na netu, merenjem brzine upload-a....

Znaci, samo moj kompjuter ima problem.

Da li iko ima ideju sta moze da sprecava saobracaj koji traje - emailove, bilo kakav upload, a pusta da prodju pingovi?
Takodje, izgleda da ista stvar ne dozvoljava da se ulogujem i koristim drustvene mreze (gmail, facebook...)

Unapred se zahvaljujem na pomoci!

Grunf

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Potrebno je da ispratiš uputstvo koje se nalazi na sledečem linku:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 05 Maj 2012
  • Poruke: 14

Napisano: 05 Maj 2012 17:34

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.4.1
Run by User at 14:29:53 on 2012-05-05
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.2047.1105 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\User\Desktop\gmer.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {C11483F7-D7D8-4804-98D8-6055470BB989} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SkinClock] c:\program files\free desktop clock\DesktopClock.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\_unins~1.lnk - c:\documents and settings\user\local settings\temp\_uninst_17055065.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://pcpitstop.com/antivirus/PitPav.cab
TCP: DhcpNameServer = 82.117.194.2 82.117.194.3
TCP: Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A} : DhcpNameServer = 82.117.194.2 82.117.194.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 17055065;17055065;c:\windows\system32\drivers\17055065.sys [2012-5-4 133208]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-18 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-7-2 18816]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-27 652872]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2007-10-7 2208]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-10-6 454815]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-27 20464]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca146cd430540;Óńëóăŕ Google Update (gupdate1ca146cd430540);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\user\locals~1\temp\alsysio.sys --> c:\docume~1\user\locals~1\temp\ALSysIO.sys [?]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\AmdTools.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-5-14 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\yfh31bf.tmp --> c:\docume~1\user\locals~1\temp\YFH31BF.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-5-19 100480]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1151.tmp --> c:\windows\system32\1151.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-7-28 18432]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zlportio;zlportio;\??\d:\igrice\ultrastar deluxe\zlportio.sys --> d:\igrice\ultrastar deluxe\zlportio.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2012-05-05 01:41:45 -------- d-----w- C:\registry save
2012-05-05 01:41:06 -------- d-----w- C:\ERDNT
2012-05-04 04:29:06 133208 ----a-w- c:\windows\system32\drivers\17055065.sys
2012-05-04 03:15:04 -------- d-----w- c:\documents and settings\user\application data\wsInspector
2012-05-04 02:39:29 -------- d-----w- C:\345ty764uy87
2012-05-03 14:46:11 159608 ----a-w- c:\windows\system32\mfevtps.exe.9a8b.deleteme
2012-05-03 14:34:39 159608 ----a-w- c:\windows\system32\mfevtps.exe.0435.deleteme
2012-05-03 14:25:39 14664 ----a-w- c:\windows\stinger.sys
2012-05-03 14:25:21 159608 ----a-w- c:\windows\system32\mfevtps.exe.d936.deleteme
2012-05-03 11:29:06 1409 ----a-w- c:\windows\QTFont.for
2012-04-30 16:59:50 -------- d-----w- c:\program files\Startup Inspector for Windows
2012-04-30 02:35:11 -------- d-----w- C:\sh4ldr
2012-04-30 02:34:41 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-29 22:59:58 -------- d-----w- c:\program files\RegistryNuke 2012
2012-04-29 22:58:28 65404930 ----a-w- C:\registry april2012.reg
2012-04-29 19:56:15 -------- d-----w- c:\program files\stinger
2012-04-27 01:45:06 -------- d-----w- C:\gmer
2012-04-26 22:54:02 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2012-04-26 22:41:53 -------- d-----w- c:\program files\Oracle
2012-04-26 22:40:42 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-26 22:40:42 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-26 22:40:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-26 22:38:31 -------- d-----w- c:\documents and settings\user\jdk1.7.0_04_combo
2012-04-25 20:55:48 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-25 19:53:47 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-25 17:54:56 -------- d-----w- c:\documents and settings\user\application data\QuickScan
2012-04-25 04:53:24 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-25 02:47:15 -------- d-----w- c:\documents and settings\user\application data\OxyCube
2012-04-25 02:46:35 -------- d-----w- c:\program files\Oxygen Software
2012-04-24 18:21:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 18:21:01 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-24 18:21:01 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-22 19:43:23 98816 ----a-w- c:\windows\sed.exe
2012-04-22 19:43:23 518144 ----a-w- c:\windows\SWREG.exe
2012-04-22 19:43:23 256000 ----a-w- c:\windows\PEV.exe
2012-04-22 19:43:23 208896 ----a-w- c:\windows\MBR.exe
2012-04-17 06:08:40 -------- d-----w- c:\program files\Trend Micro
2012-04-17 04:47:39 -------- d-----w- c:\program files\HostsMan
2012-04-17 04:47:39 -------- d-----w- c:\documents and settings\user\application data\abelhadigital.com
2012-04-17 04:47:39 -------- d-----w- c:\documents and settings\all users\application data\abelhadigital.com
2012-04-16 19:10:23 -------- d-sha-r- C:\cmdcons
2012-04-15 16:30:23 -------- d-----w- c:\program files\Perfect Uninstaller
2012-04-14 16:35:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 20:39:15 -------- d-----w- c:\program files\Freemake
.
==================== Find3M ====================
.
2011-03-23 14:05:20 92281056 --sh--w- c:\windows\setupa.exe
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll


2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 14:31:27,68 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 05 Maj 2012 17:35

Izvinjavam se sto sam okacio logove u sledecem postu.
Pozdrav svima!

Dopuna: 05 Maj 2012 18:37

[quote="ivance95"]Potrebno je da ispratiš uputstvo koje se nalazi na sledečem linku:
mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html[/quote Smile

nadam se da je sada ok Smile

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U toku riješavanja slučaja, zamolio bih te da se pridržavaš sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mjestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 48h, osvježi temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.

Za više informacija o pravilima Ambulante MyCity foruma: LINK


Question

Postavi link ka temi koju si otvorio na Malwarebytes forumu u kojoj ti je rečeno da koristiš alate koje si naveo u prvoj poruci.



Arrow Korak 1

Idi na Start -> Control Panel -> Add or Remove Programs i deinstaliraj sljedeće programe:

ESET Online Scanner v3
HijackThis 2.0.2
Sophos Anti-Rootkit 1.5.4




Arrow Korak 2

Preuzmi KAVremover sa sljedećeg linka:

Kaspersky Labs

Unesi kod prikazan na slici.

Odaberi AVP Tool driver.

Klikni na Remove.

Sačekaj da završi i restartuj računar ukoliko to program zatraži.




Arrow Korak 3

Preuzmi McAfee Remover sa sljedećeg linka:

McAfee

Pokreni ga i prati upustva na ekranu.

Restartuj računar ukoliko ti to zatraži.




Arrow Korak 4

Preuzmi TrendMicro Diagnostic Toolkit sa sljedećeg linka:

TrendMicro

Pokreni ga i idi u jezičak [E] Unninstall.

Klikni na Uninstall software i kad ti otvori novi prozor klikni na Uninstall

Sačekaj da završi i dozvoli mu restart sistema kad ti to zatraži.




Arrow Korak 5

Preuzmi BitDefender Uninstall Tool sa sljedećeg linka:

BitDefender

Pokreni ga i klikni na Uninstall

Sačekaj da završi i restartuj sistem ukolik oti to zatraži.




Arrow Korak 6

Otvori Notepad i kopiraj u polje za unos sljedeći tekst:

sc stop Lbd >> Log.txt
sc delete Lbd >> Log.txt
del /F "c:\windows\system32\drivers\Lbd.sys" >> Log.txt
echo Finished >> Log.txt
notepad Log.txt


Snimi fajl kao Lavasoft.bat na Desktop. (obrati pažnju na ekstenziju .bat)

Pokreni Lavasoft.bat

Kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u.




Arrow Korak 7

Prikači uz poruku sljedeće fajlove:

C:\ComboFix.txt

i sve izvještaje u root-u C: čija imena počinju sa tdsskiller


Nakon toga postavi mi svjež DDS izvještaj.


Question

Da li koristiš piratsku ili legalnu verziju ESET NOD32 AV programa?

offline
  • Pridružio: 05 Maj 2012
  • Poruke: 14

Napisano: 06 Maj 2012 5:55

Prvo, veliko HVALA za pomoc!

Uradio sam sve po uputstvu.

Evo lavasoft log-a:

[SC] ControlService FAILED 1062:

The service has not been started.


[SC] DeleteService SUCCESS
Finished

Dopuna: 06 Maj 2012 5:56

dss:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.4.1
Run by User at 5:27:20 on 2012-05-06
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.2047.1109 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {C11483F7-D7D8-4804-98D8-6055470BB989} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SkinClock] c:\program files\free desktop clock\DesktopClock.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://pcpitstop.com/antivirus/PitPav.cab
TCP: DhcpNameServer = 82.117.194.2 82.117.194.3
TCP: Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A} : DhcpNameServer = 82.117.194.2 82.117.194.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 17055065;17055065;c:\windows\system32\drivers\17055065.sys [2012-5-4 133208]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-18 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-27 652872]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2007-10-7 2208]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-10-6 454815]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-27 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca146cd430540;Óńëóăŕ Google Update (gupdate1ca146cd430540);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\user\locals~1\temp\alsysio.sys --> c:\docume~1\user\locals~1\temp\ALSysIO.sys [?]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\AmdTools.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-5-14 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\yfh31bf.tmp --> c:\docume~1\user\locals~1\temp\YFH31BF.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-5-19 100480]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1151.tmp --> c:\windows\system32\1151.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-7-28 18432]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zlportio;zlportio;\??\d:\igrice\ultrastar deluxe\zlportio.sys --> d:\igrice\ultrastar deluxe\zlportio.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2012-05-05 01:41:45 -------- d-----w- C:\registry save
2012-05-05 01:41:06 -------- d-----w- C:\ERDNT
2012-05-04 04:29:06 133208 ----a-w- c:\windows\system32\drivers\17055065.sys
2012-05-04 03:15:04 -------- d-----w- c:\documents and settings\user\application data\wsInspector
2012-05-04 02:39:29 -------- d-----w- C:\345ty764uy87
2012-05-03 14:46:11 159608 ----a-w- c:\windows\system32\mfevtps.exe.9a8b.deleteme
2012-05-03 14:34:39 159608 ----a-w- c:\windows\system32\mfevtps.exe.0435.deleteme
2012-05-03 14:25:39 14664 ----a-w- c:\windows\stinger.sys
2012-05-03 14:25:21 159608 ----a-w- c:\windows\system32\mfevtps.exe.d936.deleteme
2012-05-03 11:29:06 1409 ----a-w- c:\windows\QTFont.for
2012-04-30 16:59:50 -------- d-----w- c:\program files\Startup Inspector for Windows
2012-04-30 02:35:11 -------- d-----w- C:\sh4ldr
2012-04-30 02:34:41 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-29 22:59:58 -------- d-----w- c:\program files\RegistryNuke 2012
2012-04-29 22:58:28 65404930 ----a-w- C:\registry april2012.reg
2012-04-29 19:56:15 -------- d-----w- c:\program files\stinger
2012-04-27 01:45:06 -------- d-----w- C:\gmer
2012-04-26 22:54:02 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2012-04-26 22:41:53 -------- d-----w- c:\program files\Oracle
2012-04-26 22:40:42 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-26 22:40:42 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-26 22:40:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-26 22:38:31 -------- d-----w- c:\documents and settings\user\jdk1.7.0_04_combo
2012-04-25 20:55:48 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-25 19:53:47 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-25 17:54:56 -------- d-----w- c:\documents and settings\user\application data\QuickScan
2012-04-25 04:53:24 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-25 02:47:15 -------- d-----w- c:\documents and settings\user\application data\OxyCube
2012-04-25 02:46:35 -------- d-----w- c:\program files\Oxygen Software
2012-04-24 18:21:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 18:21:01 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-24 18:21:01 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-22 19:43:23 98816 ----a-w- c:\windows\sed.exe
2012-04-22 19:43:23 518144 ----a-w- c:\windows\SWREG.exe
2012-04-22 19:43:23 256000 ----a-w- c:\windows\PEV.exe
2012-04-22 19:43:23 208896 ----a-w- c:\windows\MBR.exe
2012-04-17 06:08:40 -------- d-----w- c:\program files\Trend Micro
2012-04-17 04:47:39 -------- d-----w- c:\program files\HostsMan
2012-04-17 04:47:39 -------- d-----w- c:\documents and settings\user\application data\abelhadigital.com
2012-04-17 04:47:39 -------- d-----w- c:\documents and settings\all users\application data\abelhadigital.com
2012-04-16 19:10:23 -------- d-sha-r- C:\cmdcons
2012-04-15 16:30:23 -------- d-----w- c:\program files\Perfect Uninstaller
2012-04-14 16:35:35 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2011-03-23 14:05:20 92281056 --sh--w- c:\windows\setupa.exe
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 5:28:28,76 ===============

Dopuna: 06 Maj 2012 6:00

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 06 Maj 2012 6:04

U vezi nod-a - to je ESET Smart Security V4.2.71.2.
Sad, da li je legalna verzija... Ne bih rekao.
Ako treba, uklonicu to i instalirati neki od besplatnih antivirus paketa, po tvojoj preporuci.

Jos jednom, unapred hvala Smile

Dopuna: 06 Maj 2012 6:51

p.s. Nadam se da greskom u email-u nisam kliknuo na "Ako vise ne zelite da pratite ovu temu...". Naravno da zelim da pratim temu Smile

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Moraćemo sad da očistimo ostatke silnih AV programa koje si imao instalirane, a koje nisu bili očišćeni u prethodnom koraku. ESET SS za sad ostavi na sistemu.

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno , ne pokretati program nego uraditi sledece:

Otvoriti Notepad i iskopirati sledeći tekst:

Driver::
17055065

File::
c:\windows\system32\drivers\17055065.sys
c:\windows\system32\mfevtps.exe.9a8b.deleteme
c:\windows\system32\mfevtps.exe.0435.deleteme
c:\windows\stinger.sys
c:\windows\system32\mfevtps.exe.d936.deleteme
c:\windows\system32\drivers\tmcomm.sys
c:\windows\system32\drivers\TrufosAlt.sys

Folder::
c:\program files\stinger
C:\sh4ldr
c:\program files\Trend Micro


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.



Question

Da li je problem koji imaš prisutan i u Internet Explorer-u?

offline
  • Pridružio: 05 Maj 2012
  • Poruke: 14

ComboFix 12-05-06.03 - User 06.05.2012 20:02:16.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.2047.1050 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\123456789.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\stinger.sys"
"c:\windows\system32\drivers\17055065.sys"
"c:\windows\system32\drivers\tmcomm.sys"
"c:\windows\system32\drivers\TrufosAlt.sys"
"c:\windows\system32\mfevtps.exe.0435.deleteme"
"c:\windows\system32\mfevtps.exe.9a8b.deleteme"
"c:\windows\system32\mfevtps.exe.d936.deleteme"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\stinger
c:\program files\stinger\mferkda.dll
c:\program files\Trend Micro
c:\program files\Trend Micro\HijackThis\Hijack.txt
c:\program files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\Trend Micro\HijackThis\hijackthis.log
C:\sh4ldr
c:\sh4ldr\shldr.mbr
c:\windows\stinger.sys
c:\windows\system32\drivers\17055065.sys
c:\windows\system32\drivers\tmcomm.sys
c:\windows\system32\drivers\TrufosAlt.sys
c:\windows\system32\mfevtps.exe.0435.deleteme
c:\windows\system32\mfevtps.exe.9a8b.deleteme
c:\windows\system32\mfevtps.exe.d936.deleteme
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_17055065
-------\Service_17055065
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-05 01:41 . 2012-05-05 01:41 -------- d-----w- C:\registry save
2012-05-05 01:41 . 2012-05-05 01:41 -------- d-----w- C:\ERDNT
2012-05-04 03:15 . 2012-05-04 03:15 -------- d-----w- c:\documents and settings\User\Application Data\wsInspector
2012-05-04 02:39 . 2012-05-04 03:01 -------- d-----w- C:\345ty764uy87
2012-05-03 11:29 . 2012-05-03 11:29 1409 ----a-w- c:\windows\QTFont.for
2012-04-30 16:59 . 2012-04-30 17:01 -------- d-----w- c:\program files\Startup Inspector for Windows
2012-04-30 02:34 . 2012-04-30 10:02 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-29 22:59 . 2012-04-29 23:17 -------- d-----w- c:\program files\RegistryNuke 2012
2012-04-29 22:58 . 2012-04-29 22:58 65404930 ----a-w- C:\registry april2012.reg
2012-04-27 01:45 . 2012-04-27 01:45 -------- d-----w- C:\gmer
2012-04-26 22:54 . 2012-04-26 22:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sun
2012-04-26 22:41 . 2012-04-26 22:42 -------- d-----w- c:\program files\Oracle
2012-04-26 22:41 . 2012-04-26 22:41 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
2012-04-26 22:40 . 2012-04-26 22:40 -------- d-----w- c:\program files\Common Files\Java
2012-04-26 22:40 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-26 22:40 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-26 22:40 . 2012-04-04 16:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-26 22:38 . 2012-04-26 22:44 -------- d-----w- c:\documents and settings\User\jdk1.7.0_04_combo
2012-04-25 20:55 . 2012-04-25 20:56 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-25 17:54 . 2012-04-25 18:01 -------- d-----w- c:\documents and settings\User\Application Data\QuickScan
2012-04-25 02:47 . 2012-04-25 02:47 -------- d-----w- c:\documents and settings\User\Application Data\OxyCube
2012-04-25 02:46 . 2012-04-25 02:46 -------- d-----w- c:\program files\Oxygen Software
2012-04-24 18:21 . 2012-04-24 18:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-17 04:47 . 2012-04-17 04:47 -------- d-----w- c:\program files\HostsMan
2012-04-17 04:47 . 2012-04-17 04:47 -------- d-----w- c:\documents and settings\User\Application Data\abelhadigital.com
2012-04-17 04:47 . 2012-04-17 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\abelhadigital.com
2012-04-15 16:30 . 2012-04-30 19:01 -------- d-----w- c:\program files\Perfect Uninstaller
2012-04-14 16:35 . 2012-04-14 16:35 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 18:21 . 2012-04-17 04:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-23 14:05 92281056 --sh--w- c:\windows\setupa.exe
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-22_19.57.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-06 18:18 . 2012-05-06 18:18 16384 c:\windows\Temp\Perflib_Perfdata_51c.dat
+ 2001-05-21 23:00 . 2001-05-21 23:00 22016 c:\windows\system32\borlndmm.dll
+ 2012-04-30 10:01 . 2012-04-30 10:01 27499 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCall.dll
+ 2004-07-10 16:55 . 2004-07-10 16:55 252416 c:\windows\system32\wsiShared.dll
- 2004-08-04 12:00 . 2012-04-22 16:48 596024 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-05-06 17:53 596024 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2012-04-22 16:48 125020 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-05-06 17:53 125020 c:\windows\system32\perfc009.dat
+ 2012-04-26 22:40 . 2012-04-04 16:47 227720 c:\windows\system32\javaws.exe
+ 2012-04-26 22:40 . 2012-04-26 22:40 174024 c:\windows\system32\javaw.exe
+ 2012-04-26 22:40 . 2012-04-26 22:40 174024 c:\windows\system32\java.exe
+ 2012-04-26 22:42 . 2012-04-26 22:42 457216 c:\windows\Installer\2f01888.msi
+ 2012-04-26 22:42 . 2012-04-26 22:42 440832 c:\windows\Installer\2f01884.msi
+ 2012-04-26 22:40 . 2012-04-26 22:40 176128 c:\windows\Installer\2f01880.msi
+ 2012-04-26 22:40 . 2012-04-26 22:40 863232 c:\windows\Installer\2f01877.msi
+ 2012-04-26 22:39 . 2012-04-26 22:39 438784 c:\windows\Installer\2f01873.msi
+ 2012-04-04 10:39 . 2012-04-04 10:39 710304 c:\windows\Downloaded Program Files\qsax.dll
+ 2012-04-30 02:34 . 2012-04-30 02:34 180482 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.exe
+ 2012-04-30 10:01 . 2012-04-30 10:01 180482 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.dll
+ 2012-04-30 10:01 . 2012-04-30 10:01 175992 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla20.dll
+ 2012-04-30 10:01 . 2012-04-30 10:01 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla2.dll
+ 2012-04-30 10:01 . 2012-04-30 10:01 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla19.dll
+ 2012-04-30 10:01 . 2012-04-30 10:01 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.exe
+ 2012-04-30 10:01 . 2012-04-30 10:01 176545 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla17.dll
+ 2012-04-30 10:01 . 2012-04-30 10:01 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla.dll
+ 2007-01-15 02:32 . 2012-03-29 01:02 55154568 c:\windows\system32\MRT.exe
- 2007-01-15 02:32 . 2012-04-13 04:18 55154568 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2010-11-21 1113600]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="c:\program files\Steam\Steam.exe" [2011-11-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-01 273544]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 12:18 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk
backup=c:\windows\pss\The Matrix_ Path of Neo Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^_uninst_17055065.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\_uninst_17055065.lnk
backup=c:\windows\pss\_uninst_17055065.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
2006-03-29 15:12 364544 ----a-w- c:\program files\TP-LINK\TWCU\TWCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\IGRICE\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ECR Tool\\ECRSrvAPI.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\IGRICE\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\IGRICE\\Midway Home Entertainment\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"d:\\IGRICE\\Valve\\hltv.exe"=
"d:\\IGRICE\\Valve\\hlds.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\IGRICE\\Warcraft III\\Warcraft III.exe"=
"d:\\IGRICE\\Warcraft III\\War3.exe"=
"d:\\IGRICE\\Farkle\\farkle.exe"=
"d:\\IGRICE\\EA GAMES\\MOHAA\\MOHAA.exe"=
"d:\\IGRICE\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"d:\\IGRICE\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"h:\\IGRICE\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"h:\\IGRICE\\Encore\\Hoyle Card Games 2009\\Hoyle Card Games.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"h:\\IGRICE\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"h:\\IGRICE\\League of Legends\\Air\\LolClient.exe"=
"h:\\IGRICE\\League of Legends\\Game\\League of Legends.exe"=
"h:\\IGRICE\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"h:\\IGRICE\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"h:\\IGRICE\\NeutronGames\\HC Trainingscamp\\HCTrainingscamp.exe"=
"h:\\IGRICE\\NeutronGames\\HC Trainingscamp\\updater\\Updater.exe"=
"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"h:\\IGRICE\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2011\\JSL-2011.exe"=
"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\program files\Security Task Manager\TaskMan.exe"= c:\program files\Security Task Manager\TaskMan.exe:192.168.111.200/255.255.255.255:Enabled:Security Task Manager
"h:\\IGRICE\\Yu Gi Oh PoC Joey the Passion\\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\\joey_pc.exe"=
"c:\\Documents and Settings\\User\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"h:\\IGRICE\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12799:TCP"= 12799:TCP:BitTorrent port
"57220:TCP"= 57220:TCP:Pando Media Booster
"57220:UDP"= 57220:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2007 17:21 685816]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18.2.2011 16:12 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 74480]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24.7.2007 9:45 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11.7.2007 10:20 201848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27.4.2011 0:52 652872]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [7.10.2007 5:23 2208]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [6.10.2007 2:09 454815]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.4.2011 0:52 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [9.6.2009 0:13 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1ca146cd430540;Óńëóăŕ Google Update (gupdate1ca146cd430540);c:\program files\Google\Update\GoogleUpdate.exe [3.8.2009 20:56 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys [?]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [14.5.2007 23:40 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp --> c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.8.2009 20:56 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [19.5.2011 19:57 100480]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1151.tmp --> c:\windows\system32\1151.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.4.2012 20:21 129976]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [28.7.2011 16:08 18432]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\DRIVERS\vsc.sys --> c:\windows\system32\DRIVERS\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 zlportio;zlportio;\??\d:\igrice\UltraStar Deluxe\zlportio.sys --> d:\igrice\UltraStar Deluxe\zlportio.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-28 00:50]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 18:55]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 18:55]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 21:18]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 21:18]
.
2012-02-24 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-02-18 00:39]
.
2012-05-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 82.117.194.2 82.117.194.3
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-05-06 20:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1151.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1604)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3852)
c:\program files\CyberLink\PowerDVD\deskband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\imapi.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\real\realplayer\RealPlay.exe
.
**************************************************************************
.
Completion time: 2012-05-06 20:28:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-06 18:28
ComboFix2.txt 2012-05-04 03:01
ComboFix3.txt 2012-04-22 20:02
.
Pre-Run: 1.845.174.272 bytes free
Post-Run: 2.366.386.176 bytes free
.
- - End Of File - - B6C8802B75DD0BC443C26DF9D5E474B5

Problem se javlja u svim browser-ima, u IE takodje.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Sad idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj ESET Smart Security.



Arrow Korak 2

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow Korak 3

Preuzmi Service Pack 3 za Windows XP sa sljedećeg linka:

Service Pack 3

Pokreni instalacioni fajl i prati upustva na ekranu.



Arrow Korak 4

Instaliraj neki AV program. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd.
Nemoj koristiti piratske verzije AV programa!!!



Arrow

Postavi mi svjež DDS izvještaj.

offline
  • Pridružio: 05 Maj 2012
  • Poruke: 14

Svezi DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.4.1
Run by User at 5:43:51 on 2012-05-07
Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.2047.1192 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {C11483F7-D7D8-4804-98D8-6055470BB989} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SkinClock] c:\program files\free desktop clock\DesktopClock.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://pcpitstop.com/antivirus/PitPav.cab
TCP: DhcpNameServer = 82.117.194.2 82.117.194.3
TCP: Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A} : DhcpNameServer = 82.117.194.2 82.117.194.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-7 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-18 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-7 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-7 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-27 652872]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2007-10-7 2208]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-10-6 454815]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-27 20464]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-7 612184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca146cd430540;Услуга Google Update (gupdate1ca146cd430540);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\user\locals~1\temp\alsysio.sys --> c:\docume~1\user\locals~1\temp\ALSysIO.sys [?]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\AmdTools.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-5-14 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\yfh31bf.tmp --> c:\docume~1\user\locals~1\temp\YFH31BF.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-5-19 100480]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1151.tmp --> c:\windows\system32\1151.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-7-28 18432]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zlportio;zlportio;\??\d:\igrice\ultrastar deluxe\zlportio.sys --> d:\igrice\ultrastar deluxe\zlportio.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2012-05-07 03:28:08 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-07 03:27:38 41184 ----a-w- c:\windows\avastSS.scr
2012-05-07 03:27:10 -------- d-----w- c:\program files\AVAST Software
2012-05-07 03:27:10 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-05-07 01:54:45 -------- d-----w- c:\windows\LastGood.Tmp
2012-05-07 01:50:59 9728 ------w- c:\windows\system32\ativdaxx.ax
2012-05-07 01:48:47 294912 ------w- c:\program files\windows media player\dlimport.exe
2012-05-07 01:47:25 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2012-05-07 01:46:22 19569 ----a-w- c:\windows\003205_.tmp
2012-05-05 01:41:45 -------- d-----w- C:\registry save
2012-05-05 01:41:06 -------- d-----w- C:\ERDNT
2012-05-04 03:15:04 -------- d-----w- c:\documents and settings\user\application data\wsInspector
2012-05-04 02:39:29 -------- d-----w- C:\345ty764uy87
2012-05-03 11:29:06 1409 ----a-w- c:\windows\QTFont.for
2012-04-30 16:59:50 -------- d-----w- c:\program files\Startup Inspector for Windows
2012-04-30 02:34:41 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-29 22:59:58 -------- d-----w- c:\program files\RegistryNuke 2012
2012-04-29 22:58:28 65404930 ----a-w- C:\registry april2012.reg
2012-04-27 01:45:06 -------- d-----w- C:\gmer
2012-04-26 22:54:02 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2012-04-26 22:41:53 -------- d-----w- c:\program files\Oracle
2012-04-26 22:40:42 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-26 22:40:42 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-26 22:40:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-26 22:38:31 -------- d-----w- c:\documents and settings\user\jdk1.7.0_04_combo
2012-04-25 20:55:48 102400 ----a-w- c:\windows\RegBootClean.exe
2012-04-25 17:54:56 -------- d-----w- c:\documents and settings\user\application data\QuickScan
2012-04-25 02:47:15 -------- d-----w- c:\documents and settings\user\application data\OxyCube
2012-04-25 02:46:35 -------- d-----w- c:\program files\Oxygen Software
2012-04-24 18:21:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 18:21:01 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-24 18:21:01 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-17 04:47:39 -------- d-----w- c:\program files\HostsMan
2012-04-17 04:47:39 -------- d-----w- c:\documents and settings\user\application data\abelhadigital.com
2012-04-17 04:47:39 -------- d-----w- c:\documents and settings\all users\application data\abelhadigital.com
2012-04-16 19:10:23 -------- d-sha-r- C:\cmdcons
2012-04-15 16:30:23 -------- d-----w- c:\program files\Perfect Uninstaller
2012-04-14 16:35:35 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2011-03-23 14:05:20 92281056 --sh--w- c:\windows\setupa.exe
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 5:46:54,48 ===============


Uradio sam sve po uputstvu.
Instalacija SP3 je trajala duuugo, ali se isplatilo Smile.
Imamo veliki napredak Smile
Proverio sam - mogu da saljem mejlove, upload speed postoji (i sasvim je ok).
Probao sam, mogu da otvorim Facebook.
Instalirao sam Avast. Nadam se da je to ok izbor...

Treba li jos nesto da uradim u vezi ciscenja ili bezbednosti racunara?
Sta je bio uzrok ovog problema?
I da ne zaboravim..
HVALA!!!

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Idea

Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html

Facebook stranica MCShield-a: http://www.facebook.com/MCShield



Exclamation

Obavezno posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



To bi bilo to. Smile

Ko je trenutno na forumu
 

Ukupno su 761 korisnika na forumu :: 27 registrovanih, 3 sakrivenih i 731 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AC-DC, Apok, aramis s, djboj, dragon986, goxin, helen1, HrcAk47, ivan1973, kovinacc, MarKhan, Marko Marković, mercedesamg, Mercury, nemkea71, ruseskij, saputnik plavetnila, Smd, stegonosa, Toni, vasa.93, Vlad000, Vlada1389, vlahale, vlvl, zixo