Malware, nema Interneta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Problem! Zapatio sam pre dva dana neku gadnu gamad, izmedju ostalog ne mogu da uspostavim konekciju na Internet iz Windowsa (pa cu ovu prepisku raditi iz Live Slaxa), odnosno mrezna kartica ne uspeva da definiase IP adresu i Subnet Mask, obe su 0.0.0.0. Takodje, pri bootovanju Windowsa, iskace prozor sa porukom "Svchost.exe - Application Error The instruction at 0x7d4caa9b referenced memory at 0x00000010 The memory could not read. Click OK to terminate program.
Pokuasao sam da ocistim Windows MalwareBytes Antimalware-om, i podigao sam Live Kaspersky CD i preskenirao hard disk, medjutim, nema poboljanjanja.
Podaci o OS-u i Internet konekciji: Windows XP Pro sa SP3, Avira Antivirus, ADSL konekcija.


DDS (Ver_10-11-27.01) - NTFSx86
Run by sloba at 21:19:12.67 on 29-Nov-10
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.193 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sloba\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoUpdateCheck = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\di recnik\diie.htm
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: Translate with Di dictionary -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\
FF - plugin: c:\documents and settings\sloba\application data\mozilla\firefox\profiles\qnokw9o4.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sloba\application data\mozilla\firefox\profiles\qnokw9o4.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\sloba\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: Link Alert: linkalert.conlan@addons.mozilla.com - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\linkalert.conlan@addons.mozilla.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
FF - Extension: Basic Bookmarks for FF3: {1e2fd05e-2ce6-11dd-bd1b-efbb55d89593} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{1e2fd05e-2ce6-11dd-bd1b-efbb55d89593}
FF - Extension: Custom Buttons: custombuttons@xsms.org - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\custombuttons@xsms.org
FF - Extension: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
FF - Extension: EHTip: ehtip@robertkatic - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\ehtip@robertkatic
FF - Extension: Personal Menu: CompactMenuCE@Merci.chao - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\CompactMenuCE@Merci.chao
FF - Extension: Yahoo! Mail Notifier: {89f8dde0-010a-11da-8cd6-0800200c9a66} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
FF - Extension: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Extension: ToolbarButtons: {03B08592-E5B4-45ff-A0BE-C1D975458688} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: BlackX: {239c61a8-e55f-11db-8314-0800200c9a66} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
FF - Extension: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Extension: Old Bookmarks Sidebar: old_bookmarks_sidebar@francev_nikolay - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\old_bookmarks_sidebar@francev_nikolay
FF - Extension: CheckPlaces: checkplaces@andyhalford.com - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\checkplaces@andyhalford.com
FF - Extension: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Wappalyzer: wappalyzer@crunchlabz.com - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\wappalyzer@crunchlabz.com
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: IE Tab Plus: ietab@ip.cn - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\ietab@ip.cn
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: HideTab: {B347DFB4-AC21-11DD-9016-B77D55D89593} - c:\docume~1\sloba\applic~1\mozilla\firefox\profiles\qnokw9o4.default\extensions\{B347DFB4-AC21-11DD-9016-B77D55D89593}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2002-1-1 11608]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-4-17 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-4-17 41680]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2002-1-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2002-1-1 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2002-1-1 61960]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\gfi\gfibac~1\GFIHInst.exe [2010-5-19 590632]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2010-5-19 2261800]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-8-14 54960]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-3 27632]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 25088]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-3-25 110608]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\usb temp\hwinfo32\hwinfo32.sys --> c:\usb temp\hwinfo32\HWiNFO32.SYS [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 block_reader;MPR DRV;\??\c:\program files\pstart\multi password recovery\block_reader.sys --> c:\program files\pstart\multi password recovery\block_reader.sys [?]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2002-1-1 30336]
S3 LKSOGX;LKSOGX;c:\docume~1\admini~1\locals~1\temp\LKSOGX.exe [2010-11-29 519040]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-4-17 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-4-17 11104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-3-25 99728]

=============== Created Last 30 ================

2010-11-29 15:15:56 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2010-11-28 22:50:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-28 22:50:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-28 22:50:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 00:24:41 -------- dc-h--w- c:\windows\ie8
2010-11-21 12:32:08 -------- d-----w- c:\documents and settings\sloba\temp
2010-11-20 01:28:00 -------- d-----w- C:\Windows Updates
2010-11-15 23:39:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-15 00:49:41 -------- d-----w- c:\docume~1\sloba\applic~1\doublecmd
2010-11-15 00:49:21 -------- d-----w- c:\program files\Double Commander
2010-11-13 22:47:03 -------- d-----w- c:\windows\Lhsp
2010-11-13 22:46:47 685056 ----a-w- c:\windows\system32\rtl60.bpl
2010-11-13 22:46:47 148992 ----a-w- c:\windows\system32\adortl60.bpl
2010-11-13 22:46:46 1497088 ----a-w- c:\windows\system32\cc3260mt.dll
2010-11-13 22:46:46 1412608 ----a-w- c:\windows\system32\cc3260.dll
2010-11-13 22:46:46 1326080 ----a-w- c:\windows\system32\vcl60.bpl
2010-11-13 22:46:45 22016 ----a-w- c:\windows\system32\Borlndmm.dll
2010-11-13 22:46:42 -------- d-----w- c:\program files\Di recnik
2010-11-10 22:52:50 -------- d-----w- C:\Englesko-srpski recnici_files
2010-11-09 22:30:34 -------- d-----w- c:\docume~1\sloba\applic~1\NeoSoftTools
2010-11-09 22:30:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\NeoSoftTools
2010-11-09 19:29:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Soluto
2010-11-07 21:21:17 -------- d-----w- c:\windows\system32\wbem\Logs

==================== Find3M ====================

2010-09-14 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2008-05-17 21:33:10 786952 ----a-w- c:\program files\PStart.exe

============= FINISH: 21:19:52.73 ===============


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

E, da, tokom prvog skeniranja Gmerom, dolo je do BSOD, sa porukom o pgtdpow.sys kao mogucoj greski.

Hvala unapred!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preciznije... MBAM je detektovao sta... Kaspersky je detektovao sta?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne znam, nisam cuvao logove, mislio sam da ce MB i Kaspersky resiti problem... Znam da je Kaspersky pronasao neke sumnjive fajlove u System Volume Information, pa sam izbrisao ceo sadrzaj tog foldera iz Kasperky Live diska.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovako: na Windowsu nemam pristup Intenetu pa Combofix nije mogao da instalira REcovery Console i da preuzme noviju verziju programa. Medjutim, odradio je do kraja proces skeniranja, uz jedan restart i evo loga:

ComboFix 10-11-29.02 - sloba 29-Nov-10 23:28:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.203 [GMT 1:00]
Running from: c:\documents and settings\sloba\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sloba\Application Data\Winamp
c:\documents and settings\sloba\Application Data\Winamp\auth.ini
c:\documents and settings\sloba\Application Data\Winamp\demo.mp3
c:\documents and settings\sloba\Application Data\Winamp\links.xml
c:\documents and settings\sloba\Application Data\Winamp\Plugins\gen_ml.ini
c:\documents and settings\sloba\Application Data\Winamp\Plugins\gen_mud.ini
c:\documents and settings\sloba\Application Data\Winamp\Plugins\milk2.ini
c:\documents and settings\sloba\Application Data\Winamp\Plugins\milk2_img.ini
c:\documents and settings\sloba\Application Data\Winamp\Plugins\milk2_msg.ini
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\cdrom.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\default.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\feeds.xml
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\main.dat
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\main.idx
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\metB9B.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\metFBC9.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\metFBF8.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\metFC17.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\metFC36.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\metFC65.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\metFC75.vmd
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\ml_online.ini
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\omServices\omService_{0000010100}.ini
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\playlists.xml
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\recent.dat
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\recent.idx
c:\documents and settings\sloba\Application Data\Winamp\Plugins\ml\rss.xml
c:\documents and settings\sloba\Application Data\Winamp\Plugins\omBrowser\omBrowser.ini
c:\documents and settings\sloba\Application Data\Winamp\studio.xnf
c:\documents and settings\sloba\Application Data\Winamp\winamp.ini
c:\documents and settings\sloba\Application Data\Winamp\Winamp.m3u
c:\documents and settings\sloba\Application Data\Winamp\Winamp.m3u8
c:\documents and settings\sloba\Application Data\Winamp\Winamp.q1
c:\windows\system32\Dll.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\XSxS

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.

2010-11-29 20:42 . 2010-11-29 20:42 -------- d-----w- C:\RootRepeal
2010-11-29 15:15 . 2010-11-29 20:53 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2010-11-28 23:47 . 2010-11-29 00:50 -------- d-----w- c:\documents and settings\Administrator
2010-11-28 22:50 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-28 22:50 . 2010-11-28 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-28 22:50 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 00:24 . 2010-11-22 00:26 -------- dc-h--w- c:\windows\ie8
2010-11-21 12:32 . 2010-11-21 12:32 -------- d-----w- c:\documents and settings\sloba\temp
2010-11-20 18:15 . 2010-11-20 18:15 -------- d-----w- c:\documents and settings\sloba\Application Data\Download Manager
2010-11-20 01:28 . 2010-11-20 01:28 -------- d-----w- C:\Windows Updates
2010-11-15 23:39 . 2010-11-15 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-15 00:49 . 2010-11-15 00:53 -------- d-----w- c:\documents and settings\sloba\Application Data\doublecmd
2010-11-15 00:49 . 2010-11-27 00:28 -------- d-----w- c:\program files\Double Commander
2010-11-13 22:47 . 2010-11-13 22:47 -------- d-----w- c:\windows\Lhsp
2010-11-13 22:46 . 2003-01-30 07:04 685056 ----a-w- c:\windows\system32\rtl60.bpl
2010-11-13 22:46 . 2002-02-01 16:00 148992 ----a-w- c:\windows\system32\adortl60.bpl
2010-11-13 22:46 . 2003-01-30 04:04 1412608 ----a-w- c:\windows\system32\cc3260.dll
2010-11-13 22:46 . 2002-02-01 18:00 1497088 ----a-w- c:\windows\system32\cc3260mt.dll
2010-11-13 22:46 . 2002-02-01 17:00 1326080 ----a-w- c:\windows\system32\vcl60.bpl
2010-11-13 22:46 . 2002-02-01 17:00 22016 ----a-w- c:\windows\system32\Borlndmm.dll
2010-11-13 22:46 . 2010-11-13 23:24 -------- d-----w- c:\program files\Di recnik
2010-11-10 22:52 . 2010-11-22 01:17 -------- d-----w- C:\Englesko-srpski recnici_files
2010-11-09 22:30 . 2010-11-09 22:30 -------- d-----w- c:\documents and settings\sloba\Application Data\NeoSoftTools
2010-11-09 22:30 . 2010-11-09 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoSoftTools
2010-11-09 19:29 . 2010-11-09 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2010-11-07 21:21 . 2010-11-29 22:29 -------- d-----w- c:\windows\system32\wbem\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 11:56 . 2001-12-31 23:42 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-26 18:19 . 2010-04-17 21:24 165232 ---ha-w- c:\documents and settings\sloba\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2010-11-07 13:47 . 2001-12-31 23:42 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-14 08:00 . 2010-09-26 15:29 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2008-05-17 21:33 . 2010-02-12 08:43 786952 ----a-w- c:\program files\PStart.exe
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^sloba^Start Menu^Programs^Startup^Digsby.lnk]
path=c:\documents and settings\sloba\Start Menu\Programs\Startup\Digsby.lnk
backup=c:\windows\pss\Digsby.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-12 20:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDiskAutomount]
2009-08-24 18:43 139264 ----a-w- c:\program files\Total Commander\PLUGINS\WFX\VirtualDisk\VirtualDisk.wfx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_nltide_3]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\USB\\PStart\\uTorrent\\utorrent.exe"=

R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\usb temp\HWiNFO32\HWiNFO32.SYS [x]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [2010-04-27 590632]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-08-14 54960]
R3 block_reader;MPR DRV;c:\program files\PStart\Multi Password Recovery\block_reader.sys [x]
R3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
R3 LKSOGX;LKSOGX;c:\docume~1\ADMINI~1\LOCALS~1\Temp\LKSOGX.exe [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-03-25 123856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-03-25 41680]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-03-25 110608]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Translate with Di dictionary -
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\
FF - plugin: c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\sloba\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: Link Alert: linkalert.conlan@addons.mozilla.com - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\linkalert.conlan@addons.mozilla.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
FF - Extension: Basic Bookmarks for FF3: {1e2fd05e-2ce6-11dd-bd1b-efbb55d89593} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{1e2fd05e-2ce6-11dd-bd1b-efbb55d89593}
FF - Extension: Custom Buttons: custombuttons@xsms.org - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\custombuttons@xsms.org
FF - Extension: Organize Status Bar: {35106bca-6c78-48c7-ac28-56df30b51d2c} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
FF - Extension: EHTip: ehtip@robertkatic - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\ehtip@robertkatic
FF - Extension: Personal Menu: CompactMenuCE@Merci.chao - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\CompactMenuCE@Merci.chao
FF - Extension: Yahoo! Mail Notifier: {89f8dde0-010a-11da-8cd6-0800200c9a66} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
FF - Extension: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Extension: ToolbarButtons: {03B08592-E5B4-45ff-A0BE-C1D975458688} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: BlackX: {239c61a8-e55f-11db-8314-0800200c9a66} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
FF - Extension: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Extension: Old Bookmarks Sidebar: old_bookmarks_sidebar@francev_nikolay - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\old_bookmarks_sidebar@francev_nikolay
FF - Extension: CheckPlaces: checkplaces@andyhalford.com - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\checkplaces@andyhalford.com
FF - Extension: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Wappalyzer: wappalyzer@crunchlabz.com - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\wappalyzer@crunchlabz.com
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: IE Tab Plus: ietab@ip.cn - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\ietab@ip.cn
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: HideTab: {B347DFB4-AC21-11DD-9016-B77D55D89593} - c:\documents and settings\sloba\Application Data\Mozilla\Firefox\Profiles\qnokw9o4.default\extensions\{B347DFB4-AC21-11DD-9016-B77D55D89593}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SafeBoot-SolutoService
MSConfigStartUp-ErrorRepairPro - c:\program files\Error Repair Professional\autostart.exe
MSConfigStartUp-MCShieldTray - c:\program files\MCShield\MCShieldTray.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
AddRemove-DVD Label Maker - d:\program files\Acoustica CD Label Maker\cdlabel.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper_3004.dll
AddRemove-WinImage - d:\old windows\Program Files\WINIMAGE\winimage.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 23:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2010-11-29 23:43:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-29 22:43

Pre-Run: 5,313,236,992 bytes free
Post-Run: 5,235,859,456 bytes free

- - End Of File - - 2F959914A3AEA4679844F9777455323A

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nope... Nema ovde nicega sto bi moglo biti uzrok gore spomenutih problema... Da ti mozda ovaj getplus helper ne pravi problem sa tom svchost greskom...?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pazi, nemam pojma, sad sam skinuo taj fajl (folder bin je prazan), pa cu probati sta ce se desiti kad podignem Windows sa tim fajlom na mestu gde treba da bude. U krajnjem slucaju, ostaje mi repair Windowsa.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


Ehm da... postoji mogucnost da su ti zeznuti plaginovi ili konfiguracija istih u winampu... al kontam da ti je to sad najmanji problem... Morao sam pustiti CF cisto da zagrebem malo dublje


Pozzz

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala na trudu!
Kratak raport: rešavanje problema nije uspelo ni iz recovery konzole, ni reinstalacijom Windowsa, morala je da padne nova instalacija. Sad sve radi kako treba.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

E steta Svasta... uopste mi nije jasno sta se tu desilo...