Racunar zaledi pri startu

Racunar zaledi pri startu

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

Pozdrav
Desava mi se da racunar cesto zaledi pri startu, sad se javljam iz safe moda iz kojeg i saljem logove.
Prvo mi se desavalo da se restaruje sam kad startam bsplayer (ne znam da li to ima veze sa ovim problemom), zatim se cesto zaledi kod podizanja sistema (kod DELL ucitavanja npr ili samo pisu neki brojevi u gornjem desnom uglu (113-PC****-*** ne znam koji tacno)
Kad uspijem iz nekoliko puta startati, u jednom momentu dok radi windows (XP je u pitanju) poplavi ekran i u ispisu spominje FILE ERROR ipflfdrv.sys
Nisam uspjela uslikati pa da prikacim sta tacno pise ali ukoliko bude od vaznosti, pokusacu startati mada ne bih izlazila iz safe-a ukoliko ne bude bas potrebno.
Od malware softwera imam Malwarebytes Anti-Malware koji ne mogu startati (on se iskljucivao sam ili se desavalo da ima dvije ikonice kod sata, a sad ga iz safe ne mogu pokrenuti iako ga imam da desktopu), izbacuje neki error-dont send.

mycity.rs/must-login.png

mycity.rs/must-login.png





Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Administrator (administrator) on ZORANK on 28-06-2014 19:34:10
Running from C:\Documents and Settings\Administrator\Desktop
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\inst programi\avast\AvastUI.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [C-Media Echo Control] => C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe [147456 2001-12-05] ()
HKLM\...\Run: [C-Media Mixer] => Mixer.exe /startup
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [61440 2005-08-06] (ATI Technologies Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\inst programi\avast\AvastUI.exe [3764024 2013-12-21] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [H2O] => C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [307200 2005-12-18] (Team H2O)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1935655697-299502267-1801674531-500\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [208896 2005-09-04] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
ShortcutTarget: ATI CATALYST System Tray.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\inst programi\avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 217.23.207.3 217.23.192.14

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\inst programi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\inst programi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\inst programi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\inst programi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2014-03-19]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Google disk) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Google pretraživanje) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-28]
CHR Extension: (Google Novčanik) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\inst programi\avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-21]

========================== Services (Whitelisted) =================

S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2003-02-20] (Microsoft Corporation) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2005-08-05] () [File not signed]
S2 avast! Antivirus; C:\inst programi\avast\AvastSvc.exe [50344 2013-12-21] (AVAST Software)
S2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-01-09] (Macrovision Europe Ltd.) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2014-03-19] (Sun Microsystems, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2013-12-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-21] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-12-21] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2013-12-21] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2013-12-21] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-21] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2013-12-21] ()
R3 CLEDX; C:\WINDOWS\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O) [File not signed]
S3 cmpci; C:\WINDOWS\System32\drivers\cmaudio.sys [370382 2002-01-29] (C-Media Inc)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-28] (Malwarebytes Corporation)
S1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
S3 SynasUSB; C:\WINDOWS\System32\drivers\SynasUSB.sys [16896 2005-11-03] (SIA Syncrosoft) [File not signed]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; No ImagePath
S2 Nsynas32; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-28 19:34 - 2014-06-28 19:34 - 00010282 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-06-28 19:34 - 2014-06-28 19:34 - 00000000 ____D () C:\FRST
2014-06-28 19:31 - 2014-06-28 19:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-06-28 19:31 - 2014-06-28 19:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-06-28 19:30 - 2014-06-28 19:30 - 01073664 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-06-28 19:25 - 2014-06-28 19:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-06-28 19:24 - 2014-06-28 19:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-06-28 19:23 - 2014-06-28 19:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-06-28 19:23 - 2014-06-28 19:29 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-28 19:23 - 2014-06-28 19:23 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-28 19:23 - 2014-06-28 19:23 - 00000000 ____D () C:\WINDOWS\CSC
2014-06-28 19:23 - 2013-12-21 00:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-06-28 19:23 - 2013-12-21 00:03 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-06-28 19:23 - 2013-12-21 00:03 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-06-28 01:55 - 2014-06-28 11:07 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-06-17 12:09 - 2014-06-17 12:09 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\vlc
2014-06-17 12:06 - 2014-06-17 12:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2014-06-17 12:05 - 2014-06-17 12:05 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-11 15:50 - 2014-06-11 15:50 - 00000347 _____ () C:\Documents and Settings\Zoran83\Desktop\Download.lnk
2014-06-11 15:49 - 2014-06-11 15:49 - 00000200 _____ () C:\Documents and Settings\Zoran83\Desktop\CD Drive.lnk
2014-06-10 12:57 - 2014-06-10 12:57 - 00000000 ____D () C:\Program Files\Edirol
2014-06-10 12:57 - 2014-06-10 12:57 - 00000000 ____D () C:\Documents and Settings\Zoran83\Start Menu\Programs\HQ Software Synthesizer
2014-06-09 22:55 - 2014-06-09 22:55 - 00000000 ____D () C:\Program Files\Propellerhead
2014-06-09 22:39 - 2014-06-09 22:39 - 00001046 _____ () C:\Documents and Settings\Zoran83\Desktop\Stylus RMX SAGE Converter.lnk
2014-06-09 22:39 - 2014-06-09 22:39 - 00000000 ____D () C:\Documents and Settings\Zoran83\Start Menu\Programs\Spectrasonics
2014-06-09 22:37 - 2014-06-09 22:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spectrasonics
2014-06-09 21:06 - 2014-06-09 22:18 - 00000000 ____D () C:\Program Files\Spectrasonics
2014-06-09 20:04 - 2014-06-09 20:04 - 00000000 ____D () C:\Documents and Settings\Zoran83\Start Menu\Programs\SyncroSoft Emu
2014-06-09 20:00 - 2014-06-09 20:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Syncrosoft
2014-06-09 19:42 - 2014-06-09 19:42 - 00000837 _____ () C:\Documents and Settings\All Users\Desktop\Hypersonic.exe.lnk
2014-06-09 19:31 - 2014-06-09 19:31 - 00000000 ____D () C:\Program Files\Common Files\VST3
2014-06-09 19:21 - 2014-06-09 19:21 - 00001823 _____ () C:\Documents and Settings\Zoran83\Desktop\Cubase 5.lnk
2014-06-09 19:20 - 2014-06-09 19:30 - 00000000 ____D () C:\Documents and Settings\Zoran83\Start Menu\Programs\Steinberg Cubase 5
2014-06-07 23:16 - 2014-06-07 23:16 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\Leadertech
2014-06-07 23:10 - 2014-06-07 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Neverwinter Nights
2014-06-07 23:10 - 2014-06-07 23:10 - 00001626 _____ () C:\Documents and Settings\All Users\Desktop\Neverwinter Nights.lnk
2014-06-07 23:10 - 2014-06-07 23:10 - 00000000 _____ () C:\WINDOWS\PowerReg.dat
2014-06-04 21:56 - 2014-06-04 21:56 - 00000000 ____D () C:\Program Files\Toontrack
2014-06-04 15:31 - 2005-11-08 20:02 - 00708608 _____ (SIA Syncrosoft) C:\WINDOWS\system32\SYNSOACC.dll
2014-06-04 15:31 - 2005-11-08 11:20 - 00147456 _____ (SIA Syncrosoft) C:\WINDOWS\system32\SynsoLChk.dll
2014-06-04 15:31 - 2005-11-03 17:14 - 00045056 _____ (SIA Syncrosoft) C:\WINDOWS\system32\Synsopos.exe
2014-06-04 15:31 - 2003-07-31 20:28 - 00147425 _____ () C:\WINDOWS\system32\SYNSOACC-Aide.chm
2014-06-04 15:31 - 2003-05-26 15:29 - 00120468 _____ () C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2014-06-04 15:31 - 2003-05-26 15:29 - 00114279 _____ () C:\WINDOWS\system32\SYNSOACC-Help.chm
2014-06-04 14:09 - 2014-06-17 12:08 - 00011843 _____ () C:\missing.ini
2014-06-04 14:08 - 2014-06-17 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-06-04 14:08 - 2014-06-04 14:08 - 00000731 _____ () C:\Documents and Settings\Zoran83\Desktop\Your Uninstaller!.lnk
2014-06-04 14:08 - 2014-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\URSoft
2014-06-04 14:08 - 2014-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 7
2014-06-04 13:55 - 2014-06-04 13:55 - 00000000 ____D () C:\Program Files\Pinnacle
2014-06-04 11:54 - 2014-06-27 11:56 - 00000471 _____ () C:\WINDOWS\system32\Datei4
2014-06-04 11:54 - 2014-06-27 11:56 - 00000471 _____ () C:\WINDOWS\system32\Datei2
2014-06-04 11:54 - 2014-06-27 11:56 - 00000470 _____ () C:\WINDOWS\system32\Datei3
2014-06-04 11:54 - 2014-06-27 11:56 - 00000470 _____ () C:\WINDOWS\system32\Datei1
2014-06-04 11:54 - 2014-06-27 11:56 - 00000469 _____ () C:\WINDOWS\system32\Datei7
2014-06-04 11:54 - 2014-06-27 11:56 - 00000469 _____ () C:\WINDOWS\system32\Datei5
2014-06-04 11:54 - 2014-06-27 11:56 - 00000468 _____ () C:\WINDOWS\system32\Datei0
2014-06-04 11:54 - 2014-06-27 11:56 - 00000467 _____ () C:\WINDOWS\system32\Datei9
2014-06-04 11:54 - 2014-06-27 11:56 - 00000467 _____ () C:\WINDOWS\system32\Datei8
2014-06-04 11:54 - 2014-06-27 11:56 - 00000467 _____ () C:\WINDOWS\system32\Datei10
2014-06-04 11:54 - 2014-06-27 11:56 - 00000465 _____ () C:\WINDOWS\system32\Datei6
2014-06-03 11:22 - 2014-06-08 16:32 - 00000000 ____D () C:\Documents and Settings\Zoran83\My Documents\Cubase Projects
2014-06-03 11:19 - 2014-06-20 13:51 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\VST3 Presets
2014-06-03 11:19 - 2014-06-03 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Steinberg
2014-06-02 01:25 - 2014-06-11 15:45 - 00000000 ____D () C:\Program Files\Video Performer
2014-06-02 01:25 - 2014-06-02 01:25 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\Mozilla

==================== One Month Modified Files and Folders =======

2014-06-28 19:34 - 2014-06-28 19:34 - 00010282 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-06-28 19:34 - 2014-06-28 19:34 - 00000000 ____D () C:\FRST
2014-06-28 19:34 - 2014-06-28 19:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-06-28 19:31 - 2014-06-28 19:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-06-28 19:31 - 2014-06-28 19:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-06-28 19:30 - 2014-06-28 19:30 - 01073664 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-06-28 19:29 - 2014-06-28 19:23 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-28 19:29 - 2013-12-30 17:11 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-28 19:25 - 2014-06-28 19:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-06-28 19:24 - 2014-06-28 19:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-06-28 19:23 - 2014-06-28 19:23 - 00000020 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-28 19:23 - 2014-06-28 19:23 - 00000000 ____D () C:\WINDOWS\CSC
2014-06-28 11:07 - 2014-06-28 01:55 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-06-28 11:07 - 2014-05-27 21:02 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 11:06 - 2013-12-21 00:08 - 00000000 ____D () C:\Documents and Settings\Zoran83\Local Settings\Temp
2014-06-28 11:05 - 2013-12-21 18:52 - 00000336 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-06-28 11:05 - 2013-12-21 17:10 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 11:05 - 2013-12-21 00:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-28 01:56 - 2013-12-21 00:08 - 00000000 ____D () C:\Documents and Settings\Zoran83
2014-06-27 16:28 - 2014-02-28 17:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-27 15:44 - 2013-12-21 17:10 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 11:56 - 2014-06-04 11:54 - 00000471 _____ () C:\WINDOWS\system32\Datei4
2014-06-27 11:56 - 2014-06-04 11:54 - 00000471 _____ () C:\WINDOWS\system32\Datei2
2014-06-27 11:56 - 2014-06-04 11:54 - 00000470 _____ () C:\WINDOWS\system32\Datei3
2014-06-27 11:56 - 2014-06-04 11:54 - 00000470 _____ () C:\WINDOWS\system32\Datei1
2014-06-27 11:56 - 2014-06-04 11:54 - 00000469 _____ () C:\WINDOWS\system32\Datei7
2014-06-27 11:56 - 2014-06-04 11:54 - 00000469 _____ () C:\WINDOWS\system32\Datei5
2014-06-27 11:56 - 2014-06-04 11:54 - 00000468 _____ () C:\WINDOWS\system32\Datei0
2014-06-27 11:56 - 2014-06-04 11:54 - 00000467 _____ () C:\WINDOWS\system32\Datei9
2014-06-27 11:56 - 2014-06-04 11:54 - 00000467 _____ () C:\WINDOWS\system32\Datei8
2014-06-27 11:56 - 2014-06-04 11:54 - 00000467 _____ () C:\WINDOWS\system32\Datei10
2014-06-27 11:56 - 2014-06-04 11:54 - 00000465 _____ () C:\WINDOWS\system32\Datei6
2014-06-27 02:49 - 2001-08-23 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-26 12:51 - 2013-12-22 23:26 - 00002515 _____ () C:\Documents and Settings\Zoran83\Desktop\Microsoft Office Word 2007.lnk
2014-06-25 12:14 - 2014-01-30 00:56 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-06-25 03:52 - 2013-12-21 16:57 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-06-25 03:52 - 2013-12-21 00:08 - 00000178 ___SH () C:\Documents and Settings\Zoran83\ntuser.ini
2014-06-24 21:49 - 2013-12-26 23:01 - 00017920 _____ () C:\Documents and Settings\Zoran83\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-22 15:18 - 2013-12-26 22:54 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\uTorrent
2014-06-21 18:20 - 2013-12-26 22:58 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\BSplayer PRO
2014-06-20 13:51 - 2014-06-03 11:19 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\VST3 Presets
2014-06-17 12:09 - 2014-06-17 12:09 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\vlc
2014-06-17 12:08 - 2014-06-04 14:09 - 00011843 _____ () C:\missing.ini
2014-06-17 12:08 - 2014-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-06-17 12:06 - 2014-06-17 12:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2014-06-17 12:05 - 2014-06-17 12:05 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-12 09:39 - 2013-12-21 17:13 - 00001809 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-11 15:50 - 2014-06-11 15:50 - 00000347 _____ () C:\Documents and Settings\Zoran83\Desktop\Download.lnk
2014-06-11 15:49 - 2014-06-11 15:49 - 00000200 _____ () C:\Documents and Settings\Zoran83\Desktop\CD Drive.lnk
2014-06-11 15:45 - 2014-06-02 01:25 - 00000000 ____D () C:\Program Files\Video Performer
2014-06-10 12:57 - 2014-06-10 12:57 - 00000000 ____D () C:\Program Files\Edirol
2014-06-10 12:57 - 2014-06-10 12:57 - 00000000 ____D () C:\Documents and Settings\Zoran83\Start Menu\Programs\HQ Software Synthesizer
2014-06-09 22:55 - 2014-06-09 22:55 - 00000000 ____D () C:\Program Files\Propellerhead
2014-06-09 22:41 - 2014-06-09 22:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spectrasonics
2014-06-09 22:39 - 2014-06-09 22:39 - 00001046 _____ () C:\Documents and Settings\Zoran83\Desktop\Stylus RMX SAGE Converter.lnk
2014-06-09 22:39 - 2014-06-09 22:39 - 00000000 ____D () C:\Documents and Settings\Zoran83\Start Menu\Programs\Spectrasonics
2014-06-09 22:18 - 2014-06-09 21:06 - 00000000 ____D () C:\Program Files\Spectrasonics
2014-06-09 20:35 - 2014-01-20 16:00 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\Ample Sound
2014-06-09 20:04 - 2014-06-09 20:04 - 00000000 ____D () C:\Documents and Settings\Zoran83\Start Menu\Programs\SyncroSoft Emu
2014-06-09 20:01 - 2014-06-09 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Syncrosoft
2014-06-09 20:01 - 2013-12-25 20:58 - 00000000 ____D () C:\Program Files\Syncrosoft
2014-06-09 19:42 - 2014-06-09 19:42 - 00000837 _____ () C:\Documents and Settings\All Users\Desktop\Hypersonic.exe.lnk
2014-06-09 19:31 - 2014-06-09 19:31 - 00000000 ____D () C:\Program Files\Common Files\VST3
2014-06-09 19:30 - 2014-06-09 19:20 - 00000000 ____D () C:\Documents and Settings\Zoran83\Start Menu\Programs\Steinberg Cubase 5
2014-06-09 19:21 - 2014-06-09 19:21 - 00001823 _____ () C:\Documents and Settings\Zoran83\Desktop\Cubase 5.lnk
2014-06-09 19:20 - 2014-01-19 17:14 - 00000000 ____D () C:\Program Files\Steinberg
2014-06-09 19:00 - 2013-12-21 18:50 - 00000000 ____D () C:\inst programi
2014-06-08 16:32 - 2014-06-03 11:22 - 00000000 ____D () C:\Documents and Settings\Zoran83\My Documents\Cubase Projects
2014-06-07 23:30 - 2014-06-07 23:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Neverwinter Nights
2014-06-07 23:16 - 2014-06-07 23:16 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\Leadertech
2014-06-07 23:10 - 2014-06-07 23:10 - 00001626 _____ () C:\Documents and Settings\All Users\Desktop\Neverwinter Nights.lnk
2014-06-07 23:10 - 2014-06-07 23:10 - 00000000 _____ () C:\WINDOWS\PowerReg.dat
2014-06-07 22:56 - 2013-12-21 00:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-04 21:56 - 2014-06-04 21:56 - 00000000 ____D () C:\Program Files\Toontrack
2014-06-04 20:38 - 2013-12-21 00:45 - 00000000 ____D () C:\WINDOWS\Driver Cache
2014-06-04 20:37 - 2014-01-25 21:31 - 00000000 ____D () C:\Documents and Settings\Zoran83\Local Settings\Application Data\genienext
2014-06-04 19:53 - 2013-12-21 17:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\COMODO
2014-06-04 15:36 - 2013-12-21 00:51 - 01561312 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-04 14:09 - 2013-12-21 01:03 - 00070400 _____ () C:\Documents and Settings\Zoran83\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-04 14:08 - 2014-06-04 14:08 - 00000731 _____ () C:\Documents and Settings\Zoran83\Desktop\Your Uninstaller!.lnk
2014-06-04 14:08 - 2014-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\URSoft
2014-06-04 14:08 - 2014-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 7
2014-06-04 13:55 - 2014-06-04 13:55 - 00000000 ____D () C:\Program Files\Pinnacle
2014-06-03 11:19 - 2014-06-03 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Steinberg
2014-06-03 11:19 - 2013-12-25 21:07 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\Steinberg
2014-06-02 01:25 - 2014-06-02 01:25 - 00000000 ____D () C:\Documents and Settings\Zoran83\Application Data\Mozilla
2014-05-30 20:04 - 2014-03-28 20:57 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat

Some content of TEMP:
====================
C:\Documents and Settings\Zoran83\Local Settings\Temp\6_Offer_3.exe
C:\Documents and Settings\Zoran83\Local Settings\Temp\CmdLineExt03.dll
C:\Documents and Settings\Zoran83\Local Settings\Temp\Edirol HQ Orchestral VSTi DXi v1.01.exe
C:\Documents and Settings\Zoran83\Local Settings\Temp\f.exe
C:\Documents and Settings\Zoran83\Local Settings\Temp\nsn615.tmp.exe
C:\Documents and Settings\Zoran83\Local Settings\Temp\safeguard.exe
C:\Documents and Settings\Zoran83\Local Settings\Temp\setup.exe
C:\Documents and Settings\Zoran83\Local Settings\Temp\SIntf16.dll
C:\Documents and Settings\Zoran83\Local Settings\Temp\SIntf32.dll
C:\Documents and Settings\Zoran83\Local Settings\Temp\SIntfNT.dll
C:\Documents and Settings\Zoran83\Local Settings\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav,

Po opisu problema reklo bi se da je uzrocnik neka komponenta. No, hteo bih da probamo nesto ...
Pokusaj da odradis ovaj korak takodje iz Safe Mode with Networking.




1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);

Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.


------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

Combofix nije trazio restart pri skeiranju. Preuzimao Recovery Console


ComboFix 14-06-27.01 - Administrator 06/28/2014 20:29:59.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1256 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-05-28 to 2014-06-28 )))))))))))))))))))))))))))))))
.
.
2014-06-28 17:34 . 2014-06-28 17:35 -------- d-----w- C:\FRST
2014-06-28 17:23 . 2014-06-28 17:29 -------- d-----w- c:\documents and settings\Administrator
2014-06-27 23:55 . 2014-06-28 09:07 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-06-17 10:09 . 2014-06-17 10:09 -------- d-----w- c:\documents and settings\Zoran83\Application Data\vlc
2014-06-17 10:05 . 2014-06-17 10:05 -------- d-----w- c:\program files\VideoLAN
2014-06-10 10:57 . 2014-06-10 10:57 -------- d-----w- c:\program files\Edirol
2014-06-09 20:55 . 2014-06-09 20:55 -------- d-----w- c:\program files\Propellerhead
2014-06-09 20:37 . 2014-06-09 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spectrasonics
2014-06-09 19:06 . 2014-06-09 20:18 -------- d-----w- c:\program files\Spectrasonics
2014-06-09 17:31 . 2014-06-09 17:31 -------- d-----w- c:\program files\Common Files\VST3
2014-06-07 21:16 . 2014-06-07 21:16 -------- d-----w- c:\documents and settings\Zoran83\Application Data\Leadertech
2014-06-04 19:56 . 2014-06-04 19:56 -------- d-----w- c:\program files\Toontrack
2014-06-04 13:31 . 2005-11-03 15:14 45056 ----a-w- c:\windows\system32\Synsopos.exe
2014-06-04 13:31 . 2005-11-08 18:02 708608 ----a-w- c:\windows\system32\SYNSOACC.dll
2014-06-04 13:31 . 2005-11-08 09:20 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2014-06-04 12:08 . 2014-06-04 12:08 -------- d-----w- c:\documents and settings\Zoran83\Application Data\URSoft
2014-06-04 11:55 . 2014-06-04 11:55 -------- d-----w- c:\program files\Pinnacle
2014-06-03 09:19 . 2014-06-20 11:51 -------- d-----w- c:\documents and settings\Zoran83\Application Data\VST3 Presets
2014-06-03 09:19 . 2014-06-03 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Steinberg
2014-06-01 23:25 . 2014-06-11 13:45 -------- d-----w- c:\program files\Video Performer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-28 09:07 . 2014-05-27 19:02 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-14 16:28 . 2013-12-22 21:38 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 16:28 . 2013-12-22 21:38 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 05:26 . 2014-05-27 19:02 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2013-12-22 20:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"C-Media Mixer"="Mixer.exe" [2002-01-29 1228800]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe SystemTray [2005-8-6 61440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\inst programi\\utorent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Zoran83\\Local Settings\\Temp\\11m63sxt\\SpeedanAlysisSetup"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [12/25/2013 8:58 PM 33792]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/27/2014 9:02 PM 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/27/2014 9:02 PM 860472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/22/2013 10:11 PM 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [5/27/2014 9:02 PM 110296]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2/16/2014 1:12 AM 16896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 07:39 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-22 16:28]
.
2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-21 15:10]
.
2014-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-21 15:10]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 217.23.207.3 217.23.192.14
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-06-28 20:33
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-06-28 20:35:06
ComboFix-quarantined-files.txt 2014-06-28 18:35
.
Pre-Run: 5,960,286,208 bytes free
Post-Run: 6,693,584,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D30AD905D65AB5F842A274F1342EF63D
8F558EB6672622401DA993E1E865C861


mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Odlicno. Hajde sada podigni racunar u Normal Mode pa ponovi skeniranje sa ComboFix.

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

mycity.rs/must-login.png



ComboFix 14-06-27.01 - Zoran83 06/28/2014 21:45:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1151 [GMT 2:00]
Running from: c:\documents and settings\Zoran83\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-05-28 to 2014-06-28 )))))))))))))))))))))))))))))))
.
.
2014-06-28 17:34 . 2014-06-28 17:35 -------- d-----w- C:\FRST
2014-06-28 17:23 . 2014-06-28 17:29 -------- d-----w- c:\documents and settings\Administrator
2014-06-27 23:55 . 2014-06-28 09:07 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-06-17 10:09 . 2014-06-17 10:09 -------- d-----w- c:\documents and settings\Zoran83\Application Data\vlc
2014-06-17 10:05 . 2014-06-17 10:05 -------- d-----w- c:\program files\VideoLAN
2014-06-10 10:57 . 2014-06-10 10:57 -------- d-----w- c:\program files\Edirol
2014-06-09 20:55 . 2014-06-09 20:55 -------- d-----w- c:\program files\Propellerhead
2014-06-09 20:37 . 2014-06-09 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spectrasonics
2014-06-09 19:06 . 2014-06-09 20:18 -------- d-----w- c:\program files\Spectrasonics
2014-06-09 17:31 . 2014-06-09 17:31 -------- d-----w- c:\program files\Common Files\VST3
2014-06-07 21:16 . 2014-06-07 21:16 -------- d-----w- c:\documents and settings\Zoran83\Application Data\Leadertech
2014-06-04 19:56 . 2014-06-04 19:56 -------- d-----w- c:\program files\Toontrack
2014-06-04 13:31 . 2005-11-03 15:14 45056 ----a-w- c:\windows\system32\Synsopos.exe
2014-06-04 13:31 . 2005-11-08 18:02 708608 ----a-w- c:\windows\system32\SYNSOACC.dll
2014-06-04 13:31 . 2005-11-08 09:20 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2014-06-04 12:08 . 2014-06-04 12:08 -------- d-----w- c:\documents and settings\Zoran83\Application Data\URSoft
2014-06-04 11:55 . 2014-06-04 11:55 -------- d-----w- c:\program files\Pinnacle
2014-06-03 09:19 . 2014-06-20 11:51 -------- d-----w- c:\documents and settings\Zoran83\Application Data\VST3 Presets
2014-06-03 09:19 . 2014-06-03 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Steinberg
2014-06-01 23:25 . 2014-06-11 13:45 -------- d-----w- c:\program files\Video Performer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-28 09:07 . 2014-05-27 19:02 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-14 16:28 . 2013-12-22 21:38 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 16:28 . 2013-12-22 21:38 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 05:26 . 2014-05-27 19:02 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2013-12-22 20:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"C-Media Mixer"="Mixer.exe" [2002-01-29 1228800]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe SystemTray [2005-8-6 61440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\inst programi\\utorent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Zoran83\\Local Settings\\Temp\\11m63sxt\\SpeedanAlysisSetup"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [12/25/2013 8:58 PM 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/22/2013 10:11 PM 23256]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/27/2014 9:02 PM 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/27/2014 9:02 PM 860472]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [5/27/2014 9:02 PM 110296]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2/16/2014 1:12 AM 16896]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 07:39 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-22 16:28]
.
2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-21 15:10]
.
2014-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-21 15:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.23.207.3 217.23.192.14
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-BitTorrent Sync - c:\program files\BitTorrent Sync\BTSync.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-06-28 21:49
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\msi.dll
.
Completion time: 2014-06-28 21:50:25
ComboFix-quarantined-files.txt 2014-06-28 19:50
ComboFix2.txt 2014-06-28 18:35
.
Pre-Run: 6,692,552,704 bytes free
Post-Run: 6,682,116,096 bytes free
.
- - End Of File - - 776B57B516F89112A2812F4042F1D5AA
8F558EB6672622401DA993E1E865C861

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Da li je situacija nesto bolja?

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

Pa pri restartu sam podigla sistem bez problema, ne znam hoce li se ponovo dešavati isto, za sad još uvijek ne iskače nikakav error. Mogu li da znam šta je očistio (popravio) kako bi znala kako da se ne ponovi slično.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Zapravo, ComboFix nije uradio nista bitno osim sto je ocistio ostatke PUP programa, a nije ni FRST alat pokazao bilo kakvu malicioznu aktivnost. E sad, mogli bi izvrsiti i dodatnu ARK proveru ali smatram da nema potrebe jer ovaj problem po svemu sudeci nije prouzrokovao malware.

Moja ti je preporuka da otvoris novu temu u Windows forumu i tamo izlozis svoj problem.

Sledeća procedura će implementirati završno čišćenje.



Arrow Potrebno je deinstalirati ComboFix:

klikni start (ili ), a zatim RUN.
U liniju za unos teksta ukucaj (iskopiraj) sledeće:
ComboFix /Uninstall
Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.




Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 25 Feb 2010
  • Poruke: 65
  • Gde živiš: Banja Luka

Nekoliko puta sam restartovala računar, uvijek lijepo starta, antimalware reinstalirala-uredno radi. Za sad ću ostaviti kako jeste, možda je problem i riješen.
Hvala vam na ukazanoj pomoći

Ko je trenutno na forumu
 

Ukupno su 1051 korisnika na forumu :: 47 registrovanih, 8 sakrivenih i 996 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Asparagus, babaroga, bankulen, bojanM84, bokisha253, BORUTUS, BraneS, brundo65, CrazyDiablo, Dannyboy, doklevise, DonRumataEstorski, Duh sa sekirom, GandorCC, GenZee, Georgius, havoc995, ikan, Ivan Campo, Karla, kunktator, kybonacci, ljuba, ljubacv, LUDI, Luka Blažević, Metanoja, mgolub, misa1xx, mrav pesadinac, naki011, Nemanja.M, nenad81, operniki, Parker, raptorsi, sap, sasakrajina, savaskytec, slonic_tonic, solic, stalja, Stija zmija, vladulns, Wrangler, zlaya011