Problem sa zastitom kompa?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Juce sam pokusao da skeniram komp i nisam uspio zbog toga sto ne mogu da pokrenem ni: Spybot S&D, Malwarebytes' Anti-Malware ni Ad-Aware SE Professional... kad god kliknem na bilo koji od ova 3 programa pojavi mi se "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
Ne znam koji mu je djavo, ako mozete pomozit???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kako da ga pokrenem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Probaj da ispratiš ovo uputstvo za kreiranje dijagnostičkih izveštaja:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

na koji način se ispoljava problem oko koga tražite pomoć
Kad pokusam da skeniram komp, ne mogu da pokrenem programe za zastitu: Spybot S&D, Malwarebytes' Anti-Malware ni Ad-Aware SE Professional...

kada se taj problem počeo ispoljavati
Juce...

ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku
Ne mogu da ga pokrenem...

na koji način ste pokušali rešiti problem
Nisam nista pokusao...


kakvom internet konekcijom raspolažete (tip i brzina konekcije)
ADSL 100.0 Mbps

bilo kakve dodatne informacije koje bi mogle pobliže opisati stanje na vašem računaru
Pa kad pokusam da pokrenem neki od programa pojavi mi se ovo: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

2


DDS (Ver_10-12-12.02) - NTFSx86
Run by XP at 18:23:57,34 on sre 15.12.2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3071.2319 [GMT 1:00]

AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
C:\Program Files\Iminent\IMBooster\imbooster.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XP\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.searchqu.com/sidebar.html?src=ssb&sysid=101
uDefault_Search_URL = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.Google.com
uStart Page = hxxp://search.iminent.com/?appId=F3C50582-E059-403B-8E9B-3C5833B4EAE9
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://tvsearch.biz
uSearchAssistant = hxxp://www.searchqu.com/sidebar.html?src=ssb&sysid=101
uCustomizeSearch = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
uURLSearchHooks: Iminent.BHO.NavigationError: {84ff7bd6-b47f-46f8-9130-01b2696b36cb} - c:\program files\iminent\searchtheweb\Iminent.BHO.NavigationError.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: Iminent.BHO.NavigationError: {84ff7bd6-b47f-46f8-9130-01b2696b36cb} - c:\program files\iminent\searchtheweb\Iminent.BHO.NavigationError.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\imbooster4web\Iminent.WebBooster.dll
BHO: GdfrDUEn Class: {a3cf7606-e683-4375-a372-96b75da0aef7} - c:\program files\get styles\enlbrdr.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Bar World Toolbar Powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Bar World Toolbar Powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "d:\program files\steam\Steam.exe" -silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [CleanIt] d:\program files\cleanit\cleanit.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
mRun: [IMBooster] c:\program files\iminent\imbooster\imbooster.exe /warmup
mRun: [Iminent.Notifier] c:\program files\iminent\searchtheweb\Iminent.Notifier.exe
mRun: [ISTray] "d:\program files\spyware doctor\pctsTray.exe"
dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\get styles\ct.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {2B018911-ED33-4BBE-BB16-45A8461B9259} = 195.66.189.137 195.66.189.138
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\imesha~1\mediabar\\datamngr\datamngr.dll c:\progra~1\bandoo\bndhook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xp\applic~1\mozilla\firefox\profiles\0uh1oh1u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={487472BB-6604-C813-D282-339E6B2DCB54}&q=
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{966130e5-e772-49af-9638-213df2b588dc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\{c9b68337-e93a-44ea-94dc-cb300ec06444}\components\Engine.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\documents and settings\xp\application data\mozilla\firefox\profiles\0uh1oh1u.default\extensions\firefox@bandoo.com\components\FFPlugin.dll
FF - component: c:\program files\mozilla firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
FF - plugin: c:\documents and settings\xp\application data\facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\xp\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\xp\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\xp\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\xp\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Iminent WebBooster: webbooster@iminent.com - c:\program files\mozilla firefox\extensions\webbooster@iminent.com
FF - Ext: Secret Crush Revealer: crushcalc@gameplaylabs.com - %profile%\extensions\crushcalc@gameplaylabs.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Bandoo for Firefox: firefox@bandoo.com - %profile%\extensions\firefox@bandoo.com
FF - Ext: Bar World Toolbar Powered by Ask.com: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: MB2 Community Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - %profile%\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}
FF - Ext: U Flv: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - %profile%\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Ext: {5647f4b2-2f19-15dd-2d2b-7212613c2b46}: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - %profile%\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Ext: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: desiredinc Community Toolbar: {966130e5-e772-49af-9638-213df2b588dc} - %profile%\extensions\{966130e5-e772-49af-9638-213df2b588dc}
FF - Ext: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - %profile%\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: IMinent Toolbar: {C9B68337-E93A-44EA-94DC-CB300EC06444} - %profile%\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-14 217032]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-12-14 112592]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 472280]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]
RUnknown DwProt;DwProt; [x]
S1 dfdb;dfdb;\??\c:\windows\system32\dfdb.sys --> c:\windows\system32\dfdb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]
S2 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2010-12-14 366840]
S2 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2010-12-14 1142224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-30 1684736]
S3 cpuz132;cpuz132;\??\c:\docume~1\xp\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\xp\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-14 20952]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]

=============== Created Last 30 ================

2010-12-15 13:23:33 -------- d-----w- c:\documents and settings\xp\DoctorWeb
2010-12-15 08:39:00 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Threat Expert
2010-12-14 17:33:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-12-14 17:33:55 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-12-14 17:33:55 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-12-14 17:33:55 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-12-14 17:26:38 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-14 17:26:34 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-14 17:26:34 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-14 17:26:30 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-14 17:26:20 -------- d-----w- c:\program files\common files\PC Tools
2010-12-14 17:26:20 -------- d-----w- c:\docume~1\xp\applic~1\PC Tools
2010-12-14 17:26:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-14 17:16:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 17:16:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 17:16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 18:42:47 -------- d-----w- c:\program files\IMinent Toolbar
2010-12-11 18:42:45 24576 ----a-w- c:\program files\mozilla firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
2010-12-11 18:42:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\IMinent
2010-12-11 18:42:41 -------- d-----w- c:\program files\Iminent
2010-12-11 00:59:43 -------- d-----w- c:\docume~1\xp\applic~1\PriceGong
2010-12-10 14:47:00 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Sony
2010-12-10 14:46:23 -------- d-----w- c:\program files\Sony
2010-12-10 14:40:21 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Conduit
2010-12-10 14:40:20 -------- d-----w- c:\program files\Conduit
2010-12-10 14:40:20 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Softonic-Eng7
2010-12-10 14:40:20 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\ConduitEngine
2010-12-10 14:40:19 -------- d-----w- c:\program files\ConduitEngine
2010-12-10 14:40:17 -------- d-----w- c:\program files\Softonic-Eng7
2010-12-07 16:42:41 -------- d-----w- c:\program files\facemoods.com
2010-12-06 09:11:21 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\AskToolbar
2010-12-05 13:24:24 -------- d-----w- c:\program files\Ask.com
2010-12-02 01:44:35 -------- d-----w- c:\docume~1\xp\locals~1\applic~1\Sports Interactive
2010-11-28 11:15:14 373104 ----a-w- c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
2010-11-27 15:13:31 -------- d-----w- c:\docume~1\xp\applic~1\Uniblue
2010-11-27 15:13:28 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
2010-11-27 15:13:27 -------- d-----w- c:\program files\Uniblue
2010-11-27 08:02:58 388096 ----a-r- c:\docume~1\xp\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-27 08:02:57 -------- d-----w- c:\program files\Trend Micro
2010-11-26 06:53:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\HouseDemo
2010-11-23 18:06:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sports Interactive
2010-11-23 16:39:43 1275 ----a-w- c:\docume~1\xp\locals~1\applic~1\GLF3E01.tmp
2010-11-23 13:27:17 -------- d-----w- c:\program files\Sports Interactive
2010-11-22 20:58:10 -------- d-----w- c:\program files\common files\DVDVideoSoft

==================== Find3M ====================

2010-11-30 14:09:07 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-18 10:23:26 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

mycity.rs/must-login.png

3

Ja sam skinuo GMER i kad zavrsi uvodno skenikarnje pojavi mi se nesto i ja kliknem No i kad pokusam da kliknem Scan, sve mi nestane, a kad pokusam ponovo da pokrenem program pise mi potpuno ista stvar kao i kod onih programa...
A ovaj RootRepeal kad skinem, skine mi se u Winrar zipu i ne mosu da ga pokrenem, pojavljuje mi se Error.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prilično nezgodna infekcija.


Da vidimo šta može da se uradi... Pažljivo isprati sledeće uputstvo.



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve sam uradio kako si mi reko, kad treba da pokrenem program, kliknem dva puta na ikonicu, pojavi mise mali pravougaonik u koji pise ComboFix a ispod se popunjavaju zelene crte i kad dozu do kraja ja pomislim sad ce kad ono nista, ja ceka i cekam i nista, probo sam jos nekoliko puta i ista stvar...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obriši taj file koji si skinuo, a zatim ga ponovo skini:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Restartuj PC u Safe Mode: http://www.mycity.rs/Uputstva/Kako-uci-u-Safe-Mode-2.html


U Safe Mode-u pokreni ComboFix i isprati postupak.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nista, ista stvar, ne moze!!! Uso sam u Safe Modu i kad sam pokrenuo ComboFix pojavio mi se mali pravougaonik i plava debela crta i kad se ispunila nista, ja cekam i cekam i nista... Sta dam radim Boro???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obriši ComboFix (da, opet), skini ga ponovo, klikni desnim tasterom na njega i izaberi Rename - kao novo ime upiši (copy/paste odavde):

iexplore


Probaj da ga pokreneš tako preimenovanoga. Ukoliko radi, postavi dobijeni logfile.


Ukoliko ne radi, ponovo preuzmi program Gmer: http://www2.gmer.net/download.php

Pokreni ga - ukoliko se pojavi bilo kakav upit, klikni No.

Nemoj da pokrećeš skeniranje, već klikni Save ... i sačuvaj izveštaj negde.

Priloži taj izveštaj uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 15 Dec 2010 21:01

mycity.rs/must-login.png

Dopuna: 15 Dec 2010 21:03

Boro ovo gore je fajl od Gmera jer ovo sa ComboFixom nije uspijelo...