[ Zoro67 @ 06.02.2011. 05:49 ] @
Avira stalno prijavljuje WORM/Rbot.210944
Navodno očisti crva ali ga ponovo pronađe posle izvesnog vremena.
Beginning disinfection:
E:\System Volume Information\_restore{44182395-F3CE-4331-8F72-964862C8B517}\RP817\A1365282.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.210944 worm
[NOTE] The file was moved to the quarantine directory under the name '4fc18734.qua'.

Recycle Bin je prazan. Mišem postaje sve teže raditi, jedva uspevam da odradim copy-paste. Kada želim da kliknem mišem na nešto to moram da uradim tri-četiri puta. Molim za pomoć.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:41:15, on 6.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21295)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Sygate\SPF\smc.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
E:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\DivX\DivX Update\DivXUpdate.exe
E:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\VMware\VMware Server\vmware-authd.exe
E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
E:\WINDOWS\system32\vmnat.exe
E:\WINDOWS\system32\vmnetdhcp.exe
E:\Program Files\VMware\VMware Server\vmserverdWin32.exe
E:\totalcmd\TOTALCMD.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Java\jre6\bin\javaw.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\NOTEPAD.EXE
e:\program files\avira\antivir desktop\avcenter.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=tweak&s={searchTerms}&f=4
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O1 - Hosts: 76.74.137.94 i.fulltiltpoker.com
O1 - Hosts: 76.74.137.94 app.struq.com
O1 - Hosts: 76.74.137.94 java.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - E:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - E:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - E:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - E:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [WinPatrol] E:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [VMonitorVMUVC] "E:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "E:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-117609710-1659004503-725345543-1008\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-21-117609710-1659004503-725345543-1008\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Download sa NetXfer-om - E:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Download svega sa NetXfer-om - E:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Paleta Alatki RoboForma - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Podesi Meni - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Popuni Formular - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Sacuvaj Formular - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Popuni - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Popuni Formular - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Sacuvaj - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Sacuvaj Formular - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Paleta Alatki RoboForma - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1230893539703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co...t/muweb_site.cab?1230893518656
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C06812B-B7AD-409C-B8E6-2B2D194A3A08}: NameServer = 80.74.164.249 80.74.160.26
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - E:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - E:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\system32\vmnat.exe

--
End of file - 13904 bytes
[ SStudio @ 06.02.2011. 10:56 ] @
To mesto gde ti prijavljuje da se nalazi je lokacija system restore servisa, obrisi system restore, ccleaner može da ti završi taj posao.
A radi sigurnosti probaj da startuješ komp u safe modu pa onda preskeniraj, ako se i dalje javlja dotična napast i problemi, skini avira rescue cd sa njihovog sajta nareži kroz neki program na najmanju brzinu opcijom burn image. Restartuj komp i pusti da se bootuje sa cd-a pusti da odradi update preko neta i skeniraj.
[ magna86 @ 06.02.2011. 13:11 ] @
Preuzmi ovaj program na Desktop i pokreni ga.
http://www.funkytoad.com/download/HostsXpert.zip

Klikni na Make ReadOnly?
klikni na Make Writable (ako je dostupan)
Klikni na Restore MS Hosts File pa Ok

Zatvori program.

==========

Resetuj System Restore.
http://support.microsoft.com/d...405&Product=winxp&FR=1

==========

Restartuj racunar. Da li ti sad avira nesto detektuje?
[ Zoro67 @ 06.02.2011. 18:45 ] @
Pokrenuo sam ccleaner, otišao na opciju alati, izabrao System restore i brisao tačku po tačku. Jedino što nisam uspeo da obrišem je tačka koja je napravljena danas (6.2.2011 6:21:39 Installed HijackThis). Sada ću da restartujem sistem pa ću u sledećem postu opisati da li se problem i dalje pojavljuje.

Opcija Make ReadOnly? ne postoji, a kada kliknem na Restore MS Hosts dobijam poruku: ERRoR: Cannot create file E:\Windows\Sistem32\Drivers\ETC\host.
[ Zoro67 @ 06.02.2011. 19:44 ] @
Za sada Avira ne detektuje ništa, mada me ne bi iznenadilo da se oglasi za par sati sa istim problemom. Ono što mi smeta je problem sa mišem, kao da sada malo bolje radi ali i dalje ne radi kako treba. U svakom slučaju hvala vam mnogo na pomoći.