[ Pekija @ 25.02.2011. 11:31 ] @
Mozda nisam morao bas se da iskopiram, ali da bi imali uvid u sve sto mi se dogadja eto, jesam :)

ComboFix 11-02-24.05 - LG 25.02.2011 11:27:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.731 [GMT 1:00]
Running from: c:\documents and settings\LG\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Installr\Cache\04B491DF.exe
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\program files\Messenger\msnmsgr.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Setup.exe
c:\windows\system32\midas.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-25 10:04 . 2011-02-25 10:04 -------- d-----w- c:\documents and settings\LG\Application Data\Malwarebytes
2011-02-25 10:04 . 2011-02-25 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-25 10:04 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-25 10:04 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-25 10:04 . 2011-02-25 10:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-25 09:42 . 2011-02-25 09:42 -------- d-----w- c:\program files\CCleaner
2011-02-24 19:03 . 2011-02-25 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-02-24 19:03 . 2011-02-24 19:03 -------- d-----w- c:\program files\AVAST Software
2011-02-21 17:39 . 2011-02-21 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2011-02-21 17:39 . 2011-02-21 17:39 -------- d-----w- c:\program files\AVG
2011-02-21 16:47 . 2011-02-21 16:47 146 ----a-w- c:\windows\DelMR.bat
2011-02-17 20:31 . 2011-02-17 20:31 -------- d-----w- c:\documents and settings\LG\Local Settings\Application Data\lUNA
2011-02-17 14:45 . 2011-02-24 19:13 -------- d-----w- C:\New Folder
2011-02-16 16:14 . 2010-12-30 19:04 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-02-16 16:14 . 2010-12-30 19:03 189776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-25 10:29 . 2010-07-27 09:32 1275904 ----a-w- C:\GPRS.exe
2009-06-03 14:23 . 2009-06-03 14:19 21128536 ----a-w- c:\program files\DivXInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-01 39408]
"Google Update"="c:\documents and settings\LG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"CNAP2 Launcher"="c:\windows\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-11-27 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-4 113664]
EPSON Status Monitor 3 Environment Check(4).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV04.EXE [2000-2-3 222720]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:cbbd3018

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-30 20:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 03:15 83968 ----a-r- c:\windows\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\LG\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LG\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\games\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/16/2011 5:14 PM 189776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/15/2009 8:01 PM 685816]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/16/2011 5:14 PM 99792]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [5/29/2010 12:49 PM 36608]

--- Other Services/Drivers In Memory ---

*Deregistered* - avast! Antivirus
.
Contents of the 'Scheduled Tasks' folder

2011-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-01 14:18]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 14:20]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 14:20]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1364589140-1801674531-1003Core.job
- c:\documents and settings\LG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-18 18:41]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1364589140-1801674531-1003UA.job
- c:\documents and settings\LG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-18 18:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LG\Application Data\Mozilla\Firefox\Profiles\tzahquk5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm035YYRS&ptb=DCQldYZEOUHkMbyhFbDYzA&psa=&ind=2010082410&ptnrS=GRxdm035YYRS&si=&st=kwd&n=77cf6c6a&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.78.0\HotbarSA.exe
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.78.0\Weather.exe
AddRemove-Doc's Unofficial 1.0 - 1.33 - c:\program files\Far Cry\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-25 11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1364589140-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D57B95CB-6904-B536-A921-352C34521A22}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaogljodilihjmleag"=hex:6a,61,6b,70,66,67,61,69,6c,6a,6a,6c,6c,69,65,6b,62,6b,
65,61,00,00
"haigfcppambhnlnl"=hex:6a,61,6b,70,66,67,61,69,6c,6a,6a,6c,6c,69,65,6b,62,6b,
65,61,00,00

[HKEY_USERS\S-1-5-21-1547161642-1364589140-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b4,20,0f,18,20,3b,ee,9f,d1,ea,36,4c,b5,06,23,c5,b8,dd,21,5b,e2,b8,e7,
93,d8,a3,03,fb,c1,88,f4,b0,63,bd,19,04,27,3a,76,17,57,ce,c7,82,d8,57,03,33,\
"??"=hex:1e,04,f5,2a,a3,5d,6c,76,e2,73,f3,c8,7e,2b,6b,c5

[HKEY_USERS\S-1-5-21-1547161642-1364589140-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,17,e9,5b,d8,4f,4f,38,b2,34,75,0f,0e,76,88,52,c1,d3,85,07,99,
dd,7c,dd,9d,b7,71,7c,df,af,bd,4b,92,e3,2f,21,5c,eb,59,0c,25,76,3f,5b,3b,b8,\
"rkeysecu"=hex:ae,05,1c,77,b4,80,3e,92,20,46,17,c9,77,90,88,c7
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-02-25 11:34:02
ComboFix-quarantined-files.txt 2011-02-25 10:33

Pre-Run: 17,935,917,056 bytes free
Post-Run: 17,952,149,504 bytes free

- - End Of File - - 2E26B7ED753ABD9DDBCE7E288FA9691F



Ovo je odradjeno zbog problema koji imam sa avastom. Naime, koju god verziju da sam instalirao, 4.8, 5.1 ili najnoviju 6 uvek mi se internet gubi kad god je upaljen Web shield, kada ga ugasim internet se vraca!

[ goran9888 @ 26.02.2011. 02:57 ] @
ComboFix ne trebas koristiti na "svoju ruku". Nepravilnim koriscenjem ComboFix-a mozes unistiti sistem, kao i izgubiti sve podatke sa hard diska. Njegovo pokretanje je dozvoljeno uz nadleznost i predlog za pokretanje eksperta koji je strucan u uklanjanju malware-a tim putem.



Inace, resenje za tvoj problem potrazi ovde: http://www.elitesecurity.org/t...O-mi-blokira-pristup-internetu