Problem

1

Problem

offline
  • ctaH1  Male
  • Novi MyCity građanin
  • Pridružio: 16 Sep 2008
  • Poruke: 9

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:40 AM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Stanko\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = yahoo.com/
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5918 bytes





dakle, rachunar jako sporo radi, neke programe otvara minimum 2minuta, internet browser (opera) radi jako sporo, kada skrolujem neke internet strane, ne skroluje tecno, vec 'secka'.
igre takodje rade otezano, isto se pojavljuje problem 'seckanja'.
avast je nasao neki 'win32:Agent-AWB [Adw]' i izolovao ga u kovcheg, cak sam probao i sa Malwarebytes' Anti-Malware koji nista nije nasao, a problem 'kochenja/seckanja' je ostao.
sta raditi?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Reci cu ti sta prvo da radis.

Prvo uninstaliraj jedan antivirus. Koristis dva antivirusna programa, sto je moguce i da izazivaju kocenje.

Odluci se, ili Avast! ili Avira.

Kad jedan uklonis, postavices mi novi HiJack This log.

offline
  • ctaH1  Male
  • Novi MyCity građanin
  • Pridružio: 16 Sep 2008
  • Poruke: 9

ok, uradjeno...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:14 AM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Stanko\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = yahoo.com/
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5393 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Uradi sledece:

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Podešavanje programa....

U prozoru koji se otvori, pod Rešavanje problema, čekiraj opciju Onemogući avast! samo-odbrambeni modul i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Zaustavi Stalnu zaštitu.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.


---------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • ctaH1  Male
  • Novi MyCity građanin
  • Pridružio: 16 Sep 2008
  • Poruke: 9

ok, uradio, mada mi je u toku procesa pukao net, pa ako ne sto nevalja mozda je do toga Smile))


ComboFix 08-09-15.02 - Stanko 2008-09-16 10:40:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.683 [GMT 2:00]
Running from: C:\Documents and Settings\Stanko\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.

2008-09-16 01:31 . 2008-09-16 01:31 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-09-16 00:58 . 2008-09-16 00:58 <DIR> d-------- C:\Documents and Settings\Stanko\Application Data\Malwarebytes
2008-09-16 00:57 . 2008-09-16 01:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 00:57 . 2008-09-16 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 00:57 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 00:57 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-15 21:00 . 2008-09-15 21:00 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-15 21:00 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-15 21:00 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-15 21:00 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-15 18:09 . 2008-09-15 18:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-15 16:10 . 2008-09-15 16:10 <DIR> d-------- C:\Documents and Settings\Stanko\Application Data\Sports Interactive
2008-09-15 16:01 . 2008-09-15 16:08 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-09-15 16:00 . 2008-09-15 16:00 <DIR> d--h----- C:\Documents and Settings\Stanko\InstallAnywhere
2008-09-14 18:08 . 2008-09-15 17:40 <DIR> d-------- C:\WINDOWS\nview
2008-09-14 18:08 . 2006-11-17 17:29 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-14 18:08 . 2008-09-16 10:21 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-14 18:08 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-14 18:03 . 2006-11-17 19:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-14 17:47 . 2008-09-14 17:52 337 --a------ C:\WINDOWS\WINCMD.INI
2008-09-14 11:20 . 2008-09-14 11:20 <DIR> dr-h----- C:\Documents and Settings\Stanko\Application Data\SecuROM
2008-09-14 11:20 . 2008-09-14 11:20 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-12 10:52 . 2008-09-12 10:52 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-09-12 10:52 . 2008-09-12 10:52 <DIR> d-------- C:\Program Files\Ahead
2008-09-12 10:52 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-09-12 10:52 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-09-12 10:52 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-09-12 10:52 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-12 10:52 . 2003-10-06 08:41 113,664 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-09-12 10:52 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-09-12 10:52 . 2003-10-06 08:41 5,632 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-09-12 01:11 . 2008-09-12 01:13 <DIR> d-------- C:\Program Files\Screamer Radio
2008-09-12 00:10 . 2008-09-12 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-09-12 00:07 . 2008-09-12 00:07 <DIR> d-------- C:\Program Files\IVT Corporation
2008-09-12 00:07 . 2008-09-12 00:09 32 --a------ C:\WINDOWS\0
2008-09-12 00:07 . 2008-09-12 00:07 0 --a------ C:\WINDOWS\system32\0
2008-09-11 11:11 . 2008-09-11 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-10 20:01 . 2008-09-14 21:18 <DIR> d-------- C:\Program Files\PokerStars
2008-09-10 19:53 . 2008-09-15 16:53 <DIR> d-------- C:\Program Files\PokerRoom.com
2008-09-10 19:39 . 2008-09-10 19:39 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-09-10 19:39 . 2008-09-10 19:39 <DIR> d-------- C:\Documents and Settings\Stanko\Application Data\teamspeak2
2008-09-10 19:39 . 2008-09-10 19:39 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-09-10 17:09 . 2008-09-16 10:23 <DIR> d-------- C:\Program Files\Steam
2008-09-10 17:05 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-10 17:05 . 2008-09-10 17:05 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-10 17:03 . 2008-09-10 17:03 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-10 17:03 . 2008-09-10 17:03 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-10 17:02 . 2008-09-10 17:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-10 17:00 . 2008-09-16 00:59 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-09-10 16:58 . 2008-09-10 16:58 <DIR> d-------- C:\Documents and Settings\Stanko\Application Data\DAEMON Tools
2008-09-10 16:58 . 2008-09-10 16:58 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-10 16:49 . 2008-09-10 16:49 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-09-10 16:49 . 2008-09-10 16:49 <DIR> d-------- C:\Program Files\Winamp Remote
2008-09-10 16:49 . 2008-09-10 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-09-10 16:49 . 2008-09-10 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-09-10 16:39 . 2008-09-10 16:49 <DIR> d-------- C:\Program Files\Winamp
2008-09-10 16:39 . 2008-09-10 16:49 <DIR> d-------- C:\Documents and Settings\Stanko\Application Data\Winamp
2008-09-10 16:37 . 2008-09-10 16:37 <DIR> d-------- C:\Program Files\Webteh
2008-09-10 16:37 . 2008-09-10 16:37 <DIR> d-------- C:\Program Files\BS.Player ControlBar
2008-09-10 16:37 . 2008-09-10 16:37 <DIR> d-------- C:\Documents and Settings\Stanko\Application Data\BSplayer Pro
2008-09-10 16:37 . 2008-09-12 11:36 <DIR> d-------- C:\Documents and Settings\Stanko\Application Data\BSplayer
2008-09-10 16:15 . 2008-09-10 16:16 <DIR> d-------- C:\Program Files\ApexDC++_Gusari_XY6
2008-09-10 16:13 . 2001-08-17 15:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-09-10 16:12 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-09-10 16:11 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-09-10 16:11 . 2004-08-04 00:56 74,240 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-09-10 16:08 . 2008-09-15 19:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-10 16:08 . 2008-09-15 16:10 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-09-10 16:07 . 2008-09-10 14:35 <DIR> d--h----- C:\Documents and Settings\Default User
2008-09-10 16:07 . 2008-09-10 14:20 <DIR> d-------- C:\Documents and Settings\All Users
2008-09-10 16:07 . 2008-09-10 14:33 <DIR> d-------- C:\Documents and Settings
2008-09-10 16:06 . 2008-09-10 14:25 261 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 08:42 --------- d-----w C:\Documents and Settings\Stanko\Application Data\mIRC
2008-09-16 08:23 --------- d-----w C:\Program Files\mIRC
2008-09-14 09:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 13:57 --------- d-----w C:\Program Files\MSN Messenger
2008-09-10 12:56 --------- d-----w C:\Program Files\Opera
2008-09-10 12:38 --------- d-----w C:\Program Files\Realtek
2008-09-10 12:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-10 12:35 --------- d-----w C:\Program Files\Yahoo!
2008-09-10 12:35 --------- d-----w C:\Program Files\Intel
2008-09-10 12:22 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-13 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Steam"="c:\program files\steam\steam.exe" [2008-09-10 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 24576]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Steam\\SteamApps\\mendzhi\\counter-strike\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Stanko\Application Data\Mozilla\Firefox\Profiles\n607ij18.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-16 10:42:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Stanko\LOCALS~1\Temp\RGI5F.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-09-16 10:44:34
ComboFix-quarantined-files.txt 2008-09-16 08:44:27

Pre-Run: 48,928,931,840 bytes free
Post-Run: 48,953,761,792 bytes free

171

Dopuna: 16 Sep 2008 17:49

meni nema spasa, a? Sad

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ima spasa, samo sam bio zauzet pa nisam ranije odgovorio.

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili



Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili

offline
  • ctaH1  Male
  • Novi MyCity građanin
  • Pridružio: 16 Sep 2008
  • Poruke: 9

mycity.rs/must-login.png



mycity.rs/must-login.png






mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Sutra gledam logove, sad idem da spavam...

offline
  • ctaH1  Male
  • Novi MyCity građanin
  • Pridružio: 16 Sep 2008
  • Poruke: 9

dobro jutro!! Smile
jebi ga, znam da smaram, ali znas kako je kada si bez kompa Smile))
a nije da mi nije potreban..

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Izvini na cekanju.

Siguran sam da ovakav odgovor nisi ocekivao, ali u tvojim logovima nema naznaka delovanja malwera.

Znaci za usporenje nije kriva nikakva infekcija.

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore





Pozzz

Ko je trenutno na forumu
 

Ukupno su 1338 korisnika na forumu :: 25 registrovanih, 3 sakrivenih i 1310 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksandarbl, Alibaba1981, Bane san, Boris BM, djboj, Dorcolac, draganca, ds69, Fabius, Istman, jackreacher011011, janbo, Joja2, kraJo, Krusarac, raketaš, S2M, sasakrajina, sevenino, shaja1, Srky Boy, suton, t84dar, Vlada1389, vladulns