Problem pri paljenju

Problem pri paljenju

offline
  • SPQR 
  • Novi MyCity građanin
  • Pridružio: 27 Nov 2008
  • Poruke: 9

pochelo je to da mi se deshava danas! Kad krenem da podignem sistem treba mu duze nego obichno i kad se upali javlja da ima problem sa explorerom al ne iexpolorerom. tako da onda moram da ga restartujem par puta!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:04, on 28.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Programmi\Boot Camp\KbdMgr.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\COMODO\SafeSurf\cssurf.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\User\Desktop\Nuova cartella\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = cafemontenegro.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Programmi\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programmi\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Programmi\Hamachi\hamachi.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: CabBuilder - ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Programmi/Amazing%20Adventures%20Around%20the%20World/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Servizio orario Apple (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programmi\File comuni\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmi\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 10824 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Može li malo precizniji opis tog problema sa Win. Explorer-om?



Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Takođe, privremeno deaktiviraj i ostatak zaštitnog softvera.



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • SPQR 
  • Novi MyCity građanin
  • Pridružio: 27 Nov 2008
  • Poruke: 9

izvini shto nisam odgovarao...imao sam masu nekih obaveza!! sad cu odma da odradim ovo!

Dopuna: 03 Dec 2008 23:52

ne deshva se stalno da nece da se upali ali kad se desi treba da ga restartujem po 3-4 puta...

digne on sistem i sve ali kad se otvori desktop pojavi se prozorche koje javlja grsku sa expolorerom i kad kliknem da ne poshalje greshku on ga opet otvori i tako stalno... na desktopu se vide ponekad inkonice kad se to desi a nekad ne!!!


ComboFix 08-12-02.02 - User 2008-12-03 23:37:31.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1494 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\Nuova cartella\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\enoeuce.dll
c:\windows\system32\hpowiax3.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-11-03 al 2008-12-03 )))))))))))))))))))))))))))))))))))
.

2008-12-01 23:20 . 2008-12-01 23:20 <DIR> d----c--- c:\programmi\iTunes
2008-12-01 23:20 . 2008-12-01 23:20 <DIR> d----c--- c:\programmi\iPod
2008-12-01 23:20 . 2008-12-01 23:20 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 23:18 . 2008-12-01 23:18 <DIR> d----c--- c:\programmi\QuickTime
2008-12-01 17:24 . 2008-12-01 17:26 414,404 --a--c--- c:\windows\SAP2000911.0.0chg.tb3
2008-12-01 17:23 . 2008-12-01 17:23 <DIR> d----c--- c:\programmi\File comuni\Crystal Decisions
2008-12-01 17:23 . 2008-12-01 17:23 <DIR> d----c--- c:\programmi\File comuni\ADO
2008-12-01 17:22 . 2008-12-01 17:22 <DIR> d----c--- c:\programmi\Computers and Structures
2008-12-01 17:22 . 2008-12-01 17:22 1,024 --a--c--- c:\windows\system32\gvztq82.tgz
2008-11-27 20:40 . 2008-11-27 20:40 <DIR> d----c--- c:\programmi\File comuni\L&H
2008-11-27 20:39 . 2008-11-27 20:39 <DIR> d----c--- c:\programmi\Microsoft.NET
2008-11-27 20:39 . 2008-11-27 20:39 <DIR> d----c--- c:\programmi\Microsoft Works
2008-11-27 20:39 . 2008-11-27 20:39 <DIR> d----c--- c:\programmi\Microsoft ActiveSync
2008-11-27 20:37 . 2008-11-27 20:37 <DIR> dr-h-c--- C:\MSOCache
2008-11-27 20:32 . 2008-11-27 20:32 <DIR> d----c--- c:\programmi\PowerISO
2008-11-26 15:45 . 2008-12-01 17:55 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-26 13:29 . 2008-11-26 13:29 212 --a--c--- c:\windows\system32\spupdsvc.inf
2008-11-26 13:28 . 2008-11-26 13:29 <DIR> d----c--- C:\c1fae43313d981915ad4
2008-11-25 18:00 . 2008-11-25 18:21 <DIR> d----c--- c:\programmi\Sports Interactive
2008-11-23 21:04 . 2008-12-01 17:41 <DIR> d----c--- c:\documents and settings\User\Dati applicazioni\Hamachi
2008-11-23 21:03 . 2008-11-23 21:04 <DIR> d----c--- c:\programmi\Hamachi
2008-11-23 21:03 . 2008-11-23 21:03 25,280 --a--c--- c:\windows\system32\drivers\hamachi.sys
2008-11-22 19:05 . 2008-11-22 19:10 <DIR> d----c--- c:\programmi\AutoCAD 2008
2008-11-21 16:41 . 2008-11-21 16:41 <DIR> d----c--- c:\programmi\MSBuild
2008-11-21 16:39 . 2008-11-26 13:32 <DIR> d----c--- c:\windows\system32\XPSViewer
2008-11-21 16:38 . 2008-11-21 16:38 <DIR> d----c--- c:\programmi\Reference Assemblies
2008-11-21 16:38 . 2006-06-29 13:07 14,048 -----c--- c:\windows\system32\spmsg2.dll
2008-11-16 23:03 . 2008-11-18 22:40 <DIR> d----c--- c:\programmi\Yahoo!
2008-11-16 23:03 . 2008-11-16 23:03 <DIR> d----c--- c:\programmi\CCleaner
2008-11-16 22:01 . 2008-11-16 22:01 <DIR> d----c--- c:\documents and settings\User\Dati applicazioni\HP
2008-11-16 21:59 . 2008-11-16 21:59 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\WEBREG
2008-11-16 21:57 . 2008-11-16 21:57 <DIR> d----c--- c:\documents and settings\User\Dati applicazioni\HPAppData
2008-11-16 21:57 . 2008-11-16 21:57 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\HPSSUPPLY
2008-11-16 21:55 . 2008-11-16 21:55 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2008-11-16 21:55 . 2008-11-16 21:55 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\HP
2008-11-16 21:54 . 2008-11-16 21:54 <DIR> d----c--- c:\programmi\Hewlett-Packard
2008-11-16 21:54 . 2008-11-16 21:54 <DIR> d----c--- c:\programmi\File comuni\HP
2008-11-16 21:53 . 2008-11-16 21:53 <DIR> d----c--- c:\programmi\File comuni\Hewlett-Packard
2008-11-16 21:53 . 2007-03-08 05:20 16,496 -ra--c--- c:\windows\system32\drivers\HPZipr12.sys
2008-11-16 21:52 . 2008-11-16 21:52 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2008-11-16 21:52 . 2007-03-30 16:07 267,864 -ra--c--- c:\windows\system32\hpzids01.dll
2008-11-16 21:52 . 2007-03-28 14:01 117,760 --a--c--- c:\windows\system32\hpzll5ha.dll
2008-11-16 21:52 . 2007-03-08 05:20 49,920 -ra--c--- c:\windows\system32\drivers\HPZid412.sys
2008-11-16 21:52 . 2007-03-08 05:20 21,568 -ra--c--- c:\windows\system32\drivers\HPZius12.sys
2008-11-16 21:51 . 2007-03-17 17:11 569,344 -ra--c--- c:\windows\system32\hpotscl3.dll
2008-11-16 21:51 . 2007-03-08 05:20 364,544 -ra--c--- c:\windows\system32\hppldcoi.dll
2008-11-16 21:51 . 2007-03-08 05:20 309,760 -ra--c--- c:\windows\system32\difxapi.dll
2008-11-16 21:51 . 2007-03-17 17:11 303,104 -ra--c--- c:\windows\system32\hpovst10.dll
2008-11-16 21:51 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\drivers\usbscan.sys
2008-11-16 21:51 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-16 21:50 . 2008-11-16 21:57 <DIR> d----c--- c:\programmi\HP
2008-11-16 21:49 . 2008-11-16 21:59 153,139 --a--c--- c:\windows\hpoins14.dat
2008-11-16 21:49 . 2007-06-06 00:07 2,000 -----c--- c:\windows\hpomdl14.dat
2008-11-16 21:48 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\drivers\usbprint.sys
2008-11-16 21:48 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-14 00:20 . 2008-11-14 00:25 <DIR> d----c--- c:\documents and settings\All Users\Dati applicazioni\Abvent
2008-11-14 00:19 . 2008-11-14 00:25 <DIR> d----c--- c:\programmi\Artlantis Studio
2008-11-12 02:08 . 2008-11-12 02:08 <DIR> d----c--- c:\programmi\WIBUKEY
2008-11-12 02:08 . 2008-11-12 02:08 <DIR> d----c--- c:\programmi\WIBU-SYSTEMS
2008-11-11 21:41 . 2008-11-11 21:41 0 --a--c--- c:\windows\ativpsrm.bin
2008-11-11 20:57 . 2008-11-11 20:57 <DIR> d----c--- c:\programmi\Apple Software Update
2008-11-11 20:19 . 2007-12-18 08:58 593,920 -----c--- c:\windows\system32\ati2sgag.exe
2008-11-11 20:19 . 2008-04-15 15:36 69,632 --a--c--- c:\windows\Alcmtr.exe
2008-11-11 20:19 . 2008-04-15 15:36 553 --a--c--- c:\windows\USetup.iss
2008-11-11 20:17 . 2008-04-15 15:29 46,080 --a--c--- c:\windows\system32\amdpcom32.dll
2008-11-10 20:09 . 2008-11-10 20:09 <DIR> d----c--- c:\programmi\Microsoft SQL Server Compact Edition
2008-11-10 20:04 . 2008-11-10 20:04 <DIR> d----c--- c:\documents and settings\User\Dati applicazioni\Windows Live Writer
2008-11-04 19:42 . 2008-11-04 19:42 244 --ah-c--- C:\sqmnoopt17.sqm
2008-11-04 19:42 . 2008-11-04 19:42 232 --ah-c--- C:\sqmdata17.sqm
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a--c--- c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a--c--- c:\windows\system32\QuickTime.qts
2008-11-04 02:14 . 2008-11-04 02:14 <DIR> d----c--- c:\programmi\ATI Technologies
2008-11-04 02:12 . 2008-11-04 02:22 <DIR> d----c--- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 00:11 --------- dc----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2008-12-02 03:50 --------- dc----w c:\documents and settings\User\Dati applicazioni\uTorrent
2008-12-01 22:20 --------- dc----w c:\programmi\File comuni\Apple
2008-11-30 05:35 --------- dc----w c:\documents and settings\User\Dati applicazioni\Abvent
2008-11-22 18:40 --------- dc----w c:\documents and settings\User\Dati applicazioni\Autodesk
2008-11-22 18:40 --------- dc----w c:\documents and settings\All Users\Dati applicazioni\Autodesk
2008-11-22 18:09 --------- dc----w c:\programmi\File comuni\Autodesk Shared
2008-11-22 18:04 --------- dc----w c:\programmi\Autodesk
2008-11-22 07:14 99,216 -c--a-w c:\windows\system32\drivers\cmdguard.sys
2008-11-22 07:14 31,504 -c--a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-22 07:14 143,096 -c--a-w c:\windows\system32\guard32.dll
2008-11-15 04:54 --------- dc----w c:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2008-11-15 01:01 --------- dc----w c:\documents and settings\User\Dati applicazioni\Sports Interactive
2008-11-12 01:15 --------- dc----w c:\documents and settings\User\Dati applicazioni\Graphisoft
2008-11-12 01:10 --------- dc----w c:\programmi\Graphisoft
2008-11-11 22:02 --------- dc----w c:\programmi\Windows Live Toolbar
2008-11-11 21:59 --------- dc----w c:\programmi\Google
2008-11-11 21:02 --------- dc----w c:\programmi\Windows Live
2008-11-11 20:55 --------- dc----w c:\documents and settings\User\Dati applicazioni\Apple Computer
2008-11-11 19:55 --------- dc----w c:\programmi\Bonjour
2008-11-11 19:21 --------- dc----w c:\programmi\Boot Camp
2008-11-10 19:03 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-11-10 18:57 --------- dc----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-04 01:14 --------- dc-h--w c:\programmi\InstallShield Installation Information
2008-11-02 08:44 56,572 -c--a-w c:\windows\system32\drivers\scdemu.sys
2008-10-29 19:37 --------- dc----w c:\documents and settings\User\Dati applicazioni\U3
2008-10-24 20:34 --------- dc----w c:\documents and settings\User\Dati applicazioni\BSplayer
2008-10-21 14:35 --------- dc----w c:\programmi\Sun
2008-10-21 14:35 --------- dc----w c:\programmi\Java
2008-10-19 11:21 --------- dc----w c:\documents and settings\User\Dati applicazioni\Nokia Multimedia Player
2008-10-07 23:35 --------- dc----w c:\programmi\ASGvis
2008-10-07 23:34 --------- dc----w c:\programmi\File comuni\McNeel Shared
2008-03-02 16:06 32 -c--a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-06-30 18:29 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-06-30 18:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2007-11-23 16:49 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007112320071124\index.dat
2008-06-30 18:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IRW"="c:\windows\system32\IRW.exe" [2008-04-15 147456]
"Apple_KbdMgr"="c:\programmi\Boot Camp\KbdMgr.exe" [2008-04-15 423216]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-09-09 266497]
"COMODO SafeSurf"="c:\programmi\COMODO\SafeSurf\cssurf.exe" [2008-07-01 278264]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2008-11-22 1796856]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2008-11-22 1796856]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"PWRISOVM.EXE"="c:\programmi\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-23 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
AutoCAD Startup Accelerator.lnk - c:\programmi\File comuni\Autodesk Shared\acstart17.exe [2006-03-05 11000]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^SnagIt 8.lnk]
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-11-20 13:20 290088 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-11-04 10:30 413696 c:\programmi\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\ApexDC++\\ApexDC.exe"=
"c:\\Programmi\\WIBUKEY\\Server\\WkSvW32.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Games\\Counter-Strike Source\\hl2.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-07-01 99216]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-07-01 31504]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-04-15 132400]
R2 AppleTimeSrv;Servizio orario Apple;c:\windows\system32\AppleTimeSrv.exe [2008-04-15 99632]
R2 KeyAgent;KeyAgent;\??\c:\windows\system32\drivers\KeyAgent.sys [2008-04-15 5504]
R2 MacHALDriver;Mac HAL;\??\c:\windows\system32\drivers\MacHALDriver.sys [2008-04-15 6528]
R3 aapltctp;Apple Trackpad Enabler;c:\windows\system32\DRIVERS\aapltctp.sys [2007-11-23 4224]
R3 aapltp;Apple Trackpad;c:\windows\system32\DRIVERS\aapltp.sys [2007-11-23 35072]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\DRIVERS\applebt.sys [2007-11-23 9088]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2007-11-23 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2007-11-23 19968]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\programmi\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\DRIVERS\BthKicker.sys [2007-11-23 7424]
S3 iSightUpdate;iSight Update Driver;c:\windows\system32\DRIVERS\iSightUP.sys [2007-11-23 17664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-10-02 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-10-02 8320]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e21e1b9-a533-11dd-9882-0017f2be917f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{440347c3-bbc5-11dd-98c1-0017f2be917f}]
\Shell\AutoRun\command - E:\ij.bat
\Shell\explore\Command - E:\ij.bat
\Shell\open\Command - E:\ij.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0661688-ec97-11dc-96b4-0017f2be917f}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-03 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 16:17]

2008-12-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 16:17]
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SigmatelSysTrayApp - sttray.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.cafemontenegro.com/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD

c:\windows\Downloaded Program Files\stg_drm.ocx - O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Programmi/Amazing%20Adventures%20Around%20the%20World/Images/stg_drm.ocx
.
.
------- Associazioni di file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-03 23:39:32
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(1080)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
.
Ora fine scansione: 2008-12-03 23:40:49
ComboFix-quarantined-files.txt 2008-12-03 22:40:23

Pre-Run: 7.043.661.824 byte disponibili
Post-Run: 7,546,535,936 byte disponibili

277 --- E O F --- 2008-08-03 11:17:05

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovde nema malware-a.

Samo jedna stavka koju treba ukloniti iz registra.
Skini sledeći file na Desktop: https://www.mycity.rs/must-login.png

Dvoklikni na njega i kada se pojavi upit, klikni Yes.



Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



To je sve što ovde možemo uraditi. Dalje savete oko rešavanja problema možeš potražiti u Windows forumu.

Ko je trenutno na forumu
 

Ukupno su 1338 korisnika na forumu :: 43 registrovanih, 4 sakrivenih i 1291 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., ajo baba, Andrija357, Areal84, bagor10, Brana01, bufanje, darkangel, DonRumataEstorski, Dorcolac, DPera, draganl, drimer, FileFinder, gasha, ikan, jackreacher011011, janbo, Karla, kikisp, Krvava Devetka, kuntalo, kybonacci, ljuba, Mcdado, mercedesamg, Milos ZA, milutin134, naki011, nextyamb, Pakito93, panzerwaffe, pein, raptorsi, Romibrat, skvara, Srle993, suton, Trpe Grozni, wolf431, zlaya011, Zoca