Problem sa IE i mozilom

1

Problem sa IE i mozilom

offline
  • -giska  Male
  • Novi MyCity građanin
  • Pridružio: 26 Feb 2008
  • Poruke: 5
  • Gde živiš: Nis

Kad otvorim vise strana na IE pojavi mi se obavestenje sa ovakvim sadrzajem :Internet Exsplorer has enco untered aproblem and needs to close.We are sory for the inconvenence.
I imam opciju Send error report i Don"t send kad kliknem na dont send zatvori mi sve strane. A na mozili kad zeli da otvorim new tab izlazi mi about:newtab.I jos nesto kad gasim racunar pojavljuje mi se kao da mi jos radi neki program sa naznakom explorer.exe

Logfile of HijackThis v1.99.1
Scan saved at 5:05:11 AM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotkey 1.0.4\FuncKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Igor\Desktop\New Folder\TR3.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey 1.0.4\FuncKey.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{580D139C-73DE-419B-9AB7-21A3BAB6F63F}: NameServer = 77.105.0.18 77.105.0.19
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pokreni HijackThis i izaberi opciju "Do a system scan only". Označi kvadratić pored ove linije
"R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL"

Klikni na FixChecked.

---------------------

Zatim skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • -giska  Male
  • Novi MyCity građanin
  • Pridružio: 26 Feb 2008
  • Poruke: 5
  • Gde živiš: Nis

ComboFix 08-02-25.3 - Igor 2008-02-26 16:54:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.140 [GMT 1:00]
Running from: C:\Documents and Settings\Igor\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-25 12:58 . 2008-02-25 12:58 <DIR> d-------- C:\Program Files\Hasbro
2008-02-25 12:58 . 2008-02-25 12:58 <DIR> dr-h----- C:\Documents and Settings\Igor\Application Data\SecuROM
2008-02-25 12:58 . 2008-02-25 12:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-22 11:45 . 2008-02-22 11:45 <DIR> d-------- C:\Program Files\Nero
2008-02-20 02:23 . 2008-02-20 02:29 50 --a------ C:\WINDOWS\MegaManager.INI
2008-02-19 23:14 . 2002-02-22 17:11 140,510 --a------ C:\WINDOWS\system32\drivers\tiau5tp.bin
2008-02-19 23:14 . 2002-04-02 13:06 57,093 --a------ C:\WINDOWS\system32\drivers\tiau5co.sys
2008-02-19 23:14 . 2001-07-18 15:49 15,256 --a------ C:\WINDOWS\system32\drivers\tiau5fw.bin
2008-02-19 23:14 . 2002-04-02 13:05 11,775 --a------ C:\WINDOWS\system32\drivers\tiau5bt.sys
2008-02-19 23:14 . 2002-07-28 09:00 8,929 --a------ C:\WINDOWS\system32\drivers\tiauxco.cat
2008-02-19 23:13 . 2002-02-22 17:11 140,510 --a------ C:\WINDOWS\system\TIAU5TP.BIN
2008-02-19 23:13 . 2002-04-02 13:06 57,093 --a------ C:\WINDOWS\system\TIAU5CO.SYS
2008-02-19 23:13 . 2001-07-18 15:49 15,256 --a------ C:\WINDOWS\system\TIAU5FW.BIN
2008-02-19 23:13 . 2002-04-02 13:05 11,775 --a------ C:\WINDOWS\system\TIAU5BT.SYS
2008-02-16 15:36 . 2008-02-20 02:19 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-02-16 15:36 . 2008-02-26 05:19 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\MegauploadToolbar
2008-02-14 14:23 . 2008-02-14 14:23 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-02-14 14:23 . 2008-02-14 14:23 <DIR> d-------- C:\Program Files\MP3
2008-02-14 14:23 . 2003-03-25 09:05 18,912 --a------ C:\WINDOWS\system32\drivers\SMMD.sys
2008-02-09 09:51 . 2008-01-28 20:49 211 --ahs---- C:\BOOT.BKK
2008-02-09 09:48 . 2008-02-09 15:55 <DIR> d-------- C:\Program Files\TGTSoft
2008-02-07 19:03 . 2008-02-26 02:38 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-06 20:47 . 2008-02-06 20:47 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Nero
2008-02-06 20:43 . 2008-02-22 11:48 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-06 20:43 . 2008-02-22 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-06 15:51 . 2008-02-06 15:51 <DIR> d-------- C:\Program Files\AskTBar
2008-02-06 15:17 . 2008-02-06 15:17 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Ahead
2008-02-01 12:31 . 2008-02-01 12:31 <DIR> d-------- C:\Program Files\Tech
2008-02-01 12:31 . 2000-05-10 06:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.VXD
2008-01-31 19:52 . 2008-02-01 02:28 745 --a------ C:\WINDOWS\eReg.dat
2008-01-31 19:51 . 2008-01-31 19:51 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-31 19:51 . 1999-04-02 16:37 33,792 -ra------ C:\WINDOWS\NPSExec.exe
2008-01-31 19:49 . 2008-02-01 01:42 <DIR> d-------- C:\Program Files\Maxis
2008-01-26 18:00 . 2008-01-26 18:40 244 --a------ C:\WINDOWS\svchost
2008-01-26 18:00 . 2008-02-26 16:50 45 --a------ C:\TEST.XML
2008-01-26 06:43 . 2008-01-26 06:43 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-01-26 06:43 . 2008-01-26 06:43 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2008-01-26 05:49 . 2008-01-26 05:49 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 15:57 875,808 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-26 15:57 15,991,840 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-26 15:49 88,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-26 15:49 220,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-26 15:10 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-24 00:38 --------- d-----w C:\Program Files\Winamp
2008-02-24 00:27 --------- d-----w C:\Program Files\eMule
2008-02-21 22:55 --------- d-----w C:\Documents and Settings\Igor\Application Data\uTorrent
2008-02-21 15:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 22:13 --------- d-----w C:\Program Files\TI ADSL
2008-02-06 14:24 --------- d-----w C:\Program Files\Ahead
2008-01-23 05:13 --------- d-----w C:\Program Files\uTorrent
2008-01-21 20:42 --------- d-----w C:\Program Files\Folder Marker
2008-01-21 20:35 40,960 ----a-w C:\WINDOWS\My 'Me To You' Screensaver.dll
2008-01-21 20:35 399,072 ----a-w C:\WINDOWS\My 'Me To You' Screensaver.scr
2008-01-21 20:35 1,070,502 ----a-w C:\WINDOWS\My 'Me To You' Screensaver.exe
2008-01-10 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ransen Software
2008-01-06 21:56 180,224 ----a-w C:\WINDOWS\system32\dwwin.exe
2008-01-05 16:32 --------- d-----w C:\Program Files\URUSoft
2007-12-30 01:09 --------- d-----w C:\Program Files\filesubmit
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"WeatherClock"="C:\Program Files\Weather Clock\WeatherClock.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-10-23 14:19 1410344]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FuncKey"="C:\Program Files\Hotkey 1.0.4\FuncKey.exe" [2006-07-27 15:06 122880]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-04-16 17:08 172032]
"VTTimer"="VTTimer.exe" [2006-08-03 14:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-07-11 02:33 176128 C:\WINDOWS\system32\S3Trayp.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"LWBMOUSE"="C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE" [2002-05-24 13:54 357376]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"TIxDSL"="C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe" [2002-08-27 12:37 425984]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28 155751]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17940:TCP"= 17940:TCP:NortonAV
"15677:TCP"= 15677:TCP:NortonAV

R3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 21:58]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 10:43]
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys [2002-04-02 13:06]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 21:58]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys [2002-04-02 13:05]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{137D2C53-280A-277A-0705-040707040403}]
C:\WINDOWS\svchost.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-26 16:57:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 16:58:46

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\svchost

Folder::
C:\Program Files\AskTBar

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{137D2C53-280A-277A-0705-040707040403}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

------------------

Napiši mi takođe šta imaš instalirano u ovim dole navedenim folderima, da li si ih ti tokom instalacije nekog od programa/igrice kreirao ili ti nisu poznati.. ?

C:\Program Files\Hasbro
C:\Program Files\MP3

offline
  • -giska  Male
  • Novi MyCity građanin
  • Pridružio: 26 Feb 2008
  • Poruke: 5
  • Gde živiš: Nis

C:\Program Files\Hasbro u ovom imam to je igrica a ovaj C:\Program Files\MP3 nemam poima sta je.A evo i novog skeniranja

ComboFix 08-02-25.3 - Igor 2008-02-26 20:17:08.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.160 [GMT 1:00]
Running from: C:\Documents and Settings\Igor\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Igor\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\svchost
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar\2.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\0005FE2E
C:\Program Files\AskTBar\bar\Cache\00060C28
C:\Program Files\AskTBar\bar\Cache\005E69DC.bin
C:\Program Files\AskTBar\bar\Cache\005E8A64.bin
C:\Program Files\AskTBar\bar\Cache\005EACC1.bin
C:\Program Files\AskTBar\bar\Cache\005ECCDC.bin
C:\Program Files\AskTBar\bar\Cache\005EE749.bin
C:\Program Files\AskTBar\bar\Cache\005F0272.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
C:\WINDOWS\svchost

.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-25 12:58 . 2008-02-25 12:58 <DIR> d-------- C:\Program Files\Hasbro
2008-02-25 12:58 . 2008-02-25 12:58 <DIR> dr-h----- C:\Documents and Settings\Igor\Application Data\SecuROM
2008-02-25 12:58 . 2008-02-25 12:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-22 11:45 . 2008-02-22 11:45 <DIR> d-------- C:\Program Files\Nero
2008-02-20 02:23 . 2008-02-20 02:29 50 --a------ C:\WINDOWS\MegaManager.INI
2008-02-19 23:14 . 2002-02-22 17:11 140,510 --a------ C:\WINDOWS\system32\drivers\tiau5tp.bin
2008-02-19 23:14 . 2002-04-02 13:06 57,093 --a------ C:\WINDOWS\system32\drivers\tiau5co.sys
2008-02-19 23:14 . 2001-07-18 15:49 15,256 --a------ C:\WINDOWS\system32\drivers\tiau5fw.bin
2008-02-19 23:14 . 2002-04-02 13:05 11,775 --a------ C:\WINDOWS\system32\drivers\tiau5bt.sys
2008-02-19 23:14 . 2002-07-28 09:00 8,929 --a------ C:\WINDOWS\system32\drivers\tiauxco.cat
2008-02-19 23:13 . 2002-02-22 17:11 140,510 --a------ C:\WINDOWS\system\TIAU5TP.BIN
2008-02-19 23:13 . 2002-04-02 13:06 57,093 --a------ C:\WINDOWS\system\TIAU5CO.SYS
2008-02-19 23:13 . 2001-07-18 15:49 15,256 --a------ C:\WINDOWS\system\TIAU5FW.BIN
2008-02-19 23:13 . 2002-04-02 13:05 11,775 --a------ C:\WINDOWS\system\TIAU5BT.SYS
2008-02-16 15:36 . 2008-02-20 02:19 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-02-16 15:36 . 2008-02-26 05:19 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\MegauploadToolbar
2008-02-14 14:23 . 2008-02-14 14:23 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-02-14 14:23 . 2008-02-14 14:23 <DIR> d-------- C:\Program Files\MP3
2008-02-14 14:23 . 2003-03-25 09:05 18,912 --a------ C:\WINDOWS\system32\drivers\SMMD.sys
2008-02-09 09:51 . 2008-01-28 20:49 211 --ahs---- C:\BOOT.BKK
2008-02-09 09:48 . 2008-02-09 15:55 <DIR> d-------- C:\Program Files\TGTSoft
2008-02-07 19:03 . 2008-02-26 02:38 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-06 20:47 . 2008-02-06 20:47 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Nero
2008-02-06 20:43 . 2008-02-22 11:48 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-06 20:43 . 2008-02-22 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-06 15:17 . 2008-02-06 15:17 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Ahead
2008-02-01 12:31 . 2008-02-01 12:31 <DIR> d-------- C:\Program Files\Tech
2008-02-01 12:31 . 2000-05-10 06:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.VXD
2008-01-31 19:52 . 2008-02-01 02:28 745 --a------ C:\WINDOWS\eReg.dat
2008-01-31 19:51 . 2008-01-31 19:51 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-31 19:51 . 1999-04-02 16:37 33,792 -ra------ C:\WINDOWS\NPSExec.exe
2008-01-31 19:49 . 2008-02-01 01:42 <DIR> d-------- C:\Program Files\Maxis
2008-01-26 18:00 . 2008-02-26 17:11 45 --a------ C:\TEST.XML
2008-01-26 06:43 . 2008-01-26 06:43 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-01-26 06:43 . 2008-01-26 06:43 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2008-01-26 05:49 . 2008-01-26 05:49 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 19:18 883,232 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-26 19:18 16,160,288 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-26 18:05 88,832 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-26 18:05 223,292 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-26 15:10 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-24 00:38 --------- d-----w C:\Program Files\Winamp
2008-02-24 00:27 --------- d-----w C:\Program Files\eMule
2008-02-21 22:55 --------- d-----w C:\Documents and Settings\Igor\Application Data\uTorrent
2008-02-21 15:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 22:13 --------- d-----w C:\Program Files\TI ADSL
2008-02-06 14:24 --------- d-----w C:\Program Files\Ahead
2008-01-23 05:13 --------- d-----w C:\Program Files\uTorrent
2008-01-21 20:42 --------- d-----w C:\Program Files\Folder Marker
2008-01-21 20:35 40,960 ----a-w C:\WINDOWS\My 'Me To You' Screensaver.dll
2008-01-21 20:35 399,072 ----a-w C:\WINDOWS\My 'Me To You' Screensaver.scr
2008-01-21 20:35 1,070,502 ----a-w C:\WINDOWS\My 'Me To You' Screensaver.exe
2008-01-10 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ransen Software
2008-01-06 21:56 180,224 ----a-w C:\WINDOWS\system32\dwwin.exe
2008-01-05 16:32 --------- d-----w C:\Program Files\URUSoft
2007-12-30 01:09 --------- d-----w C:\Program Files\filesubmit
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"WeatherClock"="C:\Program Files\Weather Clock\WeatherClock.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-10-23 14:19 1410344]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FuncKey"="C:\Program Files\Hotkey 1.0.4\FuncKey.exe" [2006-07-27 15:06 122880]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-04-16 17:08 172032]
"VTTimer"="VTTimer.exe" [2006-08-03 14:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-07-11 02:33 176128 C:\WINDOWS\system32\S3Trayp.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"LWBMOUSE"="C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE" [2002-05-24 13:54 357376]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"TIxDSL"="C:\PROGRA~1\TIADSL~1\bin\win2k\tidslmon.exe" [2002-08-27 12:37 425984]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28 155751]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17940:TCP"= 17940:TCP:NortonAV
"15677:TCP"= 15677:TCP:NortonAV

R3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 21:58]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-09-12 10:43]
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys [2002-04-02 13:06]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 21:58]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys [2002-04-02 13:05]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-26 20:18:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 20:19:26
ComboFix-quarantined-files.txt 2008-02-26 19:19:17
ComboFix2.txt 2008-02-26 16:46:15
ComboFix3.txt 2008-02-26 15:58:47

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

offline
  • -giska  Male
  • Novi MyCity građanin
  • Pridružio: 26 Feb 2008
  • Poruke: 5
  • Gde živiš: Nis

Hvala prijatelju sad cu isprobati

Dopuna: 27 Feb 2008 1:26

uploadovao sam ti ovaj MP3 folder pa vidi sta je i kazi dal da ga brisem

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Uploadovao si mi fajl koji je zaostao po deinstalaciji nekog programa za multimediju. Ako je jedino to sadržaj foldera možeš slobodno da ga brišeš.

offline
  • -giska  Male
  • Novi MyCity građanin
  • Pridružio: 26 Feb 2008
  • Poruke: 5
  • Gde živiš: Nis

Hvala DEMIAN

Dopuna: 28 Feb 2008 4:18

Opet problemi sa IE kad otvorim vise strana one se odjednom sve ugase , vise mi se nepojavljuje ono obavestenje sto sam pisao u prvom postu. A probao sam da izbrisem IE ali kad udjem u control panel pa u add or remove IE tamo nepostoji.Sta dalje raditi?

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

IE ne možeš tako deinstalirati ili ukloniti iz Windows-a kako si naumio. Ako te nervira/pravi problem samo IE onda koristi druge browsere.

Problem koji si izneo a ticao se Ambulante je otkonjem. Znači nemaš virus na kompu i greška sa IE nije to toga već do operativnog sistema.

Kako da probaš da rešiš problem?

Ubaci Windows instalacioni disk u CD/DVD drajv.

Start > Run > (tipkaj) sfc /scannow - lupi Enter i isprati proceduru.

Info za kompletan postupak/skeniranje ti je ovde:
http://www.updatexp.com/scannow-sfc.html

Ako to ne reši problem potraži rešenje u Windows ili Web Browser-i delu foruma.

Ko je trenutno na forumu
 

Ukupno su 933 korisnika na forumu :: 54 registrovanih, 10 sakrivenih i 869 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AK - 230, alzir86, arzak, Batinas, bavar357, Bubimir, celik, Cranium, dekan.m, Denaya, Dorcolac, Dostanic09, Drug pukovnik, Duh sa sekirom, dule10savic, FOX, Georgius, goran.vvv, ivica976, Jovan Nenad, kunktator, Leonardo, Lucije Kvint, Marko Marković, Markoni29, micke83, mihajlot2013, Milan A. Nikolic, mile23, Mimikrija, miodrag, misa1xx, mkukoleca, Mlav, nenad_l, nescafe, raketaš, rikirubio, riva, rkekoke, Rocker, Toni, upitnik, Vatrogasaccc, Vlada1389, VladaKG1980, Voja1978, Webb, wizzardone, zdrebac, Zimbabwe, |_MeD_|, 18101