Problem sa pokretanjem programa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 10 Maj 2011 11:36

Nemam rešenje za unistall ZoneAlarm.
Add/Remove mogu u Control Panel, ali dalje namam prolaz.
Ostali alati za deinstalaciju ne prolaze.

Dopuna: 10 Maj 2011 11:43

Uspeo sam da pokrenem preporučeni Script
Prilažem izveštaj (nisam uspeo da eliminišem Zone Alarm, NOD32 sam skinuo)

ComboFix 11-05-09.02 - Pc 10.05.2011 9:04.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2037.1317 [GMT 2:00]
Running from: d:\desktop\ComboFix.exe
Command switches used :: d:\desktop\CFScript.txt
FW: ZoneAlarm Extreme Security Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
FILE ::
"c:\windows\system32\wrwtw.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AAUTP
-------\Legacy_JIJRKGK
-------\Legacy_SQZTJ
-------\Legacy_WNWVQ
-------\Legacy_ZLIUOYXRA
-------\Service_aautp
-------\Service_jijrkgk
-------\Service_sqztj
-------\Service_wnwvq
-------\Service_zliuoyxra
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-09 08:53 . 2011-05-09 08:53 -------- d-----w- c:\program files\CCleaner
2011-05-09 08:07 . 2011-05-09 08:10 -------- d-----w- c:\windows\system32\NtmsData
2011-05-09 06:44 . 2011-05-09 06:44 388096 ----a-r- c:\documents and settings\Pc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-06 12:06 . 2009-11-06 11:16 291328 ----a-w- C:\gmer.exe
2011-05-06 10:22 . 2011-05-09 08:48 256 ----a-w- C:\sccfg.sys
2011-05-06 07:16 . 2011-05-06 07:16 -------- d-----r- C:\MSOCache
2011-04-18 10:08 . 2011-05-09 09:42 -------- d-----w- c:\documents and settings\Pc\Application Data\My Games
2011-04-18 09:56 . 2011-04-18 09:57 -------- d-----w- c:\documents and settings\Pc\Application Data\Xfire
2011-04-18 09:56 . 2011-04-18 09:56 -------- d-s---w- c:\program files\Xfire
2011-04-18 07:25 . 2011-04-18 07:25 -------- d-----w- c:\program files\Firaxis Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 22:36 . 2011-04-06 22:36 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-11 21:23 . 2011-02-11 21:23 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2011-02-11 21:23 . 2011-02-11 21:23 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2011-02-11 21:23 . 2011-02-11 21:23 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-02-11 21:23 . 2011-02-11 21:23 100880 ----a-w- c:\windows\system32\Packet.dll
2011-04-29 11:11 . 2011-03-23 07:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-02-17 06:50 . 2011-02-17 06:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-09_14.27.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-10 07:10 . 2011-05-10 07:10 16384 c:\windows\temp\Perflib_Perfdata_174.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-17 30192]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-10-27 11000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Firebird\\Firebird_1_5\\bin\\fbserver.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Pc\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9191:TCP"= 9191:TCP:PaperCut NG HTTP
"9192:TCP"= 9192:TCP:PaperCut NG HTTPS
"9193:TCP"= 9193:TCP:PaperCut NG Binary
"5114:TCP"= 5114:TCP:PaperCut NG Firmware
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2011 12:36 AM 685816]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/27/2010 11:33 AM 26352]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/27/2010 11:34 AM 493032]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 11:23 PM 35088]
R2 PCPrintProvider;PaperCut Print Provider;c:\program files\PaperCut NG\providers\print\win\pc-print.exe [1/13/2011 1:32 PM 323584]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/16/2010 2:51 PM 44032]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/21/2010 9:21 AM 136176]
S2 PCAppServer;PaperCut Application Server;c:\program files\PaperCut NG\server\bin\win\pc-server.exe [1/13/2011 1:32 PM 135168]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/16/2010 2:49 PM 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/17/2011 8:50 AM 30192]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [8/27/2010 11:33 AM 35568]
S3 TrmbTS;TrmbTS;c:\windows\system32\drivers\TrmbTS.sys [11/10/2010 1:19 PM 29184]
S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [11/10/2010 1:19 PM 9881]
S4 PCWebPrint;PaperCut Web Print Server;c:\program files\PaperCut NG\providers\web-print\win\pc-web-print.exe [1/13/2011 1:32 PM 282624]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 07:21]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 07:21]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-839522115-1003Core.job
- c:\documents and settings\Pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 14:34]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-839522115-1003UA.job
- c:\documents and settings\Pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-08 14:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?hl=sr
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: {8EBDE815-A126-43FB-80A3-C5F4595953E5} = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 09:14
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\dot3dlg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-10 09:18:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-10 07:18
ComboFix2.txt 2011-05-09 14:29
.
Pre-Run: 120.231.759.872 bytes free
Post-Run: 120.160.518.144 bytes free
.
- - End Of File - - 52EFA56D7BB6E41BB0EACF6DFC3639D0

Dopuna: 10 Maj 2011 12:19

Novi momenti. Excel je do sada radio, sada više ne.



Dopuna: 10 Maj 2011 16:13

Link ka video zapisu opisanog problema, bez reči
http://www.youtube.com/watch?v=HqU5edEJhJs

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ukoliko posedujes svoj Windows XP instalacioni disk odradi sledece:

- Ubaci disk u CD/DVD drajv;
- Start -> Run -> sfc /scannow



Sacekaj da se postupak zavrsi, restartuj racunar i proveri da li je problem resen?







goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 11 Maj 2011 12:30

Ovaj materijal jje snimljen nakon komande sfc/ scannow i restarta
http://www.youtube.com/watch?v=8N65AP3pUQc

Dopuna: 11 Maj 2011 12:30

sfc /scannow

Dopuna: 11 Maj 2011 12:31

Problem nije rešen.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini fixAssociations na Desktop;
Pokreni fajl dvoklikom, nakon sto skripta zavrsi fix-ovanje pritisni bilo koji taster za izlazak;
Resetuj operativni sistem.




Jel se stanje sistema popravilo tj. jel imas i dalje problema sa pokretanjem programa?







goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokretanje programa je prošlo bez problema, restart takođe, ali nakon podizanja sistema sve je ostalo kao i pre.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

EXE File Association Fix: http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip
LNK (Shortcut) File Association Fix: http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip



Skini ova dva reg fix-a, raspakuj ih na Desktop i pokreni ih dvoklikom.

Nakon toga, restartuj operativni sistem.




Jel i dalje isto stanje?






goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nažalost i dalje je isto stanje.
Nadam se da ne odustajemo od rešenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Start -> Run -> regsvr32 /i shell32.dll




Jel prolazi ova komanda? Kakav prozor dobijas nakon pokretanja?








goran9888 (AMD Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 11 Maj 2011 23:10

Mogu je pokrenuti na način desni taster na Command Prompt - Run as.. - cd \windows - regsvr32 /i shell32.dll

Dopuna: 11 Maj 2011 23:13

Diajlog u kom piše DllRegisterServer and dllInstall in shell32.dll succeeded

Dopuna: 11 Maj 2011 23:37

Nisam restartovao, bez restarta nema ništa novo. Da li ima potrebe za restartom?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Restartuj, pa javi stanje.


Ukoliko nema promena, pokusacemo nesto drugo da uradimo.