Spor komp

Spor komp

offline
  • Palve 
  • Novi MyCity građanin
  • Pridružio: 23 Jan 2009
  • Poruke: 17

Ja sam vam se vec obracala za pomoc,vi ste mi uspesno pomogli,ali komp je opet poceo nenormano sporo da radi.Kad nisam na netu onda je jos i podnosljiv ali na netu je uzasno spor rad svih program ne samo mozile,opere,expolorera....Molim vas da mi pomognete da resim ovaj problem.Usput imam ADSL Telekom,znaci ne bi trebalo da sporo radi...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:17, on 17.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\net\TR3.exe..exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = auto.search.msn.com/response.asp?MT=deesk+t.....=&utf8
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://world.yahoo.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{03A2141D-7AB8-4386-B65D-9957D45F6E58}: NameServer = 212.200.170.33 212.200.170.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 9366 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Arrow Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Palve 
  • Novi MyCity građanin
  • Pridružio: 23 Jan 2009
  • Poruke: 17

ComboFix 09-04-18.01 - Administrator 17.04.2009 20:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.16 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Avira Premium Security Suite *On-access scanning disabled* (Outdated)
FW: Avira Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_isodrive


((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2018-06-16 19:41 . 2004-08-03 20:31 20992 -c--a-w c:\windows\system32\dllcache\rtl8139.sys
2018-06-16 19:41 . 2004-08-03 20:31 20992 ----a-w c:\windows\system32\drivers\RTL8139.sys
2009-04-15 15:30 . 2001-08-17 20:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-15 15:30 . 2004-08-03 22:56 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-15 15:30 . 2004-08-03 20:58 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-15 15:30 . 2004-08-03 20:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-13 10:00 . 2006-12-02 04:22 479232 ----a-w c:\windows\system32\msvcm80.dll
2009-04-13 10:00 . 2006-12-01 20:03 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-04-13 10:00 . 2006-12-01 20:03 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-04-13 10:00 . 2006-12-01 20:03 1869 ----a-w c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-04-10 11:08 . 2009-04-10 11:10 -------- d-----w C:\privremeno
2009-04-08 12:18 . 2009-04-11 08:23 -------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2009-04-05 08:25 . 2009-04-05 08:25 646392 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-25 11:33 . 2009-03-25 11:47 -------- d-----w C:\MaXa
2009-03-23 23:23 . 2009-04-07 18:28 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2009-03-22 18:25 . 2009-03-22 18:25 -------- d-----w c:\documents and settings\All Users\Application Data\79C
2009-03-22 12:29 . 2009-03-22 12:29 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2009-03-22 12:11 . 2009-03-22 12:11 -------- d-----w c:\documents and settings\Administrator\Application Data\Avira
2009-03-22 09:25 . 2008-03-06 11:15 71464 ----a-w c:\windows\system32\drivers\avfwim.sys
2009-03-22 09:25 . 2008-02-07 09:00 66176 ----a-w c:\windows\system32\drivers\avfwot.sys
2009-03-20 03:59 . 2008-10-16 13:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-20 03:59 . 2008-10-16 13:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-20 03:59 . 2008-10-16 13:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-19 13:14 . 2009-04-17 18:28 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-03-19 13:11 . 2009-02-06 17:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-19 13:08 . 2006-11-29 12:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-03-19 12:21 . 2009-03-19 12:21 -------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 16:59 . 2008-12-25 17:31 -------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-04-17 15:15 . 2009-04-17 15:15 -------- d-----w c:\program files\uTorrent
2009-04-16 11:59 . 2008-06-12 09:40 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-04-16 11:56 . 2009-04-16 11:56 -------- d-----w c:\program files\GameSpy Arcade
2009-04-14 17:14 . 2008-12-24 13:14 -------- d-----w c:\program files\Google
2009-04-13 10:00 . 2009-04-13 10:00 -------- d-----w c:\program files\MyXOFT
2009-04-12 21:27 . 2008-12-25 13:28 -------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-04-12 19:20 . 2008-12-25 13:35 -------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-04-08 12:20 . 2009-04-08 12:18 -------- d-----w c:\program files\Winamp
2009-04-07 18:28 . 2009-04-07 18:28 -------- d-----w c:\program files\Opera 10 Preview
2009-04-07 14:10 . 2009-03-16 19:13 -------- d-----w c:\program files\Counter-Strike 1.6
2009-04-05 19:29 . 2008-04-22 21:29 -------- d-----w c:\program files\Opera
2009-04-05 08:45 . 2009-04-05 08:38 -------- d-----w c:\program files\CONTACT
2009-03-26 22:49 . 2008-12-25 07:37 45096 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 19:59 . 2008-04-22 21:18 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 12:30 . 2009-02-23 10:35 -------- d-----w c:\program files\PHPNukeEN
2009-03-22 09:24 . 2009-03-22 09:24 -------- d-----w c:\program files\Avira
2009-03-22 09:24 . 2008-04-22 22:55 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-22 08:59 . 2008-04-22 21:05 -------- d-----w c:\program files\Crystal Player
2009-03-21 20:12 . 2009-03-19 13:12 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-20 14:29 . 2009-03-21 00:28 170978 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-03-20 12:06 . 2009-03-20 12:02 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-19 17:07 . 2008-12-24 13:13 -------- d-----w c:\program files\FlashGet
2009-03-19 16:24 . 2008-04-22 21:44 -------- d-----w c:\program files\Microsoft.NET
2009-03-19 13:12 . 2009-03-19 13:05 -------- d-----w c:\program files\Microsoft
2009-03-19 13:11 . 2009-03-19 12:31 -------- d-----w c:\program files\Windows Live
2009-03-19 13:08 . 2009-03-19 13:08 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 13:04 . 2009-03-19 13:04 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 12:43 . 2009-03-19 12:43 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-19 12:21 . 2009-03-19 12:21 -------- d-----w c:\program files\Winamp Toolbar
2009-03-18 15:37 . 2008-12-24 13:19 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-18 15:37 . 2009-03-18 15:37 -------- d-----w c:\documents and settings\Administrator\Application Data\InterTrust
2009-03-17 07:53 . 2009-03-17 07:53 -------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2009-03-17 07:51 . 2009-03-17 07:50 -------- d-----w c:\program files\Motocross The Force
2009-03-12 10:23 . 2009-03-12 10:23 -------- d-----w c:\documents and settings\All Users\Application Data\3030D
2009-03-08 18:50 . 2009-03-08 18:50 -------- d-----w c:\documents and settings\All Users\Application Data\10196
2009-03-07 13:26 . 2009-03-07 13:26 -------- d-----w c:\documents and settings\All Users\Application Data\YSFLIGHT.COM
2009-03-05 13:32 . 2008-06-03 10:24 -------- d-----w c:\program files\Totalcmd 7.03
2009-02-25 02:00 . 2009-02-25 02:00 -------- d-----w c:\program files\MSXML 6.0
2009-02-23 11:27 . 2009-02-23 11:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Canneverbe_Limited
2009-02-23 11:26 . 2009-02-23 11:26 -------- d-----w c:\program files\CDBurnerXP
2009-02-23 11:17 . 2009-02-23 11:17 -------- d-----w c:\program files\MSBuild
2009-02-23 11:17 . 2009-02-23 11:17 117120 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-23 11:11 . 2009-02-23 11:11 -------- d-----w c:\program files\Reference Assemblies
2009-02-22 21:50 . 2009-02-22 21:49 -------- d-----w c:\program files\Nero
2009-02-22 21:50 . 2008-12-24 13:27 -------- d-----w c:\program files\Common Files\Nero
2009-02-22 21:49 . 2009-02-22 21:49 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-02-22 15:26 . 2009-02-22 15:26 -------- d-----w c:\program files\ToggleEN
2009-02-22 15:26 . 2009-02-22 15:26 -------- d-----w c:\program files\Conduit
2009-02-09 10:19 . 2004-08-03 20:17 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 18:03 . 2009-02-06 18:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-16 11:58 . 2008-04-22 22:34 44512 -c--a-w c:\documents and settings\jeca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-06-08 12:17 . 2008-06-04 14:25 24192 -c--a-w c:\documents and settings\jeca\usbsermptxp.sys
2008-06-08 12:17 . 2008-06-04 14:24 22768 -c--a-w c:\documents and settings\jeca\usbsermpt.sys
2008-04-22 22:40 . 2008-04-22 22:38 56 -csh--r c:\windows\system32\2DA480F34A.sys
2008-04-22 22:40 . 2008-04-22 22:34 3350 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 22:03 1784856 ----a-w c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2008-11-23 22:03 1784856 ----a-w c:\program files\PHPNukeEN\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-21 185632]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-02-12 262401]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15235:TCP"= 15235:TCP:BitComet 15235 TCP
"15235:UDP"= 15235:UDP:BitComet 15235 UDP

R1 SASKUTIL;SASKUTIL; [x]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-02-07 66176]
S2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-03-26 344321]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2008-03-26 164097]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-04-09 254209]
S2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2008-02-07 41217]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-03-06 71464]

.
- - - - ORPHANS REMOVED - - - -

BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://google.rs/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq59da94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-17 20:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(3268-)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\Avira Premium Security Suite\sched.exe
c:\program files\Avira\Avira Premium Security Suite\avguard.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-17 20:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 18:32
ComboFix2.txt 2009-01-24 16:24

Pre-Run: 3.073.593.344 bytes free
Post-Run: 3.061.460.992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

244 --- E O F --- 2009-03-21 02:12

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa maliciozno u logovima.

Zamolio bih te da upakuješ u jedan zip (ili rar) sledeći folder:

C:\qoobox

i upload-uješ preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php


Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.




Što se tiče brzine rada:

http://www.mycity.rs/Zastita/Usporen-Racunar-ili-Browser-Osnovni-Saveti.html

Tu ima korisnih saveta...

offline
  • Palve 
  • Novi MyCity građanin
  • Pridružio: 23 Jan 2009
  • Poruke: 17

OK....Bar jedna opcija manje...Sad idem dalje da trazim sta bi moglo da bude....HVALA!!!!

Ko je trenutno na forumu
 

Ukupno su 546 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 540 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Despot1, gorantrojka, Ilija Cvorovic, Marko Marković, nenad81, Snorks