[bobby]Kompjuter mi je ukocen, spor....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Cao !!!

E ovako to je sve pocelo od pre neki dan kada sam skinuo novu Operu 9.5...
posle njene instalacije komp mi je poceo da blokira,trokira sav je usporen neradi kako treba pa vas molim za pomoc.....postavicu hajakthis log


Logfile of HijackThis v1.99.1
Scan saved at 12:29, on 2008-07-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ivan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = furka.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Anti Mosquito] E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

unapred hvala!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nema znakova infekcije u logu.

Za svaki slucaj uradi jos i sledece:
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-07-01.5 - Ivan 2008-07-02 19:14:35.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.213 [GMT 1:00]
Running from: C:\Documents and Settings\Ivan\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-01 16:21 . 2008-07-01 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-01 16:21 . 2008-07-01 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-01 14:43 . 2008-07-02 00:43 <DIR> d-------- C:\Program Files\Opera
2008-07-01 14:41 . 2008-07-01 14:45 <DIR> d-------- C:\Program Files\Opera7
2008-06-27 15:42 . 2008-06-27 15:42 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\CoSoSys
2008-06-19 12:10 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-19 12:10 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-18 14:56 . 2008-06-18 14:56 268 --ah----- C:\sqmdata08.sqm
2008-06-18 14:56 . 2008-06-18 14:56 244 --ah----- C:\sqmnoopt08.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 13:42 --------- d-----w C:\Program Files\Java
2008-07-01 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 01:02 --------- d-----w C:\Program Files\Professional §©®ÎÞt v.3 Black
2008-06-24 09:40 --------- d-----w C:\Program Files\Valve
2008-06-15 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-15 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 21:54 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-05-28 19:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-18 16:22 264,097 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_375.exe
2008-05-18 16:22 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-05-18 16:22 --------- d-----w C:\Program Files\PDFCreator
2008-05-14 09:00 --------- d-----w C:\Program Files\Three Rings Design
2008-05-14 08:57 --------- d-----w C:\Program Files\Far Cry
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 19:39 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-24 13:07 22,328 ----a-w C:\Documents and Settings\Ivan\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe

2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe

2007-12-28 02:15 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-28 02:15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-04 00:15 4554752]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-04-27 16:18 344064]
"Anti Mosquito"="E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe" [2001-12-19 18:02 258048]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Professional §©®ÎÞt v.3 Black\\mirc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 14:50]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 15:20]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 14:49]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
S1 vdrv7000;vdrv7000;C:\WINDOWS\system32\DRIVERS\vdrv7000.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254a0a9-9e4a-11dc-aa3e-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - ~C:\Program Files\MSN Messenger\MsnMsgr.Exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-02 19:16:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Anti Mosquito = E:\INSTALL\PROG ZA TERANJE KOMARACA\teranje komraca\anti_mosquito\Anti Mosquito.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-02 19:16:47
ComboFix-quarantined-files.txt 2008-07-02 18:16:40

Pre-Run: 33,822,306,304 bytes free
Post-Run: 33,947,103,232 bytes free

123 --- E O F --- 2008-06-21 02:00:48

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa nisi instalirao samo Operu, vec i neku skriptu za mIRC i Valve.
Ako se ne varam, Valve je neki server za CS.

Sto se tice mIRC skripti, ne bih se igrao sa tim.
Pojma nemas ko ju je napravio i da li sada tvoj komp kojim slucajem ne sluzi kao IRC bot.
Vecina skripti sa neta koje sam skinuo cisto da bih proverio da li su OK, sadrzale su Zaphast, koji ce tvoj komp bas fino staviti na raspolaganje kreatoru skripte. On moze zarazen komp da koristi za flood, kao server za fajlove, za spam (dobijes poruku na PP u kojoj te cura poziva da provedete vece u dvoje i slicno).

Znaci, ne vidim nista sto mi ovde mozemo da ocistimo.
Ako bilo cega ima na tvom kompu, to je onda vezano za neki od programa koje koristis.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Znaci samo da brisem scriptu i CS i bice sve ok....hvala