problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav
Problem je u tome sto mi je komp uzasno spor i sve se sporo otvara.

Logfile of HijackThis v1.99.1
Scan saved at 17:58:58, on 15.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Korisnik\Desktop\provjera\TR3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = tportal.hr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MAXadsl Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Last.fm Helper.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Picture Package Menu.lnk.disabled
O4 - Global Startup: Picture Package VCD Maker.lnk.disabled
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{702246BB-65CE-4D24-9700-27BB39383022}: NameServer = 195.29.149.196,195.29.149.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77855CB-8146-42FF-B717-636CA8974050}: NameServer = 195.29.149.196 195.29.149.197
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nema vidljivih tragova infekcije, no za svaki slucaj uradi sledece:

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kad ga skinem i pokrenem nema uputstava,nema ekrana a bogme ni log-a.

Nakratko blicne neki valjda prozor ali ne stignem vidjeti sto pise.Probala ja nekoliko puta ali uvijek isto.

Dopuna: 15 Mar 2008 20:22

U medjuvremenu sam izbrisala dosta stvari i ComboFix proradio.Stavljam novi Logfile of HijackThis i nakon toga nastovljam sa ComboFix .Nadam se da je to u redu.
Interesira me sto ja ovo C:\Program Files\Bonjour\mDNSResponder.exe probala izbrisat ali ne ide

Logfile of HijackThis v1.99.1
Scan saved at 19:49:07, on 15.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Korisnik\Desktop\provjera\TR3.exe.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = tportal.hr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MAXadsl Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{702246BB-65CE-4D24-9700-27BB39383022}: NameServer = 195.29.149.196,195.29.149.197
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

C:\Program Files\Bonjour\mDNSResponder.exe je potreban za komunikaciju sa Apple uredjajima, i instalira se zajedno sa iTunes, QuickTime i jos par programa. Izmedju ostalog omogucava komunikaciju sa iPod uredjajima itd.


Sto se tice ComboFix-a, probaj iskljuciti Avast, kao i Tea Timer (deo SpyBot S&D) dok ga pokreces.
Ukoliko nece ni tako, onda promeni ime ComboFixu pre startovanja u recimo test.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nakon tri sata raznih pokusaja uspjelo je .Mozilla Firefox se i dalje vuce ko kisna glista, treba joj pet minuta da se digne.


ComboFix 08-03-14.4 - Korisnik 2008-03-15 20:23:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.208 [GMT 1:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\#SharedObjects\XUB2YTS3\iforex.com
C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\#SharedObjects\XUB2YTS3\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-15 20:01 . 2008-03-15 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-12 09:46 . 2008-03-12 09:47 <DIR> d-------- C:\Program Files\Windows Live
2008-03-12 09:46 . 2008-03-12 09:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 09:46 . 2008-03-12 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-23 15:18 . 2008-02-23 15:29 <DIR> d-------- C:\Program Files\Port Royale

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 19:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-15 19:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 15:48 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\uTorrent
2008-03-15 13:44 --------- d-----w C:\Program Files\Java
2008-02-10 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-10 18:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 18:58 --------- d-----w C:\Program Files\Bonjour
2008-02-10 18:41 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-24 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
1998-04-26 23:00 570,128 ----a-w C:\Program Files\DAO350.DLL
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 108,160 2007-01-15 17:28:57 C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Program Files\Alwil Software\Avast4\ashDisp.exe

----a-w 339,968 2004-06-24 19:10:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 49,152 2005-03-29 21:16:56 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 49,152 2005-03-29 21:16:56 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

----a-w 57,344 2003-08-19 14:43:48 C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe

----a-w 15,360 2004-08-03 22:56:50 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-03 22:56:50 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"PCTVOICE"="pctspk.exe" [2004-08-11 05:42 176128 C:\WINDOWS\system32\pctspk.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-03-29 22:16 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-02 23:09]
S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2004-08-11 05:42]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9096a536-ef5c-11dc-bfc1-000b6aabd60d}]
\Shell\AutoRun\command - G:\MntDrCore.exe
\Shell\Open\command - G:\MntDrCore.exe
\Shell\Open With...\command - G:\MntDrCore.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-15 20:31:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2008-03-15 20:33:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 19:33:43
.
2007-10-26 00:40:08 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi FindAWF (alternativni download link).
Dvoklikom pokreni FindAWF.exe
Pritisni bilo koji taster kako bi prešao na sledeći ekran
Izaberi opciju #1 - Scan for bak folders kucajući 1 i Enter
Kada program završi skeniranje, logfile awf.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj tog loga u temu na forumu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: sub 15.03.2008
The current time is: 21:07:28,15


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\LEXMAR~1\BAK

19.08.2003 15:43 57.344 lxbkbmgr.exe
1 File(s) 57.344 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

03.08.2004 23:56 15.360 ctfmon.exe
09.07.2001 10:50 155.648 NeroCheck.exe
2 File(s) 171.008 bytes

Directory of C:\PROGRA~1\ALWILS~1\AVAST4\BAK

15.01.2007 18:28 108.160 ashDisp.exe
1 File(s) 108.160 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

24.06.2004 20:10 339.968 atiptaxx.exe
1 File(s) 339.968 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

29.03.2005 22:16 49.152 HPWuSchd2.exe
1 File(s) 49.152 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe"
15360 Aug 3 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 3 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
79224 Dec 4 2007 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
108160 Jan 15 2007 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe"
339968 Jun 24 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
49152 Mar 29 2005 "C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
49152 Mar 29 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"


end of report

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Dr.Web CureIt (~9 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

A0120830.dll C:\System Volume Information\_restore{59A5AC75-36D1-4777-8364-FA8ABE2DABC6}\RP394 Trojan.NtRootKit.103 Deleted.
A0120831.exe C:\System Volume Information\_restore{59A5AC75-36D1-4777-8364-FA8ABE2DABC6}\RP394 Trojan.Fakealert.403 Deleted.
A0121064.exe C:\System Volume Information\_restore{59A5AC75-36D1-4777-8364-FA8ABE2DABC6}\RP397 Trojan.Fakealert.403 Deleted.
A0121065.dll C:\System Volume Information\_restore{59A5AC75-36D1-4777-8364-FA8ABE2DABC6}\RP397 Trojan.NtRootKit.103 Deleted.
A0125738.scr C:\System Volume Information\_restore{59A5AC75-36D1-4777-8364-FA8ABE2DABC6}\RP426 Adware.Msearch Incurable.Moved.
A0133652.exe C:\System Volume Information\_restore{59A5AC75-36D1-4777-8364-FA8ABE2DABC6}\RP456 Tool.Prockill Incurable.Moved.
A0133665.exe C:\System Volume Information\_restore{59A5AC75-36D1-4777-8364-FA8ABE2DABC6}\RP456 Tool.Prockill Incurable.Moved.
A0133691.exe C:\System Volume Information\_restore{59A5AC75-36D1-4777-8364-FA8ABE2DABC6}\RP456 Tool.Prockill Incurable.Moved.
Process.exe C:\WINDOWS\system32 Tool.Prockill Incurable.Moved.

Dopuna: 16 Mar 2008 13:44

Ima jos nesto.
U Windows-ima imam sljedeci file.Cudno mi je sto pise plavim slovima.
Sto je to i smijem li to izbrisati?Cini mi se da jednom i jesam ali nisam sigurna

$NtUninstallKB93965$
spuninst a u njemu pise ovo:

COPY "C:\WINDOWS\$NtUninstallKB939653$\iedw.exe" "c:\program files\internet explorer\iedw.exe"
COPY "C:\WINDOWS\$NtUninstallKB939653$\browseui.dll" "c:\windows\system32\browseui.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll" "c:\windows\system32\cdfview.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\danim.dll" "c:\windows\system32\danim.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll" "c:\windows\system32\dxtmsft.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll" "c:\windows\system32\dxtrans.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll" "c:\windows\system32\extmgr.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll" "c:\windows\system32\iepeers.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\inseng.dll" "c:\windows\system32\inseng.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll" "c:\windows\system32\jsproxy.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll" "c:\windows\system32\mshtml.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll" "c:\windows\system32\mshtmled.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\msrating.dll" "c:\windows\system32\msrating.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\mstime.dll" "c:\windows\system32\mstime.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll" "c:\windows\system32\pngfilt.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll" "c:\windows\system32\shdocvw.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll" "c:\windows\system32\shlwapi.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll" "c:\windows\system32\urlmon.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\wininet.dll" "c:\windows\system32\wininet.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll" "c:\windows\system32\xpsp3res.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\browseui.dll" "c:\windows\system32\dllcache\browseui.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll" "c:\windows\system32\dllcache\cdfview.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\danim.dll" "c:\windows\system32\dllcache\danim.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll" "c:\windows\system32\dllcache\dxtmsft.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll" "c:\windows\system32\dllcache\dxtrans.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll" "c:\windows\system32\dllcache\extmgr.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\iedw.exe" "c:\windows\system32\dllcache\iedw.exe"
COPY "C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll" "c:\windows\system32\dllcache\iepeers.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\inseng.dll" "c:\windows\system32\dllcache\inseng.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll" "c:\windows\system32\dllcache\jsproxy.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll" "c:\windows\system32\dllcache\mshtml.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll" "c:\windows\system32\dllcache\mshtmled.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\msrating.dll" "c:\windows\system32\dllcache\msrating.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\mstime.dll" "c:\windows\system32\dllcache\mstime.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll" "c:\windows\system32\dllcache\pngfilt.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll" "c:\windows\system32\dllcache\shdocvw.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll" "c:\windows\system32\dllcache\shlwapi.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll" "c:\windows\system32\dllcache\urlmon.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\wininet.dll" "c:\windows\system32\dllcache\wininet.dll"
COPY "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.txt" "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.tag"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logovi su cisti. Ono sto je DrWeb nasao, to je iz System Restorea, tj. vec je bilo obrisano.

Taj fajl cije je ime ispisano plavim slovima, to ti je stiglo sa Windows Updateom i ne treba ga brisati.
Potreban je ukoliko zelis kasnije da deinstaliras taj update sa kojim je on stigao.

Kako se komp ponasa?