MyCity » Ambulanta -> Arhiva Ambulante » problem ???

problem ???

Napisano na dan: 19.11.2008
1

problem ???
Sledeća strana Pagination

Idi na vrh

Poslao: 19 Nov 2008 21:25
Idi na vrh
offline
  • Pridružio: 01 Mar 2008
  • Poruke: 245

Ima li razloga za probleme koje imam sa radom kompa , do sad sam već preinstalirao windows i čistio sve što sam mogao ali nije dalo rezultate.?? Dešava mi se neodazivanje programa , kočenje i slično...usporen rad...?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:37, on 19.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\BtAssSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\VooDoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\VooDoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\VooDoo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\VooDoo\Desktop\Nova fascikla\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Pomagalo za veze za Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Assistant (BluetoothAssistant) - Unknown owner - C:\WINDOWS\system32\BtAssSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 6651 bytes

Poslao: 19 Nov 2008 22:13
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav ...

Uradi sledece :

1.
Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


2.
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 20 Nov 2008 12:47
Idi na vrh
offline
  • Pridružio: 01 Mar 2008
  • Poruke: 245

ComboFix 08-11-18.A2 - VooDoo 2008-11-19 23:19:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.204 [GMT 1:00]
Running from: c:\documents and settings\VooDoo\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SZComp5.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-19 19:36 . 2008-11-19 19:37 1,120 --a------ c:\windows\system32\drivers\kgpfr2.cfg
2008-11-19 18:36 . 2008-11-19 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-11-18 19:46 . 2008-11-18 19:46 <DIR> d-------- c:\program files\Skype
2008-11-18 19:46 . 2008-11-18 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-11-16 17:19 . 2008-11-16 17:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-15 22:24 . 2008-11-15 22:24 428,365 --a------ c:\windows\system32\BtAssSvc.exe
2008-11-15 17:42 . 2008-11-15 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\PY_Software
2008-11-15 16:46 . 2008-11-15 16:46 <DIR> d-------- c:\program files\Macrogaming
2008-11-15 16:45 . 2008-11-15 16:45 <DIR> d-------- c:\program files\IGC
2008-11-15 16:45 . 2003-03-18 22:20 1,060,864 --------- c:\windows\system32\MFC7ec9b.rra
2008-11-15 16:45 . 2003-03-18 21:14 499,712 --------- c:\windows\system32\msvced47.rra
2008-11-15 16:45 . 2003-02-21 05:42 348,160 --------- c:\windows\system32\msvcedb4.rra
2008-11-15 16:45 . 2003-05-28 12:19 245,408 -r------- c:\windows\system32\unicows.dll
2008-11-15 16:42 . 2008-11-15 16:42 <DIR> d-------- c:\program files\Common Files\Xara
2008-11-15 16:40 . 2008-11-15 16:42 <DIR> d-------- c:\program files\Xara
2008-11-15 16:38 . 2008-11-15 16:39 <DIR> d-------- c:\program files\Antenna
2008-11-15 16:31 . 2008-11-15 16:31 <DIR> d-------- c:\program files\Bonjour
2008-11-15 16:20 . 2008-11-15 16:20 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-15 16:18 . 2008-11-15 22:31 <DIR> d-------- c:\program files\Actual Drawing
2008-11-15 16:16 . 2008-11-15 16:44 <DIR> d-------- c:\program files\A4Desk
2008-11-15 16:14 . 2008-11-15 16:15 <DIR> d-------- c:\program files\iColorFolder
2008-11-13 21:29 . 2008-11-13 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo
2008-11-13 21:29 . 2008-11-13 21:29 22 --a------ c:\windows\msnmsgr.exe.ini
2008-11-13 20:57 . 2008-11-13 20:58 69 --a------ c:\windows\NeroDigital.ini
2008-11-13 19:27 . 2008-11-19 12:39 32 --a------ c:\windows\CatElett.INI
2008-11-13 18:22 . 2008-11-13 18:22 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 20:48 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2008-11-12 20:48 . 2001-08-17 13:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys
2008-11-12 15:06 . 2008-11-12 15:06 0 --a------ c:\windows\Irremote.ini
2008-11-12 12:58 . 2008-11-12 12:58 40 --a------ c:\windows\nero.INI
2008-11-11 14:35 . 2008-11-11 14:35 364,544 -ra------ c:\windows\system32\IS3DBA5.dll
2008-11-10 23:32 . 2008-11-10 23:32 <DIR> d-------- c:\program files\Stardock
2008-11-10 23:32 . 2008-11-10 23:32 <DIR> d-------- c:\program files\Common Files\Stardock
2008-11-10 21:59 . 2008-11-10 21:59 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-10 19:14 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-10 19:14 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-10 14:21 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-10 14:21 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-10 00:33 . 2008-11-13 11:25 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-10 00:33 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-11-09 23:54 . 2008-11-09 23:54 <DIR> d---s---- c:\documents and settings\VooDoo\UserData
2008-11-09 19:11 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-11-09 19:11 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-11-09 19:11 . 2007-07-30 19:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-09 19:04 . 2008-11-09 19:04 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-09 19:04 . 2008-11-09 19:04 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-09 18:48 . 2008-11-11 18:14 <DIR> d-------- c:\program files\Lexmark X1100 Series
2008-11-09 18:48 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-09 18:48 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-09 18:48 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-09 18:48 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-09 18:40 . 2008-11-09 18:40 101 --a------ c:\windows\lexstat.ini
2008-11-09 18:33 . 2008-11-09 18:33 <DIR> d-------- c:\program files\ACD Systems
2008-11-09 18:33 . 2008-11-09 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-11-09 18:30 . 2008-11-09 18:30 <DIR> d-------- c:\documents and settings\VooDoo\WINDOWS
2008-11-09 18:26 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-09 18:26 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-09 18:16 . 2008-11-09 18:16 <DIR> d-------- c:\documents and settings\VooDoo\Application Data\ACD Systems
2008-11-09 18:15 . 2008-11-09 18:34 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-11-09 17:13 . 2008-11-09 15:16 58,952 --a------ c:\windows\system32\MsgPlusLoader.dll
2008-11-09 17:11 . 2008-11-09 17:11 <DIR> d-------- c:\documents and settings\VooDoo\Application Data\Uniblue
2008-11-09 16:42 . 2008-11-09 16:42 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-09 16:42 . 2008-11-09 16:42 25 --a------ c:\windows\cdplayer.ini
2008-11-09 16:41 . 2008-11-09 16:41 <DIR> d-------- c:\program files\Real
2008-11-09 16:41 . 2008-11-09 16:42 <DIR> d-------- c:\program files\Common Files\Real
2008-11-09 16:37 . 2008-01-12 14:13 <DIR> d-------- c:\program files\Ahead
2008-11-09 16:22 . 2008-11-09 16:22 <DIR> d-------- c:\program files\uTorrent
2008-11-09 16:22 . 2008-11-15 17:53 <DIR> d-------- c:\documents and settings\VooDoo\Application Data\uTorrent
2008-11-09 16:19 . 2008-11-09 16:19 0 --a------ c:\windows\nsreg.dat
2008-11-09 15:53 . 2008-11-09 15:53 <DIR> d-------- c:\program files\Common Files\iS3
2008-11-09 15:53 . 2008-11-19 18:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZILLAbar
2008-11-09 15:53 . 2008-11-19 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-11-09 15:25 . 2008-11-11 16:23 <DIR> d-------- c:\documents and settings\VooDoo\Contacts
2008-11-09 15:24 . 2008-11-09 15:24 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-09 15:22 . 2008-11-09 15:24 <DIR> d-------- c:\program files\Windows Live
2008-11-09 15:22 . 2008-11-09 15:23 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-09 15:16 . 2008-11-09 15:16 <DIR> d-------- c:\program files\MessengerPlus! 3
2008-11-09 15:09 . 2008-11-09 15:11 <DIR> d-------- c:\program files\RegCleaner
2008-11-09 15:09 . 2008-11-09 15:09 <DIR> d-------- c:\program files\CCleaner
2008-11-09 14:46 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-09 14:45 . 2008-11-09 14:45 <DIR> d-------- c:\program files\Common Files\L&H
2008-11-09 14:44 . 2008-11-09 14:44 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-09 14:44 . 2008-11-09 14:44 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-11-09 14:43 . 2008-11-09 14:44 <DIR> d-------- c:\windows\SHELLNEW
2008-11-09 14:43 . 2008-11-09 14:44 <DIR> d-------- c:\program files\Microsoft Works
2008-11-09 14:16 . 2008-11-09 14:16 <DIR> d-------- c:\program files\Microsoft
2008-11-09 14:15 . 2008-11-09 15:03 478 --a------ c:\windows\ODBC.INI
2008-11-09 14:14 . 2008-11-09 14:14 <DIR> d-------- c:\program files\Alwil Software
2008-11-09 14:14 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-09 14:14 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2008-11-09 14:14 . 2003-02-21 04:42 348,160 --a------ c:\windows\system32\MSVCR71.dll
2008-11-09 14:12 . 2008-11-09 14:13 <DIR> d-------- c:\program files\TuneUp Utilities 2007
2008-11-09 14:12 . 2008-11-09 14:12 <DIR> d-------- c:\documents and settings\VooDoo\Application Data\TuneUp Software
2008-11-09 14:12 . 2007-03-29 04:42 29,704 --a------ c:\windows\system32\uxtuneup.dll
2008-11-09 14:11 . 2008-11-09 14:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-09 14:11 . 2008-11-09 14:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-09 14:07 . 2008-11-09 14:25 <DIR> d-------- C:\totalcmd
2008-11-09 14:07 . 2005-04-30 06:52 545 --a------ c:\windows\UC.PIF
2008-11-09 14:07 . 2005-04-30 06:52 545 --a------ c:\windows\RAR.PIF
2008-11-09 14:07 . 2005-04-30 06:52 545 --a------ c:\windows\PKZIP.PIF
2008-11-09 14:07 . 2005-04-30 06:52 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-09 14:07 . 2005-04-30 06:52 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-09 14:07 . 2005-04-30 06:52 545 --a------ c:\windows\LHA.PIF
2008-11-09 14:07 . 2005-04-30 06:52 545 --a------ c:\windows\ARJ.PIF
2008-11-09 14:07 . 2008-11-10 23:27 445 --a------ c:\windows\wincmd.ini
2008-11-09 14:03 . 2008-11-18 19:46 <DIR> d-------- c:\documents and settings\VooDoo\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 18:37 --------- d-----w c:\program files\STOPzilla!
2008-11-15 15:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 15:41 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-15 15:31 --------- d-----w c:\program files\Common Files\Adobe
2008-11-13 10:54 --------- d-----w c:\program files\Common Files\Nero
2008-11-13 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-09 18:32 --------- d-----w c:\program files\DC++
2008-11-09 16:45 --------- d-----w c:\program files\Google
2008-11-09 12:58 --------- d-----w c:\program files\Winamp
2008-11-09 12:58 --------- d-----w c:\documents and settings\VooDoo\Application Data\Winamp
2008-11-09 12:57 --------- d-----w c:\program files\Winamp Toolbar
2008-11-09 12:57 --------- d-----w c:\program files\Winamp Remote
2008-11-09 12:57 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-11-09 12:57 --------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks
2008-11-09 12:51 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-09 12:50 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-09 12:45 --------- d-----w c:\documents and settings\VooDoo\Application Data\STOPzilla!
2008-11-09 12:44 --------- d-----w c:\program files\TotalAudioConverter
2008-11-09 12:44 --------- d-----w c:\documents and settings\VooDoo\Application Data\Softplicity
2008-11-09 12:43 --------- d-----w c:\program files\YouTube Downloader
2008-11-09 12:43 --------- d-----w c:\program files\ODM
2008-11-09 12:42 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-11-09 12:42 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-11-09 12:42 --------- d-----w c:\program files\directx
2008-11-09 12:42 --------- d-----w c:\program files\ArcSoft
2008-11-09 12:08 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 09:01 17,408 ----a-r c:\windows\system32\SZIO5.dll
2008-10-23 09:00 278,528 ----a-r c:\windows\system32\SZBase5.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-08 12:27 49,664 ----a-r c:\windows\system32\drivers\SZKG.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 12:08 126,976 ----a-r c:\windows\system32\IS3HTUI5.dll
2008-09-29 12:07 61,440 ----a-r c:\windows\system32\IS3Hks5.dll
2008-09-29 12:07 372,736 ----a-r c:\windows\system32\IS3UI5.dll
2008-09-29 12:07 23,040 ----a-r c:\windows\system32\IS3XDat5.dll
2008-09-29 12:06 94,208 ----a-r c:\windows\system32\IS3Inet5.dll
2008-09-29 12:06 90,112 ----a-r c:\windows\system32\IS3Svc5.dll
2008-09-29 12:06 212,992 ----a-r c:\windows\system32\IS3Win325.dll
2008-09-29 12:03 708,608 ----a-r c:\windows\system32\IS3Base5.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-20 05:38 659,456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [2008-10-08 49664]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-09 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-09 20560]
R2 BluetoothAssistant;Bluetooth Assistant;c:\windows\system32\BtAssSvc.exe [2008-11-15 428365]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2002-12-31 14336]
R3 snpstd2;VideoCAM Look;c:\windows\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]

2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\VooDoo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-09 23:12]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\VooDoo\Application Data\Mozilla\Firefox\Profiles\b6x4i2ic.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://btjunkie.org/
FF -: plugin - c:\documents and settings\VooDoo\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 23:21:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-19 23:23:26
ComboFix-quarantined-files.txt 2008-11-19 22:23:00

Pre-Run: 7.853.207.552 bytes free
Post-Run: 7,859,580,928 bytes free

241 --- E O F --- 2008-11-14 12:02:34

Dopuna: 20 Nov 2008 12:47

Posle ovoga mi STOPzilla javlja da je hijack inficiran i sad jel to treba obrisati ili ne...

Poslao: 20 Nov 2008 13:00
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Nemoj brisati hijackthis. Ignorisi STOPzillu.
Ja ti sad ne mogu dati dalja uputstva jer treba da se konsultujem sa kolegama. Zao mi je, ali dalja uputstva ces dobiti tek popodne.

Reci mi samo jedno: Jel imas instaliran neki bluetooth program?

Poslao: 20 Nov 2008 13:14
Idi na vrh
offline
  • Pridružio: 01 Mar 2008
  • Poruke: 245

Nije problem za popodne a bluetooth program nemam , imao sam ranije...

Dopuna: 20 Nov 2008 13:14

u ovoj instalaciji windowsa nisam imao bluetooth..

Poslao: 20 Nov 2008 17:55
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Uploaduj mi sledeci fajl na proveru:

C:\WINDOWS\system32\BtAssSvc.exe

Koristi sledecu formu da bi mi uploadovao taj fajl:
http://www.mycity.rs/ambulanta-upload.php

Javi u ovoj temi kad uradis upload.

Poslao: 20 Nov 2008 20:58
Idi na vrh
offline
  • Pridružio: 01 Mar 2008
  • Poruke: 245

OK, urađeno.

Dopuna: 20 Nov 2008 20:58

Sad nemam ni start meni niti startnu liniju , i ne pokreće mi se ni jedan program, jedino što sam uspeo da pozovem firefox preko upravljača zadacima, to je sve što sad mogu da uradim.... nema ni ikona na desktopu...

Poslao: 20 Nov 2008 21:14
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

1.

Otvori task manager(ctrl+alt+del) i u meniju izaberi file pa new task i tu kucaj explorer.exe pa OK;

Tada bi trebalo da ti se vrati desktop i ikonice;




2.

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
BluetoothAssistant

File::
c:\windows\system32\BtAssSvc.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 20 Nov 2008 21:21
Idi na vrh
offline
  • Pridružio: 01 Mar 2008
  • Poruke: 245

Ne vraća mi se ništa , nema reakcije na komandu... i dalje mi je prazan desktop

Poslao: 20 Nov 2008 21:44
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Hajmo ovako :

1. Udji u Safe mode

Samo odaberi Safe Mode with Networking opciju(kako bi imao Internet konekciju u Safe modu.



I onda uradi ono sto sam ti napisao u prethodnom postu pod tackom 2.

MyCity » Ambulanta -> Arhiva Ambulante » problem ???

Ko je trenutno na forumu
 

Ukupno su 1057 korisnika na forumu :: 42 registrovanih, 9 sakrivenih i 1006 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Bobrock1, bojanM84, bokisha253, Boris BM, cavatina, crnitrn, Denaya, dmdr, DPera, dushan, Kubovac, mercedesamg, Mi lao shu, milanovic, Millennium, milutin134, Mixelotti, Miškić, moldway, muaddib, Nemanja.M, Nikolaa11, panzerwaffe, pein, pera bager, Petarvu, powSrb, procesor, RJ, Sale.S, Srki94, Srle993, stankolich, stegonosa, Toper, vathra, virked, x9, zbazin, ZetaMan, zillbg