problem sa instaliranjem novih programa i uninstall starih

problem sa instaliranjem novih programa i uninstall starih

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:21, on 1/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Miki\Desktop\download\ES2\ES2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....2886302750
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 7499 bytes



pozdrav ... dolazim po preporuci da mozete pomoci mom problemu:

dakle sve je pocelo pre nedelju dana ... do tad je bilo sve ok.

prvo se javlja problem sa firefox. ne mogu otvoriti.

pokusam da ga deinstaliram ... ne mogu .. add/remove programs kliknem na firefox .. remove ... ne moze ... nista se ne desava ...

pokusam da instaliram novi av program ... extract file ... i onda: file is corrupted ...

cak i internet pocinje sporije raditi .. wireless je u pitanju.
radi sve super i onda odjednom stane. ne mogu otvoriti ni jednu stranicu.
(mozda nema nikakve veze s mojim problemom)
da li je virus ili neki drugi problem i kako ga resiti ...

pozdrav

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Log je cist.

Kakav je to problem sa extractom? Kog antivirusa?

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

npr kad pokusam instalirati AVG ili firefox ili operu ...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Pogledacemo malo bolje:

privremeno iskljuci zastitni softver.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

ComboFix 09-01-21.04 - Miki 2009-01-25 0:21:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1387 [GMT 1:00]
Running from: c:\documents and settings\Miki\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-24 10:55 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-24 10:55 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-24 10:55 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-24 10:55 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-24 10:55 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-24 10:55 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-24 10:55 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-24 10:55 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-24 10:55 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-01-18 19:30 . 2009-01-18 19:30 347 --a------ c:\windows\pdf2word.INI
2009-01-17 08:36 . 2009-01-17 08:36 <DIR> d-------- C:\ATI
2008-12-26 18:57 . 2008-12-26 18:57 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 23:22 --------- d-----w c:\documents and settings\Miki\Application Data\uTorrent
2009-01-24 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 21:40 --------- d-----w c:\documents and settings\Miki\Application Data\Skype
2009-01-22 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-17 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-17 13:55 --------- d-----w c:\program files\CCleaner
2009-01-17 13:33 --------- d-----w c:\program files\uTorrent
2009-01-17 11:03 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-03 10:47 --------- d-----w c:\documents and settings\Miki\Application Data\Uniblue
2009-01-03 10:47 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-03 10:45 --------- d-----w c:\program files\Save Flash
2008-12-21 14:29 --------- d-----w c:\documents and settings\Miki\Application Data\Apple Computer
2008-12-17 21:13 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-17 21:13 --------- d-----w c:\program files\Java
2008-12-14 17:03 --------- d-----w c:\program files\Winamp
2008-12-14 17:02 --------- d-----w c:\documents and settings\Miki\Application Data\Winamp
2008-12-14 11:32 --------- d-----w c:\program files\IObit
2008-12-13 12:39 --------- d-----w c:\documents and settings\Miki\Application Data\IObit
2008-12-13 12:15 --------- d-----w c:\program files\DIFX
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-03 21:52 --------- d-----w c:\program files\CDisplay
2008-12-02 05:05 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2008-11-27 10:47 10,240 ----a-w c:\windows\system32\RtNicProp32.dll
2008-11-09 19:25 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-24_17.29.29.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-19 05:33:20 4,445,184 -c----w c:\windows\system32\dllcache\msi.dll
+ 2008-05-19 00:57:42 95,744 -c----w c:\windows\system32\dllcache\msiexec.exe
+ 2008-05-19 05:33:20 332,800 -c----w c:\windows\system32\dllcache\msihnd.dll
+ 2008-04-17 00:43:24 2,560 -c----w c:\windows\system32\dllcache\msimsg.dll
+ 2008-05-19 05:33:20 18,944 -c----w c:\windows\system32\dllcache\msisip.dll
- 2008-04-14 00:11:59 2,843,136 ----a-w c:\windows\system32\msi.dll
+ 2008-05-19 05:33:20 4,445,184 ----a-w c:\windows\system32\msi.dll
- 2008-04-14 00:12:28 78,848 ----a-w c:\windows\system32\msiexec.exe
+ 2008-05-19 00:57:42 95,744 ----a-w c:\windows\system32\msiexec.exe
- 2008-04-14 00:11:59 271,360 ----a-w c:\windows\system32\msihnd.dll
+ 2008-05-19 05:33:20 332,800 ----a-w c:\windows\system32\msihnd.dll
- 2008-04-13 15:39:43 884,736 ----a-w c:\windows\system32\msimsg.dll
+ 2008-04-17 00:43:24 2,560 ----a-w c:\windows\system32\msimsg.dll
- 2008-04-14 00:11:59 15,360 ----a-w c:\windows\system32\msisip.dll
+ 2008-05-19 05:33:20 18,944 ----a-w c:\windows\system32\msisip.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 04:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-01-24 17:05:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2008-11-02 202256]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Miki^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-01-14 16:11 399504 c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2007-07-04 13:52 253000 c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-02-20 12:06 741376 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-17 12:38 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 17:45 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 01:12 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-11-10 02:44 557056 c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwEngineSvc"=2 (0x2)
"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Eurekr.com\\1-Click YouTubeAssistant\\bin\\utdman.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-05-21 9867]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-11-21 15504]
S1 mailKmd;mailKmd; [x]
S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-06-28 16512]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [2007-10-20 8064]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-08-12 13352]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [2008-02-16 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [2008-02-16 13440]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-11-21 170640]
.
Contents of the 'Scheduled Tasks' folder

2009-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-24 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe []

2009-01-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-11-06 11:12]

2009-01-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-24 11:21]

2009-01-24 c:\windows\Tasks\Malwarebytes' Scheduled Update for Miki.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-01-14 16:11]

2009-01-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2008-03-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Miki\Application Data\Mozilla\Firefox\Profiles\5popt355.default\
FF - prefs.js: browser.search.selectedEngine - divx-titlovi.com
FF - prefs.js: browser.startup.homepage - about:blank
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-25 00:23:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?X,??\??????|x??|????q??|?j?wQj?w????????0??? ???????????????d??????|????????p?????@??Y?????????????s???????s???sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s??????B~??@?N'?s?D???6@??E?????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,53,b7,1b,f8,93,
ad,dc,18,c8,28,51,af,b0,29,a3,98,40,a1,56,b9,35,3f,7c,fe,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,80,56,0c,db,4d,
4c,0d,8f,71,3b,04,66,8b,46,0d,96,54,36,46,03,04,4e,7c,1b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,5f,47,4f,22,38,
9b,cc,06,25,da,ec,7e,55,20,c9,26,25,89,96,3b,55,46,1c,58,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,18,80,a1,81,9d,
85,29,ec,3e,1e,9e,e0,57,5a,93,61,c4,1e,43,34,8b,d5,48,02,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4c,60,27,80,a5,
fe,46,6f,cd,44,cd,b9,a6,33,6c,cd,5b,2c,e6,32,8a,53,43,cf,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f6,bf,cf,5b,11,
c0,26,0f,b0,18,ed,a7,3f,8d,37,a4,68,03,bd,75,42,81,c6,f3,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f6,80,0e,3d,ef,
5b,4e,d3,31,77,e1,ba,b1,f8,68,02,f1,c7,5b,b3,a9,e8,71,01,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,01,19,38,8f,7a,
4a,fa,4f,83,6c,56,8b,a0,85,96,ab,63,81,df,83,30,41,6c,49,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ee,76,ba,f9,bb,
11,2a,57,51,fa,6e,91,28,9e,14,cc,d1,b7,70,b3,61,02,9b,af,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,68,1d,69,b9,ec,
64,49,ac,b1,cd,45,5a,a8,c4,f8,b9,e3,e7,9c,7d,96,e5,c2,05,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,b5,e7,3a,5c,85,
f8,63,b1,e3,0e,66,d5,eb,bc,2f,6b,bb,11,8f,ec,e1,20,73,61,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,00,27,ee,98,25,
f9,01,27,fa,ea,66,7f,d4,3b,6b,70,41,9c,78,ef,98,46,5e,af,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-25 0:25:43
ComboFix-quarantined-files.txt 2009-01-24 23:25:41

Pre-Run: 39,231,520,768 bytes free
Post-Run: 39,231,713,280 bytes free

263 --- E O F --- 2009-01-24 12:57:03

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Log je cist.

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

offline
  • Pridružio: 24 Okt 2007
  • Poruke: 122

kliknem i dobijem prozorcic sa:

Error:
some installation files are corrupt.
please download a fresh copy and retry the installation.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Ne znam u cemu je problem. Obrati se u Windows forum.

Ko je trenutno na forumu
 

Ukupno su 547 korisnika na forumu :: 2 registrovanih, 1 sakriven i 544 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Hoegaarden, Srki94