cudan End Task pri gasenju kompa

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Problem je sledeci, kad gasim komp na trenutak mi se pojavi onaj prozor kao kad neki program blokira pa sad dal da ga sacekam ili da ga odmah zatvorim (bese valjda se zove End Task), e sad to mi se desava kad svaki put gasim komp i najcudnije je sto u naslovu ispise ime programa kao 6-7 kockica pa idu slova wž, nisam primetio nikakvu nepravilnost u radu kompa al me to buni, zna li neko o cemu tu moze da se radi?


Logfile of HijackThis v1.99.1
Scan saved at 12:00:35 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\mdm.exe
C:\Documents and Settings\Dragan\Desktop\khm\th3.exe

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAD33E9-FFF8-4D32-BAE4-D4F8D82AAED1}: NameServer = 213.244.255.2,213.244.255.3
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...


Privremeno isključi zaštitni softver (KAV i AVG AS).

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-04-12.7 - Dragan 2008-04-13 12:39:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.221 [GMT 2:00]
Running from: C:\Documents and Settings\Dragan\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dragan\ravmonlog
C:\WINDOWS\system32\lsprst7.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-11 20:35 . 2008-04-12 12:28 <DIR> d-------- C:\Documents and Settings\Dragan\Application Data\VoipStunt
2008-04-11 20:32 . 2008-04-11 20:32 <DIR> d-------- C:\Program Files\VoipStunt.com
2008-04-10 10:49 . 2008-04-10 10:50 <DIR> d-------- C:\Documents and Settings\Dragan\Debug
2008-04-09 10:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-07 16:45 . 2008-04-07 18:22 <DIR> d-------- C:\Documents and Settings\Dragan\jbproject
2008-04-07 16:44 . 2008-04-07 16:44 <DIR> d-------- C:\Documents and Settings\Dragan\.primetimeX
2008-04-07 16:44 . 2008-04-07 18:11 <DIR> d-------- C:\Documents and Settings\Dragan\.jbuilderX
2008-04-07 16:44 . 2008-04-07 18:18 <DIR> d-------- C:\Documents and Settings\Dragan\.borland
2008-04-07 16:40 . 2008-04-07 16:43 <DIR> d-------- C:\Program Files\JavaBuilder
2008-04-04 19:25 . 2008-04-10 20:06 <DIR> d-------- C:\Documents and Settings\Dragan\Application Data\FreeCall
2008-04-04 19:23 . 2008-04-04 19:23 <DIR> d-------- C:\Program Files\FreeCall.com
2008-03-30 13:57 . 2008-03-30 13:57 <DIR> d-------- C:\Program Files\FDRLab
2008-03-30 13:57 . 2008-03-30 13:57 <DIR> d-------- C:\Documents and Settings\Dragan\Application Data\FDRLab
2008-03-30 13:36 . 2008-03-30 13:36 <DIR> d-------- C:\Program Files\JLC's Software
2008-03-30 13:36 . 2008-03-30 13:36 <DIR> d-------- C:\Documents and Settings\Dragan\Application Data\JLC's Software
2008-03-29 12:02 . 2008-03-29 12:02 280 --a------ C:\WINDOWS\system32\PDBootState
2008-03-28 00:50 . 2008-03-28 00:50 <DIR> d-------- C:\Documents and Settings\Dragan\Application Data\Grisoft
2008-03-28 00:50 . 2008-03-28 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-28 00:50 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-24 18:50 . 2008-03-24 18:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-24 18:50 . 2008-03-27 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 16:10 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 10:45 26,613,024 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 23:22 891,680 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-12 23:22 84,164 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-12 23:22 371,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 10:12 --------- d-----w C:\Documents and Settings\Dragan\Application Data\Skype
2008-04-09 08:41 --------- d-----w C:\Program Files\Java
2008-04-07 14:42 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-03 10:30 --------- d-----w C:\Program Files\Opera
2008-04-01 22:40 --------- d-----w C:\Program Files\Download Direct
2008-03-28 16:13 --------- d-----w C:\Program Files\totalcmd
2008-03-26 23:23 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-03-26 19:55 --------- d-----w C:\Program Files\Winamp
2008-03-26 00:40 --------- d-----w C:\Program Files\Raxco
2008-03-25 22:52 --------- d-----w C:\Documents and Settings\Dragan\Application Data\MetaProducts
2008-03-25 22:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 22:50 --------- d-----w C:\Program Files\Macromedia
2008-03-23 19:12 --------- d-----w C:\Program Files\FLV Player
2008-03-14 16:32 --------- d-----w C:\Documents and Settings\Dragan\Application Data\U3
2008-03-04 12:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-27 14:00 --------- d-----w C:\Documents and Settings\Dragan\Application Data\uTorrent
2008-02-26 20:46 --------- d-----w C:\Documents and Settings\Dragan\Application Data\MyPhoneExplorer
2008-02-18 23:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-18 22:30 --------- d-----w C:\Program Files\Web Publish
2008-01-19 12:08 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-01-16 09:52 228,104 ----a-w C:\WINDOWS\system32\PDBoot.exe
2007-12-23 16:29 20,128 ----a-w C:\Documents and Settings\Dragan\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 19:28 155751]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 17:55 267064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-27 20:55 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-04 14:29:44 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Bios\\UTORRENT\\utorrent.exe"=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13461:TCP"= 13461:TCP:NortonAV

R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-01-16 11:52]
R3 ENW9503;ENW-950x RTL-based PCI Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ENW9503.sys [2001-12-13 14:15]
R3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 15:47]
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-01-16 11:52]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 04:53]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b42bffc-a590-11dc-8612-00304f2ef7e0}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6008f252-9688-11dc-85fd-00304f2ef7e0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 12:45:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 12:47:00
ComboFix-quarantined-files.txt 2008-04-13 10:46:44
Pre-Run: 850,812,928 bytes free
Post-Run: 843,419,648 bytes free

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Ništa konkretno - samo tragovi nekih ranijih infekcija.

Skini sledeći file: https://www.mycity.rs/must-login.png

i pokreni ga dvoklikom - u poruci koja se pojavi, klikni Yes.


-------------------------------------------------------------------------------------


Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.




-------------------------------------------------------------------------------------


Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Priloži ta dva file-a uz iduću poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Nisam ceo dan bio uz komp pa zato kasnim sa ovim fajlovima

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. bitno mi je da je sve cisto, bunilo me je zbog veoma cudnog naziva, pokusacu da redom gasim pa cu otkriti koji je al posto komp radi normalno to malo sto ga cekam pri gasenju nije problem, kliknem na end task i gotovo, hvala na pomoci