MyCity » Ambulanta -> Arhiva Ambulante » Komp mi je usporen!

Komp mi je usporen!

Napisano na dan: 8.3.2009
1

Komp mi je usporen!
Sledeća strana Pagination

Idi na vrh

Poslao: 08 Mar 2009 17:33
Idi na vrh
offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:59 PM, on 3/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Goran\Desktop\BOXTERBG\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Documents and Settings\LocalService\jorl.exe \s,
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C7F2C3E-E60C-4F0E-A005-846765B55C8B}: NameServer = 212.200.82.4 212.200.82.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C7F2C3E-E60C-4F0E-A005-846765B55C8B}: NameServer = 212.200.82.4 212.200.82.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C: \Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3719 bytes


Molio bih za proveru loga zbog usporenosti rada kompa.
Sa kaspersky-m sam uspeo da uklonim neke od pretnji, kao i sa ad-aware-om ali ipak nesto zaostaje i to uzrokuje svakodnevno za povecanjem broja malware-a, virusa i ostalih pretnji...
Molio bih vas da mi pomognete!
Unapred zahvalan.



Poslao: 08 Mar 2009 17:48
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8643
  • Gde živiš: Novi Beograd

Zdravo,

* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

----------------------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 08 Mar 2009 18:35
Idi na vrh
offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

ComboFix 09-03-06.02 - Goran 2009-03-08 18:21:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.76 [GMT 1:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-08 15:19 . 2009-03-08 15:35 <DIR> d-------- c:\program files\NoAdware
2009-03-08 14:37 . 2009-03-08 14:37 707,584 --a------ c:\windows\system32\va.exe
2009-03-08 04:18 . 2009-03-08 04:20 <DIR> d-------- c:\documents and settings\Goran\Application Data\vlc
2009-03-07 05:07 . 2009-03-07 05:07 <DIR> d-------- c:\program files\Yahoo!
2009-03-07 05:07 . 2009-03-07 05:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-07 04:58 . 2009-03-07 05:09 <DIR> d-------- c:\documents and settings\Goran\Application Data\mIRC
2009-03-07 04:45 . 2009-03-07 04:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-07 04:42 . 2009-03-07 04:42 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> dr------- c:\program files\Skype
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-06 11:35 . 2009-03-06 11:35 12,800 --ah----- c:\documents and settings\LocalService\jorl.exe
2009-03-06 11:34 . 2009-03-06 11:35 114,176 --------- C:\autoexec.exe
2009-03-04 12:11 . 2009-03-07 02:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\Goran\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 12:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 02:39 . 2009-03-01 02:39 34,016 --a------ c:\windows\system32\drivers\sfnbzezv.sys
2009-02-28 12:15 . 2009-03-06 11:35 67,584 ---h----- c:\windows\system32\secupdat.dat
2009-02-28 02:59 . 2009-02-28 02:59 <DIR> d-------- c:\program files\Eagle USB ADSL Modem
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 17:23 802,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-08 17:23 8,400 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-08 17:23 2,800 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-08 17:23 196,640 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-08 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-08 15:58 5,618,277 ----a-w c:\program files\eav_nt64_enu.msi
2009-03-07 04:07 --------- d-----w c:\documents and settings\Goran\Application Data\Skype
2009-03-07 03:44 --------- d-----w c:\program files\Nokia
2009-03-07 03:43 --------- d-----w c:\program files\Common Files\Nokia
2009-03-07 03:41 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-07 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-04 00:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-04 00:39 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-04 00:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-28 03:40 --------- d-----w c:\documents and settings\Goran\Application Data\Ahead
2009-02-28 01:59 29 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-02-28 01:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 22:26 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-09 4136960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Goran\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-13 1642496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2009-02-28 929889]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sfnbzezv.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sfnbzezv;sfnbzezv;c:\windows\system32\drivers\sfnbzezv.sys [2009-03-01 34016]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2008-12-12 233816]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PAC7302;iLook 300;c:\windows\system32\drivers\PAC7302.SYS [2008-12-13 458112]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2008-12-13 31616]
S3 core64;Device Core;\??\c:\windows\system32\drivers\core64.sys --> c:\windows\system32\drivers\core64.sys [?]
S3 core86;Device Core x86;\??\c:\windows\system32\drivers\core86.sys --> c:\windows\system32\drivers\core86.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uLocal Page = \blank.htm
IE: &Search
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-08 18:25:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**)**%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(848-)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\asuskbservice.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-08 18:27:10 - machine was rebooted [Goran]
ComboFix-quarantined-files.txt 2009-03-08 17:27:07

Pre-Run: 24,784,490,496 bytes free
Post-Run: 24,736,243,712 bytes free

165

Dopuna: 08 Mar 2009 18:35

evo,mislim da je to to...

Poslao: 08 Mar 2009 19:16
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8643
  • Gde živiš: Novi Beograd

Uploaduj mi sledece fajlove:

c:\windows\system32\drivers\sfnbzezv.sys
c:\windows\system32\va.exe

preko sledeceg linka:

[Link mogu videti samo ulogovani korisnici]

Poslao: 08 Mar 2009 23:27
Idi na vrh
offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

prvi se ne moze uploadovati,dok sam drugi uspeo odmah...

Poslao: 09 Mar 2009 17:27
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8643
  • Gde živiš: Novi Beograd

Iskljuci Antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\va.exe
c:\documents and settings\LocalService\jorl.exe
C:\autoexec.exe
c:\windows\system32\drivers\sfnbzezv.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\drivers\core64.sys
c:\windows\system32\drivers\core86.sys

Driver::
core64
core86
sfnbzezv

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sfnbzezv.sys]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 10 Mar 2009 13:10
Idi na vrh
offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

ComboFix 09-03-06.02 - Goran 2009-03-10 12:51:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.59 [GMT 1:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Goran\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-08 23:43 . 2009-03-09 01:47 <DIR> d-------- c:\program files\DivX
2009-03-08 15:19 . 2009-03-08 15:35 <DIR> d-------- c:\program files\NoAdware
2009-03-08 14:37 . 2009-03-08 14:37 707,584 --a------ c:\windows\system32\va.exe
2009-03-08 04:18 . 2009-03-08 04:20 <DIR> d-------- c:\documents and settings\Goran\Application Data\vlc
2009-03-07 05:07 . 2009-03-07 05:07 <DIR> d-------- c:\program files\Yahoo!
2009-03-07 05:07 . 2009-03-07 05:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-07 04:58 . 2009-03-07 05:09 <DIR> d-------- c:\documents and settings\Goran\Application Data\mIRC
2009-03-07 04:45 . 2009-03-07 04:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-07 04:42 . 2009-03-07 04:42 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> dr------- c:\program files\Skype
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-06 11:35 . 2009-03-06 11:35 12,800 --ah----- c:\documents and settings\LocalService\jorl.exe
2009-03-06 11:34 . 2009-03-06 11:35 114,176 --------- C:\autoexec.exe
2009-03-04 12:11 . 2009-03-07 02:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\Goran\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 12:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 02:39 . 2009-03-01 02:39 34,016 --a------ c:\windows\system32\drivers\sfnbzezv.sys
2009-02-28 12:15 . 2009-03-06 11:35 67,584 ---h----- c:\windows\system32\secupdat.dat
2009-02-28 02:59 . 2009-02-28 02:59 <DIR> d-------- c:\program files\Eagle USB ADSL Modem
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 11:53 802,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-10 11:53 8,400 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-10 11:53 2,800 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-10 11:53 196,640 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-08 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-08 15:58 5,618,277 ----a-w c:\program files\eav_nt64_enu.msi
2009-03-07 04:07 --------- d-----w c:\documents and settings\Goran\Application Data\Skype
2009-03-07 03:44 --------- d-----w c:\program files\Nokia
2009-03-07 03:43 --------- d-----w c:\program files\Common Files\Nokia
2009-03-07 03:41 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-07 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-04 00:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-04 00:39 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-04 00:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-28 03:40 --------- d-----w c:\documents and settings\Goran\Application Data\Ahead
2009-02-28 01:59 29 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-02-28 01:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 22:26 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-28 22:35:56 684,032 ----a-w c:\windows\system32\divx.dll
+ 2008-11-06 16:33:52 684,032 ----a-w c:\windows\system32\DivX.dll
+ 2008-11-06 16:33:54 823,296 ----a-w c:\windows\system32\divx_xx07.dll
+ 2008-11-06 16:33:54 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
+ 2008-11-06 16:33:54 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
+ 2008-11-06 16:33:54 802,816 ----a-w c:\windows\system32\divx_xx11.dll
+ 2008-11-06 16:37:36 524,288 ----a-w c:\windows\system32\DivXsm.exe
+ 2008-11-06 16:33:02 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
+ 2008-12-09 02:28:52 294,912 ----a-w c:\windows\system32\dpu11.dll
+ 2008-12-09 02:28:52 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
+ 2008-12-09 02:28:52 344,064 ----a-w c:\windows\system32\dpus11.dll
+ 2008-12-09 02:28:52 57,344 ----a-w c:\windows\system32\dpv11.dll
+ 2008-11-06 16:37:28 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2008-11-06 16:37:30 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2008-11-06 16:37:28 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
+ 2008-11-06 16:35:00 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 2008-11-06 16:37:28 551,672 ------w c:\windows\system32\px.dll
+ 2008-11-06 16:37:28 129,784 ------w c:\windows\system32\pxafs.dll
+ 2008-11-06 16:37:28 66,296 ------w c:\windows\system32\pxcpya64.exe
+ 2008-11-06 16:37:28 120,056 ------w c:\windows\system32\pxcpyi64.exe
+ 2008-11-06 16:37:28 518,904 ------w c:\windows\system32\pxdrv.dll
+ 2008-11-06 16:37:30 72,440 ------w c:\windows\system32\pxhpinst.exe
+ 2008-11-06 16:37:28 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2008-11-06 16:37:28 118,520 ------w c:\windows\system32\pxinsi64.exe
+ 2008-11-06 16:37:30 187,128 ------w c:\windows\system32\pxmas.dll
+ 2008-11-06 16:37:28 1,628,920 ------w c:\windows\system32\pxsfs.dll
+ 2008-11-06 16:37:28 379,640 ------w c:\windows\system32\pxwave.dll
- 2008-09-19 21:57:34 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2008-11-06 16:37:32 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2008-11-06 16:35:00 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2008-11-06 16:37:28 88,824 ------w c:\windows\system32\vxblock.dll
- 2006-12-01 23:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-01 23:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 23:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-09 4136960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Goran\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-13 1642496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2009-02-28 929889]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sfnbzezv.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sfnbzezv;sfnbzezv;c:\windows\system32\drivers\sfnbzezv.sys [2009-03-01 34016]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2008-12-12 233816]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PAC7302;iLook 300;c:\windows\system32\drivers\PAC7302.SYS [2008-12-13 458112]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2008-12-13 31616]
S3 core64;Device Core;\??\c:\windows\system32\drivers\core64.sys --> c:\windows\system32\drivers\core64.sys [?]
S3 core86;Device Core x86;\??\c:\windows\system32\drivers\core86.sys --> c:\windows\system32\drivers\core86.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uLocal Page = \blank.htm
IE: &Search
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-10 12:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**)**%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(848-)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\asuskbservice.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-10 12:56:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 11:56:50
ComboFix2.txt 2009-03-08 17:27:12

Pre-Run: 24,607,150,080 bytes free
Post-Run: 24,612,532,224 bytes free

203

Poslao: 10 Mar 2009 15:26
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8643
  • Gde živiš: Novi Beograd

Nesto nije u redu, posto nista nije obrisano.

Jesi siguran da si dobro sacuvao skriptu?

Poslao: 11 Mar 2009 02:04
Idi na vrh
offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

evo ponovio sam opet isto....
valjda je sad ok.



ComboFix 09-03-06.02 - Goran 2009-03-11 1:50:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.73 [GMT 1:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Goran\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
C:\autoexec.exe
c:\documents and settings\LocalService\jorl.exe
c:\windows\system32\drivers\core64.sys
c:\windows\system32\drivers\core86.sys
c:\windows\system32\drivers\sfnbzezv.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\va.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autoexec.exe
c:\documents and settings\LocalService\jorl.exe
c:\windows\system32\drivers\sfnbzezv.sys
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\va.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFNBZEZV
-------\Service_core64
-------\Service_core86
-------\Service_sfnbzezv


((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-10 21:14 . 2009-03-10 21:14 701,440 --a------ c:\windows\system32\bz.exe
2009-03-10 15:35 . 2009-03-10 15:35 701,440 --a------ c:\windows\system32\ui.exe
2009-03-10 15:33 . 2009-03-10 15:33 701,440 --a------ c:\windows\system32\jd.exe
2009-03-10 13:59 . 2009-03-10 13:59 13,312 --ah----- c:\documents and settings\LocalService\uirhee.exe
2009-03-10 13:58 . 2009-03-10 13:58 701,440 --a------ c:\windows\system32\nv.exe
2009-03-10 13:58 . 2009-03-10 13:58 701,440 -r-hs---- c:\windows\system\wmibusn.exe
2009-03-08 23:43 . 2009-03-09 01:47 <DIR> d-------- c:\program files\DivX
2009-03-08 15:19 . 2009-03-08 15:35 <DIR> d-------- c:\program files\NoAdware
2009-03-08 04:18 . 2009-03-08 04:20 <DIR> d-------- c:\documents and settings\Goran\Application Data\vlc
2009-03-07 05:07 . 2009-03-07 05:07 <DIR> d-------- c:\program files\Yahoo!
2009-03-07 05:07 . 2009-03-07 05:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-07 04:58 . 2009-03-07 05:09 <DIR> d-------- c:\documents and settings\Goran\Application Data\mIRC
2009-03-07 04:45 . 2009-03-07 04:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-07 04:42 . 2009-03-07 04:42 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> dr------- c:\program files\Skype
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-04 12:11 . 2009-03-07 02:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\Goran\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 12:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 02:59 . 2009-02-28 02:59 <DIR> d-------- c:\program files\Eagle USB ADSL Modem
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 00:52 802,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-11 00:52 8,400 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-11 00:52 2,800 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-11 00:52 196,640 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-08 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-08 15:58 5,618,277 ----a-w c:\program files\eav_nt64_enu.msi
2009-03-07 04:07 --------- d-----w c:\documents and settings\Goran\Application Data\Skype
2009-03-07 03:44 --------- d-----w c:\program files\Nokia
2009-03-07 03:43 --------- d-----w c:\program files\Common Files\Nokia
2009-03-07 03:41 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-07 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-04 00:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-04 00:39 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-04 00:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-28 03:40 --------- d-----w c:\documents and settings\Goran\Application Data\Ahead
2009-02-28 01:59 29 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-02-28 01:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 22:26 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-09 4136960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Goran\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-13 1642496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2009-02-28 929889]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system\\wmibusn.exe"=
"c:\\WINDOWS\\System32\\nv.exe"=
"c:\\WINDOWS\\System32\\jd.exe"=
"c:\\WINDOWS\\System32\\ui.exe"=
"c:\\WINDOWS\\System32\\bz.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2008-12-12 233816]
R2 WMIBUSn;WMI-Bus NOptic;c:\windows\system\wmibusn.exe [2009-03-10 701440]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PAC7302;iLook 300;c:\windows\system32\drivers\PAC7302.SYS [2008-12-13 458112]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2008-12-13 31616]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uLocal Page = \blank.htm
IE: &Search
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-11 01:54:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\windows\system\wmibusn.exe [600] 0x82361620

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**)**%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\asuskbservice.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-11 1:55:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-11 00:55:50
ComboFix2.txt 2009-03-10 11:56:57
ComboFix3.txt 2009-03-08 17:27:12

Pre-Run: 24,599,142,400 bytes free
Post-Run: 24,587,907,072 bytes free

188

Poslao: 11 Mar 2009 07:23
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8643
  • Gde živiš: Novi Beograd

Iskljuci Kaspersky:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\bz.exe
c:\windows\system32\ui.exe
c:\windows\system32\jd.exe
c:\documents and settings\LocalService\uirhee.exe
c:\windows\system32\nv.exe
c:\windows\system\wmibusn.exe

Driver::
WMIBUSn

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\wmibusn.exe"=-
"c:\\WINDOWS\\System32\\nv.exe"=-
"c:\\WINDOWS\\System32\\jd.exe"=-
"c:\\WINDOWS\\System32\\ui.exe"=-
"c:\\WINDOWS\\System32\\bz.exe"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

MyCity » Ambulanta -> Arhiva Ambulante » Komp mi je usporen!

Ko je trenutno na forumu
 

Ukupno su 5131 korisnika na forumu :: 114 registrovanih, 11 sakrivenih i 5006 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 252., A.R.Chafee.Jr., aca018, advokat84, ALEKSICMILE, alex71, alternator, annon, aramis s, Asparagus, Asteker, Automaticar, Bbbggg1979, Bobrock1, boro975, Botovac, cemix, cifra, Clouseau, coaaco, crazydkure, despodovski.s, Dimitrije Paunovic, dj.ape, djboj, Doca, dok80, DonRumataEstorski, draganl, Dukelander, Dzambas, Džekson, Ercomero, Feller, Futog 74, Gall, Gerilac, Giskard, Hans Gajger, hyla, ikan, Incognito, Ir, Ivan Campo, Jaksa loznica, janikoc, Jenya541, jmsk, joca83, Joksss, Jomini, Kajzer Soze, kalens021, kaput21, Kozi-RS, Kružić, Leteća Krofna, Levi, ljuba, Ljusa, MarijaC84, max power, mercedesamg, Metanoja, milbos, Mrav Obrad, N.e.m.a.nj.a., Natuzzi, nebidrag, neko iz mase, nenad81, nick79, nikolapetkovic, Nole, omen, operniki, orfanel, Papadubi, Pekman, Pero Petković, Pilence, Polifon, Povratak1912, PrincipL, proka89, R_038, rednap, rodoljub, sap, saputnik plavetnila, Sevatar, sickmouse, Sir Budimir, sistem22, Sky diver 29, Solunac na steroidima, Sone1983, stefan95, stegonosa, trutcina, ulogovan, uruk, velisa andjelic, Velički, vidra boy, vjetar, vladaa012, Walkers, XBMC, yiyi, Zastava, zivojin32, zziko, šumar bk2