Usporen komp.

Usporen komp.

offline
  • Pridružio: 19 Nov 2009
  • Poruke: 31

Pre par dan komp mi je znacajno usporio tako da ,,koci,, pri otvaranju fajlova a desi se i da skroz zablokira......

DDS (Ver_09-10-26.01) - NTFSx86
Run by PC_ at 17:55:04.68 on Thu 11/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.613 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC_\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=14090&l=dis
uSearch Page =
uSearch Bar =
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc_\applic~1\mozilla\firefox\profiles\3yvw3md4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - XfireXO Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-8-19 15424]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-10-7 61424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-10-13 604488]
SUnknown vqknvzt;vqknvzt; [x]

=============== Created Last 30 ================

2009-11-19 03:47:43 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-19 03:47:43 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-19 03:47:43 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-19 03:47:43 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-19 03:47:43 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-19 03:47:11 0 d-----w- c:\program files\Trojan Remover
2009-11-19 03:47:11 0 d-----w- c:\docume~1\pc_\applic~1\Simply Super Software
2009-11-19 03:47:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-11-16 10:02:03 21124 ------w- c:\windows\hpomdl07.dat
2009-11-16 10:02:03 111966 ----a-w- c:\windows\hpoins07.dat
2009-11-14 06:49:06 0 d-----w- c:\program files\Conduit
2009-11-14 06:49:03 0 d-----w- c:\program files\XfireXO
2009-11-14 03:10:28 0 d-----w- c:\program files\TimeAdjuster
2009-11-14 02:56:45 0 d-----w- c:\program files\URUSoft
2009-11-11 09:22:32 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-11 09:22:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-09 05:25:38 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

==================== Find3M ====================

2009-10-13 18:54:16 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-13 18:54:12 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-19 13:07:24 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-08-19 13:07:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-08-19 13:07:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009081920090820\index.dat
2009-08-19 13:07:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 17:55:21.05 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo i dobrodosao/la na forum.

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 19 Nov 2009
  • Poruke: 31

ComboFix 09-11-19.01 - PC_ 11/19/2009 20:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.680 [GMT 1:00]
Running from: c:\documents and settings\PC_\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-19 04:08 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\PC_\Application Data\Simply Super Software\Trojan Remover\rwp1.exe
2009-11-19 03:47 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-19 03:47 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-19 03:47 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-19 03:47 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-19 03:47 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\program files\Trojan Remover
2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\documents and settings\PC_\Application Data\Simply Super Software
2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-11-16 10:02 . 2009-11-16 10:02 111966 ----a-w- c:\windows\hpoins07.dat
2009-11-16 10:02 . 2005-05-24 02:48 21124 ------w- c:\windows\hpomdl07.dat
2009-11-16 10:01 . 2009-11-16 10:01 -------- d-----w- c:\documents and settings\PC_\Application Data\HP
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\Conduit
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\PC_\Local Settings\Application Data\Conduit
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\PC_\Local Settings\Application Data\XfireXO
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\XfireXO
2009-11-14 03:10 . 2009-11-18 22:38 -------- d-----w- c:\program files\TimeAdjuster
2009-11-14 02:56 . 2009-11-14 03:09 -------- d-----w- c:\program files\URUSoft
2009-11-11 09:22 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-11 09:22 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-09 05:25 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-10-29 04:03 . 2009-10-29 04:03 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 16:37 . 2009-08-19 13:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-10-24 07:42 . 2009-08-19 13:29 -------- d-----w- c:\program files\The KMPlayer
2009-10-13 18:54 . 2009-10-13 18:54 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-13 18:54 . 2009-10-13 18:54 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-13 18:54 . 2009-10-13 18:54 -------- d-----w- c:\documents and settings\PC_\Application Data\TuneUp Software
2009-10-13 18:54 . 2009-10-13 18:53 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-10-13 18:53 . 2009-10-13 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-10-13 18:53 . 2009-10-13 18:53 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-12 15:42 . 2009-10-13 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-11 18:58 . 2009-10-11 18:54 -------- d-----w- c:\documents and settings\PC_\Application Data\vlc
2009-10-11 18:45 . 2009-10-11 18:43 -------- d-----w- c:\documents and settings\PC_\Application Data\MozillaControl
2009-10-11 18:43 . 2009-10-11 18:43 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-10-11 18:43 . 2009-10-11 18:23 -------- d-----w- c:\program files\Graboid
2009-10-11 18:28 . 2009-10-11 18:28 -------- d-----w- c:\program files\VideoLAN
2009-10-11 18:16 . 2009-10-11 18:03 -------- d-----w- c:\documents and settings\PC_\Application Data\uTorrent
2009-10-03 21:28 . 2009-10-03 21:28 -------- d-----w- c:\documents and settings\PC_\Application Data\Media Player Classic
.

------- Sigcheck -------

[-] 2008-09-05 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-19 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2005-01-01 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-06-23 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7369:TCP"= 7369:TCP:ulajafn

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [8/19/2009 2:30 PM 15424]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [10/7/2008 7:31 PM 61424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/13/2009 7:54 PM 604488]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PXTDAPOW
*Deregistered* - pxtdapow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
vqknvzt
.
Contents of the 'Scheduled Tasks' folder

2009-11-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=14090&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\PC_\Application Data\Mozilla\Firefox\Profiles\3yvw3md4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - XfireXO Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-11-19 20:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\imon.dll
.
Completion time: 2009-11-19 20:46
ComboFix-quarantined-files.txt 2009-11-19 19:46

Pre-Run: 2,947,706,880 bytes free
Post-Run: 3,007,455,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 61E5D3409DCBDF94EAF26B6188B9CB26

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7369:TCP"=-

NetSvc::
vqknvzt


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 19 Nov 2009
  • Poruke: 31

ComboFix 09-11-19.01 - PC_ 11/20/2009 8:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.569 [GMT 1:00]
Running from: c:\documents and settings\PC_\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC_\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-19 23:59 . 2009-11-19 23:59 -------- d-----w- c:\windows\system32\wbem\snmp
2009-11-19 23:59 . 2009-11-19 23:59 -------- d-----w- c:\windows\system32\xircom
2009-11-19 23:59 . 2009-11-19 23:59 -------- d-----w- c:\program files\microsoft frontpage
2009-11-19 22:09 . 2007-05-26 11:32 26288 ----a-w- c:\windows\system32\wbload.dll
2009-11-19 22:08 . 2007-05-26 11:34 42672 ------w- c:\windows\system32\wbsys.dll
2009-11-19 22:08 . 2009-11-19 22:08 -------- d-----w- c:\program files\Stardock
2009-11-19 04:08 . 2009-09-21 14:59 3101560 ----a-w- c:\documents and settings\PC_\Application Data\Simply Super Software\Trojan Remover\rwp1.exe
2009-11-19 03:47 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-19 03:47 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-19 03:47 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-19 03:47 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-19 03:47 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\program files\Trojan Remover
2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\documents and settings\PC_\Application Data\Simply Super Software
2009-11-19 03:47 . 2009-11-19 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-11-16 10:02 . 2009-11-16 10:02 111966 ----a-w- c:\windows\hpoins07.dat
2009-11-16 10:02 . 2005-05-24 02:48 21124 ------w- c:\windows\hpomdl07.dat
2009-11-16 10:01 . 2009-11-16 10:01 -------- d-----w- c:\documents and settings\PC_\Application Data\HP
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\Conduit
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\PC_\Local Settings\Application Data\Conduit
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\documents and settings\PC_\Local Settings\Application Data\XfireXO
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\XfireXO
2009-11-14 03:10 . 2009-11-18 22:38 -------- d-----w- c:\program files\TimeAdjuster
2009-11-14 02:56 . 2009-11-14 03:09 -------- d-----w- c:\program files\URUSoft
2009-11-11 09:22 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-11 09:22 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-09 05:25 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-10-29 04:03 . 2009-10-29 04:03 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 16:37 . 2009-08-19 13:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-10-24 07:42 . 2009-08-19 13:29 -------- d-----w- c:\program files\The KMPlayer
2009-10-13 18:54 . 2009-10-13 18:54 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-13 18:54 . 2009-10-13 18:54 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-13 18:54 . 2009-10-13 18:54 -------- d-----w- c:\documents and settings\PC_\Application Data\TuneUp Software
2009-10-13 18:54 . 2009-10-13 18:53 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-10-13 18:53 . 2009-10-13 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-10-13 18:53 . 2009-10-13 18:53 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-12 15:42 . 2009-10-13 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-10-11 18:58 . 2009-10-11 18:54 -------- d-----w- c:\documents and settings\PC_\Application Data\vlc
2009-10-11 18:45 . 2009-10-11 18:43 -------- d-----w- c:\documents and settings\PC_\Application Data\MozillaControl
2009-10-11 18:43 . 2009-10-11 18:43 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-10-11 18:43 . 2009-10-11 18:23 -------- d-----w- c:\program files\Graboid
2009-10-11 18:28 . 2009-10-11 18:28 -------- d-----w- c:\program files\VideoLAN
2009-10-11 18:16 . 2009-10-11 18:03 -------- d-----w- c:\documents and settings\PC_\Application Data\uTorrent
2009-10-03 21:28 . 2009-10-03 21:28 -------- d-----w- c:\documents and settings\PC_\Application Data\Media Player Classic
.

------- Sigcheck -------

[-] 2008-09-05 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-19_19.45.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-12-31 23:01 . 2004-12-31 23:01 16384 c:\windows\Temp\Perflib_Perfdata_688.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Vista Rainbar"="d:\my documents\download section!!!!!!!\themes\Rainmeter\Rainmeter.exe" [2006-01-21 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-19 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2005-01-01 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-06-23 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [8/19/2009 2:30 PM 15424]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [10/7/2008 7:31 PM 61424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/13/2009 7:54 PM 604488]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2004-12-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=14090&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\PC_\Application Data\Mozilla\Firefox\Profiles\3yvw3md4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - XfireXO Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-11-20 08:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(868-)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2348-)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
Completion time: 2009-11-20 08:45
ComboFix-quarantined-files.txt 2009-11-20 07:45
ComboFix2.txt 2009-11-19 19:46

Pre-Run: 3,144,224,768 bytes free
Post-Run: 3,117,162,496 bytes free

- - End Of File - - 8E8BBA3F85CFDAA424CF44CA8C84DD94

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ima li kakvog poboljsanja?

offline
  • Pridružio: 19 Nov 2009
  • Poruke: 31

Napisano: 20 Nov 2009 20:53

Sada je bolje,ali ne kao pre....
Hvala u svakom slucaju

Dopuna: 20 Nov 2009 20:54

Sada je bolje,ali ne kao pre....
Hvala u svakom slucaju
Da li da izbrisem combofix?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 1044 korisnika na forumu :: 40 registrovanih, 9 sakrivenih i 995 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AF-1, airsuba, amaterSRB, bojcistv, Boris BM, CikaKURE, DonRumataEstorski, draganl, FOX, Georgius, HogarStrashni, hooraay, HrcAk47, ILGromovnik, Ilija Cvorovic, JOntra, Karla, Krvava Devetka, Kvazar, kybonacci, Lieutenant, Luka Blažević, milenko crazy north, Milometer, nemkea71, nick79, nuke92, Parker, procesor, Ripanjac, sasa87, Shinobi, Sirius, sovanova95, Srle993, stegonosa, vathra, vukovi, |_MeD_|